the latest v of tor under linux is by default all allowed under noscript default option . why? i tried reset of noscript options, restart, and again it goes to all allowed under default. i tried custom and it all resets after restart. what em I doing wrong or is the latest v broken ? thanks
That's because the focus of TB is anonymity rather than security. So if you, for example, enable global JavaScript blocking and then allow it for some sites (in many cases it is necessary and it's the way most users use NoScript) then your whitelist makes you unique for websites and breaks your anonymity. To remain anonymous, you have to set NoScript to either allow or block JavaScript for all sites. But as I said above, blocking JavaScript for all will break some sites. It's a tradeoff between anonymity/security/usability. When you restart TB, it will go back to defaults, that's why your settings does not persist. Actually, it is not recommended to even change the window size of TB as this can also break your anonymity.
I understand what you're saying but before default noscipt settings was not "all allowed". this is new then?
I'm not sure what was the setting before as I only used TB occasionaly and I haven't done so in a long time. But what I wrote above is the logic behind everything being allowed by default and then left to users to decide what will be blocked (more security = less anonymity). From TOR company's perspective, it does make sense to alow everything so the usability is correcly observed/respected withoua a tradeoff in anonymity. Yes, the security is somewhat crippled, but they are in the anonymity business after all.
TOR company explains everything here, which is basically the same what I said. They also note at the end -
That's exactly why I call NS pointless. Unless you are extremely worried about being tracked, but you can also simply don't use the internet LOL. Why would you want to break 90% of all websites only to enable certain scripts to make stuff work?