Is NoScript really that necessary for Firefox besides your current internet security?

Discussion in 'polls' started by encus, Mar 27, 2013.

?

Is NoScript really that necessary for firefox besides your current internet security?

  1. Yes.

    57 vote(s)
    52.8%
  2. No.

    46 vote(s)
    42.6%
  3. I have no idea.

    5 vote(s)
    4.6%
  1. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    Security and convenience is always a tradeoff. I can't use the internet these days without a scriptblocker both for security and convenience. The main thing I don't like about noscript compared to some other script blockers is that it doesn't show how many scripts are being blocked for a given site. I find that most sites work fine with js completely blocked and most of the disabled content is superfluous advertising and stylistic effects. JS doesn't just annoy, it is the main mechanism for drive by exploits and a serious security issue. It also consumes enormous amounts of memory and cpu cycles and you will find your computer much more responsive with it disabled.

    It really depends on the site. I like seeing how dependent a site is on JS. Tumblr is really bad, for example. I wanted to see a few drawings on a Tumblr blog about an artist yesterday and it had 300 scripts just to do a simple gallery spread. News sites are also really bad and most of the js is for ad feeds and the content can be read perfectly well without js.
     
  2. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Nine times out of ten I have to temporarily allow 6 or 7 scripts to watch a video. I ask myself if NoScript blocks scripts to be secure, and then I unblock them to see the material, what is the sense?
     
    Last edited: Apr 27, 2015
  3. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    862
    NoScript (for me) adds a bit of information security with XSS/clickjacking protections, as well as reduces the risk of harm from a fileless exploit (which SRP approaches won't).

    Beyond that I'm in a state of mind where I'm happy enough to deal with the occasional popup and set whitelists/blacklists. There are sites that work much better without scripts that are deliberately designed to obscure site content, and it gives me a better sense of how insidious online tracking is. I admit, I'd deliberately avoided this aspect of security in the past.

    Lastly, I didn't expect it to make a difference but general browser speed seems improved. NoScript seems much more user friendly compared to a few years ago - although I'd prefer a static menu so I could deal with each entry in one go. There's too many clicks, and this could be fixed.
     
  4. Nanobot

    Nanobot Registered Member

    Joined:
    Jun 23, 2010
    Posts:
    473
    Location:
    Neo Tokyo
  5. wshrugged

    wshrugged Registered Member

    Joined:
    Jun 12, 2009
    Posts:
    266
    Thank you.

    Edit to add :

    I had allowed this information that you've provided slip by me. Too busy and too lax on my part. There is some disclosure in NoScript's privacy policy at Mozilla : https://addons.mozilla.org/en-US/firefox/addon/noscript/privacy/

    As it happens I've just recently gone back to FF as my default browser. I'll have to do another cost/benefit analysis as to continuing to do so (or in what configuration). Thanks again for the info.
     
    Last edited: Apr 27, 2015
  6. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,892
    Location:
    US
    Funny cause i was trying to find in yours...

    Im not sure how you have your ublock configured but on my system I am yet to find a video that does not work or a site that I find unusable.
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Me neither (with NoScript).

    Bo
     
  8. gorhill

    gorhill Guest

    Regarding the script blocking functionality:

    Not exactly the same. Assuming one uses uBlock in default-deny more, uBlock is closer to RequestPolicy. Before HTTPSB, I was a long time user of NoScript. The one thing made more difficult with NoScript, is the ability to easily enable/disable scripts on a per-site basis -- to me that is a significant difference.
     
  9. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    It's hard to find anything that doesn't these days. The only thing you can do is thwart it's efforts dead in it's tracks and harness the good. I found that HTTPS-Everywhere phones home too.

    With Firefox I found the IP range it uses to phone home and blocked it. And also not only disable the safebrowsing stuff by unchecking the boxes, but go into the about:config and delete all the entries. In NoScript it's a good idea to uncheck the WAN IP box in the ABE tab. In HTTPS-Everywhere, likewise I block the range that phones home. I'll post the ranges here for both Firefox & HTTPSE:

    Firefox: 63.245.0.0 - 63.245.255.255
    HTTPS-Everywhere: 69.50.0.0 - 69.50.255.255

    I also block a range for Microsoft: 69.28.0.0 - 69.28.255.255
    ... and Ixquick (yes, even they phone home): 213.144.0.0 - 213.144.255.255

    You "can" still maintain privacy and anonymity while maintaining functionality if you put in a crap ton of effort, time, and research into it. But they are making it exceedingly more difficult these days.

    Note: You will have to temporarily remove the IP block for Firefox to update it (and the addons)... and then add it again.
     
  10. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    If I had to block that many seedy 3'rd party scripts I know little about just to watch a video, I wouldn't be using that site. I only really use Youtube to watch videos and only have to allow 2 scripts to do so, one of which is first party (youtube).

    And I don't really get the fuss about the inconvenience of having to make a few mouse clicks to allow scripts either. That is what the whitelist is for. Do it once and you never have to do it again. The same goes for HIPS.
     
  11. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,892
    Location:
    US
    Well there are some of us that don't use hips precisely for that reason.
     
  12. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    because a few mouse clicks is a monumental inconvenience you mean?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.