how to create custom, temp blocking rules

Ask for help about NoScript, no registration needed to post
scripteze
Junior Member
Posts: 46
Joined: Wed Mar 14, 2012 6:15 pm

how to create custom, temp blocking rules

Post by scripteze »

Is there a way for users to create NS blocking rules, that could be fairly easily turned off & on?

If I understood, NS started allowing certain sites by default - like Google Analytics, other Google domains & some other larger sites.
I noticed various Google trackers weren't showing up in NS's drop menu on various sites. When NS doesn't show Google Analytics on 15 - 30 sites, something's up.

And when I went to youtube, the scripts were obviously allowed (but don't show in NS's toolbar menu), as videos started playing instantly - even though "Forbid Audio / Video" is checked. No, Google hadn't previously been temporarily allowed. Which is not what I want, even on youtube.

When I looked in several NS files, it appears these & several other trackers & domains are permanently allowed by default (but don't show up in the drop menu, so you could block them if wanted). That's the way it appears, anyway. I hope I'm misinterpreting what's in the files.

If there's one company I'd absolutely want to block, except rarely, it's Google - anything.
But, I need the option to allow them temporarily. If I create scripts to permanently block them & have no quick way to temporarily unblock them, it becomes a pain.

If I'm understanding this correctly, NoScript deciding certain trackers that users should ALWAYS allow (and google tracking on 80 - 90% of sites), w/o a way to easily block them, seems a bit like when AdBlock decided to let Google & Amazon, etc., pay to allow their ads. But in ABP you can opt out, if you want.

Thanks.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:34.0) Gecko/20100101 Firefox/46.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: how to create custom, temp blocking rules

Post by barbaz »

scripteze wrote:If I understood, NS started allowing certain sites by default - like Google Analytics,
Understood from what? FAQ 1.5?
scripteze wrote:Is there a way for users to create NS blocking rules, that could be fairly easily turned off & on?
Yes. This is one purpose of Temporarily allow / Revoke temporary permissions
scripteze wrote:I noticed various Google trackers weren't showing up in NS's drop menu on various sites. When NS doesn't show Google Analytics on 15 - 30 sites, something's up.
Something like you Marking google-analytics as Untrusted, perhaps?
scripteze wrote:If I'm understanding this correctly, NoScript deciding certain trackers that users should ALWAYS allow (and google tracking on 80 - 90% of sites), w/o a way to easily block them,
Again, how are you determining that these trackers are allowed?
*Always* check the changelogs BEFORE updating that important software!
-
scripteze
Junior Member
Posts: 46
Joined: Wed Mar 14, 2012 6:15 pm

Re: how to create custom, temp blocking rules

Post by scripteze »

Thanks barbaz. Sorry didn't get back sooner.
barbaz wrote:
scripteze wrote:If I understood, NS started allowing certain sites by default - like Google Analytics,
Understood from what? FAQ 1.5?
Good one. :) No, I saw the FAQ after you mentioned. I looked in various NS files - at default allowed sites. And what appears in the whitelist.
I should clarify, I was using Tor Browser - which overrides (eliminates) most default whitelisted (commercial, tracker) sites. Then saw a different default list in Firefox. That was confusing, until realized Tor Browser removes most of the default whitelisted sites, to stop tracking. It doesn't appear to add / delete any surrogates.
barbaz wrote:
scripteze wrote:Is there a way for users to create NS blocking rules, that could be fairly easily turned off & on?
Yes. This is one purpose of Temporarily allow / Revoke temporary permissions
Those wouldn't be user created custom blocking rules, that could easily be toggled.
barbaz wrote:
scripteze wrote:I noticed various some Google trackers weren't showing up in NS's drop menu on various sites. When NS doesn't show Google Analytics on 15 - 30 sites, something's up.
...Marking google-analytics as Untrusted, perhaps?
No - none marked untrusted. If it was marked, it should show under "Untrusted", since Appearance > There were probably 2 separate issues I saw.
1) Q: Do (properly working) site surrogates cause those site names NOT to show up in noscript's menu list? If so, not showing names may be by design, as there aren't any real scripts being loaded?

There's a surrogate for google-analytics.com. Is that why google-analytics no longer shows in NS's menu on any sites - I've seen? Except... I found one site out of dozens & dozens that showed google-analytics : http://tinypic.com. Apparently, TinyPic isn't satisfied with the g-a surrogate.
Before, g-a was a very common tracker.
Did sites stop using it since NS has a surrogate & it doesn't really load? So they switched to something else or different method of gathering statistics?

2) There was behavior where no sites except base domain showed in the main NS menu.
What I think is happening - may be a bug - is if "Cascade top document's permissions to 3rd party scripts" is checked, but the top document (base domain) is blocked, then none of the 3rd party scripts show in the main menu. They do all show in the Untrusted group - not marked.
When the base domain is blocked - for what ever reason, shouldn't "Cascade top document's permissions..." have no effect? Until users allow the base domain, why allow 3rd parties?

If "Cascade top documents..." is checked, once base domain is allowed, couldn't 3rd parties then be allowed?

Image
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:34.0) Gecko/20100101 Firefox/46.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: how to create custom, temp blocking rules

Post by barbaz »

scripteze wrote:Those wouldn't be user created custom blocking rules, that could easily be toggled.
I have no idea what you mean then.
scripteze wrote:1) Q: Do (properly working) site surrogates cause those site names NOT to show up in noscript's menu list?
No. What other extensions do you have?
scripteze wrote:2) There was behavior where no sites except base domain showed in the main NS menu.
What I think is happening - may be a bug - is if "Cascade top document's permissions to 3rd party scripts" is checked, but the top document (base domain) is blocked, then none of the 3rd party scripts show in the main menu. They do all show in the Untrusted group - not marked.
That is by design.

Think about it - in cascading permissions mode, you essentially just choose whether to enable JS or not. The same, let's note, is true for Scripts Globally Allowed mode, where the choice is to have JS enabled by default. So what does the menu look like in Scripts Globally Allowed mode? Quick image search - http://cloud.addictivetips.com/wp-conte ... -menu-.jpg
As you see, only Mark as Untrusted is still there. Still there, so that you keep the ability to blacklist individual sites' scripts in this mode.

Now, in Cascading permissions mode, you are toggling JS enabled or not per site you are visiting. Not globally, and not based on where the script comes from.
So, imagine you're in Cascading permissions mode and you decide to enable JS for a site. Are the desired 3rd-party scripts going to be allowed? Yep, right then and there. Are you directly visiting all those 3rd-party sites you see serving scripts? Nope. There is, therefore, no need to explicitly Allow them from where you are. And, therefore, KISS.. in this case, it also spares the obvious confusion.

See, it does work like you think it should. :)

Does this explanation help?
*Always* check the changelogs BEFORE updating that important software!
-
scripteze
Junior Member
Posts: 46
Joined: Wed Mar 14, 2012 6:15 pm

Re: how to create custom, temp blocking rules

Post by scripteze »

See, it does work like you think it should.
Thanks. I re-read your reply several times. To me, it doesn't work as expected, because there's one point you left out.
The pic you linked has a difference from what I described.

The base domain, AddictiveTips is allowed. I was speaking of when base domains are blocked.
Yes, if the base domain is allowed and the cascading permissions is checked, then the 3rd parties would be "cascaded." :)
Now, in Cascading permissions mode, you are toggling JS enabled or not per site you are visiting.
Exactly - you confirmed my point. Per site. If the top domain is blocked, you obviously don't want JS enabled for it, then not 3rd party scripts under it.

If the base domain is blocked (assume on purpose), in what scenario would you allow all 3rd party scripts? If Base domain is blocked, it probably won't work anyway.
IF... you have the base domain blocked, in this context it's not "trusted."
And the section title under Advanced > Trusted tab is called... "Additional Permissions for Trusted Sites." :D

Cascading permissions is dependent on the base domain being trusted (enabled).
If the top site isn't trusted (is blocked), you don't cascade permissions.

Other than a quick way to allow all scripts on trusted sites w/o having to click "Allow all this page" more than once - or at all, I'm not sure what else Giorgio had in mind for the Cascade permissions option. That may be its only purpose.
I'm pretty sure users don't expect to allow all 3rd party scripts on a base domain they have blocked. It'd be the last thing I'd expect.

For some odd reason, Tor Project chooses to enable the Pref "CascadePermissions." Probably for the same reason they enable JS globally. I'll see if they know how it behaves. In NoScript, it's disabled by default.
That's the only reason it got checked, in my last TBB update. I'll have to add an override to the user.js file.
For blocked base domains, I just don't think users expect this behavior.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:34.0) Gecko/20100101 Firefox/46.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: how to create custom, temp blocking rules

Post by barbaz »

scripteze wrote:To me, it doesn't work as expected, because there's one point you left out.
The pic you linked has a difference from what I described.

The base domain, AddictiveTips is allowed.
The pic I linked is of the menu with "Scripts Globally Allowed" set. The menu in your pic looks as expected for Cascading permissions mode.
scripteze wrote:If the base domain is blocked (assume on purpose), in what scenario would you allow all 3rd party scripts? If Base domain is blocked, it probably won't work anyway.
IF... you have the base domain blocked, in this context it's not "trusted."
And the section title under Advanced > Trusted tab is called... "Additional Permissions for Trusted Sites." :D

Cascading permissions is dependent on the base domain being trusted (enabled).
If the top site isn't trusted (is blocked), you don't cascade permissions.
And that's precisely how it works. See, you do understand, don't you. This comment from FAQ 1.13 applies here -
Even if some of the 3rd party script sources imported by the page may be in your whitelist, no code could run because the hosting documents are not enabled.
(emphasis mine)
scripteze wrote:Other than a quick way to allow all scripts on trusted sites w/o having to click "Allow all this page" more than once - or at all, I'm not sure what else Giorgio had in mind for the Cascade permissions option.
It's actually the Tor project had something in mind there: viewtopic.php?f=7&t=19701#p69787
*Always* check the changelogs BEFORE updating that important software!
-
Post Reply