Is having both NoScript and Ghostery add-on redunant?

[Special]

I am wondering if having both the NoScript and Ghostery add-on together adds anything substantial, or is Ghostery just redundant to have in this case and could possibly just lead to slower browsing? Assuming I go to some random site and it's completely blocked by NoScript, is anything getting through that Ghostery would catch in this instance?

[Thrawn]

I don't use Ghostery, but that's not because I use NoScript; it's because I use RequestPolicy. Ghostery is for privacy; it blocks web bugs, used for tracking, which NoScript does not do.

RequestPolicy blocks all cross-site requests by default, which makes Ghostery redundant.

[Tom T.]

... Assuming I go to some random site and it's completely blocked by NoScript, is anything getting through that Ghostery would catch in this instance?

Just to qualify further, NoScript is designed to block *executable* content, such as scripts (JavaScript), plug-ins like Flash, and others.
NoScript is not designed to block a still image, such as a photograph, which Ghostery can do.
But then again, so can Firefox Tools > Options > Content > Load Images Automatically > Exceptions. ... although the Ghostery UI is probably faster at adding such blocks.

I don't mean to speak ill of Ghostery; many users are pleased with it. However, like Thrawn, I use RequestPolicy, which does render Ghostery redundant.

Admittedly, RequestPolicy's comprehensive permissions controls have a bit of a learning curve, but once familiar, its protection dovetails with NoScript's very nicely -- each developer recommends that users install both. And you will *speed up* browsing by preventing dozens of requests to various ad agencies, etc., once the proper permissions are configured for each of your repeatedly-visited sites. IMHO. YMMV.

[Special]

Thanks for the reply's on letting me know that NoScript and Ghostery work well together and that they specialize in different area's, before I tried Ghostery though I gave RequestPolicy a shot because of your recommendation, and holy crap broken web much, steep learning curve is a bit of an understatement here and this is from someone who loves NoScript. Ghostery just kinda works outta the box and does the same thing pretty much so I'll probably be sticking with it.

I'm not sure if you guys are familiar with Ghostery but I have an additional question, in the advanced options for Ghostery under the Performance part, there is this:

• Scan and block images
  Scan and block iframes
  Scan and block embed and object tags
  Look for and prevent redirection

Are the bolded redundant to what NoScript already does? Should I leave them unchecked to avoid overlap in their jobs and to increase performance?

[Tom T.]

No argument that NS+RP can get a bit complex, mostly because some sites have a gazillion cross-site requests in addition to their script requests.

I'm not sure if you guys are familiar with Ghostery but I have an additional question, in the advanced options for Ghostery under the Performance part, there is this:

• Scan and block images
  Scan and block iframes
  Scan and block embed and object tags
  Look for and prevent redirection

Are the bolded redundant to what NoScript already does? Should I leave them unchecked to avoid overlap in their jobs and to increase performance?

I'm not familiar with Ghostery, but based on what's here, I'll try to wing it until someone who is comes along.

Scan and block iframes
The word "scan" implies that it looks at the iframe first. NS's blocking is preemptive, i. e., *it prevents the request to the iframe source from ever leaving your browser (machine).* Which saves bandwidth and processing time on all iframes that stay blocked. Sounds faster this way.

Scan and block embed and object tags
Sounds like the same thing, as long as "embed and object tags" refer to the identical list of things as NS's Embeddings page, which may not be true. Please examine the documentation for each to find out. If one covers things that the other doesn't, go with that, if it suits your needs. If each covers things that the other doesn't, you may need both.

Look for and prevent redirection
AFAIK, NoScript warns/blocks of META redirections only, but as that seems to be the standard (sneaky) way, it seems to catch them all for me.
Has Ghostery ever blocked a non-voluntary (by you) redirection that NS didn't?

Sorry I'm not more knowledgeable about Ghostery.

[Thrawn]

You can also block redirections through Firefox's own preferences, under Advanced - General.

And for blacklisting sites without breaking the web, you may want to compare Adblock Plus to Ghostery.

[Tom T.]

You can also block redirections through Firefox's own preferences, under Advanced - General..

I meant to mention that, too, but it slipped through the neurons and out the ears.

I like having both Firefox and NS act on redirects, and those two certainly seem to be enough not to require an additional add-on to do the same.

[fixanoid]

This question comes up now and then on Ghostery's support board. Here are several relevant topics:

https://getsatisfaction.com/ghostery/to ... s_thoughts
https://getsatisfaction.com/ghostery/to ... ery_add_on
https://getsatisfaction.com/ghostery/to ... r_noscript

Here are some more details on Performance Options: "Scan and block" blah is meant to let the user dictate what kind of content Ghostery should evaluate during its operation. Like in NS or RP, anything in Ghostery block list will not leave your machine either when blocked, so the "scan" part actually refers to whether you want Ghostery to try and identify the payload application owner.

Additional note about redirect disabling in Firefox settings: AFAIK, you can also disable everything NS does through options tinkering, yet there is still NS... So, much like the example, while preventing all redirects in Firefox is possible with a setting, Ghostery provides meaningful redirection blocking for when Ghostery knows that a redirect destination is a known tracker. Ghostery will also try to provide the user with meaningful identification and control in such cases.

[Tom T.]

Thanks for clarifying Ghostery's sequence of actions, and for the discussion topics.

Additional note about redirect disabling in Firefox settings: AFAIK, you can also disable everything NS does through options tinkering, yet there is still NS...

Please tell me how Firefox, on its own, can allow *selective" script blocking, or even display the list of scripts being requested.
You can enable or disable JavaScript as a whole, but not allow friend.com while blocking foe.com.
Where is Fx's selective XSS filter? Clickjacking protection equal to NS? ABE? .. etc.

If what was said were true, NS would not exist, nor would the developer devote much of his working life to maintaining and enhancing it.

So, much like the example, while preventing all redirects in Firefox is possible with a setting, Ghostery provides meaningful redirection blocking for when Ghostery knows that a redirect destination is a known tracker.

Agree that this is useful, and even more so cross-site requests to load a known web bug, especially since internal changes in Gecko broke NS's previous functionality to "Block Web Bugs". (Present in NS 1.10 on Fx 2.x)

[Thrawn]

Please tell me how Firefox, on its own, can allow *selective" script blocking, or even display the list of scripts being requested.

Just to play devil's advocate: you can configure CAPS policies manually. Just like you can mow your lawn by biting it off with your teeth, cook a spit roast using matches, or dig a swimming pool with a teaspoon.

[Tom T.]

Please tell me how Firefox, on its own, can allow *selective" script blocking, or even display the list of scripts being requested.

Just to play devil's advocate: you can configure CAPS policies manually. Just like you can mow your lawn by biting it off with your teeth, cook a spit roast using matches, or dig a swimming pool with a teaspoon.

Good thing that there's an add-on that does all that for us with a few clicks.

But how do you know which scripts to configure in CAPS, since Fx doesn't display them? JSView add-on will, but in far too much detail: full file path to 100 scripts from the same domain vs. allow/deny script from somesite.com, + "embedded".

[Thrawn]

But how do you know which scripts to configure in CAPS, since Fx doesn't display them? JSView add-on will, but in far too much detail: full file path to 100 scripts from the same domain vs. allow/deny script from somesite.com, + "embedded".

OK, so you're completing these tasks while blindfolded .

[Tom T.]

But how do you know which scripts to configure in CAPS, since Fx doesn't display them? JSView add-on will, but in far too much detail: full file path to 100 scripts from the same domain vs. allow/deny script from somesite.com, + "embedded".

OK, so you're completing these tasks while blindfolded .