Hi, Jonathan -- I do know the default, and I did change them to allow for first-party scripts. I agree that TBB's NoScript defaults are really hard to figure out (in comparison to NoScript in vanilla Firefox -- which admittedly is still a complicated setup). However, I assumed that if Facebook wanted to have a hidden service, they'd account for the fact that at the very least third-party JS is a no-no (and many Tor users also don't want to allow any scripts).
>From what I could tell, the verification system I went to to confirm my ID relied on third party scripts (it looked like Google scripts). It was a system in which I had to identify pictures of "friends". No pictures loaded. Moreover, the .onion Facebook will probably always say that the account is locked due to logging in from a "strange" location, so there will be that issue. In the end, I don't get why FB is doing this, other than to look hip. - Rob On 10/31/2014 11:40 AM, Jonathan Wilkes wrote: > Hi Rob, > You do know TBB's defaults regarding scripts, right? If it's a > conundrum with no easy answer for Tor devs, it's a conundrum for > Facebook as well. So please do get on Tor Talk list and criticise TBB > for having an "(advised)" yet non-default setting for blocking all > scripts. > > I understand the conundrum, and I agree that there isn't an easy > answer, but that default setting in TBB is batshit insane. It is > _the_ source of the conundrum. If script-blocking were turned on by > default Facebook wouldn't even waste time trying to design a hidden > service like this. > > -Jonathan > > > On Friday, October 31, 2014 12:13 PM, Robert W. Gehl > <[email protected]> wrote: > > > I tried to login (with a fake account I maintain for just such a > purpose). "Your account is temporarily locked," it says. I get that; > it appears I'm trying to login from a strange location. > > To proceed, I have to ID pictures of friends. Ok, I say. But the page > with friends' photos doesn't load, probably because I have Javascript > off (common practice with the Tor Browser). Fail. > > Let's say people take this seriously -- to do so, they will have to > use Javascript, which is a bad move when using Tor. > > It seems to me that this would just inculcate bad security habits for > any would-be Dark Web users. > > - Rob > > On 10/31/2014 08:14 AM, Steve Weis wrote: >> Facebook is now available as a Tor hidden service at this .onion address: >> https://facebookcorewwwi.onion/ >> >> Blog post is here: >> https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237 >> >> >> > > > -- > Liberationtech is public & archives are searchable on Google. > Violations of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing > moderator at [email protected]. > > >
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
