InformAction Forums

I have published an updated guide which details how to use the latest NoScript. I realize there's a similar guide here, but, when learning the new UI, not all of the existing guide's words and images connected with me. Hopefully this proves helpful for others as well.

https://blog.jeaye.com/2017/11/30/noscript/

Hi jeaye, nice and simple.

Bo

jeaye wrote:I have published an updated guide which details how to use the latest NoScript. [...]
https://blog.jeaye.com/2017/11/30/noscript/

Thanks, jeaye. Very nice. You say that we should go through the settings migrated from 5.x and change the red locks to green, but if those sites are only available via HTTP, then that will break them, correct?

FranL wrote:

jeaye wrote:I have published an updated guide which details how to use the latest NoScript. [...]
https://blog.jeaye.com/2017/11/30/noscript/

Thanks, jeaye. Very nice. You say that we should go through the settings migrated from 5.x and change the red locks to green, but if those sites are only available via HTTP, then that will break them, correct?

That's right. I'd be careful trusting any JS served via HTTP at all though!

jeaye wrote:

FranL wrote:

jeaye wrote:I have published an updated guide which details how to use the latest NoScript. [...]
https://blog.jeaye.com/2017/11/30/noscript/

Thanks, jeaye. Very nice. You say that we should go through the settings migrated from 5.x and change the red locks to green, but if those sites are only available via HTTP, then that will break them, correct?

That's right. I'd be careful trusting any JS served via HTTP at all though!

It's not really an indicator of the security of the JS. It is "merely" a matter of being intercepted by third parties.
So for any Javascript that isn't a matter of transferring sensitive data, it is demonstrably fine. Or better "as fine as surfing any HTTP content at all".

Pansa wrote: It's not really an indicator of the security of the JS. It is "merely" a matter of being intercepted by third parties.
So for any Javascript that isn't a matter of transferring sensitive data, it is demonstrably fine. Or better "as fine as surfing any HTTP content at all".

Not necessarily true.
The HTTP non-secured content it's not just easy to be read, but also easy to be spoofed by whomever controls the network.
This means that even if you trust the website's owner not to use a zero-day exploit against you, there's no guarantee that your WI-FI network administrator, your TELCO provider (possibly ordered by the police or some other nosy authority), the owner of the proxy you're using if any or an anonymous Tor Exit Node operator does not inject malicious code in your unencrypted traffic. That's why Tor, by default, enables active content only on HTTS sites.

@Jaye:
thank you so much, very needed. I've just tweeted about it.

Excellent, Giorgio! Glad to help.

Hey folks, I have udpated my guide with new images and explanations for the latest version.

https://blog.jeaye.com/2017/11/30/noscript/

Enjoy!

Clanced it through. Seems to be OK but if it is supposed to be for ordinary users too, then you should explain a bit your foliohat settings.

1. Those current default ticks on Default are not very big security risk but provide for some pages better functionality.

2. This red lock syndrom sure is a problem. But when I have tried to chance those locks green, no page has functionend. This might rise some confusion combined with NoScript strange behavior: when I change a red lock to green, then Trusted page turns to Default and popdown menu and options page show different permission status. And as said the page won't work any more.
I think that if any new/classic user meets this kind of behavior then he/she is no user anymore.

I don't claim that your suggestions are wrong, but I think they are too categoric.

jeaye wrote:Hey folks, I have udpated my guide with new images and explanations for the latest version.

https://blog.jeaye.com/2017/11/30/noscript/

Enjoy!

Thank you.
Should I find the time to restructure the website, have I got your permission to reuse your text and screenshot?

Giorgio Maone wrote:

jeaye wrote:Hey folks, I have udpated my guide with new images and explanations for the latest version.

https://blog.jeaye.com/2017/11/30/noscript/

Enjoy!

Thank you.
Should I find the time to restructure the website, have I got your permission to reuse your text and screenshot?

Absolutely, Giorgio. Attribution is appreciated.