NoScript Is Not Being Used Properly By The Tor Project
Hi,
This isn't a bug, but I'm reporting this because this is not being handled correctly.
One of the main points of NoScript is not to allow anything, other than what is in your 'Whitelist', yet the Tor Project has set in the General options; 'Scripts globally allowed (dangerous)'
I think someone at Tor has overlooked that 'Dangerous' part, because this is not the correct method in which to use this application. In fact it seems silly the developer even has this option in NoScript.
I do know for a fact when you allow like this, then you let JavaScript leak out, creating more of a risk, so regardless of using Tor or not, this is not a good approach for the Tor Project to be taking with NoScript and the Tor Browser Bundles should have this unchecked by default to give people the safest configuration possible.
Right now you are teaching people the incorrect way in which to use this and for those people, they are going to possibly look at Tor and mimic what they see for Firefox and make even a greater risk for themselves with Firefox through their ISP,etc...
Granted it doesn't make it the simplest, but people should learn to adjust, because it's the proper way in which you are suppose to be using this addon.
Also the Tor Project will need to change the 'Appearances' section to properly reflect this as well.
I've attached a screen shot how the 'Appearances' section looks in NoScript, of course with the 'Scripts globally allowed (dangerous)' unchecked. :)
THANKS
Trac:
Username: DasFox