NoScript - PitA?

If it's not ZDoom, it goes here.
User avatar
Enjay
 
 
Posts: 26516
Joined: Tue Jul 15, 2003 4:58 pm
Location: Scotland
Contact:

NoScript - PitA?

Post by Enjay »

So, I've been using Firefox for quite some time now; three years or more, and I like it. I have a number of add-ons and things are set up pretty much how I want. I've had NoScript installed almost since the start because everyone tells me how good it is. However, most of the time it just seems to be a royal pain in the ass.

So many sites have some sort of scripting that virtually every site I visit needs to be reloaded with NoScript disabled before it will work properly. If I'm using an online shop of some sort, sooner or later I will hit a checkout page and even if I had already disabled NoScript on the main page, the store page may well need another disable and reload to get it working properly and sometimes this is enough to mess up the transaction. It's not pages that I visit frequently that are a problem (I have NoScript permanently disabled on them), it's general browsing that seems to be massively hampered by NoScript. The NoScript "I've disabled some scripts" warning sound happens so often that it's just second nature to me to middle click the icon and thereby disable NoScript and refresh the page almost reflexively when I hear the sound.

I know that there are nasties out there on teh big bad intarwebs and having an automatic "no scripts will run unless you want them to" safety net in my browser does give peace of mind but, how big is the risk versus the crippling of browsing that I experience with NoScript?

Any thoughts?
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
Posts: 49056
Joined: Sat Jul 19, 2003 10:19 am
Location: Germany

Re: NoScript - PitA?

Post by Graf Zahl »

There's many, many websites out there that are infested with tracking software and nastier things that I wouldn't want to risk exposure.
I have whitelisted anything I visit regularly, but also have some sites that are not clean on my blacklist (a good example would be Doomworld.)

I know my brother had 3 virus infections last year because he found NoScript inconvenient but after switching it on he got none. I believe the danger from badly behaved sites far outweighs the inconvenience of having to explicitly enable scripts where they are useful. You also expose far less information to data miners.
User avatar
Big C
Posts: 2839
Joined: Tue Oct 19, 2010 3:24 pm

Re: NoScript - PitA?

Post by Big C »

Graf Zahl wrote:There's many, many websites out there that are infested with tracking software and nastier things that I wouldn't want to risk exposure.
I have whitelisted anything I visit regularly, but also have some sites that are not clean on my blacklist (a good example would be Doomworld.)
Ach, what's happened with Doomworld?
User avatar
wildweasel
Posts: 21706
Joined: Tue Jul 15, 2003 7:33 pm
Preferred Pronouns: He/Him
Operating System Version (Optional): A lot of them
Graphics Processor: Not Listed
Contact:

Re: NoScript - PitA?

Post by wildweasel »

Doomworld's ad banners tend to be pretty nasty, Flash-based nonsense that has been known to install crapware behind the scenes. AdBlock Edge/Latitude are known to mitigate most of it, but you can never be too careful. It's apparently a quirk of their hosting provider; I'm not sure why they haven't looked into finding a different host.
User avatar
Enjay
 
 
Posts: 26516
Joined: Tue Jul 15, 2003 4:58 pm
Location: Scotland
Contact:

Re: NoScript - PitA?

Post by Enjay »

I'm certainly all for keeping trackers and data miners away and Ad Block also serves me well on places like DoomWorld.

I also use Ghostery and that seems to be pretty good. I was using Disconnect too but that definitely caused a number of sites to not function properly and would also manifest in some unexpected ways, such as pictures hosted on certain sites not showing up on these forums with no obvious visible clue that there was even meant to be a picture in the post. It's currently installed but disabled.
User avatar
leileilol
Posts: 4449
Joined: Sun May 30, 2004 10:16 am
Preferred Pronouns: She/Her
Location: GNU/Hell

Re: NoScript - PitA?

Post by leileilol »

The only thing that annoys me is the update news page that forces itself making me read "I ASS" when I start my browser.



RequestPolicy is nice too, but sends a lot of page styles and images to hell since no one can design within a single domain anymore. :(
Gez
 
 
Posts: 17833
Joined: Fri Jul 06, 2007 3:22 pm

Re: NoScript - PitA?

Post by Gez »

In my own experience I'm more often annoyed by sites that need cookies to work than by sites that need JS to work. And generally I only allow "for the session" the site itself and stuff like looks like a content delivery network, but leave facebook, tracking and advertising out.
User avatar
Siggi
Posts: 3288
Joined: Sun Oct 03, 2004 8:57 am
Preferred Pronouns: They/Them
Location: South Africa

Re: NoScript - PitA?

Post by Siggi »

Disabling JS is impractical these days. Pretty much all the modern features that improve the user experience will rely on JS somewhere along the line. So I don't support NoScript.
I think if you're using Disconnect and Ad-blockers you should be fine.

The only privacy thing I use daily is Duck Duck Go instead of Google. The Bangs feature is also pretty useful.

If I feel the need to do some truly dubious browsing then I use Tor Browser.
User avatar
Blox
Posts: 3728
Joined: Wed Sep 22, 2010 9:35 am
Location: Apathetic Limbo

Re: NoScript - PitA?

Post by Blox »

I just deal with the major pain in the dick that is noscript+requestpolicy.
Things get interesting once in a while.
leileilol wrote:RequestPolicy is nice too, but sends a lot of page styles and images to hell since no one can design within a single domain anymore. :(
[sobbing intensifies]
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
Posts: 49056
Joined: Sat Jul 19, 2003 10:19 am
Location: Germany

Re: NoScript - PitA?

Post by Graf Zahl »

Siggi wrote:Disabling JS is impractical these days. Pretty much all the modern features that improve the user experience will rely on JS somewhere along the line.

Correct. But have you ever looked into what mess 'modern' pages load externally? I'd rather control myself which parts get loaded and which don't.

Blox's image pretty much sums it up what cesspool the internet really is. I normally keep my main session clean and visit problem sites either in private mode or through Tor because the more a website relies on external Javascript (really the only problem with NoScript) the more likely there's malicious content.
User avatar
GooberMan
Posts: 1336
Joined: Fri Aug 08, 2003 12:57 am
Location: Helsinki, Finland

Re: NoScript - PitA?

Post by GooberMan »

Why not Adblock? The filter sets are actively updated, and I've not hit any malicious scripts on the internet in, well, at least since I've been using Adblock (I guess something like 8 years now). YMMV with malicious scripts depending on what sites you visit for example.

HTML5 basically won't work without scripting by design.
User avatar
Project Shadowcat
Posts: 9369
Joined: Thu Jul 14, 2005 8:33 pm
Operating System Version (Optional): Windows 10
Graphics Processor: nVidia with Vulkan support
Location: Blacksburg, SC USA
Contact:

Re: NoScript - PitA?

Post by Project Shadowcat »

I started using NoScript a LONG time ago, but when pages started failing to load earlier in the year even after they've been whitelisted, I had to look for alternatives. By recommendation of a techie I know off-forum, I've started using Hostsman to modify my HOSTS file instead of using an adblocker. My browsing is even faster and I don't get hit with any ads, nor do I have to fiddle with any whitelists. Nearly all pages load properly, too.
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
Posts: 49056
Joined: Sat Jul 19, 2003 10:19 am
Location: Germany

Re: NoScript - PitA?

Post by Graf Zahl »

GooberMan wrote:Why not Adblock? The filter sets are actively updated,
Do the filter lists contain Doomworld?
If the (expected) answer is 'no', you'll know why that approach is not sufficient. I have met my share of websites that use scripts inappropriately and prefer to decide for myself what gets through and what does not. Especially stuff like Facebook, Twitter and other 'Social' stuff is on my blacklist.

I also use the HOSTS file for stuff I don't trust at all, most importantly Google Analytics.
User avatar
GooberMan
Posts: 1336
Joined: Fri Aug 08, 2003 12:57 am
Location: Helsinki, Finland

Re: NoScript - PitA?

Post by GooberMan »

I browse Doomworld without ads if that answers your question. Is there any additional scripts not related to ads that Doomworld uses that are bad bad die bad?
User avatar
Marisa the Magician
Posts: 3886
Joined: Fri Feb 08, 2008 9:15 am
Preferred Pronouns: She/Her
Operating System Version (Optional): (btw I use) Arch
Graphics Processor: nVidia with Vulkan support
Location: Vigo, Galicia
Contact:

Re: NoScript - PitA?

Post by Marisa the Magician »

I'm somehow used to all the annoyances coming from using noscript, requestpolicy (the continued version), ublock (lighter than adblock), https everywhere, and some few custom userscripts and userstyles to selectively tweak some things I don't like.

I guess that's normal coming from someone who's also used to manually maintaining a systemd-free Arch install. I really don't know how I have it easier than other people.
Post Reply

Return to “Off-Topic”