Delivery-Date: Thu, 07 May 2015 08:42:45 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,FROM_LOCAL_NOVOWEL,HK_RANDOM_FROM,RCVD_IN_DNSWL_MED,
	T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 9FF0B1E0510
	for <archiver@seul.org>; Thu,  7 May 2015 08:42:43 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 6FF6735232;
	Thu,  7 May 2015 12:42:39 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 38676351B5
 for <tor-talk@lists.torproject.org>; Thu,  7 May 2015 12:42:36 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id VdxfTAstKAVz for <tor-talk@lists.torproject.org>;
 Thu,  7 May 2015 12:42:36 +0000 (UTC)
Received: from mail-pd0-x232.google.com (mail-pd0-x232.google.com
 [IPv6:2607:f8b0:400e:c02::232])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 06AE934EDB
 for <tor-talk@lists.torproject.org>; Thu,  7 May 2015 12:42:36 +0000 (UTC)
Received: by pdbnk13 with SMTP id nk13so40518399pdb.0
 for <tor-talk@lists.torproject.org>; Thu, 07 May 2015 05:42:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=sH0YtmwSrkjzd9XTmnVbqsnsAagfoX2Ew7/kaC49g+c=;
 b=Q43g4PzY6+1fgobplnmNuBTTPPFX8Jib3Cy1gJaj3rrahweUIwU9uy8+V+eg6TGa7n
 67ujvbIQ7K2C3vn66Dec9lbv4wK9sDthLyMwNELRw6pM+E3nsgZc2KZr0H8XFUh8rO6n
 CsOtcAdkNkb1rHZlrml7Qya3FZvvd98AHn+qV5/8Fyv0woA/2V27HBQbbjhcwExFCiHo
 SDg6xVK0An8nwt2f6bEzuN9nv5VVX86HGYaY/+901x8/olbGi5dSh10ABjLVG38QGbDg
 hnXRRVmUK4auRp9EH0BWaztLDeV7BEbsc6tzbW87Ay+vfYqKMZdykGYRwrGa94ZfyD+k
 z4gQ==
MIME-Version: 1.0
X-Received: by 10.68.69.105 with SMTP id d9mr6585412pbu.144.1431002553340;
 Thu, 07 May 2015 05:42:33 -0700 (PDT)
Received: by 10.70.82.68 with HTTP; Thu, 7 May 2015 05:42:33 -0700 (PDT)
Received: by 10.70.82.68 with HTTP; Thu, 7 May 2015 05:42:33 -0700 (PDT)
In-Reply-To: <CAO3ZnMdFRgZmfO=7n=Db9kqKW4h-adV=CSXRdZ0TVPWL30EjCQ@mail.gmail.com>
References: <JodvTO5----0@tutanota.de>
 <CAO3ZnMcO_Hc1DUCM98z6x7RU2cN4XMuAeKc8pjOgfJ+pd_5=gA@mail.gmail.com>
 <CAO3ZnMdFRgZmfO=7n=Db9kqKW4h-adV=CSXRdZ0TVPWL30EjCQ@mail.gmail.com>
Date: Thu, 7 May 2015 05:42:33 -0700
Message-ID: <CAAgxajEbvDV7Y1C+xj21ya1VWh0ZR3ChtbG2vMx28TD1SUOkCg@mail.gmail.com>
From: Apple Apple <djjdjdjdjdjdjd32@gmail.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] allowing javascripts and using bookmarks
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

There are two issues I can think of from the top of my head.

JavaScript can be used to glean additional, potentially unique, information
about your system. This information can be used to identify you on
subsequent visits, just like a cookie. If you are logging into these
websites then they already know that you are you anyway.

However there could be an issue if these websites share this identifiable
information with a third party who can then recognise you when you visit
his site. This could be particularly bad if personally identifiable
information such as your name is connected to one of these sites.

I expect Tor browser tries to do something to limit the information
available to JavaScript but you should verify that for yourself.

Another issue with JavaScript is that it can be used to try and exploit
security vulnerabilities in your web browser and (if successful) run
malicious code on your computer.

I don't think it is the end of the world if you decide to enable
JavaScript, especially if it is just for a handful of services you really
need.

I hope this information if helpful for you to understand the risks a little
better.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

