While using Tor 14.07, on Linux, I could not proceed on a web site because noscript icon appeared. Why is a user not allowed to disable noscript ?
You are allowed to do this:
Hamburger Menu → Add-ons and themes → Extensions → Three dots on NoScript extension → Manage → Toolbar button → Show
Now you can access noscript settings via the toolbar icon.
1 Like
Why is a user not allowed to disable noscript ?
From your screenshot I see you’re running in “Safer” mode. If you click the shield and choose “Standard” it’s possible NoScript will take more of a backseat. But it also leaves your browser in a much more vulnerable position.
JavaScript is about as dangerous as email these days. JavaScript can do far more than it actually needs to. Lots of JavaScripts exist solely to track you and constantly send data from your computer to various computers on the Internet.
How long have you been on the page? Where is your pointer on the page? What part of the page are you looking at? Can we get control of your microphone? Can we peer through your camera? Can I grab your contact information by using a hidden form on the page? Can I download a trojan without you knowing? Can I do sophisticated things in an effort to uniquely identify your: browser, computer, name, address, etcetera.
JavaScripts are in effect programs run within your browser. The browser has bugs, the JS interpreter (I’m sure) has bugs, and JavaScripts themselves can have bugs.
So I guess you don’t like my stock advice to always browse with JS off. 
My next piece of advice is to customize your toolbar by putting the NoScript icon in it, then you can easily choose which scripts to run and which should not run.
Right click in the toolbar and choose “Customize Toolbar…”, hopefully the next steps are intuitive for you.
Personally I recommend browsing at the “Safest” level as much as possible. But on some sites, like this forum, without JS, the site is fundamentally hobbled and near useless.
But if you put the NoScript icon in your toolbar, with some fairly easy clicking, you can browse this forum without connecting to Google. And that strategy applies to all sites.
3 Likes
Probably because scripting can reveal your real IP address which would defeat the purpose of Tor Browser. Use a normal browser to access these resources.
1 Like
Try about:config
Then make extensions.hideNoScript false
Remember: I never said this.
And assume the consequences if any.
Doesn’t PBS require Passport
1 Like
WRONG!!!
The Signal app is already being disparaged over what seems to be bad advice or something else.
Don’t get me wrong, I have some major issues with Tor Browser, but:
- diverting people away from taking advantage of onion routing is wrong,
- telling people to disable NoScript and blithely accept all JavaScripts is definitely NOT something I advise, and I am sure most people in the Tor Project agree, whether or not you’re using their version of Firefox.
1 Like
Seems you only read/saw what you wanted to read/see.
I ended with:
Key phrase was assume the consequence
Like you are allow or can swipe a razor blade across your hand (because the option is there) And assume the consequences if any
1 Like
I don’t think hide is the same as disable
2 Likes
My concern is that I should be able to at least disable noscript from the Tor browser itself in the event it incorrectly believes a site is not valid.
1 Like
That relies on the extension itself disabling itself instead of the Tor browser disabling.
1 Like
My concern is that I should be able to at least disable noscript from the Tor browser itself in the event it incorrectly believes a site is not valid.
Neither Tor Browser nor NoScript make validity claims about websites.
Maybe you mean a TLS (encryption) certificate being used by a site? Or a site without a certificate? Or a self-signed cert?
When Tor Browser finds a problem with a website, it doesn’t load the page, thus NoScript isn’t run.
1 Like
Key phrase was assume the consequences
You probably mean “accept the consequences.”
Opting in to everything JS can do is patently unsafe. Loading every JavaScript a webpage links to is darn near crazy.
But Tor Browser lets you do this, I noted it above. Change from Safer to Standard.
- Click the shield to the right of the address bar.
- Click “Settings…”
- Under “Security Level” click “Standard.”
- Close the “Settings” tab.
- Done.
NoScript will no longer require “click to play” for media.
Most people have no idea what “the consequences” are. Even JS programmers aren’t about to audit all the scripts on a page. And it gets even worse with web assembly.
1 Like
I really meant assume. So I wondered if I got the meaning wrong and visited Merriam-Webster. We are both right.
According to them:
transitive verb
1 (a) : to take to or upon oneself
assume responsibility
Then I looked at a synonym for assume
1 as : in to accept
to take to or upon oneself
1 Like