It suprises me how easy it is for people to forget controversies, and the amount of people who still use noscript to this day. The developer of noscript used unethical methods harming users for monetary gain, in 2016 he advertised malware on his website and whitelisted the malware domains on his extension: noscript, targetting people (specifically windows users) to download without noscripts protection, and with noscripts consent. He even tried to hide the script and disable adblocks from working.
In 2009, Giorgio Maone had made another offence, which wasn't as bad as malware but was still scummy. He targetted adblock users by blocking easylist which was a common blocklist back then, in order to promote his own ads and trackers. He did this for many years without going noticed and in 04/05/2009 Giorgio (Noscript author ) released statement where he deeply aplogised for his actions, which i find is pathetic ngl as the developer lied dishonestly rather than admitting mistakes.
I lost the link I had to the source, but theres several mentions of it on forums if you don't believe me.
For someone to repeat a similiar offence twice, both of which contradict noscript's purpose: privacy, is just shameful. Besides, there'd be no reason to use noscript even if it was trustworthy since its inferior and useless as ublock can achieve the same functionality with more features.
Saw a post a few days ago about some things the author of Noscript did and don't really wanna support it. Is there anything that replaces Noscript?
I'm sick and tired of people saying uBlock Origin advanced mode replaces uMatrix and NoScript. It does not.
NoScript has XSS protection. It can sanitize suspicious cross site requests.
NoScript can block the Object of JavaScript without blocking the script itself.
NoScript can independently block Font, WebGL, Ping and noscript parts, which even uMatrix does not allow you to do.
uMatrix is completely different from uBlock advanced mode. It's not even remotely similar. Unless there is a completely different secret mode that I'm unaware of aside from the normal advanced mode, you can NOT set custom rules like blocking everything but CSS, Image and Fetch/XHR in a site per site basis that can be tweaked by a simple buttons in the addon panel, which is an absolutely essential part of privacy and security hardened web browsing. In light of recent vulnerabilities, it's not even safe to enable CSS and Fetch anymore, but alas there needs to be some compromise to successfully use the web.
Also, uMatrix is not dead. Just use nuTensor instead. It's very simple to compile (on Linux). I don't know anything about programming but I managed, so, so can you (probably).
edit: To clarify, nuTensor has not seen much activity on the main branch recently, so I suggest using a different user's fork on GitHub for a more updated extension, such as nikobockerman's fork.
I'm trying out dynamic filtering and coming from NoScript I see that often "unbreaking" sites requires more work with uBO in "medium mode" (3p scripts and frames blocked by default).
For example:
On imgur.com need additionally allow imgur.map.fastly.net
On twitter additionally to twimg.com need allow twitter.map.fastly.net
On gog.com to display site correctly additionally to gog-static.com need allow deltacdn.net and akamai.net for some functionality
On protondb.com need now allow netlify.com
On many sites there are these ....cloudfront.com domains required which I never had to allow in NS.
What causes these differences?
So far, I have been loving Pale Moon. It is so fast and easy to use. However, I was wondering If I could download NoScript. I really like privacy and a simple JavaScript turn on and off doesn't cut it.
I am using WAVE to perform a preliminary audit of a site's accessibility.
When I turn the Lite Speed Cache lazy load images setting to active, <noscript> element is added to every div with an image.
WAVE flags this as a warning.
Can I ignore this type of <noscript> markup because the <img> element has the relevant attribute and alt text?
Should I consider other actions for the <noscript> element in regards to accessibility?
Thanks for the advice!
Edit:
This is a WordPress site using Oxygen Builder.
Vivaldi: 3.7.2218.52 (Stable channel) (64-bit)
Revision: a466b7f17805f4e7b50302de5efa2a46eb62ba13
OS: Windows 10 OS Version 1909 (Build 18363.1440)
I don't know if this is a bug, or the way the Start Page thumbnails work, but I've noticed that when I have NoScript enabled, and I'm blocking some of the sites that are in my Start Page, the generated thumbnails are broken.
However, if I disable the NoScript globally, and reload the Start Page the thumbnails are correctly displayed.
You can see in this picture, Top thumbnails with NoScript enabled, and Bottom thumbnails with NoScript disabled:
https://i.imgur.com/P03yDsJ.png
I use tor on android, and it has noscript by default enabled. Will it cause any privacy issues if I turn off noscript? It's really inconvenient to use noscript for me on all sites as most sites tend to break.
- Is it redundant to use both?
- If not, what are the differences?
- Lastly, are there any reasons to choose one over the other?
Edit: I am on FF. I like that NoScript by default blocks all Javascript and I get to choose when to trust it. I'm not sure if UBO does the same or makes it as easy to replicate.
I want to move away from Mozilla, and the even worse Chrome. Preferably available for both Linux and Windows (which I have to use for work).
so i read up on what these are but i immediately closed down the pop-up and tor without clicking block request.
am i in any kind of danger for not blocking the request?
If this is the case, should I allow first-party in NoScript, but disable first party in uBlock? How should I configure NoScript's settings ("script," "object," "media," "frame," "font," "webgl," "ping," "noscript," "other") so the functionality doesn't overlap?
Should I use these on Brave? I used them on Firefox and Chrome
I noticed that NoScript has been removed from the recommendations list for Firefox addons. Why is that? Couldn't find anything concrete on GitHub.
As uMatrix has been discontinued, I see NoScript as an essential addon.
Hi,
I wanted to know if noscript is any useful if I am using uBlock Origin's Medium/Hard mode? (https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium-mode)
I have been using noscript for a while and wanted to know if it is anyuseful if I just use the above method of Blocking.
uMatrix is also amazing but has not been updated in a long time and appears so that it never will be anymore. I would like it if some of you could give your opinion on this.
I get White House Market mail, but I am unable to read the mail. It's just a blank box.
WHM has a note that "If you cannot read your message, make sure your browser can display frames, tweak your noscript accordingly"
I looked this up, and failed. Anyone know how to fix this error?
Thanks!
Hello everyone and happy holidays!
I've been a proud NoScript user in Firefox for as long as I can remember, but with most websites using so many third-party scripts for functionality, NoScript is starting to be more of a nuisance than anything else.
First of all, please allow me to clarify that I am very interested in both privacy and security. I don't like sites tracking/fingerprinting me, but I also want to avoid any malicious code out there. So typically I'm in block-everything mode and rely on whitelisting what I trust. However, I do a lot of research, which regularly sends me to tons of first-time sites, many of which I'm unfamiliar with and don't know for sure if they're trustworthy. If I stayed in my circle of trusted sites, I wouldn't have a problem with NoScript at all, but alas, that's not possible.
So what usually happens is I stumble on a new site and find it doesn't work because scripts are blocked. If I can still read the text, no problem, but if that's hindered, I have to enable scripts. At this time NoScript shows 1-2 domains being blocked. I temporarily white list the top level domain and the site still doesn't work. This time NoScript shows 13 additional domains blocked. So I temporarily allow the usual suspects (*cdn, media, cloudflare, etc), and then NoScript shows 33 domains blocked still without allowing the site to work. At this point, I either give up, open the site in another browser, or string together several "temporarily allow all" until everything is allowed and I can use the site. It's just not time effective to toggle each one and find the ones I need (and dependencies) and white list them (and really, I don't know if they're safe, so I don't want them permanently whitelisted).
Other times, I'll be on a new but legitimate site, which I do trust and to which I need to submit a payment. Everything works until I submit payment and only then find there's a processor domain that needs permissions to work, i.e., there's no NoScript entry until you submit details. Then I allow it and resend, but ultimately, I have to start all over, sometimes several times. So again, ultimately, I just use a different browser without NoScript.
So I'm looking for a solution that allows me to visit new sites without all the aggravation. So do any of you have a suggests, such as:
-
Is there a trusted, publicly available whitelist can can be imported into NoScript options?
-
Are there better extensions, such as uBlock or uMatrix?
I was reading the recent discussion about Privacy Badger and it gave me some thinking, especially this post. User who wrote this and person from linked blog article claim that PB makes users more identifiable because of unique set of "trackers" they block, which sites can easily see and therefore it's better to block only things based on fixed filter lists like typical adblockers do.
But isn't that basically the same situation as with addons I mentioned in title? I mean, in ideal situation all users of such should block pretty much everything all the time but as we know it's realistically not possible and compromises must be made. I bet many users allows first party domains by default and cherrypick third party's to fix "broken" sites and then make these settings persistent out of convenience. That basically means that most of the users would also have very unique set of things they block/allow.
If above is true that would mean that, in example of uBlock Origin, you should either go all the way and use "hard mode" with blocking everything and never making changes persistent or use "easy mode" with only static filtering because anything in between (so called "medium mode") while potentially good for security and maybe browser performance would make privacy worse.
Some Rec-tube links (example: rec-tube.com/watch/2019042413410869/?3 ) don'T have a s00.fileurl links when using the TOR/noscript, console/IDM method, they just have rec-tube.com/file/564132172055542/
others like rec-tube.com/watch/2019111921483029/?2 have a fileurl link when inspected but still redirect so google immeidately
Every discussion I find about this is old and likely outdated
Running FF 85.0.1 on Ubuntu 20.04 LTS. Yesterday everything was working OK but this morning every page I open has the NoScript S! icon tag (NoScript 11.2 BTW) meaning restrictions disabled. The practical effect seems to be that all scripts on every page are operational so I get a blizzard of pop ups asking me to set cookie permissions plus other unwanted garbage on some pages. I didn't notice any recent update to either FF or NS that might account for it although I can't swear that hasn't happened. I definitely haven't changed any settings myself. Anyone got any idea what's happening?
P.S. Before some helpful soul goes to some length to point out that ublock origin is better, I'm aware. But it was simpler to just copy my existing FF config over with all its existing permissions/restrictions when I set up the new system, someday I'll try out ublock but I'd prefer not to be doing that today.
Most of us use NoScript because it's protecting our privacy and limits the data collected by 3rd party companies.
In the video where Melina installs a newer version of Linux Mint on her old laptop, Melina shows that everything is working fine. She shows Firefox and browses her blog, which she doesn't make available in China (as she wants to remain a unknown randomer there, none of Cym3llia stuff is available there either). She says "Yeah, I need to install addons, you know. Or maybe you don't." I assumed that Melina meant to say she wanted privacy and no advert.
Turns out G00gle refuse to have their products available in China, according to news (like Business Insiders articles, which I won't link, because they're biased and full of political BS + stuff that have the Europeans go π), they don't even want to have their search engine available there.
According to what people have been saying in forums, without NoScript, Melina cannot browse stuff like G00gle, FB and the likes, but she also cannot browse ANY WEBSITE USING G00GLE DATA HARVESTING THINGIES. Any website connecting to g00gle, gstatic, an@lytics, g00gleapis, g00gletagservice and so on won't load ! Blank pages ! And apparently, that's A LOT. Using NoScript will allow to browse the websites, though. But not to log in. If the website requires a G00gle recaptcha, then it's unusable !
That's insane ! Melina doesn't use G00gle products at all. She deleted her Youtube account "because it is useless, as complaints lead to nothing and as (she) doesn't agree to their TOU". She has deleted Cym3llia FB pages. She has deleted her Twitter account too now.
According to what's been said, Melina was FURIOUS that her blog (which uses a CMS) had gstatic enabled by default at some point after an update and had to find a way to have that gone.
She uses Yandex (as seen in the video), VK and Dailymotion for embedable videos, Aliyun for her videos, and a European hosting (source : her video after the SSL certificate of Meovely got ruined and the whole website got ruined as well. Meovely . com was moved to a European hosting and to Meovely . me. That's the video where she talked about coupons...which was trolled about by someone the next day...)
With all the talks and lawsuits going on, we should also be careful what we're using. I bet most in our fandom uses NoScript because everybody does, without really knowing what its purpose is. Check from times to times what is listed on pages you're browsing...
And also :
... keep reading on reddit β‘After having Tor sit around inert for some time, I'm using it more lately, but something is happening with noscript, in that every third-party ad server a mainstream site calls triggers a separate large-window error stating,
NoScript XSS Warning NoScript detected a potential Cross-Site Scripting attack from https://www.blahblah.com to https://www.blahblah.com. Suspicious data: ...
This happens many times per domain rendering Tor unusable for mainstream sites. I couldn't find many mentions of this problem so I think it's a bit idiosyncratic. The version I'm using is: 10.0.8 (based on Mozilla Firefox 78.6.1esr) (64-bit)
Any ideas? TIA!
I'm thinking about switching to Ublock Origin for adblocking but one thing thst has has kept me from doing so is that to my understanding it also can block scripts and iframes which I use Noscript for. If I were to install UBO, would it work with Noscript or could there be some conflict between them?
do i still need Noscript to complement Ublock origin, or is Ublock origin equally capable of blocking javascript?
Yesterday I opened official nvidia forums. After that I got the same xss warning
>from [...] to https//nvidia(.)com
>
>suspicious data: (URL) nvidia(.)com/geforce/forums/discover/{{Metatags.og.image}}
At first i didnt think of it much but I got the same thing several times already on completely unrelated to nvidia websites. Even once right after completely refreshing and reinstalling firefox.
Do I have a reason to worry?
What will be the consequences if I disable this add-on. I am asking this question because it makes almost every website unaccessible. Will I be compromising my privacy a lot by doing this? Or is it okay to not have it?
When I boot up tails Tor has https everywhere and Ublock origin, yet other copies of Tor has https everywhere and noscript. Why is that?
NoScript is great, I've been using it for about 10 years. Going to a new website is annoying at times, trying to get websites into the whitelist.. New Firefox blocks out a load of trackers (I also have Privacy Badger and Decentralites). Is new Firefox enough to block trackers
I was looking around and noticed this site saying things about Malware in the extension.https://liltinkerer.surge.sh/noscript.html I just want to make sure I am using something reputable.
Which one can I remove? Anyone have better recommendations? New to the privacy world. Any advice helps! Thank you :)
Hi,
I wanted to know if noscript is any useful if I am using uBlock Origin's Medium/Hard mode? (https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium-mode)
I have been using noscript for a while and wanted to know if it is anyuseful if I just use the above method of Blocking.
uMatrix is also amazing but has not been updated in a long time and appears so that it never will be anymore. I would like it if some of you could give your opinion on this.
Been doing this for a while but most people seem to only use one.
