Legacy default entries are something contradicting something in the context of protection

General discussion about the NoScript extension for Firefox
Post Reply
Einar
Posts: 2
Joined: Tue Jun 28, 2022 10:56 pm

Legacy default entries are something contradicting something in the context of protection

Post by Einar » Tue Jun 28, 2022 11:09 pm

Legacy default entries are something contradicting something in the context of protection

First of all, NoScript is a great addon that really does what was promised, it protects.

Kudos to the developer at this point.

@Giorgio Maone:
What bothers me as a critical data protection officer is that entries are predefined in

Code: Select all

legacy/default.js
that cannot be removed.

What would be really very good would be if a delete function were implemented to delete the pre-entry:

Code: Select all

§:addons.mozilla.org",
        "§:afx.ms",
        "§:ajax.aspnetcdn.com",
        "§:ajax.googleapis.com",
        "§:bootstrapcdn.com",
        "§:code.jquery.com",
        "§:firstdata.com",
        "§:firstdata.lv",
        "§:gfx.ms",
        "§:google.com",
        "§:googlevideo.com",
        "§:gstatic.com",
        "§:hotmail.com",
        "§:live.com",
        "§:live.net",
        "§:maps.googleapis.com",
        "§:mozilla.net",
        "§:netflix.com",
        "§:nflxext.com",
        "§:nflximg.com",
        "§:nflxvideo.net",
        "§:noscript.net",
        "§:outlook.com",
        "§:passport.com",
        "§:passport.net",
        "§:passportimages.com",
        "§:paypal.com",
        "§:paypaobjects.com",
        "§:securecode.com",
        "§:securesuite.net",
        "§:sfx.ms",
        "§:tinymce.cachefly.net",
        "§:wlxrs.com",
        "§:yahoo.com",
        "§:yahooapis.com",
        "§:yimg.com",
        "§:youtube.com",
        "§:ytimg.com"
Source: NoScript/export (Firefox)

If you could delete them (from user behavior). Because Microsoft and Co are known for tracking and here every user should be able to freely decide which websites he trusts and which not. It is clear that you can allow it by distrust or not.

I would also like to address the fact that some links cannot be reached when the URL or the network packets are checked or that no data packets can be retrieved from there. Which partly contributes to the fact that unnecessary URLS were predefined that no longer serve a purpose.

It would be nice if these entries would disappear, i.e. be taken out of the code itself, or at least have a delete function itself, so that you can then easily delete them from NoScript.

I not want to badmouth the work, but I would like to point out constructively here that data protection and informational self-determination, which one has as fundamental rights, are not really represented. An empty standard configuration would be much more accommodating here with a small guide for people who don't know it, where everything would be explained, or an FAQ entry for it.


Otherwise very good job. Thanks a lot for this.
Greetings Einar
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0

User avatar
therube
Ambassador
Posts: 7792
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Legacy default entries are something contradicting something in the context of protection

Post by therube » Fri Jul 01, 2022 2:53 pm

The only way I see to "remove" a site, is to set the site to "Default" permissions.
And in that respect, the site is no longer known, unless you add it back again (either temporarily, or as Allowed).


Defaults are there because...

Now while I have no need for some of them (don't really know, perhaps a bunch), for those that I know I don't want; like yahoo.com & youtube.com, I simply set them to Default.

As far as "stale" sites, that's possible, but I wouldn't know, particularly.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0 SeaMonkey/2.53.13

Einar
Posts: 2
Joined: Tue Jun 28, 2022 10:56 pm

Re: Legacy default entries are something contradicting something in the context of protection

Post by Einar » Fri Jul 01, 2022 10:43 pm

That in turn is not a "remove" but much more not allow. I know what you mean.

I think it makes more sense - every user and developer sees it differently - if you had at least one function here in which you really delete the entire list from the addon. So that you can create your own, because then no more predefined is included.

That would be a compromise solution by far. Security would not be diminished by this, on the contrary, it would even be strengthened because what was already there is no longer available, so that the users can decide for themselves what they allow and what not. Clearly switching to distrust and thus prohibiting the websites from using Javascript is a primary function that I have on all the time. Because I don't call up such sites.

With the outdated ones, I sat down and checked what was active and what wasn't, so it happened that these were outdated.
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0

musonius
Master Bug Buster
Posts: 195
Joined: Sun Jul 08, 2018 5:38 pm

Re: Legacy default entries are something contradicting something in the context of protection

Post by musonius » Tue Jul 05, 2022 5:04 pm

Einar wrote:
Fri Jul 01, 2022 10:43 pm
That in turn is not a "remove" but much more not allow.
In the NoScript universe, setting a site to DEFAULT is exactly the same as removing it.
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.66 Safari/537.36 Edg/103.0.1264.44

Post Reply