Import whitelist

[orman]

The default whitelist is pretty short. There must be thousands of websites run by well-respected outfits that a user could add to his whitelist safely. Does someone maintain such a list of "well-trusted" sites?

[Nan M]

I haven't heard of one.
Yet.
Who would you trust to produce one?
And then what a honeypot it would be for baddies to concentrate their attacks on.

[Alan Baxter]

If the user doesn't visit dodgy sites, like my mother, then try ticking NoScript Options > General > Temporarily allow top-level sites by default. Full Addresses is selected by default, but you might find Base 2nd level Domains more useful. Also, I made all the changes in http://noscript.net/faq#qa3_3

[therube]

There is no such thing as a "trusted site" IMO.
So therefore my white list is nothing more then what comes defaulted & that is only for conveniences sake.
I will Temporarily Allow as needed, but that's about it.

What happens when your "trusted" site is hacked. Is it still trusted?

Would you trust ENERMAX USA? They're a respected PC power supply provider. Of course you would! Or would you, Is it Google or the Whole Internet??

Therefore there is no value in a list of trusted (whitelisted) websites.


In the same way, there is no such thing as a "dodgy" site IMO. If you can go anywhere, do anything, while still be protected, then there is nothing to dodge. So joe porn site, or schmoe warez site is just as "friendly" as Google. (Or maybe even more so .)

[Tom T.]

I go one step farther than therube. I don't even use the default whitelist. "Trust no one".

Besides, if the function you need works without the scripting, why allow it?

Need + Trust = allow or temp allow.

The whole idea behind NS is to give *you* control over what runs on your machine. Handing that power over to any third party, even "trusted", is dangerous, for the reasons Nan, therube, etc. have mentioned.

[Vordreller]

I wouldn't trust anyone to produce a whitelist.

I would want to be able to do this so that when I install firefox and NoScript on a new computer, I don't have to put my whitelist togheter again manually...

This would be a neat feature, but I wouldn't take whitelists from someone else, I'd simply want this feature to save time for myself.

[Nan M]

I wouldn't trust anyone to produce a whitelist.

[...]
This would be a neat feature, but I wouldn't take whitelists from someone else, I'd simply want this feature to save time for myself.

Options>Whitelist "import" "export" buttons bottom rhs of screen

[GµårÐïåñ]

I wouldn't trust anyone to produce a whitelist.

I would want to be able to do this so that when I install firefox and NoScript on a new computer, I don't have to put my whitelist togheter again manually...

This would be a neat feature, but I wouldn't take whitelists from someone else, I'd simply want this feature to save time for myself.

Well then the current import/export function of NS should be sufficient to serve that need. You can create your own and export it and import it on a new copy and save yourself the time. I wouldn't trust anyone to create a whitelist either, generally. Although my wife, most of my colleagues and developers and so on take my whitelists and keep theirs updated with any additions to my list and it has grown over so long, I go through it sometimes and see things I allowed so long ago that I have not visited in ages

[yoman]

Ok, trust no one to produce a whitelist list. Fine.

How about a related question: are there any blacklist lists?

[GµårÐïåñ]

Ok, trust no one to produce a whitelist list. Fine.

How about a related question: are there any blacklist lists?

You are funny. No blacklists for NS, no. Again you can make your own if you wish. If you export the current whitelist, you can see the structure of the file and there is a section for [UNTRUSTED] and you can add stuff there.

[therube]

If you trust no one, then every one is blacklisted.
And they all are, by default - untrusted, so every one is already blacklisted.
(Except for a select few on install).
So in that respect there is no need for a "blacklist".

[therube]

(Don't blame me if your browser hangs when you try to load it!)

Here is a list of domains, http://www.joewein.net/dl/bl/dom-bl-base.txt.

I'm sure you can find plenty more lists, or even lists that list lists of "blacklisted" domains. And some people love them, but they're not needed with NoScript because unless you specifically had allowed any of the names on the list (or any names not already on the list, because after all the list can never be comprehensive), then they are already blocked.

Code: Select all

C:\WLIB\LeechFTP\LeechTMP>wc dom*
 432795  432795 7499452 dom-bl-base.txt

What that says, is that there are 432,795 blacklisted domains in the 7 MB text file.
No matter how many domains, no matter how many times it is updated, corrected, purged, it will never be enough.

[GµårÐïåñ]

I am in agreement with therube here, with NS you pretty much have a default blacklist until you trust someone.
So if you want to go ass backwards, yes its possible you can always try YesScript.

[yoman]

If you trust no one, then every one is blacklisted.
And they all are, by default - untrusted, so every one is already blacklisted.
(Except for a select few on install).
So in that respect there is no need for a "blacklist".

*yawn*

Yes, I already get it. I don't need to hear the lecture yet again.

However, as you are well aware, there are plenty of trusted sites that run java from sites you'd rather not deal with, such as advert and stat sites. Can anyone point me to a list of such sites?

[Nan M]

If you trust no one, then every one is blacklisted.
And they all are, by default - untrusted, so every one is already blacklisted.
(Except for a select few on install).
So in that respect there is no need for a "blacklist".

*yawn*

Yes, I already get it. I don't need to hear the lecture yet again.

It doesn't appear that the poster does get it - after all they repeat their request for a third-party list of 'untrusted' after all the attempts to explain the function of NS.

However, as you are well aware, there are plenty of trusted sites that run java from sites you'd rather not deal with, such as advert and stat sites.

I doubt that anybody would disagree.

Can anyone point me to a list of such sites?

Not from within the NoScript community.
There is no logic in the need for a third-party compiled 'Untrusted' list for NS users because of the on-the-fly feature; unless a user is so extremely disabled as to find keystrokes an unbearable tax on their energy for the initial period of training the NS 'Untrusted' list.
Of course, if the user is so disabled, my sympathy is extended to them for the always difficult task of getting web stuff to work efficiently with minimum input.
In that sad case, perhaps a subscription to the other extensions referred to here, such as AB+, could help.