During the monthly meeting of April 2014 (#7023) we mentioned the idea of not having any JavaScript on our homepage, and by extension, the fact that we should try to limit the amount of JavaScript on our website in general. But this discussion was not fully concluded. Here are a few elements to try to summarize our position:


  • JavaScript can be dangerous for security and privacy. Tor Browser is supposed to block all JavaScript that might harm anonymity. But some of the JavaScript allowed by Tor Browser can still be dangerous.
  • An important part of our audience wants to be careful about JavaScript, for the reason mentioned above, and might disable it fully. To support this use case, we include the NoScript extension. So, to be coherent with this, every part of our website must be functional without JavaScript. This also ensures compatibility with all the levels of the security slider of Tor Browser (bug #9387 on Tor Project's Trac).
  • We don't know much about JavaScript ourselves, and even less about JavaScript security. So writing JavaScript seems complicated, costly, and error prone. Reusing JavaScript libraries like jQuery looks more feasible without taking much risks.


  • We are already using JavaScript on our website (see the toggle on the old download page).
  • JavaScript might allow us to present better our information to some users and improve the experience of navigating on our website. But using it to save us a bit of work or look cool might not be a good enough reason.


  • We use JavaScript to the minimum while always ensuring graceful degradation.