From whonix-devel Thu Sep 19 08:27:00 2019 From: Patrick Schleizer Date: Thu, 19 Sep 2019 08:27:00 +0000 To: whonix-devel Subject: Re: [Whonix-devel] [qubes-users] Whonix Tor Browser Starter safest setting fails Message-Id: <0104280d-a6d9-68e0-16fb-0fe080789c76 () whonix ! org> X-MARC-Message: https://marc.info/?l=whonix-devel&m=156888171319818 'b17b7bdb' via qubes-users: > - JavaScript is ALLOWED on selected sites. > To view these sites click on the NoScript Preferences button in the about:addons page and then select the Per-Site Permissions tab. Whonix source code doesn't write literally googlevideo, netflix, outlook, etc. anywhere. It does not do anything to give special treatment to any websites. By policy, for simplicity, clean implementation and whatnot, the "inside" of Tor Browser isn't modified by Whonix. This is elaborated here: https://www.whonix.org/wiki/FAQ#Does_Whonix_Change_Default_Tor_Browser_Settings.3F Tor Browser upstream issue. Bug report written just now. wipe all mentions of netflix, paypal, youtube, ... from noscript in Tor Browser https://trac.torproject.org/projects/tor/ticket/31798 See also: https://www.helpnetsecurity.com/2015/07/01/researchers-point-out-the-holes-in-noscripts-default-whitelist/ https://thehackerblog.com/the-noscript-misnomer-why-should-i-trust-vjs-zendcdn-net/ >From noscript FAQ: Q: What websites are in the default whitelist and https://noscript.net/faq#qa1_5 Q: What is a trusted site? https://noscript.net/faq#qa1_11 Whonix forum discussion: https://forums.whonix.org/t/noscript-with-security-slider-at-safest-permits-around-30-sites/8160 Cheers, Patrick _______________________________________________ You are receiving this e-mail because you subscribed Whonix-devel mailing list. To unsubscribe visit https://www.whonix.org/cgi-bin/mailman/listinfo/whonix-devel or mail "unsubscribe" to Whonix-devel-unsubscribe@whonix.org. Sie erhalten diese E-Mail, weil Sie die Whonix-devel Mailingliste aboniert haben. Zum abbestellen besuchen Sie https://www.whonix.org/cgi-bin/mailman/listinfo/whonix-devel oder mailen Sie "unsubscribe" an Whonix-devel-unsubscribe@whonix.org.