I just noticed that current (Dec 2 2018) TOR (8.0.3, I think) has NoScript’s Default setting set to allow everything!!
When did this happen? This seems like a gigantic security hole!
Anyone else aware of this?
- Slagmeier asked 3 months ago
- last edited 3 months ago
It’s the same with 8.0.4.
In fact, I had to change all these:
1. Check NoScript’s default setting to ensure nothing is allowed (uncheck all Allow boxes on Default tab)
2. Change TBB’s Security setting to SAFEST, it had been on the lowest setting.
Double click it to the value from True to False.
Aside from having three things fucked up, the most alarming aspect is that ALL the Allow boxes were checked on NoScript’s default tab when I installed TOR. Clicking on NoScript’s Reset (to change it’s settings back to their defaults) results in only three boxes checked (frame, fetch and other) on the Default tab.
So the default for the Default tab is to allow 3 things, but TOR shipped with all boxes checked. This means that it’s not like the standard NoScript just accidentally shipped in TOR, someone had to check all those boxes.
Does anyone else see this as a major fucking issue? Many people could be endangered by this.
- Slagmeier answered 2 months ago
- last edited 2 months ago