Re: [qubes-users] Whonix Tor Browser Starter safest setting fails
'b17b7bdb' via qubes-users: > - JavaScript is ALLOWED on selected sites. > To view these sites click on the NoScript Preferences button in the > about:addons page and then select the Per-Site Permissions tab. Whonix source code doesn't write literally googlevideo, netflix, outlook, etc. anywhere. It does not do anything to give special treatment to any websites. By policy, for simplicity, clean implementation and whatnot, the "inside" of Tor Browser isn't modified by Whonix. This is elaborated here: https://www.whonix.org/wiki/FAQ#Does_Whonix_Change_Default_Tor_Browser_Settings.3F Tor Browser upstream issue. Bug report written just now. wipe all mentions of netflix, paypal, youtube, ... from noscript in Tor Browser https://trac.torproject.org/projects/tor/ticket/31798 See also: https://www.helpnetsecurity.com/2015/07/01/researchers-point-out-the-holes-in-noscripts-default-whitelist/ https://thehackerblog.com/the-noscript-misnomer-why-should-i-trust-vjs-zendcdn-net/ >From noscript FAQ: Q: What websites are in the default whitelist and https://noscript.net/faq#qa1_5 Q: What is a trusted site? https://noscript.net/faq#qa1_11 Whonix forum discussion: https://forums.whonix.org/t/noscript-with-security-slider-at-safest-permits-around-30-sites/8160 Cheers, Patrick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0104280d-a6d9-68e0-16fb-0fe080789c76%40whonix.org.
Re: [qubes-users] Whonix Tor Browser Starter safest setting fails
'b17b7bdb' via qubes-users: > Setting tb_security_slider_safest=true (either by selecting Yes in the Tor > Browser Starter screen or by creating a line in > /etc/torbrowser.d/50_user.conf) does not result in the expected behavior. > Actual Behavior: > - Shield icon is fully colored > - Security Level is set to Safest in about:preferences#privacy > - JavaScript is ALLOWED on selected sites. > To view these sites click on the NoScript Preferences button in the > about:addons page and then select the Per-Site Permissions tab. > When I do this in a fresh DispVM with the above setting, I see no sites listed on the Per-Site Permissons tab. Are you using a disposable VM? -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f551d217-fe0b-34bd-dd75-dcdc0661d1af%40danwin1210.me.
[qubes-users] Whonix Tor Browser Starter safest setting fails
Setting tb_security_slider_safest=true (either by selecting Yes in the Tor Browser Starter screen or by creating a line in /etc/torbrowser.d/50_user.conf) does not result in the expected behavior. Expected Behavior: - Shield icon is fully colored - Security Level is set to Safest in about:preferences#privacy - JavaScript is disabled by default on ALL sites Actual Behavior: - Shield icon is fully colored - Security Level is set to Safest in about:preferences#privacy - JavaScript is ALLOWED on selected sites. To view these sites click on the NoScript Preferences button in the about:addons page and then select the Per-Site Permissions tab. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YhL10GmrV7yk0L2xjHpqblDZ8yRK2dMGORVtHSpv4GdicmT9kfLoUtMvy8eXlPMRNRUrtCIm8ckxrJMuNrLcCamWqdOHHoyLf9yDL8F7WAg%3D%40protonmail.ch.