InformAction Forums

I have installed the Lightbeam ad-on on Firefox, which gives you a visual graphic of all sites you visit with the scrips that are allowed. With this ad-on I can see if NoScipt is properly working. I have noticed that some scripts are being allowed even if I don't allow them. As an example, when I visit businessinsider.con I noticed that a gravitar script was allowed even though I didn't give it permission. I have also noticed that sometimes doubleclick is allowed. Any suggestions for preventing this?

What makes you think that's scripts and not other, non-active content (e.g. static images)?

It shows up on untrusted list and I haven't allowed it so why should NoScript allow it?

I can't help you if you don't answer my questions.

NoScript doesn't normally block things that aren't a security threat, such as static images. Even if you mark a site as Untrusted in NoScript you can still visit it and also images from there will still load.

Or it's possible Lightbeam is logging loads before NoScript intercepts them...

Please open the Browser Console (Ctrl-Shift-J), clear it, make sure Net logging is enabled, then go to a site where you think NoScript isn't blocking all scripts, and post here all the entries for the requests that you think shouldn't be happening (if any).

OK, I did what you suggested. The website that I visited is motortrend.com. Lightbridge shows that a doubleclick script is linked to motortrend.com. I can see doubleclick.net in NoScripts Untrusted Listing and I have not allowed it yet it shows up on Lightbridge and the Browser console. The line showing it is:

GET http://ad.doubleclick.net/ad/motortrend ... ogo;sz=1x1 [HTTP/1.1 200 OK 198ms]

It appears to be getting an ad?

Thanks of your help.

The board cut off the URL, please edit your post, wrap the log line in [ code ] tags or check "Do not automatically parse URLs", thanks
[/code]

OK hold on, something at least similar is visible without any scripts enabled.
Is this it? If so, that's an image. So NoScript won't block it by default.

Remember, NoScript is about security. Privacy is a side benefit. Images are not typically a security threat, so NoScript ignores them.

There are lots of adblocking/privacy tools if you want them (Adblock Plus and its various forks, Disconnect, TACO, Ghostery, etc).

OK, tanks to everyone who commented. I guess I was concerned because Doubleclick showed up as a script in the untrusted area and showed up in Lightbeam. So I assumed that it was a script that got through.

For people who are paranoid and are also masochistic, (hey, how's it going) I would recommend HttpRequest Policy or Policeman in combination with NoScript.

Http Request policy and it's (hopefully more modern alternative Policeman) basically prevent the loading of any/all 3rd party resources from dis-allowed 3rd party websites. They quite effectively block pixel tracking because these are almost always on 3rd party websites.

However it can basically be 2x the work unless you are willing to "trust" certain things.