In order to get a captcha prompt from google (recently also required here on the forum) a Noscript user has to enable "frame" and "fetch" in the Noscript settings. To be honest, not only that I am averse to allowing any Google code on my device. But these settings cause other problems. As you can see on this site (https://webbrowsertools.com/useragent/) iFrames can easily be used (and misused) in many ways.
One simple example, I do not want anybody to read my "permanent", ordinary UA - even a UA spoofer (through an add-on or other) cannot protect you from this. When I am forced to allow frames and fetch for every captcha, here on the forum or on other sites, there are 2 problems with this:
1) I cannot know that Google (with or within the captcha script) does not also read my true UA string, and
2) even if they don't, when I forget to reset the fetch and frame settings, I will sooner or later - by accident - allow another site to read it out, match it, store it, and use it for fingerprinting.
If my observations above are correct ... I would really like a feature within Noscript, which does only allow one captcha (and no other frames), and ideally allows it just temporarily (so I cannot forget to reset frame and fetch).
Any thoughts ?
captcha concerns
captcha concerns
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 Edge/17.17134
Re: captcha concerns
That sounds like a privacy issue, and not a security issue. NoScript is not a privacy tool.
The feature you're describing is uBlock Origin click2load
The feature you're describing is uBlock Origin click2load
*Always* check the changelogs BEFORE updating that important software!
-