InformAction Forums

kukla wrote:NoScript is blocking them from loading directly from the Times, while RP is blocking requests for these same scripts to these third party sites ?

I believe NoScript always tries to act as the last but it is also "blind" in regards whether RP/ABP/etc. are already preventing it from being downloaded.

Besides blocking scripts from these same sites, krxd, eyewonder and checkm8, is RP, possibly, also blocking something other than scripts from these sites and if so, what might that be? In other words, in addition to blocking scripts, what else might RP be blocking from these site that NS isn't that would affect privacy?

Depends on what you see as "affecting your privacy". Could be anything included from that other site because when you download let's say an image they can log your IP address and request headers (any maybe some lower-end stuff).

(I'm thinking Cookies, but I don't allow cookies from third party sites.)

Does this setting play a role for content in frames? I doubt it.

Let's say a site stores its style sheet elsewhere. So long as the style sheet contains no executable content - no JavaScript (or ECMAscript, actually), no Flash, Java, Silverlight, etc... .NoScript has no reason to block it, because it is a blocker of executable content. Most style sheets I've seen are reasonably harmless in that regard (though some are ugly. )

However, RP alerts you to your site trying to *fetch a remote resource*. Usually, the source name will be tied in to the domain you are on.
E. g.:
You are at somesite.com.
RP says requests are being made to somesitecdn.com (CDN commonly means "Content Delivery Network"). Because the domain name is different, RP alerts you. YOu seee the tie-in to somesite, and allow it.

somesitecdn.com may or may not try to load script or other executables.

Real World: MapQuest requires mqcdn.com to be allowed in *both* NS and RP.
Script is trying to run (and needs to, for the site to work), so mqcdn shows in NS menu.
The site fetches still images (the map itself, and the markers) from mqcdn, so these non-executable items trigger a RP notice.
Even if you allow the mqcdn script, if you block mqcdn in RP, the page won't load -- just stays blank.

Privacy issue: What if the site uses 1-pixel clear GiFs, a single transparent pixel placed on a site or ad by a third party? Opening the page calls the source of the GIF, which is a way for that company to track you across the Web, at every site that lets them do this. NS iFrame blocking may block this, but if the site itself includes it in its logo, etc.? RP should catch the call to the remote location.

There is definitely some redundancy on scripting, especially on ad agencies and data-miners. Many of the latter are foiled by NS's Surrogate Script, whereas RP will block the request. The problem is that some sites set themselves up not to work properly if you don't allow the 3rd-party script, so you must allow it in RP, and block it in NS, so that the NS surrrogate will run to protect your privacy.

Edit: Also please see RP's FAQ specifically on privacy benefits, especially the first section:

Maybe today you read a post on your favorite blog and the article had a YouTube video available with it (which you didn't watch) <snip>
When you read that blog post, the blog's website told your browser to request files from YouTube even though you didn't watch the video. YouTube is, of course, owned by Google. So, your browser dutifully let YouTube know which article you were reading as it grabbed files from YouTube (such as the still image to display to entice you to watch the video).

Therefore, Google knows that you read that blog article, even though Google has nothing to do with that blog site.