[Whonix-devel] [qubes-users] whonix-15 TB in dvm on Safest has whitelisted sites in NoScript by default

Thu Sep 19 17:50:00 CEST 2019

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Patrick Schleizer:
> Whonix source code doesn't write literally googlevideo, netflix, 
> outlook, etc. anywhere. It does not do anything to give special 
> treatment to any websites.
> 
> By policy, for simplicity, clean implementation and whatnot, the 
> "inside" of Tor Browser isn't modified by Whonix. This is
> elaborated here:
> 
> https://www.whonix.org/wiki/FAQ#Does_Whonix_Change_Default_Tor_Browser
_Settings.3F
>
>  Tor Browser upstream issue. Bug report written just now.
> 
> wipe all mentions of netflix, paypal, youtube, ... from noscript in
> Tor Browser
> 
> https://trac.torproject.org/projects/tor/ticket/31798
> 
> See also:
> 
> https://www.helpnetsecurity.com/2015/07/01/researchers-point-out-the-h
oles-in-noscripts-default-whitelist/
>
>  
> https://thehackerblog.com/the-noscript-misnomer-why-should-i-trust-vjs
- -zendcdn-net/
>
> 
>> From noscript FAQ:
> 
> Q: What websites are in the default whitelist and
> 
> https://noscript.net/faq#qa1_5
> 
> Q: What is a trusted site?
> 
> https://noscript.net/faq#qa1_11
> 
> Whonix forum discussion:
> 
> https://forums.whonix.org/t/noscript-with-security-slider-at-safest-pe
rmits-around-30-sites/8160
>
>  Cheers, Patrick
> 

Hello Patrick, thank you for the reaction.

Just shortly: Tails fresh install 3.16 or 4.0-beta TB don't have this
issue. Even it starts on "Standard" by default of course. Fresh
install of TBB on win7 doesn't have the issue. It seems to be
qubes-whonix (dont know how is ti in non-qubes-whonix) specific for
some reason.

I believe that if one sets the security setting to "Safest", she for
sure didn't meant to be tracked by entities like google, youtube,
microsoft, yahoo, paypal and others - the worst surveillance
capitalists on this planet.

Interesting is that the issue with the whitelist can be easily
"solved" just by clicking on the Standard security setting and than
again back to the Safest -> no "Trusted" websites anymore, zero. Can
you please check deeper on this issue? Thank you!

Weird ^^

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl2Do7VfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uyy+hAAgDc4f/iwLGoTfQKaAX8xcpiaKWEd+p032laJ8rKdSIB6Kd5JG3bBYSGh
iHY5MeAZene44f3DyloDcny6Kv6ibw31/877sIVNDWKIQQQi/rtfkVT+nyp1Bb+5
32xrh+u+MhTIKbBjYCjyy+E5F1fVWK1Q3+dBApLHWsJxseeAON1lL41dH63fP4zX
ApSoOmvJM3fiLZGgPYA2zr/W4VzSTmWag5pp27X4r2rMPpoonZghFv5B+IjixhHX
tTntE+cfxTXqkoNwLY/upsJeXLoFgWr4ss7FQ3OfDE7X743fbu2Y3j857rPSPs00
V2eArJjxh5a2pwmrZcFzW+KN30CHIAXRplIt5/k2Nfa+UcHfkPlZOsZlGXBtVba2
AofLm/OlGjqupgFMpIwDcwP+zHEIGrN/HTyr61GAozInK4A1YU7+Q0Jz+b0fJl8j
927uxdZVFE9JZXpF8YmO7pMrTcAwfo7fqV9/tfjEkvm6EtvlNdt5FLPRGLF4QGMI
tH7ovKxRedvdHRLp+81CqLjxn8R5zkdnoZzNMOfWN/Q5NtETNOLxWiRPKt6iLg4l
qW07ICAkQYJaVDTVKfH49CrKRWZF88f+I2s+/6AVUivvuPAM/n8p64ABsGyS5e+h
QgRIhBZbIvu+6kGxSWQkftKTwTuQHn24JFPM2jIQgaO1g9stTwg=
=Vqtn
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xC1F4E83AF470A4ED.asc
Type: application/pgp-keys
Size: 5507 bytes
Desc: not available
URL: <http://www.whonix.org/pipermail/whonix-devel/attachments/20190919/40521483/attachment.key>