On 09/06/2013 09:03 AM, [email protected] wrote: > after upgrading to v23 i found that i can't stop JavaScript or image auto > loading, > > just because a stupid nazi dictator person thought the normal users don't > have the right to do so ... no more firefox switch to Google Chrome... > Just admit the truth that the NSA tracked TorFox users with javascript and > thats why you removed the option to turn it off in both Firefox and TorFox.
The "Enable Javascript" checkbox in the Preferences was removed in FF23. Please see Bug 851702 (https://bugzilla.mozilla.org/show_bug.cgi?id=851702) for the rationale behind this change. See also Bug 851701 (https://bugzilla.mozilla.org/show_bug.cgi?id=851701) for the discussion behind removing image auto-loading checkbox. You can still disable Javascript and image auto loading via preferences in about:config (javascript.enabled and permissions.default.image, respectively). There are also numerous add-ons that will expose these features via a convenient UI - see https://support.mozilla.org/en-US/questions/963352 for ideas. If you are concerned about malicious Javascript, I highly recommend NoScript. Finally - the Tor Browser Bundle is a *fork* of Firefox ESR (which, as of the Tor Freedom Hosting malware attack, was based on FF 17.0.7). Removing this feature in FF23 did not affect TBB users, who were running a modified FF 17.0.7. All decisions regarding Javascript in the TBB are made by Tor Project developers who maintain TBB. They, like us, believe that given the now near-ubiquity of Javascript on the web, enabling JS by default provides a better experience for the majority of users. It is unfortunate that attacks like the one you mention take advantage of Javascript, and it may be worth reconsidering this default decision in high-risk environments like the TBB. See these discussions on the Tor bug tracker: 1. https://trac.torproject.org/projects/tor/ticket/9387 2. https://trac.torproject.org/projects/tor/ticket/9397 // Garrett _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
