Help finding which blocked object(s) causes problem

[scripteze]

At times, I have trouble finding which blocked object(s) or 3rd party site may be causing a problem of something not working on a given site.
Of course, part of the answer will always be, "it depends." On how the page & links to other domains are coded, what they use, etc.
This is more of a general question, that I think plagues many NS users, rather than about 1 or 2 sites.

Unless users take a stance, I'm only going to try to figure out what blocked objects / sites are causing problems, on a handful of my "important" sites. For all the other sites, I can do 1 of a few things.
* Take the stance, if sites work (well enough) w/ scripts blocked, or by selectively allowing scripts only from the base domain... fine. If they don't, to hell with them.
* Take a view of, too much is broken by denying scripts globally. I'll just allow all globally, knowing NS has other benefits (which is true, but...).
* Reconcile to the fact that unless I visit an incredibly small number of new sites each day / wk / mo, then figuring out what NS is blocking that's causing the "break," will take more time overall, than is actually spent using the sites.

I could give dozens of examples for sites where things don't work if scripts are globally denied, or if only the base domain is allowed. Many of those would have different things not working because of NS. It's not always about an embedded vid not playing; often more subtle than that. And if you took enough time, the reasons (even quite similar) things are being blocked would vary by site. That's the problem - no one has that kind of time, but knowledgeable users don't want to just "allow everything" either. Maybe ignorance really is bliss? (Until you catch something really nasty)

Like http://www.washingtonpost.com/posttv/c/channel/top_news. Just one of many dozens of sites w/ various problems. Figuring out what the problem is here, or finding it's not even a problem caused by NS won't help on the next 100 sites (that are caused by NS, or "sites having a problem WITH NS). But, not only will the video not play (even allowing oolaya.com), but the 6 images (~ 2" x 1") just below the video window don't display automatically, listing other video topics. Not until I hover over the hidden images - then they appear. Again, these are just examples. Problems on tons of sites don't involve vids or images.

It seems that using only "allow / temporarily allow somesite.com" in NS is becoming less likely to make sites work. Even mainstream sites.
I even find sites where "Allow ALL on this page" won't make some things work, but enabling scripts globally does. How's that possible?

Like many, I don't really even want to allow (all) scripts from the base domain of visited sites, much less "Allow ALL from somesite.com." But setting scripts to deny globally, then "allow or temporarily allow" ONLY the domain you're on, still stops too many things from working.

Other than allowing all scripts globally, how could NS be changed to make identifying problems faster & easier?
Thanks.

[barbaz]

Personally, I use Adblock Plus with subscriptions for blocking all the things I don't want and if a domain is explicitly filtered there, it goes straight to Untrusted in NoScript. You're using Firefox 26 so that should work for you also. At least there's a bit less trial-and-error (and junk scripts) that way.

I even find sites where "Allow ALL on this page" won't make some things work, but enabling scripts globally does. How's that possible?

"(Temp-)Allow all this page" doesn't mean what it says. That really means "(temporarily) allow all you see on this MENU". If scripts allowed the first time cause scripts from NEW domains to be loaded, it isn't technically possible for NoScript to predict this second layer of scripts in advance, so they get default-denied.

[scripteze]

Thanks barbaz,
I guess you meant - from the FAQ description of menu items:

Allow all this page and Temporarily allow all this page enable every site shown as allowable by NoScript's menu on the current page, unless already marked as untrusted.

Meaning, every thing that shows up in the 1st domain's code (currently being viewed).
Let's see if I understood - what seemed like you're explanation of why "Allowing All" didn't always make everything on a site work.

If siteA.com & everything else NS picks up on that 1st domain (for 3rd party sites) is allowed by "Allow All This Page," it shows every page or script, referenced in the source code of the base domain?
Then, if... as a result, one of the 3rd party sites (say, site_level2.com) loads in the same or another tab (say, to deliver content linked on the base domain), NS will block everything on the subsequent 3rd party sites, that WASN'T specifically detected & allowed by the "Allow All This Page" action, that was carried out while viewing the base domain?

If the 3rd parties try to load additional scripts (besides what was on original domain), NS wouldn't be able to tell ahead of time if they would be good or bad - so it just blocks them if scripts are denied globally.
And if site_level2.com requires "New" scripts to deliver more content, it will fail unless you also allow site_level2.com, once that page has loaded?

As for AdBlock, yes it blocks some stuff & some scripts - but certainly not all scripts. Usually, only ones connected to ads or such. Obviously, it's not looking for malicious scripts.
What type AdBlock subscriptions do you mean, "for blocking all the things I don't want?" Disable Malware Domains?

I'm not sure AdBlock, Ghostery, etc., are in the same solar system as NS, when it comes to protection from malicious scripts. But AdBlock also does not break half the sites.

If NS users want to deny scripts globally, I can understand people whitelisting a bunch of news sites they visit often. I'm not sure I can see stopping to check out every additional (apparently above board) news site where following stories could lead, to see what NS is showing for each new domain. Then decide if each new domain should be allowed. It'd take hours to read a couple of lengthy articles, taking side trips to a few embedded links.

I've got a spectacular tip to lower drivers' risk of auto accidents to near zero - - don't drive. Unfortunately, for many that's just not an option.
If one wants to visit illegal dark web sites, it's probably good to turn off all scripts.
But for those just using the "normal" internet, blocking all scripts breaks a large % of sites. Not that you can't get malicious scripts from mainstream sites - you absolutely can.

[barbaz]

Let's see if I understood - what seemed like you're explanation of why "Allowing All" didn't always make everything on a site work.

You've almost got it. The sticky might be better able to explain it than me.

As for AdBlock, yes it blocks some stuff & some scripts - but certainly not all scripts. Usually, only ones connected to ads or such. Obviously, it's not looking for malicious scripts.
What type AdBlock subscriptions do you mean, "for blocking all the things I don't want?" Disable Malware Domains?

For example. ABP may be marketed as an ad blocker, but it's really a generic filter for non-top-level loads that you can use however you want. There are a lot of subscriptions out there, but the "known subscriptions" page is a good place to start.

I'm not sure AdBlock, Ghostery, etc., are in the same solar system as NS, when it comes to protection from malicious scripts.

Well, they're not. ABP is a blacklist based approach (meaning some unknown could slip through just because it's unknown) and Ghostery is basically useless here since it only blocks tracking, not malware.

But for those just using the "normal" internet, blocking all scripts breaks a large % of sites.

Not in my experience...

[Hecuba's daughter]

nvm

[Thrawn]

I'm still hoping that Giorgio will revisit this idea, for interactively deciding whether to allow domains on the fly as the page loads. I still think it must be theoretically possible, although it would be noisy.

[scripteze]

Thanks barbaz - the way I was trying to parrot back why clicking only "allow all on this page" doesn't always work (at least how words were tumbling in my head), was exactly as the sticky said, that you linked. In fact, I'd read that some time ago & forgot some of it. And true - Ghostery is for privacy, not security (regardless whether one likes the software). Browser privacy has its place, just like security. Most users know little about either.

I'm sympathetic to the job NS is trying to do. Unless someone developed software (addon) to take its place, that used artificial intelligence or such, & probably more computing power than most home users have, then perhaps no one else could do it better than NS. The sometimes dazzling levels of one script calling another that calls another would be near impossible for software to selectively stop only bad ones. I heard that developers for these cascading scripts got the idea from Kramer - to "build levels."

Breaking bad sites: I'm seeing more & more sites that partly / totally break w/o javascript. Some, even to browse / do basic site navigation.
If it's a fairly simple site - it may work OK w/o scripts. Large news sites often have some failure w/o scripts, though they're usually at least partially useable w/o them. Sorta like a "partially useable internet connection; partially working auto brakes."

Viewing a video off most news sites w/ scripts disabled - even ones linked from their server... forget it.
I looked at maybe a dozen news sites over the weekend - big names like NY Times, WSJ, Business Week, spiegel.de, etc. Most broke in some way w/ scripts totally blocked. Yeah, I could read the 1st page. Finding / getting to other stuff - not so much (depending).
Most forums I use won't work fully (or at all) w/o scripts. Definitely not to login / post. The list goes on.

Hecuba's daughter - thanks for input. Again, those examples were just that - examples. If I solve issues w/ Washington Post, there'll be 100 sites to take its place. which is my (& your) point - "only so many hrs in the day." Even TorProject leaves scripts globally enabled in NoScript for TorBrowser, to the objection of many users, because "blocking javascript breaks too many sites."

I wish I was seeing as few sites being broken by blocking all scripts as you & barbaz indicate - just hasn't been my experience.
Allowing scripts on the base domain fixes a good many. After that, if I don't care about time, I can often find what else is the problem, by looking at page source. For more than a couple of sites, that's just not worth it.

[Hecuba's daughter]

nvm

[scripteze]

Your report that users are complaining about Tor's configuration instead of helping themselves says something about the Tor user base perhaps?

Why you be hatin' on Tor users? (snif!)
I never said they weren't doing anything about it. Depends on who "they" are. On average, compared to stock Fx, Chrome / Chromium, IE users, Tor users are probably considerably more advanced. Fairly easy to tell that from the types / level of questions asked, in Tor mailing lists & forums vs. mainstream Fx user forums (Mozillazine & Support.Mozilla.org). At least, more aware of potential issues - from scripts & many other things.

My only point was, that even though Tor devs (as a group) are extremely concerned about security in general, & issues of some sites potentially using javascripts to gather certain browser characteristics or run malicious code, they have said that to try & make TorBrowser more friendly to "average" users, leaving scripts enabled in NoScript outweighs the negative of breaking so many sites.
I'm quite sure if disabling JS didn't break at least parts of a fair number of sites, Tor devs would love to disable JS & be done (whether using NS, or not). Just disable it in the browser.

Tor devs spend a lot of time programming changes (in the base Firefox ESR, used in TorBrowser) to deal w/ various ways that JS can be used to potentially reduce Tor users' anonymity.

That said, any fairly new Tor users that subscribe to the tor-talk mailing list, or visit the new Tor users forum https://tor.stackexchange.com/ will often see advanced users saying that JS will have to be enabled for a good many sites to fully work. Sure, you can disable JS - esp. for visiting unknown sites, but to interact fully w/ a good many sites, you may well have to enable JS on some level.