InformAction Forums

I have installed noScript as an extension in my Firefox browser. Surely, I must be missing something, and I'm hoping you can point me to the answer.

So far, using Firefox with NoScript has been quite an exasperating experience. Every single site I visit requires me to click yet again on the NoScript logo and select the option to allow the site to display. Then I see that the site is permitted with some sort of exception indicated by an inscrutable red bit (maybe a tiny zero) in the logo. So then I have to select again a second time to permit the site to load and operate fully. Only at that point do I get the plain S-on-white logo indicating that the site has been permitted to operate.

Because NoScript comes highly recommended, I have put up with this annoyance over and over for a couple of days now, but I'm not sure how much longer I'll be willing to bother with all this. I must be doing something wrong. What?

I think you're incorrectly assuming that all sites need all JavaScript allowed in order to "work properly".

A better way to go about it is leave the sites default-denied until you find that some feature you want doesn't work. In that case, try Temp-Allowing the top-level site, if it still doesn't work then it's mostly trial-and-error from there. (There are several ways to reduce the amount of trial-and-error required, if you get tired of that.) Once you figure out what sites need to be Allowed, you have the option to click "Make Page Permissions Permanent" if you think you'll visit the main site again and you don't want to repeat the whole process.

Hope that helps.

The point of NoScript is that everyone chooses how much they trust each website.

I recommend permanently allowing sites that you'll visit regularly; bank, webmail, etc. That way, there will be a training period, where you tell NoScript which sites you trust, but after you've done that (probably a few days to a week, depending on how many sites are involved), that will be done and you'll only have to interact with NoScript when going to a site that you haven't seen before. Which is when you really benefit from having NoScript block the site until you've had a chance to look around.

Some people choose to be more paranoid and will only give temporary permissions. Which is fine, but too much work for me (and for you, by the sound of it).

It's also worth noting that NoScript has two more permissive modes, which gain convenience but give up some security.
Options - General - Temporarily allow top-level sites by default will automatically allow sites that you visit to run scripts, but will block third-party scripts.
Saves time, but I don't use it, because

• you might accidentally follow a poisoned search result, malicious shortened URL, etc;
• sites that you visit can redirect you to other sites, which will be automatically allowed too;
• most sites need third-party scripts to work anyway.

And as a last resort, there is the Scripts Globally Allowed mode. It doesn't block scripts; you're relying on Mozilla to patch your browser to keep you safe. It does include filtering to protect you from cross-site scripting, cross-zone attacks, and miscellaneous other. It can also be configured to block Flash, Java, etc, in a similar manner to the FlashBlock addon. If you do give up on NoScript, at least give that a try.