Firefox Fights Back - Firefox 57

Zardoc · 03 Sep 2017

Hey BO,

I agree, no script is a fine tool. But it's not end user friendly. I'm sure that a smart script decipher tool will eventually pop up and work as well as an add blocker does.

Winuser · 03 Sep 2017

Zardoc said:

Hey BO,

I agree, no script is a fine tool. But it's not end user friendly. I'm sure that a smart script decipher tool will eventually pop up and work as well as an add blocker does.

The one thing I don't like about NoScript is that when I select "Allow all this page" it doesn't "Allow all this page".

Josey Wales · 03 Sep 2017

Using Noscript is like having a Red Light on every site. Modern AV programs today make it not necessary.

bo elam · 03 Sep 2017

Winuser said:

The one thing I don't like about NoScript is that when I select "Allow all this page" it doesn't "Allow all this page".

Thats because some sites when you Temporarily allow all this page, after the page reloads, more scripts attempt to run. So, allowing scrip A now also brings out scripts B, C, and D.Usually, sites like this are either nasty or if they are not nasty, they just run a lot of unnecessary stuff, trackers, ads.This are really the type of sites that makes it worthwhile using NoScript. If all webpages only ran 1 to 3 scripts, there would be no need for NoScript.

Bo

bo elam · 03 Sep 2017

Josey Wales said:

Using Noscript is like having a Red Light on every site. Modern AV programs today make it not necessary.

I know you dont like NoScript, I read your post the other day. But really, the Red Light is exactly what NoScript places in front of malware and annoyances. It puts an Stop to it. It tells them, you are not coming in. And all is done silently, no prompts, light on the system. It saves the system from wasting resources.

Bo

rezpower · 03 Sep 2017

bo elam said:

This is how I handle sites. Websites that are in my bookmarks, they are set to the max. I only allow what needs to be allowed in order for me to be able to do whatever I do in the sites. And while in the process of setting them up, in addition to adding the needed scripts to my whitelist and as important, I add most of the remaining scripts to my Untrusted/Blacklist. With the way malware uses javascript as a vehicle to infect, I think, for bookmarked sites, it is worth it taking the time to figure out the needed scripts. Personally, I find most sites are pretty simple to figure out. On the other hand, sites that might run 30 or 40 scripts are not so easy, you might have to trial and error a little bit, but I dont let that intimidate or frustrate me.

Some time ago a friend at another forum ask me for help to figure out Huffingtonpost. He told me what he wanted, it took me about 10 minutes to figure out the 3 or 4 scripts required not only for the UK version but also for the ones for France and the US. When you first look at the menu, it looks mean and intimidating as that site runs plus 40 scripts, you allow something and more scripts start to appear in the menu cascading, but just by looking at the names you can kind of guess what some of them are and by instinct you know that they are not required to be allowed. Also, the blacklist is useful here, as many that run in Huffington were already in my blacklist, it made things easier. By the time we finished, after a few PM, my friend was beginning to make sense on how to handle NoScript.

The rest of sites, the ones I ll visit once and that's it or if I am browsing and click a random link, if all I want out of this type of sites is read content and nothing else, usually you dont have to allow anything but if there is a video or something and you need to allow an script, I usually just click to Temporarily allow all this page. At times like this when we click to temporarily allow, the blacklist becomes useful as blacklisted scripts don't run when we temporarily allow a page. This makes it a good reason to build a large list of untrusted sites. In my personal case, my whitelist is very small but my blacklist is huge.

Bo

Thanks for the sharing man. I just opened my noscript settings (one that I exported) and all I can see is a big "whitelist":
but no blacklist! One thing that could be cool is that we here share our black and white lists. this will be a very good
starting point for using noscript.

lehnerus2000 · 03 Sep 2017

If you want to protect yourself from script-based attacks, poisoned ads and Flash attacks, you need to run something like NoScript.

That said, I also agree that it isn't user friendly. :)

Winuser said:

The one thing I don't like about NoScript is that when I select "Allow all this page" it doesn't "Allow all this page".

The scripts that just loaded are attempting to load other garbage scripts.

Seemingly the only function lots of scripts have, is to load other scripts.
This a deliberate design meant to frustrate users and make them give up and just accept ads/malware.

Winuser · 03 Sep 2017

lehnerus2000 said:

If you want to protect yourself from script-based attacks, poisoned ads and Flash attacks, you need to run something like NoScript.

That said, I also agree that it isn't user friendly. :)

The scripts that just loaded are attempting to load other garbage scripts.

Seemingly the only function lots of scripts have, is to load other scripts.
This a deliberate design meant to frustrate users and make them give up and just accept ads/malware.

I use AdBlock on Edge and with one click I can turn it off for a whole webpage. With NoScript I don't have that option. I like NoScript but there's no reason why one can't turn it off for a web page with one click.

bo elam · 03 Sep 2017

rezpower said:

Thanks for the sharing man. I just opened my noscript settings (one that I exported) and all I can see is a big "whitelist":but no blacklist! One thing that could be cool is that we here share our black and white lists. this will be a very good starting point for using noscript.

Hi rezpower, I am attaching my Untrusted/Blacklist, hopefully you ll find it usefull. You can copy it and replace with it your now Untrusted empty list. You can do that in the settings file you exported. After replacing the Untrusted list in the Settings file, import it back. You ll find something like this ("untrusted":"",) close to the end of your Settings file, that's what you ll replace with my list.

Most of what I blacklist are trackers and ad servers that are not required for anything. If I encounter a domain that deserves to be blacklisted, but I also found sites that require it for something useful, I usually leave those out of the blacklist but I don't whitelist them either. They are sort of like in a Limbo list (In my mind), they are so few and easy to remember I just keep them in mind.

After replacing the Untrusted list, when you are browsing and you click your NS menu, look over Untrusted. If something in the sites you visit are in the blacklist, the Untrusted heading will show the number and the names of the domains. Most of what I include in my blacklist are all over the place, you ll find them repetitiously..After a while is easy to remember them. Getting familiar with their names is part of using NoScript. In my opinion, building the blacklist is an important part of using NoScript. Enjoy it :).

Bo

bo elam · 04 Sep 2017

Winuser said:

I use AdBlock on Edge and with one click I can turn it off for a whole webpage. With NoScript I don't have that option. I like NoScript but there's no reason why one can't turn it off for a web page with one click.

NoScript block ads but is not really an ad blocker, I combine it with Adblock plus. Clicking "Allow scripts globally" gets you closer to turning off NoScript, and faster than clicking "Temporarily allow all this page".

Bo