Why do you consider it to be so? To quote Tor Project's Mike Perry:
The reason we feel that leaving Javascript enabled trumps these concerns
is:
1. We want enough people to actually use Tor Browser such that it
becomes less interesting that you're a Tor user. We have plenty of
academic research and mathematical proofs that tell us quite clearly
that the more people use Tor, the better the privacy, anonymity, and
traffic analysis resistance properties will become.
In fact, my personal goal is to grab the entire "Do Not Track" userbase
from Mozilla. That userbase is probably well in excess of 12.5 million
people:
http://www.techworld.com.au/article/400248/
I do not believe we can capture that userbase if we ship a
JS-disabled-by-default browser.
2. Exploitable vulnerabilities can be anywhere in the browser, not just
in the JS interpreter. We disable and/or click-to-play the known major
vectors, but the best solutions here are providing bug bounties (Mozilla
does this; we should too, if we had any money) and sandboxing systems
(Seatbelt, AppArmor, SELinux).
I won't address all your points because I'm phone posting, sorry.
It seems to me that there are two ideal consumers of the tor product; the people who need to use it because they are at risk of being identified in meatspace (needsecurity), and the people that are required to mask the first (providesecurity).
The needsecurity group should not have js enabled because it has been shown to be insecure (correct me if I'm wrong).
I would be happy if there was a big, red, fullscreen, flashing dialogue when tor browser was started asking the user which they were.
I would/will be happier if/when major browsers transition to 'tor as normal' status and everyone is in the providessecurity group.
Would you consider putting up an email in your profile (even anonymized), or emailing me (my email is in my profile). I am interested in talking with you about Tor security research, and it seems you are an affiliated dev.
Why do you consider it to be so? To quote Tor Project's Mike Perry:
The reason we feel that leaving Javascript enabled trumps these concerns is:
1. We want enough people to actually use Tor Browser such that it becomes less interesting that you're a Tor user. We have plenty of academic research and mathematical proofs that tell us quite clearly that the more people use Tor, the better the privacy, anonymity, and traffic analysis resistance properties will become.
In fact, my personal goal is to grab the entire "Do Not Track" userbase from Mozilla. That userbase is probably well in excess of 12.5 million people: http://www.techworld.com.au/article/400248/
I do not believe we can capture that userbase if we ship a JS-disabled-by-default browser.
2. Exploitable vulnerabilities can be anywhere in the browser, not just in the JS interpreter. We disable and/or click-to-play the known major vectors, but the best solutions here are providing bug bounties (Mozilla does this; we should too, if we had any money) and sandboxing systems (Seatbelt, AppArmor, SELinux).
https://lists.torproject.org/pipermail/tor-talk/2012-May/024...