uBlock + uMatrix is a good combo. uBlock has a lovely right click block element option which can be used to selectively block elements on a webpage. uMatrix does script blocking on a domain level and big privacy intrusive sites always use multiple domains. I use multiple browsers at once and use different combinations of extensions. Compartmentalization at the browser level is always good. I've ditched Ghostery since long ago due to lack of trust. There are better faster alternatives. There's Privacy Badger, the Duckduckgo extension and Winscribe is another good one. Apart from a free vpn/proxy, it has tracker blocking, social media button muting, user agent rotation and a few more. You can set up a 2gb per month no email account in a minute and you can have several browsers on different accounts and IPs going at once. If you really get serious, you can start blocking at the DNS level with a Pi-hole DNS server and save your browsers some CPU cycles. Privacy is definitely not for the lazy. Not everyone can be a web ninja but a little effort helps a lot.
That's a valid point. I don't think it's as bad as it could be. But I had been messing with the whole browsing privacy/security thing for about 20 years, beginning with the host file. In Windows 2000 on an AMD Athlon system; how time files... These days I'm satisfied to let some one else do it and when a properly configured combo of the AdGuard and Ghostery extensions drop hundreds of outbound connections to a dozen or so, that's Darn Good Enough for me. I'd even pay for it if I had to. I believe both entities can be trusted. It's been a good four or five years without problems since I've been running that pair with other well accepted and behaved security extensions and about:config tweaks. As well, I'm running a layered strategy on the system side of things for anything that the browser might try to do. I browse in Firefox without much angst and annoyance & ad free. .(BTW, I for several years I've run lifetime licensed AdGuard on my Android devices. It's sooooo efficient and tweakable, I can't imagine using Android without it. I wish I they had a Roku version I could stuff into my Ultra.)
Hi Rasheed. You want both at the same time (easiness of usage and control) but I am sorry, you cant have both at the same time. Is not possible. You have to choose, one or the other. If you want Control, you ll choose NoScript (a program that by default, nothing runs. Rasheed, you can not have more control than that). The good thing is, and I told you this a thousand times before, but you either dont believe me or you think is not possible, after a while, when you learn NoScript, when you become an advanced user, using NoScript becomes easy, like drinking water. See here, Rasheed. This is the problem. People want control but dont want to spend the time learning how to use the program properly. It takes longer than 2 hours to become advanced and to make sense of what you doing with NoScript. So, if you want control, and make NoScript very close to a set and forget type of program, you have to put the time and learn it. There is no way around that. Regarding the interface. UI looks dont matter to me. But if what you are referring to is the usability of the NoScript UI, read this, sometimes I think, Giorgio read my mind and designed the NoScript UI specifically according to my case use. That tells you my opinion about the NoScript UI. Bo
@Surt My history is somewhat similar to you. AG filters are overall not bad, they're often quicker to fix FPs than EasyList. But I care it a bit that their too permissive exception rules may partly undermine added value to my setup.
Having used NS, RP, uMat, & uBO (Medium), I can say all of them become hassle-free IF & ONLY IF you're patient enough to train them a few months, but this is trouble enough for most ppl to keep them from adoption. But anyone can find a comfortable zone between ctrl and easy-use. What I like for uBO is, if I need to allow (noop) a certain domain for a website to work, it's ultra-easy to find the domain, mostly eliminating need to inspect the page or trial & error. Ofc domain name itself is often a good hint, and u can see source and use developer tools (& request logger for uBO), but w/ uBO they're rarely needed: most often the domain is either yellow-colored or have "+ -" indicator. I don't agree that uBO (Easy) & other ad-blocker don't break many sites tho. Indeed, it's more often I need to make an exception for static rule than I do for dynamic rule. I guess most ppl just don't notice breakage or ignore them. Here're exception rules only for EasyList & EasyPrivacy I made last month ALONE: @@||www.lupicia.com/img/ad/$image,domain=www.lupicia.com @@||pay.veritrans.co.jp/pop/v1/javascripts/pop.js$script @@||cdn.jwplayer.com/$xmlhttprequest,domain=www.rd.com @@||cdn.jwplayer.com/thumbs/$image,domain=www.rd.com @@||assets-jpcust.jwpsrv.com/thumbnails/$image,domain=www.rd.com @@||c.amazon-adsystem.com/aax2/apstag.js|$script,domain=www.rd.com @@||cdn.jwplayer.com/v2/media/*/poster.jpg?$image,domain=www.rd.com @@||img.atwikiimg.com/common/_img/spacer.gif?$image,domain=w.atwiki.jp @@||jra.webcdn.stream.ne.jp/web/jra/onetag/referrer.js|$script,domain=jra.webcdn.stream.ne.jp @@||js.hscta.net/cta/current.js$script,domain=aucfan.com (Don't tell me to report them. I've been reporting only for significant FPs.) Remember the shift to HTML5 has risen the value of blocking scripts for purely security purpose. In pre-html5 era main objective were preventing XSS and malware (including MageCart style one, tho it was not popular). Now HTML5 expanded path for XSS and introduced new attack vector such as X-document messaging & XHR reading. Wide adoption of Ajax also broadened the attack window. If you scan all services you use with Security Header or Website Security Test, you'll find still too many sites don't implement proper security.
Speaking on filters more, I was surprised to see there're still people who believe Adblock Warning Removal List removes anti-adblock (the link is intentionally omitted) despite ABP officially says NO. This suggests even those who're supposedly techie don't bother to check the filter before subscription. If you do, you'll find what it actually hides - they're just modest request to disable adblocker, often shown in a slender banner and will disappear w/ 1-click. So it's more comparable to Anti-Cookie Filters. Moreover, most of specifically listed are French & Russian sites and the list includes many sites which no more display the request. It's only useful for those who're not tolerant with these requests and don't wanna turn them off with 1-click, particularly if you browse French/Russian sites often, in exchange with more exception rules (i.e. less blocking).
Well, I'm afraid you're wrong, because with uBlock you can do the same as with NS. But this dicussion is pointless, because it's a matter of taste. If you believe that all scripts can be a risk, then you need NS. If you only want to block ads and trackers, without breaking most sites, you can use uBlock. If you think like this, then NS is the obvious choice. But it's not a realistic solution for 99% of the rest of the world.
We agree on something, this things are a matter of taste. Thats for sure. Regarding blocking all scripts because of believing all of them can be a risk. You are missing and confusing something, Rasheed. What are you missing? I dont block scripts because of security. I block scripts and all unnecessary content from running to keep webpages clean of distractions and annoyances. That is the main purpose for using NoScript. Security? I get more than plenty of that from Sandboxie. I want a clean internet, and that's exactly what I get thanks to using NoScript. By the way, Rasheed. I cant stand being uncomfortable or lose usability because of something I use or do while browsing or using the computer. If NoScript was so annoying as you think it is, believe me when I tell you that if the trade off was as bad as you think, I would not be a NoScript user. I would no be using NoScript and instead use adblockers like ABP or UBO. Here is something else that we agree. If you only want to block ads, then yeah, use UBO But on the other hand, if you want to control all that runs and connect when you land in a webpage, you use programs like NoScript. By the way, NoScript by default allows content thats classified as frame, fetch and other to run in all pages. Myself, I go extra with blocking content. I disable allowing frame, fetch and other. For me, basically nothing runs when I land on a new webpage. If my internet experience was broken because of the way I use NoScript, I would make it less restrictive, but there is no need. Bo
If it's not about security, then people might as wel switch to uBlock, because annoyances are blocked by uBlock too. You just need to learn how to use it. For strict security, NS is the better choice. But my point is, strict security isn't really needed when the browser is already protected by tools like Sandboxie and anti-exploit, catch my drift? But like I said, it's pointless to continue this discussion, it's a matter of taste.
Exactly, it is pointless. It is a matter of taste, we agree on that. I told you this before and I ll tell you again. You like programs that use lists based on other peoples choices on what to allow and what to block, thats your choice. And is fine with me. On the other hand, I rather do the blocking myself. Doing it, not only gives me the satisfaction that I get because I am the one whose deciding on what to allow to run and what not to, and in the end, I get a cleaner internet experience. What you call broken, I see it as the way it should be, with 0 annoyances and with 0 loss of usability. If you dont understand what you are supposed to get by using NoScript, then it is understandable no to get it that once you learn NoScript and get into it, the browsing experience you get by using the program is exactly what you expect to get. Bo
Even when your purpose is only blocking ads & tracker, don't expect too much from easy-mode. The default lists misses quite many despite their FPs. E.g. tho EasyPrivacy blocks many more trackers than AGTP filter due to its aggressive use of generic rules, it still misses wide range of trackers. One example is /thirdPartyAnalytics/thirdPartyAnalytics.min.js, a tracker on Wix, one of the most popular website builder. IDK when they added frog.wix.com but it also had been not blacklisted - the domain was among the first family of my personal black list. As gorhil said, uBlock is not an ad-blocker but contents blocker. I believe 99% of people only draw less than half of its capability. It's a very advanced tool and I'm still on the way to learn how to use it. One thing which is beyond my current skill is how to bypass mobile Twitter page's initial popup.
NoScript new UI is terrible IMO. Thought version 5.x was much better. I also replaced NoScript in favor of uBO. You can also make uBO default-deny like NoScript by disabling JS globally and enable it on a per-site basis. uMatrix is another option or one could use both extensions. Even security guru S. Gibson gave up on NoScript and went to uBO. Anyway, I agree that NoScript is no longer needed IMO. NOTE: Tor browser does still contain NoScript as one of it's extensions. Like to see them drop NS and use a customized uBO instead.
Personally, I dont care about the tor browser or using it. But since you mention it, Have you wonder why, it is NoScript the contain blocker/script blocker they choosen to use? Bo
Because they haven't asked to Gorhill make a specific one for Tor? https://trac.torproject.org/projects/tor/ticket/17569 (Scroll down in the comments) Gorhill:"In any case, if *ever* there was a list of specific requirements, I will be willing to do the work for uBO to meet these requirements."
That was my point. They haven't asked and don't want to ask. You and other UBO users can push all you want, but they wont budge. The reasons why that is, are in the article you linked. Read it again, and don't be blind. Why cant we agree? both programs (UBO and NoScript) are great programs. Some prefer NoScript, others prefer UBO. I have no problem with that, why cant you feel the same way. Some of you UBO users are constantly knocking NoScript and trying to convince NS users that UBO is so much better. You don't see me doing that, in fact, you don't see any NoScript user doing it. I have a theory. Some of you guys are so insecure about your choice of using UBO over NS that to convince yourself that you are making the best choice, you feel the urge to knock NS and try to convince people to switch. Bo
@bo elam Have you ever used uBlock Origin at all (specifically it's dynamic filtering)? Everyone is free to use whatever add-on they want. But it appears to me that those that use NoScript are users that generally haven't bothered with other add-ons, while uBlock users are aware of NoScript and how it works.
Dont have to. I used NoScrit for over 10 and feel very comfortable using it. It ll be stupid for me to look at something else when I get exactly what I want out of NoScript. I said it before, in this thread also, it feels like Giorgo read my mind and designed NoScript to function based on my personal case use. NoScript is the perfect content blocker for me, no filters and I choose what to allow to run and what not to. I cant be any clearer than that. I agree, but I doubt you and some UBO users who are very vocal all over the internet, do actually believe that statement. You yourself (like them) is always wondering why why, why we like NoScript. You dont have to wonder why, just accept it. If the first part of the statement above is true, then perhaps what I wrote above about me personally, applies to a lot of old NoScript users. I am going to tell you something, you say, "....uBlock users are aware of NoScript and how it works". I think a lot of UBO users are indeed aware of how NoScript works. But I ll slso say this, I think, the vast majority of UBO users that call NoScript annoying and claim that NoScript breaks the internet are people who never got to the point of making sense of how NoScript works. Never putted the time to learn it. We have one guy in this thread who said he installed NoScript and uninstalled it after 2 hours. I am sorry, but you cant learn NoScipt in 2 hours. If you think the program is gonna make decisions for you on what to allow, what not to allow, what to white list or black list, then certainly NoScript is not for you. But please, don't call NoScript annoying or claim another program (that uses lists) is better when you only gave NoScript 2 hours. There is also a guy here at Widers who mocked me with giggles and emojis when some time ago, in another thread, I said that it took 6 months for NoScript to make sense. It took me 6 months to learn the program. When I started using it, I had no idea whatsoever what I was doing, but decided to use the program and learn it because I knew it was a great program. Learning it has paid off. After 6 months of using NoScript, all of the sudden, one day, out of the blue, it went Click in my head, and all started making sense. Learning NoScript is like learning to ride a bicycle. once you learn it, you don't forget it. That day, I became an advanced user. That was almost 10 years ago. This is why I know when I read you guys complains about NoScript, I know you never got to the point of becoming an advanced user, because if you had, you would know that NoScript is easy, doesnt break the internet and it works as is supposed to. Bo
Neither is superior to the other. Somewhat similar to selection of text editor - some moves to VSCode, others stay on Vim, but I never understand why it has to cause "religious war". I'll avoid to discuss the diff of 2 addons, that is OT. Instead I focus on general matter. As to security: type of threats sandboxing protects and blocking script protects are only partially overlapped. Sandboxing does not protect you from XSS, CSRF, ... , and Magecart style attacks which the probability you'll be affected is MUCH higher than malware or memory corruption. As to usability: I've seen many of ad-blocker users claiming "I haven't come across page breakage". I'll be surprised if that was true. Probably he came across, but just didn't realize it was caused by ad-blocker as the breakage by ad-blocker is often more on function, less on aesthetics: it's like a button doesn't work, or some image (not ads, contents ofc) aren't displayed while other images are. Lists like EL/EP grown too big so it's beyond the limit of human maintenance. Search for "/i?stm=" in EP, you'll find three entries despite the first one blocks all - there are other redundant rules in EL/EP I just don't remember (this is one reason more # of rules doesn't mean more blocking). So it's understandable AG has made their own TPL and also built optimized filters.
There was no uBO when NoScript came out. Tor devs used what was available and stuck with NoScript. If NS was replaced by uBO then it would have to be included by default in TBB package and most likely have to be configured the same for all users of Tor. That most likely has to be a decision made between Tor devs, Mozilla and Gorhill. My point being NoScript can be replaced with uBO (another option) if the user decides to make that choice. There are other extensions as well one can use. I was for many years a NoScript user on Windows with different browsers. Big difference between someone who has used both NS and uBO for a long time vs.someone who has not used uBO. Saying "don't have to" is really a poor excuse & has no defense.
I am sorry but I dont have to excuse myself for not wanting to try UBO. I have the right to use the program that best fits me, and dont have to give excuses that fit your standard. The mere fact that I love NoScript and dont care trying anything or switching, should be acceptable to you and you should be willing to accept that. Bo
My standard requires a willingness to try new things, whether it's an OS, a browser or yes even a browser extension like uBO. Far different than your standard. Yes everyone has the right to use whatever software they want that meets their needs. NS met my needs for the many years I used it until an alternative came along. Actually before uBO I used several other similar type extensions before, during an after using NS. Change can be good and there may come a time when I'll stop using uBO. Unfortunately some people are so set in their ways they won't even consider trying an alternative that may even be easier to use and get's similar results.
That's all it takes. Willingness to give uBO a try and compare it to NS. You can then better make a determination as to which one you prefer to use. In your case it's NS. I can respect that decision.
