InformAction Forums

As more and more sites use externalized web services, it becomes a bit of a challenge to figure out what sites to permit in order to get the functionality to work. It could really help users to decide what to permit or deny if there was some kind of web reputation indicator for the sites trying to execute scripts on a page. Webroot, Scansafe, or similar services could be a great compliment to NoScript if you could include the reputation score in the context menu.

"Starting with version 1.9.9.61, NoScript offers a "Site Info" page which can help you to assess the trustworthyness of the web sites shown in your NoScript menu. You can access this service by middle-clicking or shift-clicking the relevant menu item."

http://noscript.net/faq

Myself, I certainly wouldn't want any of that automatically obtain, nor displayed in the context menu.

Thanks for the prompt reply. The middle-click option is nice but having a one-glance view (like a red/yellow/green or a numeric) on the line with the domain being blocked would make it far more user-friendly to get that reputation info.

scstanton wrote:Thanks for the prompt reply. The middle-click option is nice but having a one-glance view (like a red/yellow/green or a numeric) on the line with the domain being blocked would make it far more user-friendly to get that reputation info.

I suggest that you install the Web of Trust addon, or a similar one.

Bear in mind that this will mean lots of extra traffic, doing a lookup on on every domain used by every website you visit - but if that's what you want, then OK.

Thrawn wrote:I suggest that you install the Web of Trust addon, or a similar one.

Bear in mind that this will mean lots of extra traffic, doing a lookup on on every domain used by every website you visit - but if that's what you want, then OK.

The problem with those add-ons is that they only process the main URL you are visiting, and not all of the embedded script links or externally included content. I already know I want to visit the site I have clicked on, so I enable scripts there. However for the other 5, 10, or 20 embedded script domains how do I know what to trust or not? Only tools like NoScript give that control.

Second, the amount of lookups is not really that much compared to the size of the web page requested. A typical page has at least 30-40 images from multiple domains, while there are usually 5 to 20 domains to query. Using persistent connections, those AJAX/SOAP/JSON calls are pretty small compared to the other content.

Take www.collegehumor.com as an (bad) example, in order to make the videos work you need to figure out what scripts to enable beyond the collegehumor.com domain. There are 11 external domains executing scripts on the main page (and 98 embedded images). If there's anything that can be done to advise the users (within the NoScript UI) on which ones are relatively safe to enable versus those that are trackers or undesired, I think it would go a long way to improving the user experience.

I personally use NoScript and RequestPolicy, and I'm as proficient as web security types come (I work in the industry). Just trying to give some helpful advice that will make this great plugin easier to use in an increasingly complex web site terrain. I also agree that this should be an optional ability, as it will expose your browsing activity to external sources. However, your personal firewall, Google safe browsing, and other tools are already doing this if you use those features.