Import whitelist
Import whitelist
The default whitelist is pretty short. There must be thousands of websites run by well-respected outfits that a user could add to his whitelist safely. Does someone maintain such a list of "well-trusted" sites?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7
Re: Import whitelist
I haven't heard of one.
Yet.
Who would you trust to produce one?
And then what a honeypot it would be for baddies to concentrate their attacks on.
Yet.
Who would you trust to produce one?
And then what a honeypot it would be for baddies to concentrate their attacks on.
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
-
- Ambassador
- Posts: 1586
- Joined: Fri Mar 20, 2009 4:47 am
- Location: Colorado, USA
Re: Import whitelist
If the user doesn't visit dodgy sites, like my mother, then try ticking NoScript Options > General > Temporarily allow top-level sites by default. Full Addresses is selected by default, but you might find Base 2nd level Domains more useful. Also, I made all the changes in http://noscript.net/faq#qa3_3
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7
Re: Import whitelist
There is no such thing as a "trusted site" IMO.
So therefore my white list is nothing more then what comes defaulted & that is only for conveniences sake.
I will Temporarily Allow as needed, but that's about it.
What happens when your "trusted" site is hacked. Is it still trusted?
Would you trust ENERMAX USA? They're a respected PC power supply provider. Of course you would! Or would you, Is it Google or the Whole Internet??
Therefore there is no value in a list of trusted (whitelisted) websites.
In the same way, there is no such thing as a "dodgy" site IMO. If you can go anywhere, do anything, while still be protected, then there is nothing to dodge. So joe porn site, or schmoe warez site is just as "friendly" as Google. (Or maybe even more so .)
So therefore my white list is nothing more then what comes defaulted & that is only for conveniences sake.
I will Temporarily Allow as needed, but that's about it.
What happens when your "trusted" site is hacked. Is it still trusted?
Would you trust ENERMAX USA? They're a respected PC power supply provider. Of course you would! Or would you, Is it Google or the Whole Internet??
Therefore there is no value in a list of trusted (whitelisted) websites.
In the same way, there is no such thing as a "dodgy" site IMO. If you can go anywhere, do anything, while still be protected, then there is nothing to dodge. So joe porn site, or schmoe warez site is just as "friendly" as Google. (Or maybe even more so .)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.21) Gecko/20090303 SeaMonkey/1.1.15
Re: Import whitelist
I go one step farther than therube. I don't even use the default whitelist. "Trust no one".
Besides, if the function you need works without the scripting, why allow it?
Need + Trust = allow or temp allow.
The whole idea behind NS is to give *you* control over what runs on your machine. Handing that power over to any third party, even "trusted", is dangerous, for the reasons Nan, therube, etc. have mentioned.
Besides, if the function you need works without the scripting, why allow it?
Need + Trust = allow or temp allow.
The whole idea behind NS is to give *you* control over what runs on your machine. Handing that power over to any third party, even "trusted", is dangerous, for the reasons Nan, therube, etc. have mentioned.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
-
- Junior Member
- Posts: 36
- Joined: Thu Mar 26, 2009 7:58 am
Re: Import whitelist
I wouldn't trust anyone to produce a whitelist.
I would want to be able to do this so that when I install firefox and NoScript on a new computer, I don't have to put my whitelist togheter again manually...
This would be a neat feature, but I wouldn't take whitelists from someone else, I'd simply want this feature to save time for myself.
I would want to be able to do this so that when I install firefox and NoScript on a new computer, I don't have to put my whitelist togheter again manually...
This would be a neat feature, but I wouldn't take whitelists from someone else, I'd simply want this feature to save time for myself.
Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)
Re: Import whitelist
Options>Whitelist "import" "export" buttons bottom rhs of screenVordreller wrote:I wouldn't trust anyone to produce a whitelist.
[...]
This would be a neat feature, but I wouldn't take whitelists from someone else, I'd simply want this feature to save time for myself.
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: Import whitelist
Well then the current import/export function of NS should be sufficient to serve that need. You can create your own and export it and import it on a new copy and save yourself the time. I wouldn't trust anyone to create a whitelist either, generally. Although my wife, most of my colleagues and developers and so on take my whitelists and keep theirs updated with any additions to my list and it has grown over so long, I go through it sometimes and see things I allowed so long ago that I have not visited in agesVordreller wrote:I wouldn't trust anyone to produce a whitelist.
I would want to be able to do this so that when I install firefox and NoScript on a new computer, I don't have to put my whitelist togheter again manually...
This would be a neat feature, but I wouldn't take whitelists from someone else, I'd simply want this feature to save time for myself.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7
Re: Import whitelist
Ok, trust no one to produce a whitelist list. Fine.
How about a related question: are there any blacklist lists?
How about a related question: are there any blacklist lists?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: Import whitelist
You are funny. No blacklists for NS, no. Again you can make your own if you wish. If you export the current whitelist, you can see the structure of the file and there is a section for [UNTRUSTED] and you can add stuff there.yoman wrote:Ok, trust no one to produce a whitelist list. Fine.
How about a related question: are there any blacklist lists?
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
Re: Import whitelist
If you trust no one, then every one is blacklisted.
And they all are, by default - untrusted, so every one is already blacklisted.
(Except for a select few on install).
So in that respect there is no need for a "blacklist".
And they all are, by default - untrusted, so every one is already blacklisted.
(Except for a select few on install).
So in that respect there is no need for a "blacklist".
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4pre) Gecko/20090327 SeaMonkey/2.0b1pre
Re: Import whitelist
(Don't blame me if your browser hangs when you try to load it!)
Here is a list of domains, http://www.joewein.net/dl/bl/dom-bl-base.txt.
I'm sure you can find plenty more lists, or even lists that list lists of "blacklisted" domains. And some people love them, but they're not needed with NoScript because unless you specifically had allowed any of the names on the list (or any names not already on the list, because after all the list can never be comprehensive), then they are already blocked.
What that says, is that there are 432,795 blacklisted domains in the 7 MB text file.
No matter how many domains, no matter how many times it is updated, corrected, purged, it will never be enough.
Here is a list of domains, http://www.joewein.net/dl/bl/dom-bl-base.txt.
I'm sure you can find plenty more lists, or even lists that list lists of "blacklisted" domains. And some people love them, but they're not needed with NoScript because unless you specifically had allowed any of the names on the list (or any names not already on the list, because after all the list can never be comprehensive), then they are already blocked.
Code: Select all
C:\WLIB\LeechFTP\LeechTMP>wc dom*
432795 432795 7499452 dom-bl-base.txt
No matter how many domains, no matter how many times it is updated, corrected, purged, it will never be enough.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4pre) Gecko/20090327 SeaMonkey/2.0b1pre
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: Import whitelist
I am in agreement with therube here, with NS you pretty much have a default blacklist until you trust someone.
So if you want to go ass backwards, yes its possible you can always try YesScript.
So if you want to go ass backwards, yes its possible you can always try YesScript.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
Re: Import whitelist
*yawn*therube wrote:If you trust no one, then every one is blacklisted.
And they all are, by default - untrusted, so every one is already blacklisted.
(Except for a select few on install).
So in that respect there is no need for a "blacklist".
Yes, I already get it. I don't need to hear the lecture yet again.
However, as you are well aware, there are plenty of trusted sites that run java from sites you'd rather not deal with, such as advert and stat sites. Can anyone point me to a list of such sites?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
Re: Import whitelist
It doesn't appear that the poster does get it - after all they repeat their request for a third-party list of 'untrusted' after all the attempts to explain the function of NS.yoman wrote:*yawn*therube wrote:If you trust no one, then every one is blacklisted.
And they all are, by default - untrusted, so every one is already blacklisted.
(Except for a select few on install).
So in that respect there is no need for a "blacklist".
Yes, I already get it. I don't need to hear the lecture yet again.
I doubt that anybody would disagree.However, as you are well aware, there are plenty of trusted sites that run java from sites you'd rather not deal with, such as advert and stat sites.
Not from within the NoScript community.Can anyone point me to a list of such sites?
There is no logic in the need for a third-party compiled 'Untrusted' list for NS users because of the on-the-fly feature; unless a user is so extremely disabled as to find keystrokes an unbearable tax on their energy for the initial period of training the NS 'Untrusted' list.
Of course, if the user is so disabled, my sympathy is extended to them for the always difficult task of getting web stuff to work efficiently with minimum input.
In that sad case, perhaps a subscription to the other extensions referred to here, such as AB+, could help.
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20