Updating NoScript Quick Start Guide

Discussion about the board itself, forums organization and site bugs.
Post Reply
barbaz
Senior Member
Posts: 9147
Joined: Sat Aug 03, 2013 5:45 pm

Updating NoScript Quick Start Guide

Post by barbaz » Sat Feb 28, 2015 6:41 pm

viewtopic.php?f=7&t=268

The info about Akamai and like sites is outdated - GitHub no longer uses Akamai AFAICT, and also these days a more popular "shared CDN" than Akamai is Cloudfront, but some of the time it's used legitimately and some of the time it's used only to deliver trackingware...
I don't know how relevant the linked FAQ entry is for cloudfront because each site gets its own subdomain(s) of cloudfront.net, so it could be enough just to (Temp-)Allow only exact cloudfront subdomain(s).


I'm not completely sure what would be the best way to update that information, any advice?
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Updating NoScript Quick Start Guide

Post by Thrawn » Mon Mar 02, 2015 12:28 am

I think the best approach to this might be to have NoScript recognise a list of sites where subdomains are likely to have different ownership/trust, and which NoScript should therefore treat like TLDs. Cloudfront and Akamai are certainly two candidates.

But as for updating the advice, maybe something like this?

Be wary of content coming from third parties. However, please note that many respectable sites use companies like Akamai or Cloudfront to help store and provide some of their content, so these are third-party sites that frequently must be allowed. In the case of Cloudfront, you can typically choose to allow only the specific subdomains that you need (make sure you enable 'Options-Appearance-Full domains' or 'Full addresses').

For further information about Akamai or about how to fine-tune its permissions if you wish to do so, please see this FAQ.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0

barbaz
Senior Member
Posts: 9147
Joined: Sat Aug 03, 2013 5:45 pm

Re: Updating NoScript Quick Start Guide

Post by barbaz » Mon Mar 02, 2015 1:13 am

Thrawn wrote:I think the best approach to this might be to have NoScript recognise a list of sites where subdomains are likely to have different ownership/trust, and which NoScript should therefore treat like TLDs.

That already exists, and Cloudfront is on that list.

Thrawn wrote:But as for updating the advice, maybe something like this?

I like that, I'll edit it in. Thanks!
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Updating NoScript Quick Start Guide

Post by Thrawn » Mon Mar 02, 2015 2:58 am

barbaz wrote:
Thrawn wrote:I think the best approach to this might be to have NoScript recognise a list of sites where subdomains are likely to have different ownership/trust, and which NoScript should therefore treat like TLDs.

That already exists, and Cloudfront is on that list.

Ah, I'd forgotten; thanks.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0

Post Reply