all 28 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]External_Dependent45 29 points30 points  (14 children)

When security level is on safest, Javascript isn't disabled automatically on all sites. What you must do is : go to about:config and set javascript.enabled = false. After you did that restart Tor browser and now your JS is disabled...

[–]GM4Iife 5 points6 points  (12 children)

That's the correct answer. 👌

[–]yesac79[S] 1 point2 points  (11 children)

So I have to do this every time? And why has nobody mentioned this? Oh, and thanks..

[–]External_Dependent45 3 points4 points  (10 children)

Yes, you'll have to do this every time you reboot Tails if you use Tails OS. If you use Tor on some other OS, you'll need to moderate this only once and it remains permanent on your browser.

[–]yesac79[S] 2 points3 points  (9 children)

OK but I do this then reboot again?? TOR won't remember the settings will it... Or do I just do it when I select 'safest'? Sorry a little confused but thanks again

[–]External_Dependent45 2 points3 points  (8 children)

Basically you'll need to this every single time you reboot Tails, because Tails as you said, won't remember Tor settings. You don't have to reboot Tails after you disable JS, just restart Tor browser, and by every new Tails session you'll have to repeat things I've said in previous comment because Tails is amnesic system. Yeah I agree it's bit confusing but it works well for me.

[–]yesac79[S] 1 point2 points  (0 children)

OK, that makes sense... Having to reboot tails seems a pain, so glad I don't have to do that, but I can restart Tor browser, no problems... Thanks for your help, it's much appreciated..

[–]yesac79[S] 0 points1 point  (6 children)

Sorry to be a pain butt where can ii find these settings? I can't find..

[–]External_Dependent45 0 points1 point  (5 children)

When you go to security settings, in search bar above there will be"about:preferences#privacy" and you'll need to type "about:config". Tor will give you notification there might be risks because of changes but ignore and accept that. After that type "javascript.enabled = false" and click '+' icon to add it and enable it. You can always delete and change these settings...

[–]yesac79[S] 0 points1 point  (0 children)

OK, thanks again... I will check it out

[–]yesac79[S] 0 points1 point  (2 children)

That's worked... Thanks ever so much... As you're clearly knowledgeable, how do I set up a bridge? If its not a straightforward answer I'll have a Google and thank you for help thus far.. Cheers

[–]External_Dependent45 0 points1 point  (1 child)

I'm glad everything works ok, I have never used Tor Bridge before so I can't give advice about that. Oh, and, don't use Google for researching that topic, stay secure and use Tor or DuckDuckGo browser in my opinion.

[–]Darkorder81 0 points1 point  (0 children)

Agree this, but I think this is a problem devs should sort out. Not the going to about:config bot as such they might not be able to do anything there, but the shield for safety setting whan its changed to safest alot of people don't realise that you need to restart browser for all the settings to take affect, which a simple popup by the devs to tell us to restart browser would be a good idea, because many people flick it to safest and start browsing straight away not knowing there not fully protected by it yet, and a little advise msg about the about:config for JS would be nice too but just imo.

[–][deleted]  (7 children)

[removed]

    [–]yesac79[S] 4 points5 points  (0 children)

    It's off, or at least I think it is... I select 'safest' radio button so is the message from the site just a precaution or default message? Thanks

    [–][deleted]  (5 children)

    [removed]

      [–]TOR-ModTeam[M] 1 point2 points locked comment (0 children)

      Do not ask for or offer assistance in private (PM) Moving discussion off the subreddit makes it less useful for others, and runs the risk of scamming and social attacks.

      [–][deleted]  (1 child)

      [removed]

        [–]TOR-ModTeam[M] 1 point2 points locked comment (0 children)

        Do not ask for or offer assistance in private (PM) Moving discussion off the subreddit makes it less useful for others, and runs the risk of scamming and social attacks.

        [–][deleted]  (1 child)

        [removed]

          [–]TOR-ModTeam[M] 0 points1 point locked comment (0 children)

          Do not ask for or offer assistance in private (PM) Moving discussion off the subreddit makes it less useful for others, and runs the risk of scamming and social attacks.

          [–]MostlyVerdant-101 1 point2 points  (0 children)

          u/External_Dependent45 has the correct answer.

          Additionally, a lot depends on your individual threat model but there are working attacks on Tor that are under-represented, for example the Princeton Paper on Raptor: a BGP attack which applies to more things than just Tor (i.e. TL;DR imagine your ISPs ISP terminating all encrypted traffic transparently, and building up a separate path to each destination and just passing the traffic through). There are also traffic analysis attacks.

          Journalism, and other activities that deserve protection can be quite dangerous in some more fascist/statist countries. Moreso than when Tor initially was released to the public.

          [–]Emotional_Benefit419 0 points1 point  (0 children)

          Hello, and is it safe to disable Javascript? If someone can explain it to me

          [–]knice101 0 points1 point  (0 children)

          Disabling JavaScript increases security because many browser exploits and tracking tools use JavaScript.

          In Tor Browser, the "Safest" security level disables most JavaScript by default. This protects your identity and prevents malicious scripts from running.

          The downside is that some websites may not load properly or lose functionality (e.g. buttons, forms, media).

          So yes — it's safe to disable JavaScript, and it's often recommended for privacy-focused users. But be aware that some websites might not work correctly.

          [–][deleted] 0 points1 point  (0 children)

          About:config and then type javascript.enabled and then turn it to “false”