Additional steps to regain and retain user trust
Posted: Tue May 05, 2009 9:17 am
It appears that you are still serving up the Ghostery specific CSS rule which hides the normally temporary notification box that is generated by that extension. I respectfully encourage you to remove that rule so as to better adhere to the spirit of "no surprises".
It appears that NoScript's default white-list still includes a number of Google, Microsoft, and Yahoo sites. Although white-listing those might help some small fraction of new NoScript users to email their way out of trouble, it exposes all new NoScript users to potential privacy risks. It seems to me that it would be best to remove those white-list entries and very clearly alert new users to the "Temporarily allow all this page" command. Which would prove useful to all new NoScript users including the many that use other email services and/or who turn to web forums, web chat, etc for help. Please consider this.
It appears that NoScript's default white-list still includes googlesyndication.com. I believe this would in practice expose NoScript users to potential tracking/profiling across numerous to very many sites. Ideally there would be no exceptions which expose NoScript users to ad networks. It may or may not be possible for you to achieve ad revenue without using a network. I would encourage you to explore self-hosted ads or at least make it your topmost priority to adjust things so that any default ad network white-listing applies ONLY to the NoScript site and all users are very explicitly made aware of that exception.
I think changes such as these would make for a safer and more respectable NoScript environment and serve to demonstrate that you are placing more emphasis on your users. Thanks for your time and thanks for NoScript.
It appears that NoScript's default white-list still includes a number of Google, Microsoft, and Yahoo sites. Although white-listing those might help some small fraction of new NoScript users to email their way out of trouble, it exposes all new NoScript users to potential privacy risks. It seems to me that it would be best to remove those white-list entries and very clearly alert new users to the "Temporarily allow all this page" command. Which would prove useful to all new NoScript users including the many that use other email services and/or who turn to web forums, web chat, etc for help. Please consider this.
It appears that NoScript's default white-list still includes googlesyndication.com. I believe this would in practice expose NoScript users to potential tracking/profiling across numerous to very many sites. Ideally there would be no exceptions which expose NoScript users to ad networks. It may or may not be possible for you to achieve ad revenue without using a network. I would encourage you to explore self-hosted ads or at least make it your topmost priority to adjust things so that any default ad network white-listing applies ONLY to the NoScript site and all users are very explicitly made aware of that exception.
I think changes such as these would make for a safer and more respectable NoScript environment and serve to demonstrate that you are placing more emphasis on your users. Thanks for your time and thanks for NoScript.