Standard Noscript Blacklist?

[shyronnie]

Is there a general blacklist of websites that everyone can use? Everytime I visit a new website, and everything's blocked, I don't know which ones are good, and which ones are bad. So I'm hoping there's some kind of pre-made blacklist out there that I can use, instead of guessing which ones I should allow, other than the main site itself.

[Giorgio Maone]

No, there's none.
But you can use middle-click (or shift+left-click) on any entry to get help.

[shyronnie]

No, there's none.
But you can use middle-click (or shift+left-click) on any entry to get help.

Thanks for the tip!

[shape5]

I wanted to check back on this topic since it's been nearly 4 yrs...

I prefer to keep NoScript set to "allow scripts globally" while keeping Anti-XSS protection, HTTPS enforcement, Clickjacking protection and ABE active, and then blacklist anything that is bothersome, like say googleanalytics.com. I tried it initially with the default Forbid scripts globally but then realized i was spending all my time trying to configure each page and research what all these scripts were (then finding conflicting recommendations on some) rather than getting any work done - then having to do this for every site, which would eventually mean 100s and 1000s of sites... I just want to prevent annoying scripts from slowing down my browser & CPU. The problem is if the scripts are forbidden as default, then much of (or most of) the content doesn't load, but I don't know what content is missing until I allow the scripts to run. then I have to try and figure out what scripts provide the content I want, which ones slow things down, which ones I want to allow & block, etc. Configuring NoScript could be a full time job.

I see a list posted here: SOME SITES YOU MIGHT NOT WANT TO ALLOW [Updated 21 DEC 2012] but can the full list be entered into NoScript's Untrusted category? It would be very helpful to many users to have a list of basic known scripts or lists of sites like this that are intrusive & do not provide anything useful to the user, that can be safely blocked without omitting content, the way that AdBlock Plus has lists of intrusive ads (i.e. EasyList, EasyPrivacy, Malware Domain Blocklist, etc.) so the work is already done for the average user rather than requiring them to do all the research manually. You just checkmark the list and it blocks all the unwanted scripts.

I blacklisted googleanalytics as i already knew that it tracked clicks, and that there are numerous scripts & add-ons to disable it, providing security & privacy to the user. But there are so many scripts that show up in the list for each site that it's too time consuming to inspect each one. One ex i looked up is googleadservices which i found conflicting information about: one side being that it's 5-star rated, completely trustworthy & approved by the web of trust, vs. get rid of it b/c it's malware & hijacks browsers.

[shyronnie]

Oh wow, I totally forgot about this thread!

But yeah, what shape5 said. I also wish NoScript would do something similar to what Adblock Plus is doing, which is having a blacklist of scripts to block. Investigating every single script on all sites that you visit is very time-consuming, and I don't blame him for allowing scripts globally for full functionality of the sites he visits.

[barbaz]

The feature exists in NoScript (about:config > noscript.subscription.*) but I haven't actually seen any publicly available such service...
(I think Giorgio does not want to maintain one.)

One ex i looked up is googleadservices which i found conflicting information about: one side being that it's 5-star rated, completely trustworthy & approved by the web of trust, vs. get rid of it b/c it's malware & hijacks browsers.

googleadservices is a Google tracking domain.

[Thrawn]

I also wish NoScript would do something similar to what Adblock Plus is doing, which is having a blacklist of scripts to block.

Why not just use Adblock Plus? And maybe a blocking HOSTS file? If you're after blacklist-based protection, those are probably stronger choices.

[shyronnie]

I also wish NoScript would do something similar to what Adblock Plus is doing, which is having a blacklist of scripts to block.

Why not just use Adblock Plus? And maybe a blocking HOSTS file? If you're after blacklist-based protection, those are probably stronger choices.

Oh, I didn't know about that technique. I'm currently Googling how to do that. Also, Adblock Plus only blocks ads, right? I use both NoScript and Adblock Plus. My NoScript is set to block all scripts by default, and I allow all scripts on a website I visit except for those with the word "ad" on it, and any other ones that look suspicious. That's how I do it for now, but I'll look into that HOSTS file.

[barbaz]

Also, Adblock Plus only blocks ads, right?

By default it blocks all ads that the Adblock Plus team (Eyeo GmbH) hasn't explicitly whitelisted as "non-intrusive".
It's just a generic content blocker and hider so you can use it for whatever you want in theory; in practice, because its request blocking is actually unreliable starting from version 2.6, its only real use as a security/privacy tool is as a quick store for blacklists that you can use to help yourself decide whether to allow the site in a tool like NoScript. I do this myself (but with my own fork of ABP which I've patched to remain reliable at blocking requests) and it works well.

I've posted more details about this @ viewtopic.php?f=7&t=20088

[rshimizu12]

Perhaps we could have a feature that would allow report safe and unsafe scripts. Then people could vote if they are safe or unsafe. Part of the problem is that I run into sites where there is a bunch of scripts and it is a big hassle to unblock them all.

[barbaz]

Perhaps we could have a feature that would allow report safe and unsafe scripts. Then people could vote if they are safe or unsafe.

Everyone's concept of "safe" and "unsafe" is different. How will this help anyone?

Part of the problem is that I run into sites where there is a bunch of scripts and it is a big hassle to unblock them all.

That is what the "Temporarily allow all this page" and "Allow Scripts Globally" buttons are for.
(And the Untrusted menu to exclude stuff from those actions)

You can even configure a keyboard shortcut for temporarily allow all this page, and you can tweak auto-reload settings to "fake" per-tab permissions if you want.

Also you might want to look into the cascading permissions feature.
about:config > noscript.cascadePermissions
(It has a GUI somewhere in NoScript Options but I forget where it is)

[rshimizu12]

It is certainly not a perfect solution. Another possibility would be to generate a some sort of weighted scores based on the sites listed on the security and privacy links. It would also help if there was a option that would to describe the functions of a certain script.

[barbaz]

It is certainly not a perfect solution. Another possibility would be to generate a some sort of weighted scores based on the sites listed on the security and privacy links.

That is a better solution given that there are comments on these sites (which could be used to adjust ratings for specific users), but I would think it is hard to implement.

It would also help if there was a option that would to describe the functions of a certain script.

The closest to that which is realistic to implement is viewtopic.php?f=10&t=19847

[rshimizu12]

Perhaps it is time for Noscript to become Open Source or closed source to speed up development then.

[Thrawn]

NoScript is already open-source (GNU General Public License, in fact).