[RESOLVED] What is NoScript Blocking?

[mynona]

I would like to know what NoScript is blocking before I decide that I need the functionality the objects/scripts would be providing and/or trust the website enough to allow them to display/run.

I am looking for a feature similar to the ad blocker Adblock Plus' "View Blockable Items" interface. Does this exist, and if not why (I've misinterpreted my need for features enough times to ask) and will it be added?

[Tom T.]

I would like to know what NoScript is blocking before I decide that I need the functionality the objects/scripts would be providing and/or trust the website enough to allow them to display/run.

I am looking for a feature similar to the ad blocker Adblock Plus' "View Blockable Items" interface. Does this exist, and if not why (I've misinterpreted my need for features enough times to ask) and will it be added?

The NoScript Menu serves that purpose. Open it, either by clicking on the NoScript logo or by hovering the mouse pointer over the logo, depending on how you configured the Options > General tab. Or right-click on the page, and point to the NS logo.

Whatever shows in there with a choice to "Allow" or "Temporarily Allow" has been blocked. They will be in blue.
Also, point to "Recently blocked sites", which opens a second menu of ... those.
And to "Untrusted", which will show sources that you've marked as Untrusted, in case you want to re-allow or temp-allow them.

ETA: This will include "blocked objects", with a description, whether from the same site or a third party. E. g., to allow a Flash video, or the Facebook like/don't like button.

Sites that have been allowed will be in red, with a choice to "Forbid".

If there is a specific page that would illustrate your question better, please provide it. Thanks.

[mynona]

The NoScript Menu serves that purpose. Open it, either by clicking on the NoScript logo or by hovering the mouse pointer over the logo, depending on how you configured the Options > General tab. Or right-click on the page, and point to the NS logo.

Whatever shows in there with a choice to "Allow" or "Temporarily Allow" has been blocked. They will be in blue.
Also, point to "Recently blocked sites", which opens a second menu of ... those.
And to "Untrusted", which will show sources that you've marked as Untrusted, in case you want to re-allow or temp-allow them.

ETA: This will include "blocked objects", with a description, whether from the same site or a third party. E. g., to allow a Flash video, or the Facebook like/don't like button.

Sites that have been allowed will be in red, with a choice to "Forbid".

If there is a specific page that would illustrate your question better, please provide it. Thanks.

You summed it up pretty well actually. The features listed in your ETA will be great to have, but I'm fine with using NoScript until then too. Thanks!

[Tom T.]

You summed it up pretty well actually. The features listed in your ETA will be great to have, but I'm fine with using NoScript until then too. Thanks!

I'm sorry for the lack of clarity. "Will" was used in the near-future meaning, "When you open the menu, these items will also be shown",
rather than in the distant-future meaning, "In some future build, these items will be shown."

I probably should have used "are", to make the present tense unambiguous:

Also included are "blocked objects", with a description, whether from the same site or a third party. E. g., to allow a Flash video, or the Facebook like/don't like button.

Sites that have been allowed are in red, with a choice to "Forbid".

I "will' keep that in mind for the future.
Again, sorry if it wasn't clear. Thanks for posting back so that I could clear that up.

Another edit: Just noticed that your browser version is showing as 3.6.3. That is way out of date. The current version of 3.6 is 3.6.24, which I myself use frequently. There were some critical security patches along the way, so please update to 3.6.24 as soon as possible. Your settings should be preserved after the Update function.

[mynona]

I'm sorry for the lack of clarity. "Will" was used in the near-future meaning, "When you open the menu, these items will also be shown",
rather than in the distant-future meaning, "In some future build, these items will be shown."

I probably should have used "are", to make the present tense unambiguous:

Also included are "blocked objects", with a description, whether from the same site or a third party. E. g., to allow a Flash video, or the Facebook like/don't like button.

Sites that have been allowed are in red, with a choice to "Forbid".

I "will' keep that in mind for the future. :D
Again, sorry if it wasn't clear. Thanks for posting back so that I could clear that up.

Ah. I do see what you're talking about, I thought you meant a more fluid interface was being developed. That would be nice. All the same, though misled, my original sentiment about the lack thereof not being enough to scare me away stands.

Another edit: Just noticed that your browser version is showing as 3.6.3. That is way out of date. The current version of 3.6 is 3.6.24, which I myself use frequently. There were some critical security patches along the way, so please update to 3.6.24 as soon as possible. Your settings should be preserved after the Update function.

Tell that to the administrators of my high school. They seem to be under the impression that their filter and firewall is protection enough. I haven't used used the 4.x-x.x branch of Firefox since it left beta, and I'd love to for various reasons. Alas.

Why are user-agents shown publicly here? It seems the average NoScript user would be more... tin-foil-hatish about information like that being available to everyone :)

[Tom T.]

Another edit: Just noticed that your browser version is showing as 3.6.3. That is way out of date. The current version of 3.6 is 3.6.24, which I myself use frequently. There were some critical security patches along the way, so please update to 3.6.24 as soon as possible. Your settings should be preserved after the Update function.

Tell that to the administrators of my high school. They seem to be under the impression that their filter and firewall is protection enough. I haven't used used the 4.x-x.x branch of Firefox since it left beta, and I'd love to for various reasons. Alas.

I'll be happy to tell them. Just point them to this thread.

@ High School Administrators: Updates often fix critical security vulnerabilities that will *not* be caught by firewalls, because the firewall must always allow the browser. So any evil on the Web that gets into the browser will *not* be stopped by the firewall. Filters may block bad sites, but a good site can be hacked to run bad code. (It's happened to all of them, even the biggest.) The latest versions of Fx and NS are best at preventing that, but older versions might not provide protection against recently-emergent threats. So filtering bad sites isn't enough.

Fundamental principles of computer and Internet safety include obtaining security updates ASAP. The versions of Firefox with the most up-to-date security fixes are presently 3.6.24 and 8.0. Please allow your systems to update. If you choose to update the 3.6.x branch, it should preserve most, if not all, of your settings, so there is not a large chore to reconfigure things. Installing 8.0 fresh would take a bit more time. But please do not set a bad example for your students by running obsolete versions with known security issues. Thank you.

@ mynona: Let me know how that works out for you ...

If it doesn't, would they let you run Fx Portable from a flash drive?

Why are user-agents shown publicly here? It seems the average NoScript user would be more... tin-foil-hatish about information like that being available to everyone

First, please know that every web site on the planet sees your IP (so they know where to send the page), your OS and version (because some pages might need alternate coding for Win, Mac, and *nix, or even for different versions of Windows), and your browser and version (same reason: Pages must code differently for different browsers, especially IE vs. the rest. Also, versions of the same browser may make a difference.)

No IP display here (except available to Moderators for banning spammers, etc.), as that's potentially-personal ID info. Showing the OS and version helps the team if an issue mght be, say, Mac-specific. Knowing the browser version # is crucial, because there are a lot of differences between F3 and F8 (or F10). And SeaMonkey has version #s different from Fx.

As far as display to users:
First, we have several long-time users here who, although not Moderators, are quite knowledgeable, and often contribute answers when none of the unpaid, volunteer (cough) Moderator/Support Team is available, so some questions get answered more quickly. They'd need the same info. Same with the update reminder in my previous post. Also, other readers who are interested in a post may wish to know if it applies to their version or OS. We encourage users to search the forum for answers before posting, so this info helps others.

Secondly, I'm about as privacy-conscious as anyone I know -- virtually tin-hat-tish -- but I don't see the harm or privacy invasion from someone knowing that I'm using Win XP ATM. For all they know, I may have a multi-boot system, or more than one computer, etc., and use other systems at other times. Same with the browser. In fact, I'll sometimes check something in both versions - F3 and F7 until recently, now F8 - to make sure it works across the board, or that differences are addressed. That reply is more meaningful with the version displayed, although I usually specify in the post which version is in use ATM.

The presence of MS .NET, and version, may play a part in diagnostics.

If you're seriously concerned about browser fingerprinting, get six different versions of Fx on a portable drive, and alternate their use.
Or change your useragent manually -- there's an add-on that makes it easier, but I'm not going to encourage users to get it. Some stuff may break if the UA is changed in certain ways, and having a unique UA makes browser fingerprinting much more precise.

Thirdly, any post from IE is probably spam without even reading it.

A lot of users would probably forget to tell us such critical info as OS and browser, if it weren't displayed.
We'd like them to tell us what version of NS they're using -- see Forum Rules #10 and #11 -- because we can't see that, without doing some active sniffing (snooping) that would indeed be against the principles of NoScript. Some do, some don't.

In closing, if you are in fact on a school machine, it might be shared by dozens or hundreds of other users, which makes any personal info gleaned rather useless.

[mynona]

I'll be happy to tell them. Just point them to this thread.

@ High School Administrators: Updates often fix critical security vulnerabilities that will *not* be caught by firewalls, because the firewall must always allow the browser. So any evil on the Web that gets into the browser will *not* be stopped by the firewall. Filters may block bad sites, but a good site can be hacked to run bad code. (It's happened to all of them, even the biggest.) The latest versions of Fx and NS are best at preventing that, but older versions might not provide protection against recently-emergent threats. So filtering bad sites isn't enough.

Fundamental principles of computer and Internet safety include obtaining security updates ASAP. The versions of Firefox with the most up-to-date security fixes are presently 3.6.24 and 8.0. Please allow your systems to update. If you choose to update the 3.6.x branch, it should preserve most, if not all, of your settings, so there is not a large chore to reconfigure things. Installing 8.0 fresh would take a bit more time. But please do not set a bad example for your students by running obsolete versions with known security issues. Thank you.

@ mynona: Let me know how that works out for you ...

If it doesn't, would they let you run Fx Portable from a flash drive?

Haha! I appreciate the effort, and I may pop in and ask them sometime. As for portable and/or completely new applications, I'm under the impression that they have some kind of whitelist set up of allowed executables. Though it is understandable, I dislike not being able to run even portable applications.

First, please know that every web site on the planet sees your IP (so they know where to send the page), your OS and version (because some pages might need alternate coding for Win, Mac, and *nix, or even for different versions of Windows), and your browser and version (same reason: Pages must code differently for different browsers, especially IE vs. the rest. Also, versions of the same browser may make a difference.)

No IP display here (except available to Moderators for banning spammers, etc.), as that's potentially-personal ID info. Showing the OS and version helps the team if an issue mght be, say, Mac-specific. Knowing the browser version # is crucial, because there are a lot of differences between F3 and F8 (or F10). And SeaMonkey has version #s different from Fx.

As far as display to users:
First, we have several long-time users here who, although not Moderators, are quite knowledgeable, and often contribute answers when none of the unpaid, volunteer (cough) Moderator/Support Team is available, so some questions get answered more quickly. They'd need the same info. Same with the update reminder in my previous post. Also, other readers who are interested in a post may wish to know if it applies to their version or OS. We encourage users to search the forum for answers before posting, so this info helps others.

Secondly, I'm about as privacy-conscious as anyone I know -- virtually tin-hat-tish ;) -- but I don't see the harm or privacy invasion from someone knowing that I'm using Win XP ATM. For all they know, I may have a multi-boot system, or more than one computer, etc., and use other systems at other times. Same with the browser. In fact, I'll sometimes check something in both versions - F3 and F7 until recently, now F8 - to make sure it works across the board, or that differences are addressed. That reply is more meaningful with the version displayed, although I usually specify in the post which version is in use ATM.

The presence of MS .NET, and version, may play a part in diagnostics.

If you're seriously concerned about browser fingerprinting, get six different versions of Fx on a portable drive, and alternate their use. :geek:
Or change your useragent manually -- there's an add-on that makes it easier, but I'm not going to encourage users to get it. Some stuff may break if the UA is changed in certain ways, and having a unique UA makes browser fingerprinting much more precise.

Thirdly, any post from IE is probably spam without even reading it. :mrgreen:

A lot of users would probably forget to tell us such critical info as OS and browser, if it weren't displayed.
We'd like them to tell us what version of NS they're using -- see Forum Rules #10 and #11 -- because we can't see that, without doing some active sniffing (snooping) that would indeed be against the principles of NoScript. Some do, some don't.

In closing, if you are in fact on a school machine, it might be shared by dozens or hundreds of other users, which makes any personal info gleaned rather useless. :D

I'm not worried about it :) I just thought it was ironic. I can see why you'd want it available though. I didn't even think about giving you my NS version, and I'm extremely familiar with the importance of that information. I used to run a Linux distro that was, for the most part, DIY. Sitting in the project IRC channel daily I'd practically copy and paste a line asking what versions of software the user had installed before I'd answer their questions.

Thanks, and cheers!

[Tom T.]

If it doesn't, would they let you run Fx Portable from a flash drive?

Haha! I appreciate the effort, and I may pop in and ask them sometime. As for portable and/or completely new applications, I'm under the impression that they have some kind of whitelist set up of allowed executables. Though it is understandable, I dislike not being able to run even portable applications.

Agreed that such admins need to allow only certain exe's. You're still better off than those that allow only IE. (and probably not familiar with Fx) If Firefox is on the list of allowed exe's, which it obviously is, perhaps they could see the logic of allowing FxPortable.exe, since it's from a reputable site, and gets all "Excellent" ratings (90+%) at mywot.com? -- probably not.

(UA display)

I'm not worried about it I just thought it was ironic. I can see why you'd want it available though. I didn't even think about giving you my NS version, and I'm extremely familiar with the importance of that information. I used to run a Linux distro that was, for the most part, DIY. Sitting in the project IRC channel daily I'd practically copy and paste a line asking what versions of software the user had installed before I'd answer their questions.

Exactly. And since you've been on the other side of the fence ..

Thanks, and cheers!

You're welcome; I'll mark this Resolved; and *do* please let us know if you can convince the school to update their obsolete and dangerous browsers. (Send an email with a link to this thread? - seriously.) Cheers back!