Delivery-Date: Sun, 27 Jul 2014 09:00:51 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DATE_IN_PAST_12_24,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id B18FB1E0A33
	for <archiver@seul.org>; Sun, 27 Jul 2014 09:00:49 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 11B7A2D154;
	Sun, 27 Jul 2014 11:41:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 815432DCCE
 for <tor-talk@lists.torproject.org>; Sun, 27 Jul 2014 11:34:57 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id rHnKFjxduDRx for <tor-talk@lists.torproject.org>;
 Sun, 27 Jul 2014 11:34:57 +0000 (UTC)
X-Greylist: delayed 48592 seconds by postgrey-1.34 at eugeni;
 Sun, 27 Jul 2014 11:34:57 UTC
Received: from tamar.safe-mail.net (tamar.safe-mail.net [212.29.227.229])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 2C63F2BA18
 for <tor-talk@lists.torproject.org>; Sun, 27 Jul 2014 11:34:57 +0000 (UTC)
Received: by tamar.safe-mail.net with Safe-mail (Exim 4.66)
 (envelope-from <faether@Safe-mail.net>) id 1XBA5E-0002pN-L2
 for tor-talk@lists.torproject.org; Sat, 26 Jul 2014 18:04:52 -0400
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=N1-0105; d=Safe-mail.net;
 b=S/Uvk3L9aOKOYAaWNQ4bZcwsJe8Ve8e+u0gXQRE1XFyTyFWaVUyGqXdHuCO6hXH4
 3YO2CAesVH5Cnbc0ym3McB2OC6G6TkBAKmOSoLkNVu2xln8SqO4ox5bGV7xRRK2j
 qd7Ohi/oATt6/qI7S2f6GCw01VsuKALxf0IaYjCcLOY=;
Received: from pc ([176.10.100.226]) by Safe-mail.net with https
Date: Sat, 26 Jul 2014 18:04:52 -0400
From: faether <faether@Safe-mail.net>
To: tor-talk@lists.torproject.org
X-SMType: Regular
X-SMRef: N1B-EH_un4obpe
Message-Id: <N1B-EH_un4obpe@Safe-mail.net>
MIME-Version: 1.0
X-SMSignature: GmuT/F34b5u9VsqdMSj9Y0ekVuiktkm65PwMEgBkWD4ZvP3w736/2xmCDh9xq8sM
 ZAnrj0X5DNqGQe/wnmyz/+95s/68ENqLOXK3QlobAhge244GyBeFrDEyT688Ma3a
 MeJgk3GuFWIoA6+WmFLcTyGSowan2HB/bQSHTlSOQtU=
Subject: Re: [tor-talk] User views on lesser of 2 evils_Tor FAQ on using
	java script
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Joe Btfsplk wrote:

> you're effectively forced into either
> * disabling js completely

Few people do that, so it may in principle shrink your anonymity set
more than JS-enabled fingerprinting does.

> Seems we must make a choice:  Whether more concerned about "some"
> sites detecting JS is DISabled, while others detect it's ENabled (&
> presumably, these sites are jointly owned, or all share info or 3rd
> party trackers are advanced enough to ID even a "stock" Torbrowser,
> from one site to another).

Exit nodes also have a broad perspective.

> There are a good many advanced users not in favor of having JS enabled
> by default in TBB. Unless they *only* visit JS free sites, they're
> forced to selectively enable it, unless don't care about broken sites.

A safe workflow for occasionally enabling (or disabling) JS:

Click the onion button's New Identity
Enable JS globally
Go to whatever sites you want to browse
New Identity again
Disable JS globally

> But, enabling JS allows sites (that try) to get FAR more browser /
> system info than if it's disabled.

But keep in mind that lots of things can be detected even without JS.

There is e.g. a simple way to get and transmit the inner window size in
pure CSS.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

