There doesn't really seem to be any major difference in functionality between these two firefox addons. UMatrix is no longer actively developed and has the ability to pull in asset lists. NoScript, however, was updated just days ago. Which one of these extensions gives the user the most security/privacy if configured correctly?
Noscript has granular filters (noop) like uBlock, uMatrix only allow/block. for most performance uMatrix is best next to uBlock. if you already run uBlock, forget about noscript. btw - there exits no "most security/privacy" - you can filter web to death and only simple pages will work, any other will fail - promised. and ofc it need some knowledge about web is working, common domains and its usage for pages. for my needs i moved few lists to uMatrix as a general allow/deny to lower the impact of ublock. ublock running in nightmare mode is complete pointless. if you have to set more exceptions than blocking its time to think about a change.
Noscript also protects against XSS attacks: https://en.wikipedia.org/wiki/Cross-site_scripting https://noscript.net/faq#faqsec4 ABE is also an added value: https://forums.informaction.com/viewforum.php?f=23&sid=daa033b33ec9b28ed5216ffd5cee4792 https://noscript.net/faq#faqsec8
Ok. It sounds like NoScript is the way to go. Thanks for the info and links everyone! I am curious though, what setting does everyone use for their trusted and untrusted sites; meaning, what is allowed on those sites. Is this appropriate? Also, and blocklists you want to share would be appreciated. Spoiler: NoScript "TRUSTED": { "capabilities": [ "script", "fetch", "other", "frame", "object", "media", "font" ], "temp": false }, "UNTRUSTED": { "capabilities": [ "frame", "media" ], "temp": false }
I'm interested in using it, as opposed to uMatrix, for the reasons mentioned above; active development, XSS and ABE attack protection, and, oh yeah, active development. Of course it's overkill, but I would rather be too protected than not have enough protection. Besides, isn't that what 99% of users discuss here @ wilders?
I am already using AdGuard for Windows. I don't need another adblocker. I want a way to filter out third party requests.
it's your call of course but ubo is not just an ad blocker. it's a content blocker with a much wider spectrum of blocking capabilites.
i used to use umx up until @gorhill announced eol for it. now i'm using ubo alone. ns just belongs to the early noughties when websites were just passive, static info portals and users didn't interact with their content by modifying it, reacting to it or recreating it. with web 2.0, visitors/users of a website are able to participate, share, react to and interact with its content and other users. there's a constant flow of information and terabytes of data where cdn's, third parties, come into play. ns is not designed to deal with all this stuff. quite contrary it's programmed to block all these 3rd party requests and this leaves you with that old, static websites of web 1.0 era. and then there's integration of third party services such as messenger, whatsapp, disqus, fb, ig, yt, apple music, spotify, etc which is another story.
Perhaps, I'm thinking about this the wring way, or maybe I'm just very very dumb, but isn't that kind of the point; to block you don't want or that want too much information from you for integration's sake? People give up too much control under the guise of things being easier.
neither. like i said, that's a whole nother story. the real deal here is ns is not suitable for web 2.0 (soon to be 3.0) nor was it designed/programmed with multilayered, third party delivered web content/services in mind. and ubo has a much better, modern and easy to use ui and control mechanism. just my 2¢ of course.
That's what I'm trying to get you to differentiate; how NoScript is not suitable for the modern web but uBo is. Both are able to block and allow sites from loading. Both offer granual cxontrol over what aspects of a site can interact with the site you're currently using. So, how is NoScript insufficient? I'm not trying to be argumentative, I'm trying to understand.
Certainly is. FWIW n8, since you are a Sandboxie user, you should know NoScript works great with Sandboxie. I have been using NoScript along SBIE since 2009, never an issue. If you like to allow changes in NoScript out of the sandbox for Firefox, you need to allow access to this 3 files: sync-v2.sqlite sync-v2.sqlite-shm sync-v2.sqlite-wal For Edge, probably Chrome would be the same: doojmbjmlfjjnbmnoijecmcbfeoakpjm\000003.log You ll find this files in the Firefox and Edge folders in AppData. I allow access to this files in one sandbox, but not in my everyday sandboxes. For Trusted, I dont allow WebGl, Ping, and Other. For Untrusted, I dont allow anything. My Untrusted is the same as Default, nothing is allowed to run. What you are allowing looks fine. Regarding blocklists. NoScript doesn't have standard blocklists. I think that is so because it is better you build your own blocklist. Each person's blocklist works better when is build according to your case us. You build it as you go, it takes time but over a period of time, it becomes powerful and very useful. I think it is better each person build/cultivate their own untrusted list, even though a lot of the domains that I want to block are also domains that you likely would also like to block. Building your own list, helps you learn NoScript as doing it helps you get familiarized with domains and domains names. After a while, you ll know what a domain is and what it does just by looking at the name. To get to this level, you have to familiarize yourself with domains which is what you gonna achieve by building your own untrusted/black list. But if you like, I can upload my NoScript settings. Leave in place what I have set as untrusted, and change whatever you like to change. Bo
ns has only one mode: all or nothing, whereas ubo has different mode sets: easy mode, medium mode, hard mode, etc. and you can switch between them/fall back to another mode with just one click. it has the capability to utilize filter lists. its ui makes it so easy to allow, block, noop different parts of and elements on a website. allows you to noop elements in addition to allowing/blocking them. nooping makes it possible to temporarily or permanently disable dynamic filtering while leaving static filtering on, something you cannot achieve with ns. so easy to create global and/or local rules (not possible with ns) for websites, with just one click. these are just a couple of examples.
One thing I found with NoScript is that many ads, most ads are blocked by NoScript. So, even though, NoScript is not an adblocker, it blocks lots of ads. The first few years, I used NoScript, I also used Adblock plus. But eventually, I stopped using ABP, as I found that the extra that was getting blocked by ABP was so little that it was not worth it (to me) to carry an extra extension. Pretty much what I do with NoScript is allow to run only what its required to get the content I want in pages, and nothing else. If I go to a page and I can get what I want without allowing anything to run, in that webpage, nothing is gonna be allowed to run in NoScript. Bo
See, that exacty what I want to do as well. Would you mind sharing your 'distrusted' list? There are ceratin servers that are pretty well-known and obvious.
My pleasure. Test it, you can do it in Sandboxie before actually applying it to your real settings. Apply my list to your settings and start opening your favorites, you ll see many domains that will fall in the Untrusted category. Another good test is going to websites with a lot of garbage, once there, look at the NoScript menu to see what's been blocked by default. Spoiler: Untrusted list ], "untrusted": [ "247realmedia.com", "33acrosm", "8hykthze.cris.com", "360yield.com", "45f2373b26b8e2.com", "4dsply.com", "51network.cocket", "abmr.net", "accuenmedia.com", "acexedge.com", "acquisio.com", "acxiom.com", "ad120m.com", "ad122m.com", "ad127m.com", "ad131m.com", "ad132m.com", "ad4game.com", "adadvisor.net", "adap.tv", "adaptiveads.com", "adblade.com", "adbrite.com", "adbuyer.com", "adcash.com", "adcentriconline.com", "adchemy.com", "adconion.com", "addthis.com", "addthiscdn.com", "addtoany.com", "adfrontiers.com", "adfusion.com", "adgear.com", "adinterax.com", "adip.ly", "adit-media.com", "adition.com", "adjug.com", "adjuggler.com", "adk2.co", "adk2.com", "adk2x.com", "adknowledge.com", "adlantic.nl", "adlink.net", "admagnet.net", "admarketplace.com", "admeld.com", "admtpmp125.com", "adnetworkperformance.com", "adnigma.com", "adnxs.com", "adocean-global.com", "adorika.net", "adrotate.se", "adrunnr.com", "adsbookie.com", "adscale.de", "adsonar.com", "adsrvmedia.net", "adstract.com", "adsvids.com", "adswizz.com", "adtech.de", "adventurefeeds.com", "adverigo.com", "advertising.com", "adzerk.net", "afdads.com", "agomwefq.com", "amazon-adsystem.com", "ampxchange.com", "aol.co.uk", "aolcdn.com", "axf8.net", "beanstock.com", "bet365affiliates.com", "bircgizd.com", "bizographics.com", "bkrtx.com", "bluekai.com", "bluelithium.com", "bnhtml.com", "bttrack.com", "bwinpartypartners.com", "caleban1.blogspot.de", "carrstap.com", "casalemedia.com", "cedexis.com", "chartbeat.com", "chatango.com", "checkm8.com", "ckwpsghi.com", "clicksor.net", "clicktale.net", "clkmon.com", "clkrev.com", "clksite.com", "codeonclick.com", "collective-media.net", "comeadvertisewithus.com", "comgnnyx.com", "comm100.com", "connexity.net", "content.ad", "conviva.com", "coxdigitalsolutions.com", "cpmterra.com", "criteo.com", "criteo.net", "crwdcntrl.net", "cxense.com", "demdex.net", "deployads.com", "directrev.com", "dl-rms.com", "dm.gg", "dmdcpvgu.com", "dogwrite.com", "doubleclick.net", "drqjihcfdrqj.com", "dsf4t5jfds34j.com", "dynamicyield.com", "eattransitgifted.xyz", "eclkmpbn.com", "emediate.eu", "etracker.com", "etracker.de", "exoclick.com", "exponential.com", "fastclick.net", "fluohbiy.com", "fqpteozo.com", "freenet.de", "fscache.com", "fwmrm.net", "gemius.pl", "googleadservices.com", "googletagservices.com", "gravatar.com", "gravity.com", "gravityrd-services.com", "grvcdn.com", "h6y654wgfdhd.com", "hapyak.com", "hffmzplu.com", "highcharts.com", "histats.com", "homerun.re", "hotjar.com", "hsvqfvjidloc.com", "imrworldwide.com", "indexww.com", "industrybrains.com", "intellitxt.com", "ivwbox.de", "izwsvyqv.com", "jbgehhqvfppf.com", "kinley.com", "kontera.com", "korrelate.net", "kovla.com", "krxd.net", "kyzhecmvpiaw.com", "leadzupc.com", "ligatus.com", "ligatus.de", "lijit.com", "linkedin.com", "liveadexchanger.com", "livechatinc.com", "livefyre.com", "liverail.com", "livesegmentservice.com", "lkqd.net", "lockerz.com", "marketo.net", "mdn2015x1.com", "mdn2015x2.com", "mdn2015x4.com", "mediaplex.com", "mediavoice.com", "mediawhiz.com", "moatads.com", "mobtrks.com", "mopub.com", "mtagmonetizationa.com", "mtagmonetizationb.com", "mtagmonetizationc.com", "mxpnl.com", "mxpnl.net", "nbcudigitaladops.com", "nefxtwxk.com", "negdrvgo.com", "netshelter.net", "newrelic.com", "nhl-nfl-nba.us", "nugg.ad", "nuggad.net", "nwirvhxxcsft.com", "oclaserver.com", "oclasrv.com", "offersquared.com", "ohmwrite.com", "okmuxdbq.com", "omtrdc.net", "onclasrv.com", "onclickmax.com", "openx.net", "optimizely.com", "optmd.com", "ossdqciz.com", "ovgzbnjj.com", "oyrgxjuvsedi.com", "oyzsverimywg.com", "padstm.com", "pdn-1.com", "peer39.net", "pejqoq4cafo3bg9yqqqtk5e6s6.com", "petametrics.com", "philbardre.com", "pinterest.com", "pivotrunner.com", "pixfuture.net", "plista.com", "popads.net", "pubmatic.com", "puhtml.com", "puserving.com", "putags.com", "qnsr.com", "quality-channel.de", "qualtrics.com", "quantserve.com", "rackcdn.com", "reporo.net", "rev2pub.com", "revsci.net", "rpczohkv.com", "rubiconproject.com", "sail-horizon.com", "salesforce.com", "saymedia.com", "scmffjmashzc.com", "scorecardresearch.com", "searchoverthenet.com", "servebom.com", "servedbyopenx.com", "sharethis.com", "sharethrough.com", "skimlinks.com", "skimresources.com", "smartadserver.com", "sonobi.com", "soosooka.com", "speednetwork16.com", "spread.ly", "springserve.com", "srvpub.com", "startpagina.nl", "statcounter.com", "stickyadstv.com", "storage.googleapis.com", "stumbleupon.com", "superfastcdn.com", "taboola.com", "tagila.com", "tagila.net", "technoratimedia.com", "tinyurl.com", "tqeobp89axcn.com", "trackalyzer.com", "tradeadexchange.com", "tradedoubler.com", "trueffect.com", "typekit.net", "unibet.com", "unrulymedia.com", "velocecdn.com", "viglink.com", "vipbox.tv", "vipboxsa.co", "vipcpms.com", "vipleague.se", "visualrevenue.com", "voicefive.com", "waframedia3.com", "webmasterplan.com", "wemfbox.ch", "windows.net", "wordpress.com", "worthathousandwords.com", "wp.com", "wunderloop.net", "wwwpromoter.com", "wzueqhwf.com", "xtendmedia.com", "xttrofww.com", "yardbarker.com", "yeabble.com", "ygrtbssc.com", "yieldmanager.com", "zanox.com", "zedo.com", "zedoadnetwork.com", "zencdn.net", "zqaxaqqqutrx.com", "https://s3.amazonaws.com", "0914.global.ssl.fastly.net", "http://www.bxfsdzpffy.bid", "http://www.hxlkmsib.bid", "69oxt4q05.com", "typekit.com", "brightcove.net", "app.link", "carambo.la", "firstimpression.io", "getclicky.com", "zvaianux.bid", "gwqkliacsn.bid", "googlesyndication.com", "udarem.com", "google-analytics.com", "gqlqgmiahdtoyl.bid", "tdukupzymgfb.bid", "gigya.com", "tellapart.com", "otcqlckpafizv.bid", "vduyikffas.bid", "windy.com", "mgid.com", "brightonclick.com", "contentabc.com", "yandex.ru", "m73lae5cpmgrv38.com", "stripchat.com", "trafficstars.com", "doublepimpssl.com", "qttmjwno.com", "bauffnmtou.com", "bnserving.com", "d3p2b5qewrnsyv.cloudfront.net", "adsco.re", "vtdvhmbouayj.club", "http://www.vtdvhmbouayj.club", "nfzaustkhtkd.com", "http://cdn.cdnserv.pw", "http://www.nfzaustkhtkd.com", "tpdowdhhn.com", "fqpfvqpptch.com", "ulbriabm.com", "hzulgipdcbgwad.com", "krrmpgdmoexc.club", "disqus.com", "udmserve.net", "addroplet.com", "brealtime.com", "content-ad.net", "tynt.com", "tru.am", "tealiumiq.com", "go-mpulse.net", "agkn.com", "staticcache.org", "2makeyourday.world", "roblox.com", "gfdfhdh5t5453.com", "loolav.space", "mdn2015x3.com", "narjesmedia.com", "adexchangecloud.com", "pussl32.com", "nextlnk3.com", "tapxchange.com", "playmediacenter.com", "add-block.com", "revdepo.com", "remarketingpixel.com", "s3.amazonaws.com", "metricfast.com", "urldelivery.com", "d3al52d8cojds7.cloudfront.net", "http://comegarage.com", "speednetwork14.com", "zombiesoup.co", "edigitalsurvey.com", "effectivemeasure.net", "outbrain.com", "ortonch.com", "nererut.com", "z6naousb.com", "refbanners.com", "rabbithole.top", "uptimecdn.com", "sascdn.com", "pmjnelusn.com", "khzbeucrltin.com", "centralserver.eu", "celeritascdn.com", "btvhdscr.com", "27684.club", "o333o.com", "valshara.com", "5780.site", "cuecxgwkjtan.com", "ytbpmzbabph.com", "dngsuhxuzb.com", "qcrvwgsfz.com", "acloudvideos.com", "browsers.support", "modulepush.com", "streamroot.io", "vidcpm.com", "vkcdnservice.com", "2mdn.net", "dc8xl0ndzn2cb.cloudfront.net", "wibbitz.com", "parsely.com", "ntv.io", "jwpltx.com", "velocitycdn.com", "amung.us", "bcloudhost.com", "s3-eu-west-1.amazonaws.com", "nbalive.pw", "speednetwork19.com", "adf.ly", "yeo1tfjz5f.com", "o12zs3u2n.com", "woahizouty.com", "commercialvalue.org", "mw19c3mi5a.com", "loldata.top", "luckypushh.com", "locktdguw9.com", "kaunairu.net", "onclicksuper.com", "ssl2anyone3.com", "automatedcomputers.com", "vaebard.com", "revrtb.net", "ie8eamus.com", "fingahvf.top", "class2deal.com", "stampurt.com", "pushlat.com", "zap.buzz", "jwpsrv.com", "propellerclick.com", "moneymakercdn.com", "rappenedstoric.info", "padsblue.com", "nameketathar.pro", "producebreed.com", "dgw7ae5vrovs7.cloudfront.net", "togroltu.net", "spotscenered.info", "googletagmanager.com", "bugsnag.com", "d2wy8f7a9ursnm.cloudfront.net", "deloplen.com", "grooksom.com", "jotchept.com", "tharbadir.com", "wbxzrxarmzyx.com", "kgzcentyfo.com", "exosrv.com", "mediasply.com", "googleusercontent.com", "newaprads.com", "madsabs.com", "llahnch259.com", "itteholm.site", "histats.net", "ajjhtetv87.com", "vlicdn5.com", "viatepigan.com", "koacojus.net", "tionscofferent.info", "ufpcdn.com", "hegtiterbuttons.pro", "onclicktop.com", "onclickmega.com", "ministcreas.info", "bootstrapcdn.com", "vwxgxculdbybw.com", "r4nwdude.com", "cndijojw.com", "inpagepush.com", "jodata.site", "lolsefti.com", "dc5k8fg5ioc8s.cloudfront.net", "zuyejecgb.com", "cadsanz.com", "elkbahtax.com", "himekingrow.com", "d3v3bqdndm4erx.cloudfront.net", "foowafoa.com", "inabsolor.com", "louchees.net", "rtmark.net", "waisheph.com", "moutoofa.com", "owlsyumducal.com", "subcdnfile.xyz", "toglooman.com", "jomtingi.net", "denetsuk.com", "movie-series.net", "maphuahin.com" ], This is a good list. It is great help when you allow websites to run temporarily. When you do that, all domains on that site run, except the ones in the Untrusted list. Note: All the domains in my blacklist are domains that I never need for anything. If I find one thats needed somewhere for something (this is very rare), I usually take the domain out of the black list and turn it to default. Bo
It really is. The domains in the list are not in alphabetical order. For example, for Google, I have 6 domains blocked . Not need them for nothing. To find them all, you have to search for them in the list. Not long ago, I had to temporarily allow the usercontent one to watch some videos. But it is so rare (first time ever with that domain) that I left it in there. The idea is Don't put anything in there that, even if rare, can be useful in this site or that site, or another site. What you set as untrusted, should be domains that because of their nature (not needed), you can skip them when looking at the NoScript menu, so you don't waste time on them when you visit websites at random/new websites. This is what it looks in the UI. Bo