[Bug] Default NS settings make some sites unusable

[iDrugoy]

Read this.

[Giorgio Maone]

URLs?

[iDrugoy]

Another site that gets pwned by NoScript (even on a clean profile) is chat.nekto.me
1. you have to click this button:

2. if you see there the following text:

Code: Select all

<p>Ошибка: </p>

then the site is not working.

[Giorgio Maone]

That's very strange, the problem goes away as soon as ABE is disabled (NoScript Options|Advanced|ABE), but no rule is triggered.
Investigating, thanks.

[iDrugoy]

which one of 2 sites are you talking about?
actually that didn't resolve the issue for me for neither of them.

[iDrugoy]

this might help: site "chat.nekto.me" doesn't work if "donottrack" header is enabled.

edit: found NoScript's hidden pref "noscript.doNotTrack.enabled". Setting it to false makes this site work again.

[iDrugoy]

site http://thisissand.com/ also stops working, if http://www.google-analytics.com/ga.js gets blocked. By AdBlock+, for example.

[iDrugoy]

To sum it up: both issues with each of the mentioned site got solved.
1. To make chat.nekto.me work - I had to turn a hidden NS "noscript.doNotTrack.enabled" pref to false. Actually, it shouldn't be true by default or should have an option somewhere in menu: not many users know of about:config page at all.

2. To make thisissand.com work for me - I just clicked "reset" button in NS. Now it works for me.

Thank you and I hope you either change default value for the mentioned pref to false, or add an option for it into the setting.

[Giorgio Maone]

To sum it up: both issues with each of the mentioned site got solved.
1. To make chat.nekto.me work - I had to turn a hidden NS "noscript.doNotTrack.enabled" pref to false. Actually, it shouldn't be true by default or should have an option somewhere in menu: not many users know of about:config page at all.

Does the built-in Firefox DnT feature break this site as well?
[/quote]

[iDrugoy]

Yes.

[GµårÐïåñ]

So this seems like bad coding to me where the site developers are insisting on getting this information or not providing you the services, not really an NS issue. It seems they are just overreaching and not accounting for those who may wish to not provide it. Sort of a take it or leave it kind of thing, so that should be a user choice and not a default allow choice as you suggested. I believe that NS is enforcing the best practice on this matter. After all, it is a security addon and designed to prevent such blatant intrusion, further supported by the fact that the built-in browser function limiting this nosy behavior also breaks the site. The site should either be more flexible or if you can't live without it, then you bend, but I don't believe NS should bend to the will of developers who insist on pushing this intrusion on their users.

[iDrugoy]

Agreed. Except the statement that DNT header improves security somehow. That's an illusion.
The whole idea of DNT is a mistake. You get zarro guaranties that site will respect your "please do not track me!" please.

[GµårÐïåñ]

Agreed. Except the statement that DNT header improves security somehow. That's an illusion.
The whole idea of DNT is a mistake. You get zarro guaranties that site will respect your "please do not track me!" please.

I never said it does per se, afterall the fact that its there shows the industry has bent to the will of such providers as Google and other tagging services to provide geolocation.

However, that being said, it obviously had enough effect to render the site that wasn't willing to bend to stop functioning. If the site was able to somehow not respect that setting and force it to submit, it would have, no? So although I agree with you on the fact that the presence of this feature in the browser is asinine and we can only react to the implemented technology the best we can, it does have an effect, no matter how minor it might be.

Now simply saying DNT-me isn't always enough, if you actually disable the browser's Geolocation setting which remains active in Fx despite setting the DNT, THEN you will make whatever they MIGHT grab from you relatively useless. So if you push back ENOUGH, you CAN get improved security and I stand by that. If it was a useless feature, Giorgio wouldn't have wasted time with it. Everything has a reason, even if it is not immediately clear to everyone.