Исходное сообщение
"Идентификация пользователей Tor Browser через анализ особенн..." Отправлено DmA, 14-Мрт-16 09:21
Из руководства NSA национального агентства безопасности  США по javascript в Chrome. Короткий перевод: отключите javascript у пользователей в браузерах, и научите их включать его только на тех сайтах, которым они доверяют! https://www.nsa.gov/ia/_files/app/Deploying_and_Securing_Goo... "JavaScript is commonly used by many web sites to enhance the user experience and often provides critical web site functionality. Chrome has the ability through policy to block JavaScript from running on all web sites. This is a secure but very restrictive setting which will break many web sites. Most users need JavaScript enabled to properly view and use web sites. It is possible to prevent JavaScript from running on all web sites and then selectively whitelist domains or web sites where JavaScript is allowed  . This is good security practice for security sensitive systems such as servers and administrative workstations. Applying this policy to all user workstations comes with an extremely high administrative overhead for managing the whitelist depending on the level of granularity used. Administrators should only apply this policy to all user workstations if users are not allowed to execute JavaScript or if administrators can quickly respond to user requests for adding web sites to the whitelist. The example in Table 5 shows how to configure the policies under Google\Google Chrome\ContentSettings\ to set the Block Javascript on these sites and the Allow Javascript on these sites policies to block JavaScript from running on all web sites except for those in the .gov and .mil domains. When these policies are configured they override the Default Javascript setting policy if it has been enabled. This example is not meant as literal guidance. A more manageable option for user workstations is deploying a Chrome extension, such as ScriptNo, that blocks all JavaScript execution by default and allows the user to selectively enable JavaScript for the web sites they need to visit where JavaScript is essential for the web site to operate correctly. This option takes control away from administrators and places a significant amount of trust in the user to not enable JavaScript on malicious sites. Many users may require training to effectively use a JavaScript blocking extension without becoming frustrated and allowing all sites to execute JavaScript."