Sorry to have awaken the sleeping beast.
Facts are facts and we are discussing things as adults I presume, being glib or sarcastic or pouting is not constructive. So you can roll your eyes all you want, you have a better solution, let's hear it, otherwise, you are just being immature. That being said, let's answer your other question.
So tell us what you do when a page doesn't work because any of 22 domains are being blocked. Do you do what I do? Click TAA several times?
No I do not. In fact I have that option completely removed from my menu from within the NS options GUI. I would rather be shot than to just say ok rape me, I give up. I use judgement on what I feel is the hold up and begin temp allowing what I consider most likely needed, to least likely needed, ONE BY ONE, and see if I get the desired effect or not. With a NEW site, meaning first time there, it has never taken me more than 10 minutes of thorough evaluation to get it functional, up and running without giving into their will.
As I have ALWAYS said, security is a PROACTIVE process, not a passive one. Anytime you go passive, you are giving up your freedom and will, therefore opening yourself up to whatever will the entity imposes on you. Some run that way, I and many don't, to each their own but EVERYONE is responsible for the outcome based on their OWN decision. A good rule of thumb, if the site is making it difficult to use it without giving up your security, freedom and choice, then its not worth using or has a hidden agenda, so I am MORE careful if anything, not less.
Here is how I stack my security (you can check the full list through my security pack link in the signature) but basically I have NoScript as my first line of defense used in conjunction with RequestPolicy to allow me to see what sites are connecting to what, what scripts are needed and so on. I use JSView at times to look inside the script before allowing it to see what it actually does, 99% of the time, I can rule them out by sight but this helps for the rest. Already I have 99% of my web interactions under control. Now there are fringe cases which benefit from having Adblock installed (mostly for aesthetics) where I put custom filters and also double-check my choices by checking the blockable elements list (so if something made it through, I can nab it there). At this point I am running 99.9% secure and need nothing else. But just to beat a dead horse, I have Ghostery and Abine (TACO) installed to block cookies and tracking stuff that might slip through or are inline codeded. I verify my SSL status using local encrypted file and double-check it by customizing Perspectives to give me second opinion. I have ServerSpy so I know what web server they are running, so I know if there are vulnerabilities there that might allow for malicious injection and so I am extra diligent and Flagfox to verify where the servers are located, their registry information, etc, so I can further vet them - mitigating some man-in-the-middle attacks. I then wrap it up by running in Private Mode ALL THE TIME, with NO HISTORY saved, "awesomebar" -aka- asininebar disabled, plugins kept to a minimum, and BetterPrivacy to notify me when LSO are stored, and to dump them each session's end. I also have GreaseMonkey for scripting things that give me some benefit as far as improving my web experience or expediting it or automating some things.
Now this may seem like alot but guess what, I browse the web with as much fun and openness as anyone else, don't sacrifice any feature or benefit and yet at the same time compromise on NOTHING relating to my privacy and security - meaning I am 100% secure and protected and no one knows squat about me (meaning no tracking) and within Fx, I further have items under about:config
that tighten the reins on the browser itself, so it doesn't leak out what I don't want it. This is my daily profile
, which means I do EVERYTHING on this and have COMPLETE confidence that I am safe. I read news on 10 agencies, foreign and domestic, I browse music/video/social websites for myself or for work/support. For supporting users on this site, I even go to malware sites and porn sites as needed without fearing my "production" or personal machine's security. For banking, although I often do within this profile
, I have a specially tightened profile
created that has even MORE restrictions and tons of surrogate scripts to make sure there is a ZERO attack surface environment for me to do my thing without worry. Hopefully this detailed answer shows you that when I say something, I back it up and do what I preach. Although why any reasonable person would need preaching in order to want this, and not already be on board is beyond me. Hope you at least learned something or got some ideas out of all this discussion to help you in the future.
If you have a specific site you need help with, send me a PM or post it here and I (we) will get back to you with what to allow and not and get you going, but otherwise, just try and learn. Practice makes perfect and you can develop the same level of comfort as me and other security minded people here with time and effort. Its not this mysterious thing that is exclusive to anyone, just takes some motivation. Good luck to you.