Javascript friend or enemy?

[hateJSbanit]

Many pages I visit will not allow registration unless javascript is enabled.

As a new user so far I have found no way using No Script to determine if maiicious, privacy invading javascript is included in the code needed to view the captcha or other authorizations.

Your introductory help lists an add on for FF that leads to a forum on javascript that is no longer available-removed by author

Question if anyone here knows is how do I identify javascript that is malicious-reveals IP, reveals fingerprint info reveals other stuff that I don't want the registering page to have, such as when I use a VPN?

Tor Browser Bundle does not work at all with these registrations and many other pages and I think they use no script as part of their package.

So how to disallow malicious javascript from ok javascript? If you cannot do this then the javascript disallow is worthless.

Also if you want more users I sugges you update your verification image creator, took me about 10 tries to get one I could decipher a real PITA.

[barbaz]

Your introductory help lists an add on for FF that leads to a forum on javascript that is no longer available-removed by author

You should still be able to get JSView here, but unfortunately that site seems down right now...

[Thrawn]

First, I think you misunderstand what is meant by "malicious" in this context. It is not about privacy invasion; it is about infecting your computer with malware, stealing bank account details, and other such illegal activity.

Secondly, any scheme that depends on guessing the intent of a piece of code is doomed to failure. There are too many ways to conceal it, and too many scripts to review them all. In the NoScript world, trust is about accountability. If this site were to attack you, could you hold it to account; or, are you already dependent on it anyway? If not, then beware.

[hateJSbanit]

I did not misunderstand your use of the term "malicious". Maliciousness on the web can take the form of collecting identification and other information covertly and using that is some malicious manner, including profiling ,tracking, and targeting advertising to an individual.

SOme programs, unlike no script, such as promomitron (an old program that has not been updated since the author's death) have the capability to real time log http and other interactions with servers on websites.

I stand my my original remarks, simply disallowing JS does nothing really to protect privacy, nor does it block what could be malicious JS, not to exclude javascript designed to crash client machines or whatever the malicious js programmer has the creativity to design. Because once you allow JS with a one time only selection, -in order to get the website to display properly or see it correctly,you get whatever JS sends you, there is no selectivity in the program.

No script is ok for what it does but it really does not solve the problem of being able, for example to handle captcha and other signup devices without introducing other malicious code injected by JS.

Also why do you insist on making people who visit your forum keep going though the time consuming and irritating word recognition which not only blocks bots but also creates problems for those who want ot participate in your forum? Your challenge does not even work properly, presents a new challenge after already accepting the old. Why not just require javascript with all it problems like the rest of the forums?