Sharing sites base

[Anakunda]

Hello,

would it be possible to share a of verified sites black/whitelist among more users, or at least among more computers.
The situation is as stated here when a user (me) has classified a many of sites as trusted/untrusted by NoScript, but after installing another instance of Firefox, ie. on another hardware, the classification progress starts from scratch. I'd like the possibility the new instance could somehow use the already built up sitebase and don't have to classify all again from scratch.
I also think that there should be some public on-line NoScript related sitebase that users could access or import to local profile. This is reflecting the fact that all users have to classify self places which are generally known and confirmed as trusty, like google.com etc.

[Tom T.]

would it be possible to share a of verified sites black/whitelist among more users, or at least among more computers.

At the top of this forum, and the other two main NoScript support forums,
SOME SITES YOU MIGHT NOT WANT TO ALLOW.

all users have to classify self places which are generally known and confirmed as trusty, like google.com etc.

Sorry, but personally, I don't trust Google any farther than I could pick up their headquarters building and throw it. They, and all of their other scripts and cookies, are not allowed by default on my machines. (https://ssl.scroogle.org is one possible alternative. IMHO. YMMV.)

And *that* is the overall problem with this request, which comes up repeatedly (as a search of the site would have shown, as requested by the Forum Rules #1).

I don't like that Google wants to know everything about everybody, use some sneaky means to accomplish that, have been sued by the EU for violation of data-privacy laws, etc. (The US has *no* data-privacy laws, to speak of, but then, US Congress members -- n/m, O/T.) Some people trust Google. That's their choice, and I respect it.

One-size-fits-all trust lists just don't work.

Blacklist sites are found in various anti-malware and anti-spyware tools.
For example, some users (self included) use various third-party providers of a Hosts file that substitutes for the default Windows HOSTS file.
If the mechanics are above you, not to worry. They're explained more at such sites.

Here's one, to which I have no personal or financial connection, and therefore cannot be held responsible:
http://www.mvps.org/winhelp2002/hosts.htm

They currently list, and block, more than 16,000 sites said to be verified providers of adware, spyware, and/or malware.
Updated every month or so.
No user action required, except that those that block by redirecting to 127.0.0.1 are better off edited to block to 255.255.255.0 or 0.0.0.0, as explained here.

Please note that not everyone agrees with the use of the Hosts file in this manner. *Personally*, speaking for no one but myself, I've been doing it for years, and find that it makes browsing faster and less annoying. Your results may vary.

This Hosts file can be copied from one machine to any others.

Your whitelist (and all other NS settings) can be synched using Firefox's Synch feature, or just use NoScript Export on the master machine, copy the resulting text document to the other machines, then use NoScript Import button, navigating to the copied Export folder.

[Anakunda]

Yea I think I understand this prob. There should be an generally acceptable authority to take decisions which sites are good to trust and which not and for every user the border can be individual.
But still I think there should be an facility of your addon for site base interchange, ie. inmport/export via some file format, as for individual users with multiple machines running Firefox, or small networks like households where the trust is self-promotional certainly wouldnot have a problem with common site base sharing. So please implement sharing of all white/black lists via the file, or online account, it would make lifes much easier especially for users who operate on multiple machines and want to reuse once built sitebase without having to build it for every PC again from scratch. Thanks!

[therube]

Nothing to stop you or any other user or group of users from doing that right now, even if it doesn't exist under the auspice of "NoScript" .

[Tom T.]

Yea I think I understand this prob. There should be an generally acceptable authority to take decisions which sites are good to trust and which not

And who would that be? And how would we know that they're honest? And new sites pop up any minute. And old ones change names/URLs.

But there is a feature in NoScript that will give you opinions from several such sites. See FAQ: "What Is A Trusted Site?".

But still I think there should be an facility of your addon for site base interchange, ie. inmport/export via some file format, as for individual users with multiple machines running Firefox, or small networks like households where the trust is self-promotional certainly wouldnot have a problem with common site base sharing.

There already is. See my previous reply, about the Export/Import functions in NoScript, and about Firefox synchronization in general.
For more information, see FAQ 2.4.

In fact, searching, or browsing, the entire FAQ, as requested in Forum Rules #1, might be a good idea, and would have given the answer much faster than our 36-hour exchange. (No offense intended.)

it would make lifes much easier especially for users who operate on multiple machines and want to reuse once built sitebase without having to build it for every PC again from scratch. Thanks!

I operate on two machines. I synchronize them with tools, as noted. Yes, it would be much more painstaking to do this by hand.
Here is an older post about doing that quickly.

[Anakunda]

I operate on two machines. I synchronize them with tools, as noted. Yes, it would be much more painstaking to do this by hand.
Here is an older post about doing that quickly.

I think hardcopyng the whole profile can be dangerous, especially between Windows and Linux instances (different file paths, some addons platform specific, etc.), could you at least state where's the NoScript sitebase located, thanks.

[Tom T.]

I operate on two machines. I synchronize them with tools, as noted. Yes, it would be much more painstaking to do this by hand.
Here is an older post about doing that quickly.

I think hardcopyng the whole profile can be dangerous, especially between Windows and Linux instances

Yes, of course. Both of my machines are Windows, and both are XP. Sorry about that.

could you at least state where's the NoScript sitebase located, thanks.

I don't understand. I gave links to one of three (identical) threads in this Forum that have a list of sites that users might not want to allow.

For the remainder, please see the FAQs that were previously recommended, about how to check any script's source in several different ratings sites.

If you wish to use a third-party Hosts file that works with Windows, at least, (I don't know whether it would fit other OSs, although all should have a similar type of file somewhere), here is one:
http://winhelp2002.mvps.org/hosts.htm
Again, I'm not connected to them in any way, and so can't be responsible for their product or your use of it, but I've been satisfied with it for a number of years.

For complete and automatic synchronization across all devices, please see Firefox Sync.
There is a long thread about that here, too, but that link should be sufficient.

[Anakunda]

So, why at least not allow users autowhitelist those domains that have excellent rating on WOT ?
You can add this option to NS preferences, satisfying minimum WOT rating level to auto-whitelist domain.
I'm sure I would use it !

[dhouwn]

I'm sure I would use it !

I wouldn't. But maybe if there is continued and sincere interested in such a thing Giorgio could implement a hook for rating extensions that tell NoScript whether a site is worth to be trusted per default. So someone would just have to build an extension that uses this hook to give an forward allow/deny-answer to NoScript based on tis interpretation of the response from the WOT service for a particular domain (the responses would have to be cached to keep the delay reasonable).

Again, everyone using such services should keep in mind the possible side effects of using such services (e.g. a domain might be "trustworthy" in the eyes of such a rating service but still "naggish" to a user), but I guess it's better than using the default-allow mode.

[Tom T.]

So, why at least not allow users autowhitelist those domains that have excellent rating on WOT ?!

Does the term "ballot-box stuffing" mean anything to you?

I've seen some pretty questionable sites get good ratings there.

Also, some site queries at WOT redirect to a parent site of that site. Not sure how that would work.

And for the last time, PEOPLE'S OPINIONS DIFFER. Example: You called Google trusty; the European Union and I disagree. They filed a lawsuit; I haven't.

The foremost consideration in allowing code to run on your machine is NECESSITY. If a certain script or object isn't needed for the function I want, why consume the resources and take the chance that it may have been compromised?

This is a safety tool. Safety and convenience are always opposites. If everyone in the world were honest, why would you be carrying around that keyring in your pocket or purse? And occasionally lock yourself out of your car? You accept the inconvenience, because it increases your security.

There are *tons* of information available about how to make these decisions. Letting a robot make them for you defeats the purpose of the tool, because a false sense of security is worse than no security at all.

But any user who wants to host their own suggested whitelist or blacklist, from their own sources or from the community, is certainly welcome to do so -- at their own site and expense. ... Oh, wait, the Hosts file providers that I mentioned already do that with regards to blacklists.

I doubt you first drove a car without taking some time and instruction in learning how to drive safely. I did the same before first being allowed to fly an airplane on my own. The Internet can't kill you as those can, but it can drain your bank account, steal your identity, ruin your credit and reputation, etc...

If you can't be bothered to learn how to avoid that, then feel free to join the 80-90% of home users whose computers are already infected with at least one form of malware, by actual random sampling.

I strongly oppose any such addition to NoScript.