Javascript warning (Read before posting about it) : Dread | Torhoo darknet markets

[removed]

Big thank you for posting this with all the details.

A related question that often comes up is "How do I make this change persistent?". There's a great answer on this here: /post/a87659324a5288ab2618/#c-8ef3c742d48235f4d0 (all credits go to /u/Thotbot).

i bookmarked about:config and its the first page i open so i can toggle java off.

its become habit, i recommend this habit.

There is a way to configure your TAILS OS to always start with these parameters;
Harden TAILS OS;
#!/bin/bash
if [ $(id -u) -ne 0 ]; then
echo "Need to be admin..."
exec sudo $0
fi

echo "Setting up browser prefs..."
cat - <<'EOB' > /etc/tor-browser/locale-profiles/en-US.js
user_pref("spellchecker.dictionary", "en_US");
user_pref("browser.startup.homepage", "about:blank");
user_pref ("webgl.disabled", True);
user_pref ("xpinstall.signatures.required", false);
user_pref ("security.nocertdb", false);
user_pref("javascript.enabled", false);
user_pref("extensions.torbutton.security_slider", 1);
user_pref("media.autoplay.enabled", false);
user_pref("media.encoder.webm.enabled", false);
user_pref("media.ffmpeg.enabled", false);
user_pref("media.ffvpx.enabled", false);
user_pref("media.flac.enabled", false);
user_pref("media.getusermedia.audiocapture.enabled", false);
user_pref("media.getusermedia.screensharing.enabled", false);
user_pref("media.hardware-video-decoding.enabled", false);
user_pref("media.mediasource.enabled", false);
user_pref("media.mediasource.mp4.enabled", false);
user_pref("media.mediasource.webm.enabled", false);
user_pref("media.mediasource.webm.audio.enabled", false);
user_pref("media.mp4.enabled", false);
user_pref("media.ogg.enabled", false);
user_pref("media.ogg.flac.enabled", false);
user_pref("media.omt_data_delivery.enabled", false);
user_pref("media.ondevicechange.enabled", false);
user_pref("media.opus.enabled", false);
user_pref("media.peerconnection.enabled", false);
user_pref("media.play-stand-alone", false);
user_pref("media.wave.enabled", false);
user_pref("media.webaudio.enabled", false);
user_pref("media.webm.enabled", false);
user_pref("media.webvtt.pseudo.enabled", false);
user_pref("media.webvtt.regions.enabled", false);
user_pref("svg.disabled", true);
user_pref("mathml.disabled", true);
user_pref("dom.network.enabled", false);
user_pref("javascript.options.ion", false);
user_pref("javascript.options.baselinejit", false);
user_pref("javascript.options.native_regexp", false);
user_pref("gfx.font_rendering.opentype_svg.enabled", false);
user_pref ("network.http.sendRefererHeader", 0);
user_pref ("browser.urlbar.filter.javascript", false);
user_pref ("javascript.enabled", false);
user_pref ("noscript.forbidImpliesUntrust", True);
user_pref ("noscript.global", True);
EOB
echo ExcludeExitNodes "{us}","{uk}","{gb}","{de}","{au}","{il}","{jp}","{sg}","{nl}","{nz}","{ca}","{fr}","{es}","{se}","{ch}","{ir}","{lu}","{be}","{it}","{mx}","{dk}","{no}","{hk}","{kr}","{kp}","{tw}","{th}","{ua}","{tr}","{??}","{pt}","{ie}","{ru}","{ro}",
sudo tee -a /etc/tor/torrcecho StrictNodes 0
sudo tee -a /etc/tor/torrc
sudo systemctl restart tor
sudo rm -i /etc/sudoers.d/tails-greeter!
echo "Done"!

I apolagize for making one of these posts.

Tor makes you browse the dark web anonymously, stii some default configuration can pose a risk and leave you exposed.

Here you can find some ways to make it more secure:

Go to Tools / Options / Privacy & Security
or enter about:preferences#privacy in the URL bar of TOR.

Suggested settings:

Prioritize .onion sites when known: Always.

Delete cookies and site data when Tor Browser is closed.

History:
Use custom settings for history.
Always use private browsing mode

Warn you when websites try to install add-ons Prevent accessibiliy services from accessing your browser
Most importantly, set Security Level to Safest. It will disable JavaScript from any website, which is one of the greatest security hazards for TOR. You can also set the Security Level clicking on the shield on the right side of the URL bar.

How to configure Tails for Security and Comfort

Tails provide a secure environment. Everything is totally encrypted, and anything not expressely saved into the Persistent directory is deleted when you turn off your system.

This also means you also lose every configuration of the user interface, and the software (especially Tor). Having to configure everything every time you boot your PC with Tails not only is tiresome, but can also pose a security threat, since Tor Security Level is set by default to Standard (the lowest possible) and you may forget to set it to Safest before to start browsing the Web or the Dark Web.

However, you can save some configuration files into the Persistent directory. We assume you have created the Persistent space on Tails, if you haven't yet, you can create it from Tails boot screen.

This is how you can have more security and comfort on Tails, by configuring TOR to the Safest Security Level, setting a dark theme for the Desktop User Interface and TOR, and keeping it persistent after the reboot.

First of all configure Tor as it's explained in the dedicated section above. Make sure you have set the Security Level to Safest.

To make Tor configuration permanent, open the Terminal first. You'll have to run some commands manually on the console.
You can find it on Applications / System Tools / Terminal .

Enter the following commands:

cd /live/persistence/TailsData_unlocked/dotfiles
mkdir .tor-browser
mkdir .tor-browser/profile.default
cp ~/.tor-browser/profile.default/prefs.js .tor-browser/profile.default/
chmod 640 .tor-browser/profile.default/prefs.js


Once you're done with the configuration of Tor, you may want to get a dark theme for Tails, to make it more comfortable, especially when browsing at night.

To enable the dark theme on Tails, enter the following commands in the Terminal:

gsettings set org.gnome.desktop.interface gtk-theme 'Adwaita-dark'
gsettings set org.gnome.desktop.background picture-options 'none'
gsettings set org.gnome.desktop.background primary-color '#000000'
gsettings set org.gnome.desktop.background secondary-color '#000000'

Then, to make the dark theme persistent, enter also the following commands:

cd /live/persistence/TailsData_unlocked/dotfiles
mkdir .config
mkdir .config/dconf
mkdir .config/gtk-3.0
cp ~/.config/dconf/user .config/dconf/

Then you have to create a text file:

cd /live/persistence/TailsData_unlocked/dotfiles
Run editor .config/gtk-3.0/settings.ini on the Terminal.

Then type the following lines into the text file:
[Settings]
gtk-application-prefer-dark-theme = true
gtk-theme-name = Adwaita-dark

Save the text file and quit the text editor pressing CTRL+X, then y, and then hit ENTER.

Now, you're finished: reboot Tails and enjoy a safer environment and the comfort of the dark theme.

Great help :)

Thanks :):):):)

/u/shakybeats
Thinks that this post should get pinned !!

/u/shakybeats excelent post..

Mad "Thank you" from the community to you mod shaky and also us newbies this is helpful

THANKS BROTHER!!!

THanks!!

good one, thanks

Awesome thanks!!

sometimes the little things, like understanding this, makes me feel not stupid, sometimes. great post

Thanks a bunch for this data! We all know how very important our anonymity is!! Exceptionally Brilliant Post Shakybeats !!

Please get rid of this fake warning, use real javascript to display it so it doesn't cause fake alarms. This does only harm to users.

And how did NoScript "fail" to disable javascript, it's not explained here.

Well, now Dread doesn't show any JS warning at all, regardless of security level.

Thanks for this information. I was concerned when this happened to me, thanks for taking the time to explain this better. I finally made a user account for dread due to looking for answers about Cannazon market. Glad I did now I know why this happened as well. Great community glad to be a part of it now.

Thanks for the heads up

Thank you for this!

That was remarkably thorough. I thank you sir.

thanks for updating.

Thanks!

Can everyone please go report the page www.midlandsfenceofsc.com this person is pretending to be me and my business. I don't know where else I can get help I've reported the fuck out of it myself

Being totally new to dw this has helped me set tor for a safer experience.
How can someone get your ip thru this JS weakness? Is it still even possible if using a premium vpn? TIA for any explanations

Thank you for the informative posts

Thanks for the post.