[RESOLVED] Dictionary.com website question related to NS

[lakrsrool]

Now that FF is unfortunately going the way of becoming essentially just another Chrome browser as of version 42, I'm now using Pale Moon (PM) as my primary browser.

I'm finding now that for dictionary.com (reference.com and thesaurus.com) besides my allowing "sfdict.com" in NoScript (and uMatrix as well of course) which I had been allowing all along before this in FF anyway I now have to allow both "googletagservices.com" and "servedbyopenx.com" in NoScript for the PM browser so that the "pronunciation" icon will work correctly in PM and not have to open a new page to hear the sound. So apparently the code added to about:config that works OK for FF in order to avoid having to allow "googletagservices.com" does not work for PM. (on a side note I also have to allow "google" in the Disconnect add-on for the "reference.com" part of dictionary.com to work in PM, not so for "thesaurus.com" part however, but this is incidental as far as what NoScript needs now for dictionary.com to work in PM)

Just another one of those things that I guess needs to be allowed to have the website work properly in PM. Oh well....

[lakrsrool]

Question regarding my post above: Is it correct to say that for example that by allowing "googletagservices.com" on the dictionary.com web site that the setting in NoScript is "global" in nature thus will allow "googletagservices.com" for ALL websites? This is how I understand it, and of course it would seem there lies the problem, it's not so bad to allow "googletagservices.com" on the one specific "dictionary.com" website but presumably "googletagservices.com" is likely used on many websites which of course is in that event more problematic.

I guess this is where uMatrix provides the needed additional security to the user in as much as the scope of the "googletagservices.com" setting will NOT be global but rather the scope will be more narrow and instead be site-specific and therefore only apply to the "reference.com" website related to dictionary.com.

[barbaz]

I think you answered your own question, you seem to understand correctly. And yes µMatrix is simpler than ABE (and better suited) for making NoScript's permissions per-site.

As for the rest, see my reply to your PM

[lakrsrool]

Update: Thanks to the suggestion by barbaz to set the noscript.surrogate.googletag.replacement to default in the most recent NoScript release I've found that at least I do not have to "allow" the "servedbyopenx.com" site in NoScript for the PM browser to work with dictionary.com.

Now it's only "googletagservices.com" that has to still be allowed.

[barbaz]

That is REALLY weird because the surrogate isn't running at all when you allow googletagservices. Well it shouldn't be...

[Thrawn]

I guess this is where uMatrix provides the needed additional security

This is a common viewpoint, but I think it's a misunderstanding. What additional security is uMatrix going to give you? If googletagservices is compromised and starts serving drive-by downloads, then allowing it on one site is enough for it to do its damage; if not, then what security are you gaining?

Privacy is good, but privacy is not security.

[lakrsrool]

I guess this is where uMatrix provides the needed additional security

This is a common viewpoint, but I think it's a misunderstanding. What additional security is uMatrix going to give you? If googletagservices is compromised and starts serving drive-by downloads, then allowing it on one site is enough for it to do its damage; if not, then what security are you gaining?

Privacy is good, but privacy is not security.

In the case of uMatrix I'm only allowing "googletagservices" for the "dictionary.com" website because the setting is local so no other websites will allow "googletagservices". On the other hand, in the case of NoScript when I allow "googletagservices" for any website then this setting applies to all websites I might visit. At least this is the way I understand NoScript to work. If I'm correct in my conclusions here I think it very obvious that an "allow" for just one website is far more secure than an "allow" for all websites.

Wait, I think maybe the misunderstanding is in regards to the term "security" after looking at this again, if so I'll agree that perhaps I'm using the incorrect word and that "privacy" would be a better term to use in this case. Point well taken if that's what your meaning is. That said however, if in fact we were discussing a different site that could be a potential malware threat so to speak then in that case the point I'm making about the "global" setting that would apply to NoScript versus setting an "allow" that applies to only one specific site as can be the case for uMatrix would then seem to me to be applicable in regards to the concept of "additional security" in the case of using the latter.

[lakrsrool]

I've tried the webpage again and for some reason I now no longer need to have to allow "googletagservices.com" any more. Problem solved on it's own somehow. Sorry for all the trouble I've caused.

I've also found I don't even have to unblock "google" in Disconnect either any more.

Of course I still have to allow "sfdict.com" but that understandable because NoScript blocks the mp3 audio otherwise.

Apparently all is well with Pale Moon [version 27.7.2 (x86)] regarding this website now.

[Thrawn]

Good to hear that it's working .

You may also be pleased to know that NoScript 3 will support fine-grained whitelisting, when it's complete. It might actually be coming closer due to Giorgio's efforts to cope with e10s...