A new guide to NoScript 10.x

jeaye · Post by **jeaye** » Fri Dec 22, 2017 10:31 pm

I have published an updated guide which details how to use the latest NoScript. I realize there's a similar guide here, but, when learning the new UI, not all of the existing guide's words and images connected with me. Hopefully this proves helpful for others as well.

https://blog.jeaye.com/2017/11/30/noscript/

bo elam · Post by **bo elam** » Fri Dec 22, 2017 11:08 pm

Hi jeaye, nice and simple.

Bo

FranL · Post by **FranL** » Fri Dec 22, 2017 11:35 pm

jeaye wrote:I have published an updated guide which details how to use the latest NoScript. [...]
https://blog.jeaye.com/2017/11/30/noscript/

Thanks, jeaye. Very nice. You say that we should go through the settings migrated from 5.x and change the red locks to green, but if those sites are only available via HTTP, then that will break them, correct?

jeaye · Post by **jeaye** » Fri Dec 22, 2017 11:41 pm

FranL wrote:
jeaye wrote:I have published an updated guide which details how to use the latest NoScript. [...]
https://blog.jeaye.com/2017/11/30/noscript/
Thanks, jeaye. Very nice. You say that we should go through the settings migrated from 5.x and change the red locks to green, but if those sites are only available via HTTP, then that will break them, correct?

That's right. I'd be careful trusting any JS served via HTTP at all though!

Pansa · Post by **Pansa** » Sat Dec 23, 2017 2:06 am

jeaye wrote:
FranL wrote:
jeaye wrote:I have published an updated guide which details how to use the latest NoScript. [...]
https://blog.jeaye.com/2017/11/30/noscript/
Thanks, jeaye. Very nice. You say that we should go through the settings migrated from 5.x and change the red locks to green, but if those sites are only available via HTTP, then that will break them, correct?
That's right. I'd be careful trusting any JS served via HTTP at all though!

It's not really an indicator of the security of the JS. It is "merely" a matter of being intercepted by third parties.
So for any Javascript that isn't a matter of transferring sensitive data, it is demonstrably fine. Or better "as fine as surfing any HTTP content at all".

Post by **Giorgio Maone** » Sat Dec 23, 2017 3:37 pm

Pansa wrote: It's not really an indicator of the security of the JS. It is "merely" a matter of being intercepted by third parties.
So for any Javascript that isn't a matter of transferring sensitive data, it is demonstrably fine. Or better "as fine as surfing any HTTP content at all".

Not necessarily true.
The HTTP non-secured content it's not just easy to be read, but also easy to be spoofed by whomever controls the network.
This means that even if you trust the website's owner not to use a zero-day exploit against you, there's no guarantee that your WI-FI network administrator, your TELCO provider (possibly ordered by the police or some other nosy authority), the owner of the proxy you're using if any or an anonymous Tor Exit Node operator does not inject malicious code in your unencrypted traffic. That's why Tor, by default, enables active content only on HTTS sites.

Post by **Giorgio Maone** » Sat Dec 23, 2017 3:49 pm

@Jaye:
thank you so much, very needed. I've just tweeted about it.

jeaye · Post by **jeaye** » Sat Dec 23, 2017 6:58 pm

Excellent, Giorgio! Glad to help.

jeaye · Post by **jeaye** » Sat Feb 03, 2018 8:45 pm

Hey folks, I have udpated my guide with new images and explanations for the latest version.

https://blog.jeaye.com/2017/11/30/noscript/

Enjoy!

Quest · Post by **Quest** » Mon Feb 05, 2018 10:58 am

Clanced it through. Seems to be OK but if it is supposed to be for ordinary users too, then you should explain a bit your foliohat settings.

1. Those current default ticks on Default are not very big security risk but provide for some pages better functionality.

2. This red lock syndrom sure is a problem. But when I have tried to chance those locks green, no page has functionend. This might rise some confusion combined with NoScript strange behavior: when I change a red lock to green, then Trusted page turns to Default and popdown menu and options page show different permission status. And as said the page won't work any more.
I think that if any new/classic user meets this kind of behavior then he/she is no user anymore.

I don't claim that your suggestions are wrong, but I think they are too categoric.

Post by **Giorgio Maone** » Mon Feb 05, 2018 11:02 pm

jeaye wrote:Hey folks, I have udpated my guide with new images and explanations for the latest version.

https://blog.jeaye.com/2017/11/30/noscript/

Enjoy!

Thank you.
Should I find the time to restructure the website, have I got your permission to reuse your text and screenshot?

jeaye · Post by **jeaye** » Wed Feb 07, 2018 5:25 pm

Giorgio Maone wrote:
jeaye wrote:Hey folks, I have udpated my guide with new images and explanations for the latest version.

https://blog.jeaye.com/2017/11/30/noscript/

Enjoy!
Thank you.
Should I find the time to restructure the website, have I got your permission to reuse your text and screenshot?

Absolutely, Giorgio. Attribution is appreciated.

InformAction Forums

A new guide to NoScript 10.x

A new guide to NoScript 10.x

Re: A new guide to NoScript 10.x

Re: A new guide to NoScript 10.x

Re: A new guide to NoScript 10.x

Re: A new guide to NoScript 10.x

Re: A new guide to NoScript 10.x

Re: A new guide to NoScript 10.x

Re: A new guide to NoScript 10.x

Re: A new guide to NoScript 10.x

Re: A new guide to NoScript 10.x

Re: A new guide to NoScript 10.x

Re: A new guide to NoScript 10.x