InformAction Forums

I used to love NoScirpt and installed it on computers for many different people. But I don't do that anymore and in fact have had to remove it from some peoples computers who could not cope with it.

NoScript makes normal web browsing unusable...

for example go to this web site and try to create a user account
http://www.smartplanet.com/technology/b ... healthcare

the result is that you can't create an account and you can't post a message. I just now had this experience and this is what finally prompted me to come here and write this message. the only way I could get access to that site was to globally allow all scripts -- in other words completely shut-off noscript.

and then there is your cross site protection which is a wonderful concept, but it blocks major mainstream sites from being able to work properly such as godaddy.com and abcink.com all of which encounter problems. on the abc ink site try doing a search for a particular model of printer, result totally blocked. and on the godaddy site try paying for a domain name, result... it actually does work but puts up a bunch of warning messages in the process.....

so, I am pretty much giving up, because NoScript just seems to be getting worse. and the user interface is generally too complicated for non-computer people.

remember: a door which is welded shut is very secure, but it does not provide a useful level of security.

for example go to this web site and try to create a user account
http://www.smartplanet.com/technology/b ... healthcare

I did. It took about three minutes. Since I browse Sandboxed anyway, I just temporarily allowed all this page. But you could go through and TA or allow one script at a time, within thirty seconds or so, and have the site functioning, without either disabling NoScript or allowing scripting globally (for the whole "planet", so to speak, i. e. for the whole world. Sorry for the pun.) I don't see the problem.

Note that after those original scripts are allowed, new scripts and objects try to load, some of them from ad agencies, trackers, and data-miners. So "globally allow" is a poor choice.

codeslinger wrote:I used to love NoScirpt and installed it on computers for many different people. But I don't do that anymore and in fact have had to remove it from some peoples computers who could not cope with it.

Have they read the Quick Start Guide for Beginners (that's why it was written) and the FAQ? Many low-tech users have gotten comfortable with NoScript. Of course there's a little learning curve, but I'll bet those same users didn't know how to use a computer the first time they saw one, did they? Or drive a car ... or fly a plane ... or....

NoScript makes normal web browsing unusable...

Tens of millions of users don't think so. Please cite specific examples, other than the one that I moved to the top of the page, and with which I had no problem whatsoever.

the result is that you can't create an account and you can't post a message.

Yes, I can. http://www.smartplanet.com/technology/b ... ouse/1817/. My post is #7. Please go there promptly, before it is deleted as being off-topic to their site. If that happens, I'll have to make an on-topic post.

I just now had this experience and this is what finally prompted me to come here and write this message. the only way I could get access to that site was to globally allow all scripts -- in other words completely shut-off noscript.

Those are not the same thing.

For one thing, even with scripting globally allowed (NOT recommended), NS still gives you its powerful protections against XSS (Cross-site scripting), ClearClick (Clickjacking, or hijacking your clicks to do something evil that you did not intend or know of), and many others described in the FAQ.

For another, allowing (or better, temporarily allowing, or TA, as we call it for short) one page is not the same thing as globally allowing every script in the universe.

TA'ing the whole page, or taking a few extra seconds to TA individual scripts to see which were necessary and make sure the sources were recognizable -- or trusting the site itself, if you will -- leaves you with powerful protection against the universe of scripting and many other evils blocked by NoScript.

and then there is your cross site protection which is a wonderful concept, but it blocks major mainstream sites from being able to work properly such as godaddy.com and abcink.com all of which encounter problems. on the abc ink site try doing a search for a particular model of printer, result totally blocked. and on the godaddy site try paying for a domain name, result... it actually does work but puts up a bunch of warning messages in the process.....

Please cite specific URLs and the error messages that you received. We are always anxious to investigate XSS warnings.

a bunch of warning messages in the process.

"Which" warning messages? It's hard to tell you how to avoid them -- or if they are in fact worthwhile and need your attention -- in a generalized complaint as opposed to specific questions with specific facts.

so, I am pretty much giving up, because NoScript just seems to be getting worse. and the user interface is generally too complicated for non-computer people.

Making NS more novice-friendly and low-tech friendly is indeed on the list of to-do, but as several major enhancements (ABE, TLS, etc.) have been rolled out this year, and as web threats continue to emerge, NoScript Developer Giorgio Maone has had to use every minute of his own, donated (unpaid) time for the highest priorities (including inventing NS itself) -- dealing with these threats, providing new protections, and fixing the bugs that occur in *any* software. However, unlike, say, Microsoft, Giorgio doesn't issue his bug fixes or threat protections once a month, but as soon as possible -- often within hours, sometimes within minutes.

More user-friendliness is indeed in the works. If you have specific suggestions rather than a general "It's too hard to use", that would help guide those efforts.

remember: a door which is welded shut is very secure, but it does not provide a useful level of security.

Remember: A door that is left wide open provides no security at all.

NoScript is welded shut to minds that are welded shut, true. However, when you asked a specific question, as regards SmartPlanet, we were able to give you specific help. Whatever further specific questions or problems you encounter, please post them here, with as many details as you can, including error messages, (don't forget those in Tools > Error Console, in red), report numbers if generated, exact URLs, the steps for us to reproduce the issue (critical!), etc., and we'll be glad to help.

I understand ventilating frustration, and sympathize, but you'll find that the above suggestions are far more productive, and will leave you and your friends much safer on the Net.

Cheers -
Tom T.

codeslinger wrote: on the abc ink site try doing a search for a particular model of printer, result totally blocked.

Huh? I just went to abcink.com and searched for my printer, and found it (HP Deskjet 920C), without allowing any scripting at all.
I was similarly able to find my printer/fax/scanner in two or three clicks without touching NoScript at all.

What other extensions do you have? It's beginning to sound like you have an extension conflict. Please try the General Troubleshooting Instructions, up through Standard Diagnostic if necessary. There is either an extension conflict or a corrupt extension or extension file.

It appears the other issues mentioned in your post are similarly caused by such problems and not by NoScript itself. If your car's engine is misfiring, don't blame the ignition lock; find out where the problem is and fix it. Throwing away the ignition, door, and trunk locks will not fix the engine. (Forgive me for continuing in metaphor mode as per "door welded shut". We really *do* want to help.)

Please let us know the results.

Double cheers and good luck,
Tom T.

I have seen no problem either, I believe this user to be a professional shill just trying to promote the services of the site he linked. I don't believe there is a credible problem here. NoScript provided little to no barrier to proper usage of that side that is any different than any other site.

GµårÐïåñ wrote:I have seen no problem either, I believe this user to be a professional shill just trying to promote the services of the site he linked. I don't believe there is a credible problem here. NoScript provided little to no barrier to proper usage of that side that is any different than any other site.

If OP doesn't respond within a few days or a week, perhaps it should be regarded as a spam post as you suggest.

GoDaddy is a well-known certificate authority that probably doesn't need any publicity, and SmartPlanet seemed to be a tech-oriented magazine, not so much a commercial site (ads, of course), and it seemed the OP was truly unhappy, if somewhat misguided.

The ink site was a straight retail operation, though, and possibly spammed. We need specific error codes from OP to validate the complaint.

You may well be right. I'm open to other mods' opinions on this thread.

Agreed.