Page 2 of 3
Re: Add a subscription for white/black-lists
Posted: Wed Mar 03, 2010 12:03 am
by Giorgio Maone
al_9x wrote:I think a better subscription approach may be a kind of database of how to optimally configure sites. Then when you visit a site and indicate through the UI that you want it to "work," the database is consulted as to what to whitelist and blacklist to achieve what the maintainer considers optimal security/privacy/functionality balance. This would require site specific permission policy. Giorgio, what do you think?
Yes, I do agree. I've been thinking for a while about "permission clusters" for certain sites, e.g. Youtube where you need to enable both youtube.com and ytimg.com or Facebook (facebook.com and fbcdn.net).
@
iDrugoy:
just enter the URLs in
noscript.subscription.trustedURL and
noscript.subscription.untrustedURL (the ultimate preference names) and the lastCheck timestamp will be reset.
At this point you just need to restart the browser and you'll get the subscriptions loaded.
Another way to force subscription loading is entering the following in
Tools|Error Console:
Code: Select all
var ns = Components.classes["@maone.net/noscript-service;1"].getService().wrappedJSObject; ns.setPref("subscriptions.lastCheck", 0); ns.checkSubscriptions();
Re: Add a subscription for white/black-lists
Posted: Wed Mar 03, 2010 12:34 am
by iDrugoy
Thanks for info, it is useful.
I've got a question: if I globally enable scripts - will the scripts from blacklist run? If yes - could you fix it please, as soon as you add a feature to edit blacklist.
Re: Add a subscription for white/black-lists
Posted: Wed Mar 03, 2010 8:30 am
by Giorgio Maone
iDrugoy wrote:if I globally enable scripts - will the scripts from blacklist run?
No, they won't. Sites marked as untrusted become a "true" blacklist in "Globally allowed" mode (in other words, NoScript behaves like YesScript in that mode).
Re: Add a subscription for white/black-lists
Posted: Mon Mar 22, 2010 5:19 pm
by spatieman
i love noscript.
but i have a small problem, in about config i found the 2 entrys for whitelist and blacklist ,both has no valeus.
however, still when i visit sites, i NEVER had visit before, noscript add it to the whitelist, this quit anoying when you typoqautch on websites.
what do i need to do, to DISABLE it completly, so that i am master xD .
Re: Add a subscription for white/black-lists
Posted: Mon Mar 22, 2010 5:30 pm
by Giorgio Maone
spatieman wrote:still when i visit sites, i NEVER had visit before, noscript add it to the whitelist, this quit anoying when you typoqautch on websites
Did you check
NoScript Options|Temporarily allow top level sites by default?
Anyway
NoScript Options|Reset should do the trick.
Re: Add a subscription for white/black-lists
Posted: Tue Mar 23, 2010 8:53 am
by spatieman
Giorgio Maone wrote:spatieman wrote:still when i visit sites, i NEVER had visit before, noscript add it to the whitelist, this quit anoying when you typoqautch on websites
Did you check
NoScript Options|Temporarily allow top level sites by default?
Anyway
NoScript Options|Reset should do the trick.
was eneabled.
now disabled...
give a nice red sign...
how could i miss that......
Re: Add a subscription for white/black-lists
Posted: Tue Mar 30, 2010 11:04 pm
by iDrugoy
any news about subscriptions?
Re: Add a subscription for white/black-lists
Posted: Wed Mar 31, 2010 1:18 am
by GµårÐïåñ
It has been repeatedly brought up and repeatedly answered that using a list based system is not feasible for NoScript because the list is always going to be older than new threats and eventually will reach a size that will degrade performance and efficiency. If you use a program like Spybot S&D which is a long time list based malware scanner, do you notice how long it takes for it to update various places and how much slower and slower it gets with time, because obsolete entries changed by smart spammers and crooks will change regularly which effectively defeats the list. So keep these in mind when asking for something like this, who would manage it? who decides what links are ok and what is not? To many yahoo.com is harmless, for the rest of us who know better all kinds of things are blocked, so whose decision is substituted for the entire user base. Hope that clears it up for you and basically the short answer is, never, it won't happen.
Re: Add a subscription for white/black-lists
Posted: Wed Mar 31, 2010 3:40 am
by al_9x
@GµårÐïåñ the point of a subscription is not to track specific threats, but to delegate to a third party the burden of maintaining baseline lists. Since it's not a good idea to grow the whitelist beyond what is actually needed, I've suggested and Giorgio seems to agree that a better model would be a subscription to a database of per site configurations, so that an inexperienced user can arrive at a site and simply click "make it work."
@iDrugoy wasn't the subscription functionality already added?
Re: Add a subscription for white/black-lists
Posted: Wed Mar 31, 2010 8:58 pm
by GµårÐïåñ
Yes but by doing that NoScript has to hang its reputation on the actions of a third-party, would you serve up your child like that, not knowing what decisions are being made, why and always knowing that a bad decision is going to lead to catch up fixing and hurts the reputation and is going to be ALWAYS late and after the fact. Just introducing ABE ability to accept policy from server was met with lots of unhappiness, now image if he allowed something like that to happen. Even if he disclaims that its not his and therefore he's not responsible, he is still the one whose product is associated with that act and will hurt his reputation. Anyway, I will let him tell you himself since you don't seem to accept the facts presented to you. Good luck.
Re: Add a subscription for white/black-lists
Posted: Wed Mar 31, 2010 9:10 pm
by iDrugoy
@al_9x it was, but it needs a further development. As we already discussed it with Giorgio - it is not possible now to edit blacklist, and Giorgio said he's going to remake the whole tab "White list" into "Permissions" and make it a little bit different and more handy. But it was a month ago, he shipped a few new versions, but changes in them didn't touch the discussed problems and the requested features...
So I just wonder isn't it in his priority list?
Re: Add a subscription for white/black-lists
Posted: Wed Mar 31, 2010 9:12 pm
by Giorgio Maone
iDrugoy wrote:@al_9xSo I just wonder isn't it in his priority list?
It is, but I've got higher priorities too.
Re: Add a subscription for white/black-lists
Posted: Tue Apr 06, 2010 3:33 pm
by d00dyhead
Giorgio, Thanks for adding the white/black -list feature. I agree that it has the potential to be huge. I don't know of an effective tool to auto-block sites that are either dangerous, phishing, (useless) compiled keywords redirectors, and the like. google does not filter them out. Web of Trust (WOT) is great in concept but ultimately useless in practice. I'd been adding them as I find them to our firewall, but this process is tedious. I'm looking forward to trying this feature out.
Re: Add a subscription for white/black-lists
Posted: Tue Apr 06, 2010 8:17 pm
by Shnatsel
Yes, WOT integration would be great, but it has several problems. First, WOT database is HUGE. Storing it locally is madness. Fetching it on every site visit takes precious time. Second, as far as I know, WOT has no SSL infrastructure.
Re: Add a subscription for white/black-lists
Posted: Tue Apr 06, 2010 9:02 pm
by d00dyhead
Shnatsel wrote:Yes, WOT integration would be great, but it has several problems. First, WOT database is HUGE. Storing it locally is madness. Fetching it on every site visit takes precious time. Second, as far as I know, WOT has no SSL infrastructure.
WOT is useless in my opinion. They automatically green light web sites for bizarre reasons which have nothing at all to do with trust; such as a popular site, or a site listed in someone else's index of popular sites. Consequently, there are loads of websites that are WOT-green which are (for example) mere collections of keywords or copy of ebay item description text so they can show you ads and redirect you. This in itself is bad, but even if several WOT users red flag one of these aforementioned sites, they never seem to turn yellow or red.
Google has the same problem with their inability to separate helpful sites and keyword spam. trying to find detailed specifications on items is particularly damning. you have sites which have copied old ebay listings to get your click, some that are trying to sell you that part number and when you click you see that it's on a page with 10000 other part numbers (all of which are out of stock, whoopie!), sites that display and/or popup ads and redirect you to current ebay auctions, etc...
The only way to white/black-list sites is with human interaction as to each individual sites worthiness (or worthlessness as the case may be).