Feature Request Please: Blocked Site lookup

[gpsnomad]

Now that NoScript is nearly perfect, there may be time for something new!

Please consider a feature that allows a 1-click flexible lookup on blocked domains?

If I visit gumtree.com (allowed), there are several other domains that are blocked on the page (usually well-known with widgets like facebook.com but also ones like quantserve.com / fbcdn.net etc). I would like to investigate these blocked domains to work out which ones are just trackers, or unhelpful from the ones that may be useful to the page like image display etc. So I currently manually type in each domain name into google or on a new web page to see what the domain does. My request is to automate this slightly so if say "quantserver.com" is blocked, then I can click on the NoScript menu and choose a "Check site" option that will feed the URL to a Noscript parameter that will open up a new page which could be a security site report on the URL (like Web of Trust or similar). Of course, this should be user customizable so that any security site or google etc. could be used to check the URL before I manually allow the permission in Noscript.

[therube]

Security and Privacy Info page is shown whenever you middle-click on sites exposed by NoScript's UI, either in the menus or in the Whitelist options tab.

[Tom T.]

CDN usually = Content Delivery Network. So fbcdn = Facebook content delivery network.

If the site you're on (and trust) also has a cdn script, it's probably OK. goodsite.com, goodsitecdn.com probably deserve equal trust levels. Subtract cdn from anything else to get an idea of who it is, as in Facebook.

Quantserve: see http://en.wikipedia.org/wiki/Quantcast.
"Some of this information includes, for example, whether the Web page viewer is a male or female, whether the average viewer makes $30,000 USD annually or $100,000 USD annually, the age group of the viewer ... the Quantcast code causes the user's browser to access Quantcast's servers, at which time they can log the user's IP address and information Quantcast places in cookies that are stored in the user's browser. The cookies significantly aid in making inferences. Quantcast also provides affinities revealing other popular sites that the average viewer browses. This is possible by tracking "referrer" information that is normally included as part of every HTTP request made by the user's browser... In July 2010 BBC News reported that a legal challenge has been launched in the US against a number of websites amid claims that they were engaged in "covert surveillance" of users through the use of a Quantcast Flash application to restore deleted cookies."

Defeat this by proper cookie management, using the RequestPolicy add-on, RefControl add-on, and of course, blacklisting/untrusting quantserve.com.
There are a number of other such that I could tell you to blanket-blacklist, but they escape me at the moment. Not very many 3rd-party scripts, other than from Akamai FAQ, are necessary or desirable. By all means use the feature therube pointed to, but there are a number that can be blacklisted on sight. If I come across them, will try to add here. Anyone else, feel free.

Also, consider using HOSTS file to block about 20,000 undesirable sites, scripts and all.

Edit: By default, NoScript runs a surrogate script for Quantserve (and some others), but I prefer to block them outright, to save the bandwidth and loading/response time.

Edit 2: Type about:config in the address bar, and in the Filter Bar, type surr
This will bring up a large list of default surrogate scripts, from many of which you can extract sites to blacklist. It reminded me of yieldmanager, revsci, and many others.

[therube]

Don't want to lessen what you say, I just don't believe in using things like HOST files for the described purposes. Many do.

I use this extension called NoScript, so while sites are not blocked outright, most every site does have JavaScript disabled by default.
That way I'm still free to visit any site, advertising or tracking or malware or whatever - because I want to, while at the same time any trepidation I might have in visiting such sites is lessened (not necessarily eliminated, as there are ways to evil without using JavaScript), all without the need to compile & update a blacklist of thousands & thousands of domains.

[dhouwn]

Edit: By default, NoScript runs a surrogate script for Quantserve (and some others), but I prefer to block them outright, to save the bandwidth and loading/response time.

The surrogate script is to prevent pages from braking when the Quantserve script is blocked.

[Tom T.]

Edit: By default, NoScript runs a surrogate script for Quantserve (and some others), but I prefer to block them outright, to save the bandwidth and loading/response time.

The surrogate script is for preventing pages to be broken when the Quantserve script is blocked.

Ouch! [facepalm]
Thanks for the catch. Severe brainfade there.

[gpsnomad]

Thanks for the replies re. your help & patience. No RTFM

I didn't know about the middle click for a redirect to NoScript Sitechecker page. Very useful and the surrogate script info too.

I still feel that the middle click option is a bit obscure and non-intuitive (and depends on the maintainers of the Noscript web page, and if the page/server is available). It may be useful to allow users to define their own "Check site" action, as well as the current option - and make the UI a bit more accessible too. This would be faster (avoids the intermediate web page load & choice etc.), more flexible & removes a possible point of failure if the noscript site is down.

[Giorgio Maone]

It may be useful to allow users to define their own "Check site" action

Just edit the noscript.siteInfoProvider about:config preference.

[Tom T.]

I still feel that the middle click option is a bit obscure and non-intuitive

If you hover the mouse pointer over a given script, you'll see that Shift+click also does the same thing. This was a nice enhancement for laptops that don't have a middle-click button, or have to use some key combo or other workaround to get it.

[gpsnomad]

Fantastic! Wonderful that all these powerful features are available in config etc.

In this world of information overload, I haven't time to read the manual. So I value the help with finding the answers. I have also noticed a tooltip that describes this too. Thank you.

[Tom T.]

I have also noticed a tooltip that describes this too.

Yes, that's what I meant by "if you hove the mouse". Considered going back and editing to add, "you'll see a tooltip", but figured anyone reading would see the tooltip anyway.

In this world of information overload, I haven't time to read the manual. So I value the help with finding the answers. Thank you.

Sympathize with you on the info overload, and you're welcome for the help, but also please try searching this forum and the NoScript FAQ.

Giorgio and the support team long ago discussed the desirability of having a searchable, indexed (compiled, .chm) "help" file in NoScript, with the usual menu entry for "Help" plus the typical F1 trigger. Unfortunately, threats keep evolving; a great deal of time was spent, and is still spent, on developing and enhancing ABE; Firefox evolves, or in the case of F3-F4, changes radically; and the demand for mobile apps requires a NoScript for Firefox Mobile.

So I think the help file is still on the "to-do" list, but surely lower priority than the above, since all of these other sources of help are available, including right here. Cheers.