How to fix Per-Site Permissions always have to be reimported

Ask for help about NoScript, no registration needed to post
Questor
Posts: 8
Joined: Mon Oct 01, 2018 1:22 pm

How to fix Per-Site Permissions always have to be reimported

Post by Questor » Mon Oct 01, 2018 2:10 pm

For the past 2 months, NoScript Quantum makes me have to manually re-import "Per-Site Permissions" each time Tor/Firefox v60 is restarted. I do not want to have to re-import NoScript "Per-Site Permissions" settings every time I use Tor/Firefox.

While the NoScript text re-import completes successfully, it seems either the NoScript Quantum "Per-Site Permissions" re-import is not saved, or else Tor is auto-erasing settings that may include NoScript after the Tor app is closed. This problem does not occur whenever I use Firefox v62/NoScript without Tor and NoScript "Per-Site Permissions" are always available after opening/closing Firefox...

I am unsure if this re-import concern is caused by NoScript, Tor, Firefox, or Win10 settings. How should I test and/or fix this re-import concern? :?:

I have experienced this NoScript re-import concern for the past several months, including the following current software versions:
Latest Win10 Pro v1803 OS & Patches
Tor/Firefox v60
NoScript Quantum 10.1.9.6

Any suggestions would be appreciated...

Regards, Steve
Cincinnati, OH
Last edited by Questor on Mon Oct 01, 2018 4:15 pm, edited 3 times in total.
Mozilla/5.0 (Windows NT 10.0; rv:62.0) Gecko/20100101 Firefox/62.0

User avatar
therube
Ambassador
Posts: 7682
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: How to fix Per-Site Permissions always have to be reimpo

Post by therube » Mon Oct 01, 2018 2:51 pm

Is this a "feature" of, expected of Tor, or of NoScript in Tor?
(Wouldn't seem right to me, but I've haven't looked at Tor in ages.)

Closed, fixed, but I don't know what version of Tor it applies to ? https://trac.torproject.org/projects/tor/ticket/27175.

Should be in 8.5a2, https://blog.torproject.org/new-release ... owser-85a2.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 SeaMonkey/2.49.5

Questor
Posts: 8
Joined: Mon Oct 01, 2018 1:22 pm

Re: How to fix Per-Site Permissions always have to be reimpo

Post by Questor » Mon Oct 01, 2018 3:16 pm

therube asked, "Is this a "feature" of, expected of Tor, or of NoScript in Tor?"

I noticed this "re-import of per-site permissions" concern about the time I completely re-installed Tor and NoScript Quantum.

It is hard to say if this is an added or hidden security "feature" of Tor. I do not know if Tor/NoScript has been modified to auto-delete site permissions after recent updates.

I cannot find any documentation that explicitly states all Tor/Firefox/NoScript settings (including "per-site permissions") are set to auto-erase within Tor after the Tor/Firefox Browser is closed.
Mozilla/5.0 (Windows NT 10.0; rv:62.0) Gecko/20100101 Firefox/62.0

Questor
Posts: 8
Joined: Mon Oct 01, 2018 1:22 pm

Re: How to fix Per-Site Permissions always have to be reimpo

Post by Questor » Mon Oct 01, 2018 3:41 pm

I do not want to implement an unapproved user software fix and later have the fix fail or conflict with other approved updates/changes from NoScript staff or Torproject authors...

I read therube suggestions that show:
"Closed, fixed, but I don't know what version of Tor it applies to ? https://trac.torproject.org/projects/tor/ticket/27175. and
"Should be in 8.5a2, https://blog.torproject.org/new-release ... owser-85a2.

I wonder why ticket 27175 was closed and which version(s) of Tor it applies. It seems that the Torproject v8.5b2 update was temporarily deactivated for some unknown reason.

What does Georgio and the NoScript staff suggest as tested fixes for these disappearing NoScript per-website permissions? :?:
Last edited by Questor on Mon Oct 01, 2018 4:20 pm, edited 1 time in total.
Mozilla/5.0 (Windows NT 10.0; rv:62.0) Gecko/20100101 Firefox/62.0

Questor
Posts: 8
Joined: Mon Oct 01, 2018 1:22 pm

Re: How to fix Per-Site Permissions always have to be reimpo

Post by Questor » Mon Oct 01, 2018 4:03 pm

I wonder if recent Tor/Firefox updates have changed privacy settings that affect NoScript per-site permissions.

My Tor/Firefox "Security Settings" are currently set to "Safest".

The Tor Network Settings are set to use Bridges wit OBS4...

These settings worked great until 2+ months ago when I either received additional Torproject software updates, I reinstalled Tor/Firefox/NoScript, or else Tor modified privacy settings for "Safest" that affect NoScript in some unknown way...
Mozilla/5.0 (Windows NT 10.0; rv:62.0) Gecko/20100101 Firefox/62.0

User avatar
Giorgio Maone
Site Admin
Posts: 8957
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: How to fix Per-Site Permissions always have to be reimpo

Post by Giorgio Maone » Thu Oct 04, 2018 8:21 pm

Questor wrote:I wonder if recent Tor/Firefox updates have changed privacy settings that affect NoScript per-site permissions.
Yes, it's apparently a known Tor Browser issue they're trying to fix.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0

tozqo
Posts: 3
Joined: Thu Oct 04, 2018 5:28 am

Re: How to fix Per-Site Permissions always have to be reimpo

Post by tozqo » Sun Oct 07, 2018 11:40 am

I doubt any of the Tor devs will see this, but I don't understand why, as a way to prevent fingerprinting, they would force the default to trusted instead of leaving NoScript's default settings as default. Did someone over there forget that allowing scripts to run on most sites helps to de-anonymize?
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0

Questor
Posts: 8
Joined: Mon Oct 01, 2018 1:22 pm

Re: How to fix Per-Site Permissions always have to be reimpo

Post by Questor » Mon Oct 15, 2018 1:18 am

Hi Giorgio & thanks for the reply,

I wonder if Tor has really "solved" this Per-Site Permissions fix that is labeled as #27175 "NoScript plugin does not save per-site permissions/settings when tor browser closes"...

This Per-Site Permissions ticket #27175 was "Opened 2 months ago" and "Closed 4 weeks ago", but there is no explanation what causes the problem with NoScript, how or if Tor Users could fix the Tor/NoScript concern, nor which Tor public version is scheduled for release that will include a No-Script fix.

Am I correct that it is difficult to obtain future fixes and release info from Torproject and as a result, Torproject.org only lists general "CLOSED" info?

Regards, Steve
Cincinnati, Ohio USA
Mozilla/5.0 (Windows NT 10.0; rv:62.0) Gecko/20100101 Firefox/62.0

FranL
Senior Member
Posts: 84
Joined: Sun Dec 03, 2017 4:17 pm

Re: How to fix Per-Site Permissions always have to be reimpo

Post by FranL » Mon Oct 22, 2018 4:50 pm

tozqo wrote:I doubt any of the Tor devs will see this, but I don't understand why, as a way to prevent fingerprinting, they would force the default to trusted instead of leaving NoScript's default settings as default. Did someone over there forget that allowing scripts to run on most sites helps to de-anonymize?
The Tor Browser devs have made it clear that Javascript is enabled by default, otherwise it breaks too much of the Web for first-time users, most of whom lack the knowledge (or willingness) to make things work if Javascript were disabled by default. They would rather have more users (and the cover traffic they generate) — at the cost that some users don't know the consequences.

I'm not saying I agree with this, but that's their rationale.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0

Questor
Posts: 8
Joined: Mon Oct 01, 2018 1:22 pm

Re: How to fix Per-Site Permissions always have to be reimpo

Post by Questor » Mon Oct 22, 2018 8:34 pm

It seems that many other TOR Users like me already asked TOR Devs why the latest TOR versions broke the use of a important 3rd Party App like NoScript without warning or notice to Users like me.

FrankL posted: "The Tor Browser devs have made it clear that Javascript is enabled by default, otherwise it breaks too much of the Web for first-time users, most of whom lack the knowledge (or willingness) to make things work if Javascript were disabled by default. They [Tor devs] would rather have more users (and the cover traffic they generate) — at the cost that some users don't know the consequences"

It concerns me that TOR devs closed documented public requests without acknowledgement or comment by TOR staff to fix TOR problems caused by TOR staff that caused NoScript permissions to fail & require re-import each time TOR is started.

Tor Users complained about this and the TOR Devs never responded why they now require Java for experienced users instead of making it a slide-bar choice, why TOR Devs never warned Users that the latest versions of TOR will break the use of NoScript, nor how TOR can be modified by TOR Devs or TOR Users to fix NoScript problems that were caused by TOR developers.

Unfortunately, the Tor Software Development and Testing Teams seem to have implemented a somewhat arrogant staff attitude "ignore problems caused by TOR s/w development because 3rd Party Apps were not originally developed by TOR staff". When TOR Staff do not adequately acknowledge that a TOR software development problem and privacy concerns exists when Java is required for "fingerprinting".

I am unaware that TOR requires the use of Java as a default and if so, this results in poor communications between TOR devs and with TOR Users like me while it breaks down community trust in a Browser like TOR.

IMHO, The TOR staff are relying too much Java programming that often has insecure software code. I wonder if TOR should expand the use of more HTML5/6 constructs and procedures and/or if HTML5/6 structure is considered far less secure that Java?
Mozilla/5.0 (Windows NT 10.0; rv:62.0) Gecko/20100101 Firefox/62.0

User avatar
therube
Ambassador
Posts: 7682
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: How to fix Per-Site Permissions always have to be reimpo

Post by therube » Mon Oct 22, 2018 8:51 pm

Java
JavaScript is not Java
it breaks too much of the Web for first-time users, most of whom lack the knowledge (or willingness) to make things work if Javascript were disabled by default
And yet they offer a tool to these same users, user who lack knowledge, users who's lives may depend on their understanding of the working of the tool that they use, JavaScript & NoScript aside.
somewhat arrogant staff attitude "ignore problems caused by TOR s/w development because 3rd Party Apps were not originally developed by TOR staff"
They are not the only (browser or otherwise) vendor to take that attitude (with NoScript or otherwise).
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 SeaMonkey/2.49.5

Questor
Posts: 8
Joined: Mon Oct 01, 2018 1:22 pm

Re: How to fix Per-Site Permissions always have to be reimpo

Post by Questor » Tue Oct 23, 2018 1:54 am

Why should NoScript Developers be forced to make NoScript software changes caused by unannounced TOR staff Browser mods? NoScript worked fine with early Tor/NoScript v60 editions and now, NoScript per-site permissions fail to work after Tor is closed - due to undisclosed mods by TOR staff... I do not think that TOR devs should force experienced TOR users into a new TOR upgrade without full disclosure that TOR has reduced integration with NoScript due to undisclosed changes by TOR Staff.

No software security is perfect and I always use the latest version commercial Anti-Virus/Malware software, but this TOR/NoScript software combo enables me to have somewhat better control of websites cookies, Javascripts and Java Apps that may try to load on my computer and could be misused harvest my private info. I specifically use TOR and NoScript together as an additional security/privacy method to help block websites from running undisclosed JavaScript/Java code, Cookies, and Tracking software without my knowledge or permission. IMHO, other webBrowsers that complete with TOR/NoScript do not have the same nor as good a set of Browser controls that help regulate unauthorized Apps, Tracking, Cookies, Adware, or Malware software.

Our family's personal & tax refund info on private online company databases have been hacked several times in the past year through several online companies. Fortunately, these online data breaches regarding our personal info were soon discovered and we did not suffer any loss to our reputation or finances. The TOR/NoScript software combo helps detect malware/virus/tracking attempts whenever I visit a website, while it notifies me and lets me choose which Apps or Cookies I will allow. The info theft we experienced did not occur through TOR or NoScript, but I really want TOR Staff to restore this added security preference that allows me to auto-run TOR/NoScript together without my having to always reimport/reconfigure site permissions after TOR starts.

These undisclosed TOR s/w mods implemented by TOR Staff reduce the functionality of NoScript and cause me to take extra manual steps and added time to re-configure NoScript to work correctly like earlier TOR v60 versions. It seems these NoScript site permissions problems started to occur within the past several months and apparently caused by Tor staff software changes that were not adequately disclosed in advance to the public and/or possibly not tested properly.

This surprise/undisclosed TOR/NoScript problem also shows TOR Staff's lack of communication or concern to inform the general public in advance about major changes that could affect other TOR-compatible software. I wonder if TOR Browser updates are now being released too quickly without adequate testing by TOR staff and/or volunteers.

The NoScript per-site permissions problem seems to have a simple solution... As discussed by others, TOR devs could include a pull-down menu choice within TOR Menus that allow experienced users to use a sliding bar to enable/disable NoScript access and/or JavaScript access. The default setting could be set to enable JavaScript, but allow experienced users like me the slide-bar choice to temporarily disable JavaScript or when I also want to run NoScript.
Mozilla/5.0 (Windows NT 10.0; rv:62.0) Gecko/20100101 Firefox/62.0

Questor
Posts: 8
Joined: Mon Oct 01, 2018 1:22 pm

Re: How to fix Per-Site Permissions always have to be reimpo

Post by Questor » Wed Oct 24, 2018 2:27 am

I just receive, installed, and warm-booted Win10 v1809 with the latest TOR Browser v8.0.3 Win32 release that includes updates to NoScript v10.1.9.9 ...

However, the TOR-caused problems with NoScript Per-Site Permissions still continues and these problems have not been fixed. I still have to re-import Per-Site Permissions every time I start TOR Browser.

It seems that TOR Devs closed earlier TOR problem tickets about NoScript Per-Site Permissions as "Solved" without acknowledgement/comment, no ETA for a NoScript Per-Site Permissions fix is provided by TOR Devs, and some TOR Users claim that TOR Staff should not be held responsible for breaking TOR compatibility with NoScript.

TOR Devs need to be more responsive and detailed when they close User-generated TOR request tickets without comment and no fix, workaround, or ETA for a fix is mentioned...

WORKAROUND QUESTIONS:

1.) Can a batch file script be created for Win10 v1809 Powershell that could fully automate NoScript's manual process to re-import NoScript Per-Site Permissions?

2.) Is Win10 Powerscript the the best or recommended way to automate this re-import script?

3.) Where could I find 3rd Party books or docs that detail how I can automate Powerscript to replace the manual process of re-importing NoScript Per-Site Permissions upon TOR startup?

I do not have the Powerscript documentation or examples that shows how I could do this...
Mozilla/5.0 (Windows NT 10.0; rv:62.0) Gecko/20100101 Firefox/62.0

Post Reply