Howto remove unwanted donate button in NS UI

[njbhvgtrdg]

NoScript is a good tool that shouldn't have to exist, and only does so because of the shortcomings of Mozilla's browsers. Shortcomings that exist because Google are the biggest funders of Mozilla, and so shape Mozilla's products to be what Google would like: advert delivery frameworks.

And unfortunately NoScript takes advantage of this shortcoming, and by default allows javascript from some advertisers, and the author's website. And NS sends users to the author's website on every (frequent) update, where the current and past versions of NoScript, along with all sorts of browser info, is recorded. This of course could be cross referenced with the data determined about users from the ABE IP thing, and sold on. Or not sold by the author, copied by malicious hackers and sold by them instead.

Cue the standard response: you can turn those options off, blah blah....

Well shit, if that's the case, why put them in in the first place? Oh, is it because you know as well as I do that most users will not change default options? By that logic, Google aren't a privacy threat when they are the default service providers in the Mozilla browsers, and the Chromium one.

And I think you had to be prompted to add the option to turn off being sent to your adverts page on updates. For some time it was a hidden option (behind the Mozilla dragon warning, enough to put some users off changing things, and so could not escape the adverts).

Anyway, I do not tolerate software nagging me. I have never paid for a single piece of shareware as the technique in the days of that was to cripple the program, and nag the user. NoScript isn't as bad as some shareware, but when it enables some advertisers (the author's business partners), and has nags on addons.mozilla.org when you go to install NS, on the NoScript homepage (including being sent there on every update, by default), it phones home at least on every run of the browser, and there is a donate button within NoScript, it is too much.

So this is how to remove the Donate button in NoScipt

Browse to the equivalent of /RANDOM.default/extensions/{73a6fe31-595d-460b-a920-fcc0f8843232}/chrome in your file manager.
Unzip the file noscript.jar
Open the following files in a text editor, and edit the quoted sections at the mentioned line numbers:
content/noscript/noscriptOptions.xul:80:
Delete this

Code: Select all

    <button id="donateButton" label="&noscriptDonate;" accesskey="&noscriptDonate.accesskey;"  hidden="true" oncommand="nsopt.donate();" />

content/noscript/noscript.js:95-98:
Delete this

Code: Select all

  openDonate: function(src) {
    this.browse("https://secure.informaction.com/donate/?id=noscript&src=" + src);
  },
  

content/noscript/noscriptOptions.js:131:
Change

Code: Select all

    this.utils.moveButtonsDown("donateButton", "", "importConfButton", "exportConfButton");

to

Code: Select all

    this.utils.moveButtonsDown("importConfButton", "exportConfButton");

content/noscript/noscriptOptions.js:135-138:
Delete this

Code: Select all

  donate: function() {
    noscriptUtil.openDonate("options");
  },
  

BTW, I am even more contemptuous with advert based industries, like the commercial media. It is just that it is much harder to get them to listen, and much harder to influence their users - unless of course you just delete this thread. Censorship is always the cowards way out. You ask for money, and set things up so there are adverts too. Fuck off, you greedy cunt. I would say the same to Rupert Murdoch given a chance too: there is no way I would pay for his TV services (or similar from other commercial entities), because they contain adverts. But lots of people do, and so the market offers what most people will tolerate. But they passively just accept that, yet if large sections of the market thought about it, they might realise what a shitty deal it is. This is my way of making people think about how having to suffer ads, and pay for things (or even be nagged), is actually a shitty deal.

No doubt you justify the nagging for money because NoScript take up a lot of your time? Well, perhaps if it wasn't suffering from some kind of serious feature creep, it wouldn't take up so much time. NS started life as a very good idea, but it is slowly morphing into some kind of security suite for Firefox. Just because Windows is a shower of shit and needs tons of security software so the user can protect themselves from themselves, does not mean NS has to follow the same philosophy. Stick to the UNIX philosophy of doing 1 thing, and 1 thing well, and if you think NS needs another feature, perhaps just create a separate extension?

And on the external filters page, you cannot delete the sites I am not interested in: hulu.com and youtube.com. I presume you took money from them to be white listed? I mean, they are major commercial internet sites, and they will not want to not be able to spy on their users, they won't want to have to face increased support costs with NoScript users, etc..

[dhouwn]

F[---] off, you greedy c[---]

Please tame your language.

Just because Windows is a shower of shit and needs tons of security software so the user can protect themselves from themselves, does not mean NS has to follow the same philosophy.

Many of these protection feature have nothing to do with the underlying operating system, ie. it makes no difference whether your browser runs on a Linux-based OS or one from Redmond when you get clickjacked.

Stick to the UNIX philosophy of doing 1 thing, and 1 thing well, and if you think NS needs another feature

Like the SeaMonkey Suite which you are apparently using?

perhaps just create a separate extension?

I believe that's on his to-do list, at least for ABE.

[seriously pissed off]

So I have just read the post from "njbhvgtrdg" in the other forum section.
Actually I just wanted to say, that while NoScript is a very good extension, and while I still use the extension though you are not fully trustworthy because of your whitelisting and spying, I'm still taking the time not to rant, but to report some bad behaviour by NoScript.

But after reading the post from "njbhvgtrdg" I just realized that you are more or less
1.) fully aware of some issues with NoScript, i.e. the growing size and with it many sideeffects. In my case it took me around 10 hours to figure out it's NoScript throwing errors in the JavaScript-Error-Console when I run my Javascript-Apps written by myself from a file:/// location, that should have had no restrictions. First error was something like 'getInterface is not given on this and that function-call'. Second was caused by ABE, but there no hint whatsoever in the error-message. I only found out after HOURS(!) and then only after testing in an old Firefox that the errors MUST stem from the newer NoScript-version somehow. Then I tried all setting one by one, with ABE ofcourse the last in the list, because it's one of the newest inventions in NoScript.
2.) I only saw by reading "njbhvgtrdg" that you again have added websites-settings that are propably not changeable by the user: hulu.com and youtube.com.
I really ask you: What wrong with you? Why can'T you stop it? Wouldn't it be simpler to charge 1$ from each user instead of selling out the privacy of the users?
If you can't make ends meet with this extension just sell it to a big player like Microsoft. I'm 100% sure that this would bring you more $$$ as you could ever get by not selling it and trying to make add-$$$.

But don't try constantly to fuck the users!


Conclusion:
1.Please just make a NoScript-light, i.e. turning off Javascript and Java-,Object-, and Flash-Tags on a per site basis.
For example so I could enable everything if it comes from amazon and othersite1, but not if it's coming from a specific path like amazon.com/path/..., and not if it's from any othersite2,3,4. That's all I want. I don't need clearclick and so on. Either the site is trusted by me, or it will *never* be allowed to run Javascript,Java,Flash,etc.
2. How much does google pay you for acting like a jerk?

Greetings

[therube]

hulu.com and youtube.com

External Filters are not enabled by default in any case, so their presence is meaningless unless you enable them (assuming I'm understanding the dialog correctly).

(Now why they don't "delete" if you delete them, that's another issue? Coded in ExternalFilters.js, but what it means, haven't a clue.)

Like the SeaMonkey Suite which you are apparently using?

Hey! No need to pick on SeaMonkey users. OK, I give you an exception .

BTW, SeaMonkey does do one thing very well - a web browser. (The rest of the stuff, just ignore it.)

[dhouwn]

So I have just read the post from "njbhvgtrdg" in the other forum section.

You could have just replied there.

because of your whitelisting and spying,

Whitelisting OK, but spying? What do you mean? The redirection on update?

I'm still taking the time not to rant, but to report some bad behaviour by NoScript.

That's very nice of you, in this case I won't comment on your non-rants.

If you can't make ends meet with this extension just sell it to a big player like Microsoft.

Selling a Firefox extension to Microsoft, great idea!

1.Please just make a NoScript-light, i.e. turning off Javascript and Java-,Object-, and Flash-Tags on a per site basis.

NoScript is basically open-source, at least in the sense that its source code is public, commented and not obfuscated.

For example so I could enable everything if it comes from amazon and othersite1, but not if it's coming from a specific path like amazon.com/path/

There are no paths on the web.

I don't need clearclick and so on. Either the site is trusted by me, or it will *never* be allowed to run Javascript,Java,Flash,etc.

Trusted sites might have user-generated content that isn't filtered good enough. Additionally, Clearclick can also protect you against attacks not involving Javascript.

How much does google pay you for acting like a jerk?

Uh, I've spotted a loaded question! Here one for you: When did you stop drinking?

[Giorgio Maone]

So I have just read the post from "njbhvgtrdg" in the other forum section.

You could have just replied there.

In fact, I've just merged the two topics since the relevance to ABE of the other one is just tangential.

Now, I was tempted not to reply for starving the troll, but there are a few factual errors which I've been asked to rectify by some community members.

NoScript is a good tool that shouldn't have to exist, and only does so because of the shortcomings of Mozilla's browsers. Shortcomings that exist because Google are the biggest funders of Mozilla, and so shape Mozilla's products to be what Google would like: advert delivery frameworks.

Mmm, why am I asked everyday to port NoScript on IE, Chrome, Safari and Opera, then?

And NS sends users to the author's website on every (frequent) update, where the current and past versions of NoScript, along with all sorts of browser info, is recorded. This of course could be cross referenced with the data determined about users from the ABE IP thing, and sold on. Or not sold by the author, copied by malicious hackers and sold by them instead.

Except for your "is recorded" premise being plainly false.
NoScript does not collect or store any of the info you're suggesting, as stated in its very draconian privacy policy.
The same can't be said for Mozilla, which you send every day information about all the extensions you've got installed (along with "all sorts of browser info") via the update ping service (and yes, this one is recorded, actually).

So this is how to remove the Donate button in NoScipt [...]

Open source is wonderful, isn't it?
Just don't forget to turn off automatic updates as well, otherwise this thing could become annoying for you well beyond any meaning for "nagging".

unless of course you just delete this thread. Censorship is always the cowards way out.

Deleting this thread? and preventing your self-realization as an (anonymous) idiot?! God forbid, It would be cruel and unethical!

You ask for money, and set things up so there are adverts too. Fuck off, you greedy cunt.

I'll take it as a thank you for making my hard work available to you for free.

No doubt you justify the nagging for money because NoScript take up a lot of your time? Well, perhaps if it wasn't suffering from some kind of serious feature creep, it wouldn't take up so much time. NS started life as a very good idea, but it is slowly morphing into some kind of security suite for Firefox. Just because Windows is a shower of shit and needs tons of security software so the user can protect themselves from themselves, does not mean NS has to follow the same philosophy. Stick to the UNIX philosophy of doing 1 thing, and 1 thing well, and if you think NS needs another feature, perhaps just create a separate extension?

You probably don't have a clue about software development. Hint: if NoScript features (each one prompted either by lots of users or by security research) were scattered across multiple products, the development and maintenance time would be a lot more, rather than less.

Furthermore, a security tool which almost every single web security researcher in the world relies upon cannot afford to subtract security features across updates: removing a protection out of the blue wouldn't just be stupid, it would be putting millions of users in danger by giving them a false sense of security.

And on the external filters page, you cannot delete the sites I am not interested in: hulu.com and youtube.com.

1. External filters are a very experimental feature, disabled by default and mostly introduced to allow Blitzableiter integration. Blitzableiter has bugs and limitations preventing it from working correctly with Youtube and Hulu: it would break them completely, providing no advantage over plain NoScript flash blocking.
2. Versions up to 2.0.9.7rc3 don't allow filter parameters to be modified (changes can't be saved) until you select the processing executable (the blitzableiter.exe executable, in this case, which must downloaded separately). This is arguably a confusing bug and it's fixed in 2.0.9.7rc4.
3. Even though the filter has an executable, its whitelist cannot be left empty, but can be modified in any other way (for instance, you can put there just "invalid.invalid" and have the same effect of an empty whitelist). This is surely a bug and it's fixed in 2.0.9.7rc4 as well.

I presume you took money from them to be white listed? I mean, they are major commercial internet sites, and they will not want to not be able to spy on their users, they won't want to have to face increased support costs with NoScript users, etc..

I excuse you only because of your blatant ignorance. After all, external filters are listed in the Advanced tab and disabled by default for a reason.
However, if you're curious, here's Blitzableiter site. Even you should be able to understand that sites in that whitelist don't get any free pass to "spying", but are just prevented to be outright broken by an experimental Flash bytecode cleaner tool.

while I still use the extension though you are not fully trustworthy because of your whitelisting and spying

What spying, exactly?

First error was something like 'getInterface is not given on this and that function-call'.

And are you sure it was caused by NoScript? If so, could you be more precise (e.g. providing the exact code producing the error)?

Second was caused by ABE, but there no hint whatsoever in the error-message.

Again, could you care to report? People who report severe bugs like this with proper details, usually get them fixed in a few hours (literally).

2.) I only saw by reading "njbhvgtrdg" that you again have added websites-settings that are propably not changeable by the user: hulu.com and youtube.com.
I really ask you: What wrong with you? Why can'T you stop it? Wouldn't it be simpler to charge 1$ from each user instead of selling out the privacy of the users?
If you can't make ends meet with this extension just sell it to a big player like Microsoft. I'm 100% sure that this would bring you more $$$ as you could ever get by not selling it and trying to make add-$$$.

But don't try constantly to fuck the users!

Read above and wait to be sober, before posting again.

1.Please just make a NoScript-light, i.e. turning off Javascript and Java-,Object-, and Flash-Tags on a per site basis.
For example so I could enable everything if it comes from amazon and othersite1, but not if it's coming from a specific path like amazon.com/path/..., and not if it's from any othersite2,3,4. That's all I want. I don't need clearclick and so on. Either the site is trusted by me, or it will *never* be allowed to run Javascript,Java,Flash,etc.

Believe me, you do need ClearClick "and so on" (for instance, script permissions are almost useless without anti-XSS).
Howerver, since NoScript is open source, it can be forked into anything you want.
You've got several options, some smart, some not so much:

1. Do it yourself
2. Find a developer who believes it's a good idea and is able and willing to do it for free ("njbhvgtrdg" maybe?)
3. Pay some developer who's able to do it, even if not interested and/or not believing it's a good idea
4. Insult the lead developer, then ask him

2. How much does google pay you for acting like a jerk?

I can see you choose #4. Cross your fingers and wait...

[therube]

it's fixed in 2.0.9.7rc4 as well

2.0.9.7rc4 is there, though it is not reflected on your website (page or link).
(It is on AMO.)

Resolved.