InformAction Forums

[Thrawn]

Somewhere where NoScript should have been mentioned IMHO but wasn't: https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html

Actually it kind of was:

Consider disabling JavaScript (click the blue "S" beside the green onion, and select "Forbid Scripts Globally").

[Thrawn]

Ars Technica article about Firefox 23 recommends NoScript if you want to switch JavaScript off

[Giorgio Maone]

Somewhere where NoScript should have been mentioned IMHO but wasn't: https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html

Actually it kind of was:

Consider disabling JavaScript (click the blue "S" beside the green onion, and select "Forbid Scripts Globally").

Indeed, NoScript is bundled with TOR Browser.

[dhouwn]

I believe in the past Noscript also used in the official Ubuntu (or was it Debian?) repository, now I came across it in the Arch repo with a rather frugal description:

plugin for firefox which disables script

But hey it's recent, unlike when it was in the other repository.

/edit:
Still (or again) in Debian: https://packages.debian.org/search?keywords=xul-ext-noscript
And here when it was is Ubuntu Hardy Heron: https://launchpad.net/ubuntu/hardy/+package/mozilla-noscript (deletion log: https://launchpad.net/ubuntu/lucid/i386/mozilla-noscript and explanation: https://lists.ubuntu.com/archives/ubuntu-motu/2010-April/006682.html: "The issue with it though is that it releases too frequently." Heh)

[barbaz]

NoScript recommended to prevent ABP and its forks leaking information about installed subscriptions to websites: https://bitbucket.org/adstomper/adblockedge/issue/109/abe-leaks-list-of-subscriptions#comment-10086283

[GµårÐïåñ]

Block JavaScript in Google Chrome. NoScript’s features in Chrome!
http://techie-buzz.com/browsers/disable-javascript-images-cookies-in-google-chrome.html

[Thrawn]

I think the author was one of the many people who don't seem to realise the full extent of NoScript's features, though...even the script-blocking in Chrome is not so fine-grained. Not enough to convert me to Chromium at this point.

[GµårÐïåñ]

I know but it was a NS sighting so I posted it

[therube]

A look at a double-dipping advertising network | Malwarebytes Unpacked

"To protect against this type of threats you may wish to disable Flash or use NoScript"

http://blog.malwarebytes.org/malvertisi ... g-network/

[Thrawn]

Opera add-ons, "NotScripts" @

Code: Select all

https://addons.opera.com/en/extensions/details/notscripts/

.. What is wrong w/these ppl?! :-0

Edit:
Is there a way to STOP them; some way to disallow and/or pursue them, into ceasing w/their lies and deception(s)?!??

[Thrawn]

If your concern is about the claim of "NoScript like javascript blocking", then it's hard to say. NoScript is trademarked, but they're not claiming that NotScripts *is* NoScript. And it's possible that the script-blocking interface is more-or-less like NoScript - it just (almost certainly) wouldn't be as reliable, battle-hardened, etc. And JavaScript-blocking is only one of the features of NoScript Security Suite.

So maybe, but to date, Giorgio hasn't felt the need to sue anybody over this.

[barbaz]

NoScript 2.6.7-A Firefox and SeaMonkey add-on that will allow you to stay safe while browsing the web

[therube]

Security Flaw Leaks VPN Users’ Real IP-Addresses

VPN users are facing a massive security flaw as websites can easily see their home IP-addresses through WebRTC. The vulnerability is limited to supporting browsers such as Firefox and Chrome, and appears to affect Windows users only. Luckily the security hole is relatively easy to fix.

...

The vulnerability affects WebRTC-supporting browsers including Firefox and Chrome and appears to be limited to Windows machines.

...

Firefox users should be able to block the request with the NoScript addon. Alternatively, they can type “about:config” in the address bar and set the “media.peerconnection.enabled” setting to false.

[Thrawn]

Security Flaw Leaks VPN Users’ Real IP-Addresses

Technically this is a privacy flaw, not security, yes?

[Hobart]

Already noted by giancarlos in this post.

Article: The NoScript Misnomer – Why should I trust vjs.zendcdn.net?
Hacker News discussion: The NoScript Misnomer

Looks like "zenDcdn" was put into the default white-list instead of "zencdn", and the author grabbed the domain.
Author says he's talked with Giorgio about the issue. This does count as a "sighting", I think?