Sorry that there was not an answer to this for so long. I took a quick peek @ Wilders thread.
Originally, (around 2009), Giorgio hoped that Chrome would give him an adequate API, as they had promised to do. But it didn't happen.
I know of no present plans to port NoScript to Chrome, unless Giorgio hasn't told us.
PERSONAL OPINION ONLY: Why would a huge corporation that makes its living selling advertising (mostly targeted) and user data ever want its users to install an add-on that would block advertising scripts and data-mining scripts, including Google's bread-and-butter, google-analytics.com? ... which NoScript blocks *by default*, and runs a Surrogate Script
in its place. This makes the page happy that the script ran, but sends no actual data to Google. Yeah, they'll really let that happen on *their* browser.
ScriptNo: http://code.google.com/p/scriptno/wiki/ ... dQuestions
"You’re so mysterious. Who are you?
I’m a recent honors graduate from a business technology program from a university in Toronto, Canada, graduating with over 20 months of full-time work experience due to my co-op terms with world-class organizations such as CIBC and Canada Pension Plan Investment Board. If it’s any relevancy, I’m Chinese and I’m 23
Whereas Giorgio Maone has 20 years, not months, in developing, and freely gives his real name, e-mail address, company address and telephone number. You would trust an anonymous person to take complete control of your browser? What is he so afraid of?
(I prefer to keep my privacy because I'm not responsible for the coding or behavior of NoScript, and like the rest of the support team, am an unpaid volunteer. It's Giorgio's name and reputation on the line, and he's willing to put it there for the whole world. Why doesn't this recent college grad do the same? ... just a thought.)
"A 'NoScript-like' extension"... Really? Aside from the name rip-off, does it have NoScript's level of:XSS protection
?CSRF protection and WAN-LAN boundary protection
?Ability to force HTTPS security
on sites that should have it (your bank), but may carelessly send insecure cookies?
Note that all of the above work even if you allow scripting globally
Plus many other protections, like "Forbid WebGL", a technology that has already been expoloited), and more to come, in a product that is constantly evolving and improving
, thanks in part to suggestions from users through this forum, which ATM has more than 20,000 registered members + guest posting allowed, and almost 30,000 posts on almost 5,000 topics. And which was once a part of Mozilla support, but when the user base and the feature list demanded more than *ONE* thread at Mozilla, Mr. Maone chose to host this forum on his own servers, *at his own expense*.
it still slipped up in letting your post go unanswered for so long, but genuine bugs, user support, and enhancements get first priority -- I'm sure you understand.
I could be mistaken, but I don't see Google letting NS rob them of the revenue from their Chrome users, nor do I see their "NoScript-like" add-on ever coming close to this one. But please browse the NoScript "Features" Page
and the NoScript FAQ
, and decide for yourself.
Regarding browser sandboxing, it might be nice for Firefox and SeaMonkey to implement this. But IMHO, letting the browser sandbox itself is like trying to lift yourself up by your bootstraps. If the browser is compromised, how can it protect its own sandbox? Much better is to let your sandboxing solution run on your operating system, *independently of the browser*. Then, if the browser is compromised, the malware cannot escape through to the hard drive. After all, much of MS' security issues with IE were based on, or worsened by, the fact that IE *is an integral part of the Windows OS*.
Nope. Let the sandboxer run on the OS, and then let the browser run in the *independent* sandbox thus created. (I have been satisfied with Sandboxie, but that's just personal experience and opinion only, not an endorsement. But it meets the above criterion of being outside the browser instead of inside it.)
As for the topic there, "Safest browser?" Firefox and SeaMonkey, in their default states, ... wouldn't know. Always using NoScript. Fx and SM + NoScript (properly configured): I defy anyone to show another readily-available, mass-market browser suitable for both home and enterprise use that is equally protected from such a wide range of Web exploits, *and whose developer responds so rapidly to emergent threats*.
Toss in RequestPolicy
, another fine and complementary add-on to NoScript, and you have the best user control of permissions anywhere in this marketplace.
If you have any other questions, please feel free to ask, and we'll try to make sure to get to them more promptly next time.
And please feel free to link to this post, or to quote it in its entirety, including links. (But not quoted out of context in any misleading manner. That's not playing nicely.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168) Gecko/20111103 Firefox/3.6.24