NoScript Per Site Permissions- question about reset on restart

When using NoScript on Tor Browser for Mac is it possible to have private windows (shift-command-P) use the default settings to avoid fingerprinting, and non-private windows (command-N) use a custom set of per site permissions that don’t reset each time the browser is restarted?

I’d like to be able to block adverts, bandwidth leeches, that kind of thing when browsing in non-private windows, and retain these preferences when the browser is restarted.

But it seems that you can only choose to have per site permissions reset to default every restart, or retain them, thus risking fingerprinting.

If it isn’t possible, what would be the recommended workaround?

• For example, keep NoScript default in Tor Browser, and install NoScript extension in Firefox brwser with custom per site permissions that do not get reset?
• Or import and export bespoke settings that block the adverts, remembering to uncheck ‘Override Tor Browser’s Security Level preset’ under the Advanced tab in NoScript settings before quitting?
• Or install uBlock Origin in Tor Browser and turn that on manually for non-private windows.

Or is there a way to create different Tor Browser user profiles, and have one for private and another for non-private?

I am open to all suggestions. Thanks.

@ma1 perhaps you can help answer this?

This old thread seems to suggest non-private windows should save per site preferences, but it may be old news https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27175

We do not support starting Tor Browser in non Private Browsing Mode

NoScript settings are tied to the Security Level and any customization is reset on browser restart.

If you want them to persist, NoScript Options>Advanced>Override Tor Browser’s Security Level preset.

Thanks for your reply, @thorin

Can I ask who you are referring to when you say we? The Tor Browser or NoScript developers or this forum, or a combination? I’m only asking because the browser does have the option to open non-private windows, which suggested it is supported by Tor Browser. Am I right in saying Private Browsing Only is not enabled by default?

I’m aware of the override setting, the main question is if it’s possible to utilise full private mode with default for general use (with the standard vanilla NoScript ‘bucket’ settings to prevent fingerprinting), and also (on certain occasions at my own risk) make of NoScript’s customisation features and maintain the custom settings instead of having them wiped never to be retrieved each time I switch back to private browsing mode.

I’m happy to restart the browser between, instant switching isn’t important. Also I’m happy to only use private windows if there is a way to temporarily override the preset (with my own custom set of per site permissions that can be retained), I just thought perhaps different NoScript criteria might be applied for non-private windows.

If it’s one or the other (which seems like a pity because the functionality is there) then I’m looking for the best workaround. Using Firefox with NoScript is one option, but the downside being the lack of the Tor relay connection. Creating another user account on my Mac is another but that seems like overkill. Installing uBlock Origin is another option, but I from what I gather any extra installed extension would compromise the recommended full Private Browsing mode, even if the uBlock extension is not turned on in the pull down interface panel. Please feel free to correct any incorrect assumptions.

I’m guessing that the best compromise would be to keep everything set to recommended Private Browsing, and when I need my bespoke Per-site Permissions I temporarily override the security level preset in NoScript, and import/export by bespoke settings, so I don’t lose them when I uncheck the override setting. So the question then is, would doing this compromise browsing security when switched back to full ‘bucket’ Private Browsing and restarted?

Hope that’s more clear!

because the browser does have the option to open non-private windows, which suggested it is supported by Tor Browser

Fair point. I forgot the history section is still visible. IMO it shouldn’t be there - there’s a lot of the UI that needs attention. We do not test normal mode, rarely take it into account, and it would break touching the disk (web site data) and sanitizing. It is definitely NOT recommended or promoted in any way by us (I am knee deep in the apps team, a core contributor - but not a TPO employee).

I’ll let @morgan (apps team lead) explain the years long lack of attention to the settings UI, the UX team being swamped, and mixed messaging. Goodness knows I’ve tried over the years, but you know … resources.

As both a Tor Browser and NoScript developer, I fully endorse @thorin’s explanation, and I do acknowledge there’s a lot of room for better communicating and setting expectations about our tools.

@thermosflask So the UI question is a good one and the current reality of Tor Browser having a number of options in about:preferences which aren’t officially supported is basically due to years of conflicting constraints and limitation on capacity.

In general, we tend to be fairly slow to modify the built-in about:preferences UI in Firefox. This is out of a few conflicting realities:

• We want Tor Browser to be as private and secure as a browser can possibly be
• We don’t have any telemetry in Tor Browser, so we don’t have an easy way to know which of these feature are being used by our users
• We don’t want to force changes onto users which break their workflows, unless it’s for a solid privacy or security reason.
• We have historically had quite limited UX and developer capacity
• Mozilla’s UX and developer capacity is massive compared to Tor Project’s

All of this combined leads to the reality of a lot of functionality in the browser that exists which (if we were starting from scratch) we would not want.

Mozilla generally churns out changes faster than we can evaluate and audit them. Every summer we evaluate a year’s worth of Mozilla changes and prioritise auditing and modifying or disabling changes which may affect our users. Some of the resolutions are quite obvious (e.g. disabling telemetry) while others less so (e.g. in-browser web-content translation). And, every summer we inevitably end up with some set of Mozilla features or changes we aren’t sure about, so we disable to audit later (search in our gitlab for ‘audit’, we’ve a big backlog). One annoyance that we often run into and have to work around or somehow deal with is browser features which improve accessibility or general usability which necessarily reduce the privacy of the browser when enabled.

Over the past several years, we have been prioritising making the ‘Tor’ part of Tor Browser easier to use and seem like a pleasant, cohesive experience. It was not so long ago that Tor Browser was a somewhat difficult to use, cobbled-together collection of xul extensions. And that’s not shade on past development efforts, we were starting from nothing and that approach was the easiest way to add Tor functionality to Firefox. But time has progressed, our tech has improved and we have invested a lot in both usability and developer sustainability. Nearly all of the special sauce which makes Tor Browser as good as it is now is part of our fork of Firefox itself (i.e. torbutton, tor-launcher, https-everywhere, etc). The only exception here is NoScript. Of course, as we add and improve new Tor Browser-specific features (e.g. tor integration, fingerprinting protections, censorship-circumvention, etc), it takes more effort to migrate between the major Firefox ESR’s since there is more Tor Browser-specific code to update and test.

Historically, we have never consistently had more than two UX designers available for the entire Tor Project organisation (i.e. for all Tor Project products+websites, not just Tor Browser and Tor Browser for Android). So, even if we had developer capacity to implement all of the required changes, we also have a bottleneck on the amount of UX feedback and designs we realistically have available to us to implement in a release cycle.

All of this combined basically leads us to the situation we have now where prefs which are borderline, or which informed users may have a reason to use get left in about:preferences. Basically they aren’t judged to be important enough to spend effort on in comparison to all of the other work which definitely does matter, so they are ignored or an issue is created in gitlab to ‘fix this when we have time’.

Thanks again @thorin that makes sense now.

After a bit more reading it’s clear Tor Browser is either all in, or not, and any straying from all in raises the risk of fingerprinting or worse the browser being ‘infected’. And I now see the default setting is Private Browsing Mode only.

So I’ll keep Tor Browser as is (including NoScript), set to safest security, or safer for trusted sites if functionality suffers.

Mullvad’s browser looks like a good choice if I want to build custom NoScript settings to control/block specific connections, with VPN if I want to hide my IP. I’m also going to look into something else I saw mentioned, the possibility of Mullvad browser, or Firefox, set to connect over the Tor relay/network.

I appreciate this must be a labour of love for you all and that implimenting changes is never a simple operation or even possible, so I’ll keep my suggestions to a minimum. The first thing that comes to mind is having one button (along the lines of New Identity) that instantly flattens all preferences back to fresh install state. Unless New Identity already does that?

And following your advice and reading up a bit I’d go further than lose the History options, ditch the lot and just keep the three safety buttons, with an Advanced button (followed by a warning) to unlock any other options!

Thanks also to @ma1

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.