Joe Btfsplk wrote: > you're effectively forced into either > * disabling js completely
Few people do that, so it may in principle shrink your anonymity set more than JS-enabled fingerprinting does. > Seems we must make a choice: Whether more concerned about "some" > sites detecting JS is DISabled, while others detect it's ENabled (& > presumably, these sites are jointly owned, or all share info or 3rd > party trackers are advanced enough to ID even a "stock" Torbrowser, > from one site to another). Exit nodes also have a broad perspective. > There are a good many advanced users not in favor of having JS enabled > by default in TBB. Unless they *only* visit JS free sites, they're > forced to selectively enable it, unless don't care about broken sites. A safe workflow for occasionally enabling (or disabling) JS: Click the onion button's New Identity Enable JS globally Go to whatever sites you want to browse New Identity again Disable JS globally > But, enabling JS allows sites (that try) to get FAR more browser / > system info than if it's disabled. But keep in mind that lots of things can be detected even without JS. There is e.g. a simple way to get and transmit the inner window size in pure CSS. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
