Disabling signature checks is not good, but there are many other layers of protection in place including telling users about the effects of the workaround and how to behave with it, so it isn't as bad as you make it out to be. Finally, the post makes very clear that the workaround should only be used temporarily (in bold) and reverted after the patch is installed. Mozilla vets the add-ons they list, and a user would have to visit Mozilla's website, click the button on the page to install, and then see the warning that the browser displays and click on that. Don't give in just boycott affected sites as much as practical, and politely let their owners know why.)įirst, about :preferences #privacy -> Permissions -> "Warn you when websites try to install add-ons" is enabled by default, and the only exceptions are to Mozilla-controlled first-party add-on websites. use soft coercion to make you abandon untrackable means of accessing the Internet.
Then, leave an about:config tab open so you can toggle JavaScript on and off.
Or if you need JavaScript on some sites, set the Slider to Medium first (disables ultra-dangerous script features). This way, you will also get settings such as disabling SVG, MathML, Web fonts. It may mess up the Security Slider, so this *after* setting the Slider to High. Good workaround: Open about:config and set javascript.enabled to false. In the big picture, Tor Project, are you deliberately training users to defeat "certificate validation" failed errors?
In the small picture, this is a real risk. WTF, disable signature checks? Never, never, never! The suggested workaround is an UNEQUIVOCALLY BAD IDEA.
0 kommentar(er)
