tor and reddit with javascript enabled? foolish?

So even with pay.reddit.com white-listed in noscript, I still can't use all the functionality of reddit like posting, upvoting or commenting unless I have javascript enabled in about:config. I'm worried about having javascript enabled though. What I've been doing is having only reddit open in Tor, no other tabs with other sites open and then using the site and logging off, restarting Tor and disabling javascript for using other sites. This is a pain because I want to have reddit open and use other tabs for markets (mostly what I use Tor for) and I don't know of a way to have only 1 tab use javascript and the others don't.

So, does this compromise my anonymity OPSEC for using reddit with javascript enabled? Is my method of only using reddit and no other tabs or sites with javascript enabled doing anything to protect me? Thanks for any help.


Comments


[2 Points] DrQuarters_:

What I have to do is this:

When pay.reddit is whitelisted, I can post but not log in

When reddit and that amazon shit are the only ones whitelisted, I can only log in, not post or upvote.


[2 Points] melville_x:

Yes, there are ways to deanonymize Tor users via Javascript. The biggest threat being Firefox drive-by exploitation. Which the FBI employed to bust that CP site.

The odds of reddit delivering malicious JS to specific subreddits is pretty low. One danger is links from this subreddit to other untrusted sites which trigger an exploit. So just be careful what you click on.

Also keep in mind it is a very expensive operation for LEO to run a Firefox exploit on a major site.

Second, if you're running Tails or a "clean" operating system with no personal information then the side-effects of a compromise is pretty low. They will get your IP address along with your ISPs name though. So using a public wifi with a randomized MAC address is always best if you're super paranoid.

But if you're just a simple low-level buyer, I doubt you should really care about having this much security. And as I said, the odds of some agency compromising Reddit is unlikely and even if they did, they can't do anything with that information legally. Visiting reddit is not illegal, nor would a dragnet sweep of the visitors to this subreddit be useful in any court case. Any lawyer would destroy it.