InformAction Forums

I am strongly considering dropping NoScript after many years of use. It has simply become too much of a hassle. I have to do TAA, sometimes several times, on every single page I visit. I find myself opening Chrome more and more, in which I don't have any script blocker installed. I do this especially on sites with embedded videos. Some of those sites use scripts from 20 or more domains. NoScript simply makes many of these pages unusable.

Now, we all know that Javascript is essential and integral to the web. We also know that there are risks. But it's a compromise between security and convenience and I've almost reached the tipping point. I would like to hear experiences of others who have done this, but I'm also open to suggestions on making this more workable. Thanks.

Cause DNS requests in general to become more expensive and less parallelizable, maybe sites will then think twice before including content from many different domains.

On a serious note, how often you surf to JS-heavy new sites? I myself not very often and once I have figured out what I need to allow on a site where it really matters and which I intend to re-visit, the job's done for me (until I create a new profile).

dhouwn wrote: maybe sites will then think twice before including content from many different domains.

On a serious note, how often you surf to JS-heavy new sites?

I've simply "DROPPED" those sites including content from many different domains !

Best Thinking 100 times before dropping NoScript. Doing it is like playing some roulette games............blindly.

@Globe: Why don't you permanently allow the sites that you trust? You should only have to do that once. It may take a little longer to figure out which sites are actually needed, but once done, it's done.

> it's a compromise between security and convenience

It's a compromise between NO security and convenience.

Most all of my porn sites work with zero, one or two domains allowed.
I don't frequent "news" sites or junk like that but quite conceivable that they are a PITA.
If it came to that, I would rather Allow Globally until finished up with those sites, then revoke.
Even Allow Globally all the time is better then going without altogether.

On a side note, if NoScript is blocking lots of different domains on all of the sites you visit, then it's doing its job, and probably preventing double click et al from building a 900 page dossier of your browsing history and personal details.

I have never posted on this forum however feel like this is a good time for me to say thank you to everyone involved with NoScript. I actually feel a greater need for NoScript today then I did three years ago and if anything worry advertisers will invest heavily on ways to bypass it. If you need reminders on why NoScript is important just look no further than the Wordpress vulnerabilities that keep surfacing and the adoption/acceptance of whitelisting on operating systems. The concept works and the combination of Firefox + NoScript is best implementation of this concept available. Thank you Giorgio for the creation and updating of NoScript, it is very much appreciated.

@OP: since you wanted suggestions on making it more workable:

- Permanently whitelist sites you trust, and blacklist ones you don't. This will remove them from the menu. Since you're getting frustrated, you can set a low threshold for whether you trust sites not to attack you.
- If you can take some time to write ABE rules for your webmail, bank, etc, and you run your browser in a sandbox like Sandboxie, then you could probably afford to try Temporarily Allow Top-Level Sites by Default.
- Learn the keyboard shortcuts and the effects of clicking, right-clicking, middle-clicking, etc, on the NoScript icon and individual menu items. This will speed you up.
- If you still can't live with script-blocking, try click-to-play mode, where you block plugins even on trusted sites, but enable Scripts Globally Allowed, so only Flash etc are blocked.
- Even if you block nothing and allow all scripts and plugins, you should keep NoScript installed, to prevent clickjacking and xss.

@konstructa: Thanks for my part of that . I feel similarly; Giorgio does an amazing job.

Feel free to donate to NoScript development!

I have thought about taking off noscript....every time it updates within firefox 12.0, it freezes and crashes the browser. Not sure what is wrong, but the one thing I have noticed, is when i re-open the browser, the update page is first to be displayed when everything reopens.

cascade wrote:I have thought about taking off noscript....every time it updates within firefox 12.0, it freezes and crashes the browser.

The add-on update process is independent from NoScript and handled entirely by Firefox on its own.
Probably something is broken in your profile: please migrate to a fresh one and update Firefox to latest version (17.0.1)!

On the contrary I'm continuing to use NoScript and RequestPolicy on all my Profiles.

I use Aurora on a Profile for my web mail.
That way I can 'see what breaks' a few weeks ahead, and still have Fx available.

One recent example.
NoScript 2.5.5rc2 (12 September 2012 20:27) fixed an issue.
In my web mail I can 'press a button that looks like a +' to add an Address to my Address Book.
This 'launches a pop-up window' pre populated with some data from the 'E-Mail that I'm looking at',
usually the Sender's Address and Sender's Name.
About 09-Sep-2012 this 'broke'. I don't use this function in my webmail very often.
My web mail was still OK using Fx. I realised that the issue might be similar to the
one in this thread.

Resolved]NoScript block javascript popup on whitelisted site
http://forums.informaction.com/viewtopic.php?f=7&t=9461

Giorgio fixed it before I had time to add any 'data points' to the report!

Thank you Giorgio, and all the Team here.

DJ-Leith

Globe199 wrote:I am strongly considering dropping NoScript after many years of use. It has simply become too much of a hassle. I have to do TAA, sometimes several times, on every single page I visit. I find myself opening Chrome more and more, in which I don't have any script blocker installed. I do this especially on sites with embedded videos. Some of those sites use scripts from 20 or more domains. NoScript simply makes many of these pages unusable.

Now, we all know that Javascript is essential and integral to the web. We also know that there are risks. But it's a compromise between security and convenience and I've almost reached the tipping point. I would like to hear experiences of others who have done this, but I'm also open to suggestions on making this more workable. Thanks.

Considering your position, you should just enable "Scripts Globally Allowed." Even with this setting enabled, NoScript still provides many protections that you don't have without it. And you will have no issues anymore with websites.