NoScript - PitA?

If it's not ZDoom, it goes here.

NoScript - PitA?

Postby Enjay » Tue Mar 10, 2015 3:51 pm

So, I've been using Firefox for quite some time now; three years or more, and I like it. I have a number of add-ons and things are set up pretty much how I want. I've had NoScript installed almost since the start because everyone tells me how good it is. However, most of the time it just seems to be a royal pain in the ass.

So many sites have some sort of scripting that virtually every site I visit needs to be reloaded with NoScript disabled before it will work properly. If I'm using an online shop of some sort, sooner or later I will hit a checkout page and even if I had already disabled NoScript on the main page, the store page may well need another disable and reload to get it working properly and sometimes this is enough to mess up the transaction. It's not pages that I visit frequently that are a problem (I have NoScript permanently disabled on them), it's general browsing that seems to be massively hampered by NoScript. The NoScript "I've disabled some scripts" warning sound happens so often that it's just second nature to me to middle click the icon and thereby disable NoScript and refresh the page almost reflexively when I hear the sound.

I know that there are nasties out there on teh big bad intarwebs and having an automatic "no scripts will run unless you want them to" safety net in my browser does give peace of mind but, how big is the risk versus the crippling of browsing that I experience with NoScript?

Any thoughts?
User avatar
Enjay
Everyone is a moon, and has a dark side which he never shows to anybody. Twain
 
 
 
Joined: 15 Jul 2003
Location: Scotland

Re: NoScript - PitA?

Postby Graf Zahl » Tue Mar 10, 2015 4:17 pm

There's many, many websites out there that are infested with tracking software and nastier things that I wouldn't want to risk exposure.
I have whitelisted anything I visit regularly, but also have some sites that are not clean on my blacklist (a good example would be Doomworld.)

I know my brother had 3 virus infections last year because he found NoScript inconvenient but after switching it on he got none. I believe the danger from badly behaved sites far outweighs the inconvenience of having to explicitly enable scripts where they are useful. You also expose far less information to data miners.
User avatar
Graf Zahl
Lead GZDoom Developer
Lead GZDoom Developer
 
Joined: 19 Jul 2003
Location: Germany

Re: NoScript - PitA?

Postby Big C » Tue Mar 10, 2015 4:25 pm

Graf Zahl wrote:There's many, many websites out there that are infested with tracking software and nastier things that I wouldn't want to risk exposure.
I have whitelisted anything I visit regularly, but also have some sites that are not clean on my blacklist (a good example would be Doomworld.)


Ach, what's happened with Doomworld?
User avatar
Big C
 
Joined: 19 Oct 2010

Re: NoScript - PitA?

Postby wildweasel » Tue Mar 10, 2015 4:26 pm

Doomworld's ad banners tend to be pretty nasty, Flash-based nonsense that has been known to install crapware behind the scenes. AdBlock Edge/Latitude are known to mitigate most of it, but you can never be too careful. It's apparently a quirk of their hosting provider; I'm not sure why they haven't looked into finding a different host.
User avatar
wildweasel
change o' pace.
Moderator Team Lead
 
Joined: 15 Jul 2003

Re: NoScript - PitA?

Postby Enjay » Tue Mar 10, 2015 4:31 pm

I'm certainly all for keeping trackers and data miners away and Ad Block also serves me well on places like DoomWorld.

I also use Ghostery and that seems to be pretty good. I was using Disconnect too but that definitely caused a number of sites to not function properly and would also manifest in some unexpected ways, such as pictures hosted on certain sites not showing up on these forums with no obvious visible clue that there was even meant to be a picture in the post. It's currently installed but disabled.
User avatar
Enjay
Everyone is a moon, and has a dark side which he never shows to anybody. Twain
 
 
 
Joined: 15 Jul 2003
Location: Scotland

Re: NoScript - PitA?

Postby leileilol » Tue Mar 10, 2015 4:39 pm

The only thing that annoys me is the update news page that forces itself making me read "I ASS" when I start my browser.



RequestPolicy is nice too, but sends a lot of page styles and images to hell since no one can design within a single domain anymore. :(
User avatar
leileilol
ダークエルフ!!!!!!!!!!
 
Joined: 30 May 2004
Location: GNU/Hell

Re: NoScript - PitA?

Postby Gez » Tue Mar 10, 2015 5:09 pm

In my own experience I'm more often annoyed by sites that need cookies to work than by sites that need JS to work. And generally I only allow "for the session" the site itself and stuff like looks like a content delivery network, but leave facebook, tracking and advertising out.
Gez
 
 
 
Joined: 06 Jul 2007

Re: NoScript - PitA?

Postby Siggi » Tue Mar 10, 2015 5:28 pm

Disabling JS is impractical these days. Pretty much all the modern features that improve the user experience will rely on JS somewhere along the line. So I don't support NoScript.
I think if you're using Disconnect and Ad-blockers you should be fine.

The only privacy thing I use daily is Duck Duck Go instead of Google. The Bangs feature is also pretty useful.

If I feel the need to do some truly dubious browsing then I use Tor Browser.
User avatar
Siggi
 
Joined: 03 Oct 2004
Location: South Africa

Re: NoScript - PitA?

Postby Blox » Tue Mar 10, 2015 8:26 pm

I just deal with the major pain in the dick that is noscript+requestpolicy.
Things get interesting once in a while.
leileilol wrote:RequestPolicy is nice too, but sends a lot of page styles and images to hell since no one can design within a single domain anymore. :(

[sobbing intensifies]
User avatar
Blox
I am Laziness Incarnate!
 
Joined: 22 Sep 2010
Location: Apathetic Limbo

Re: NoScript - PitA?

Postby Graf Zahl » Wed Mar 11, 2015 3:03 am

Siggi wrote:Disabling JS is impractical these days. Pretty much all the modern features that improve the user experience will rely on JS somewhere along the line.



Correct. But have you ever looked into what mess 'modern' pages load externally? I'd rather control myself which parts get loaded and which don't.

Blox's image pretty much sums it up what cesspool the internet really is. I normally keep my main session clean and visit problem sites either in private mode or through Tor because the more a website relies on external Javascript (really the only problem with NoScript) the more likely there's malicious content.
User avatar
Graf Zahl
Lead GZDoom Developer
Lead GZDoom Developer
 
Joined: 19 Jul 2003
Location: Germany

Re: NoScript - PitA?

Postby GooberMan » Wed Mar 11, 2015 3:16 am

Why not Adblock? The filter sets are actively updated, and I've not hit any malicious scripts on the internet in, well, at least since I've been using Adblock (I guess something like 8 years now). YMMV with malicious scripts depending on what sites you visit for example.

HTML5 basically won't work without scripting by design.
User avatar
GooberMan
Best taken in small quantities
 
Joined: 08 Aug 2003
Location: Helsinki, Finland

Re: NoScript - PitA?

Postby Project Dark Fox » Wed Mar 11, 2015 4:12 am

I started using NoScript a LONG time ago, but when pages started failing to load earlier in the year even after they've been whitelisted, I had to look for alternatives. By recommendation of a techie I know off-forum, I've started using Hostsman to modify my HOSTS file instead of using an adblocker. My browsing is even faster and I don't get hit with any ads, nor do I have to fiddle with any whitelists. Nearly all pages load properly, too.
User avatar
Project Dark Fox
Married Furry Anxiety Bucket
 
Joined: 14 Jul 2005
Location: Louisville, KY USA
Twitch ID: ProjectDarkFox
Operating System: Windows 10/8.1/8 64-bit
Graphics Processor: nVidia with Vulkan support

Re: NoScript - PitA?

Postby Graf Zahl » Wed Mar 11, 2015 4:43 am

GooberMan wrote:Why not Adblock? The filter sets are actively updated,


Do the filter lists contain Doomworld?
If the (expected) answer is 'no', you'll know why that approach is not sufficient. I have met my share of websites that use scripts inappropriately and prefer to decide for myself what gets through and what does not. Especially stuff like Facebook, Twitter and other 'Social' stuff is on my blacklist.

I also use the HOSTS file for stuff I don't trust at all, most importantly Google Analytics.
User avatar
Graf Zahl
Lead GZDoom Developer
Lead GZDoom Developer
 
Joined: 19 Jul 2003
Location: Germany

Re: NoScript - PitA?

Postby GooberMan » Wed Mar 11, 2015 4:58 am

I browse Doomworld without ads if that answers your question. Is there any additional scripts not related to ads that Doomworld uses that are bad bad die bad?
User avatar
GooberMan
Best taken in small quantities
 
Joined: 08 Aug 2003
Location: Helsinki, Finland

Re: NoScript - PitA?

Postby Marisa Kirisame » Wed Mar 11, 2015 7:08 am

I'm somehow used to all the annoyances coming from using noscript, requestpolicy (the continued version), ublock (lighter than adblock), https everywhere, and some few custom userscripts and userstyles to selectively tweak some things I don't like.

I guess that's normal coming from someone who's also used to manually maintaining a systemd-free Arch install. I really don't know how I have it easier than other people.
User avatar
Marisa Kirisame
ZScript Magician
 
 
 
Joined: 08 Feb 2008
Location: Vigo, Galicia
Discord: Marisa Kirisame#4689
Twitch ID: magusmarisa
Github ID: OrdinaryMagician
Operating System: Other Linux 64-bit
Graphics Processor: nVidia with Vulkan support

Next

Return to Off-Topic

Who is online

Users browsing this forum: No registered users and 1 guest