InformAction Forums

I appreciate that. It'll be useful. But I'm afraid you misunderstood (or I was unclear). I wasn't asking about doing the equivalent of what surrogate rules do. I meant is there a quicker way to figure out which scripts control what, on a given page / site, on any given day? Partly because, on xyz.co...

I've use NoScript for several yrs. The number of trackers on typical pages has grown exponentially. Is there any way to speed up determining which trackers control what on individual pages, as they change from month to month? Whether on the 1st or nth time you visit a site? The base domain appended ...

Is it designed behavior that after temporarily allowing one or more scripts, you must manually click the browser window - outside the NS menu - before it will reload the page? That's when options "automatically reload affected pages when permissions change," and "reload the current ta...

If there's any change in how NS handles HTML5 canvas scripts, since this post? https://forums.informaction.com/viewtopic.php?p=70867#p70867 I ask this because some websites & various individual comments state that NS " can already stop canvas fingerprinting ." They may be misinformed (...

I've read a good bit on this topic. Seems the idea has been circulating a number of years - no progress? Why no options in NoScript to permanently whitelist individual 3rd party scripts (trackers) - on a per-site basis? Not just have "temporarily allow all on this page," which also allows ...

The option under Advanced > Trusted: "Cascade top document's permissions to 3rd party scripts" has always been disabled by default. I guess it still is? Recently, TorBrowser developers decided to enable it by default, beginning in TBB 3.6.4. NoScript FAQ 5.6 explains the purpose, but I'm n...

Thanks Sam. Sounds like I already have the settings described or use methods discussed, in my regular profile. But, a "banking profile" may be a tad safer. I only allow domains permanently in NS, from sites I really trust / visit quite often. That doesn't entail several dozen domains. And ...

BTW, here's a link to a paper by Paul Stone, on Browser Timing Attacks (a few diff types), connected to part of ? his bug report on bugzilla. http://contextis.co.uk/files/Browser_Timing_Attacks.pdf But question: Here's a different bug on SVG attack for sniffing history, that shows to be fixed . http...

...if you are a savvy user you can protect yourself on computers For banking and other crucial tasks, one would have to... I'm sure that's true, but I'm also sure it leaves out most users - to be that "saavy." I'm above avg & not even sure I could do it - on 15 - 20+ sites & count...

But history sniffing is a drop in the ocean. As long as you enable Javascript you expose yourself to anything, it doesn't matter how much browser vendors patch the holes, the attack surface is getting bigger and bigger as they strive to add features. And adding features is a good thing, don't get t...

I would think it'd be a feather in NoScript's cap if someone came up w/ a fix against history sniffing. I guess there are 2 main types (for now). The ones described on bugzilla & the one published by the Belgium university student. I don't quite understand if they (the 3 total methods) are simil...

I'm not that familiar w/ SVG attacks. I'm not a big coder, so some of the explanation from the link named "browser-timing attack disclosed last year," in the arstechnica article, is over my head. I browsed quickly at some of the mozilla addons to automatically delete (or expire) history. D...

You ? (mozillazine)

Yeah.

Some of you may've seen something on the news or a relatively few sites mentioning the "latest" method to sniff user history, in most browsers out there. Though the site lists this under security category, it's probably privacy: http://arstechnica.com/security/2014/06/theyre-ba-ack-browser...

This question applies both in general & specifically for some sites requiring 3rd party scripts before a site is usable, or can login an acct, etc. It's not critical, "must have today" info - so, if anyone wants to take a stab at explanations, do so at your leisure. Sometimes I really ...