info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
The end of NoScript? Is JavaScript now mandatory?
6 views
Skip to first unread message
Charlie Gibbs
Jul 9, 2021, 2:12:09 PM7/9/21
to
I'm running NoScript on my web browsers and have things
locked down pretty tightly. Lately, though, more and more
web sites have stopped working. It seems that JavaScript
has become so pervasive that any attempts to block it cause
many sites to fail. I use Seamonkey as my browser, since
I don't like the way the Firefox user interface has been
evolving - but more and more I find I have to grit my teeth
and fire up a copy of Firefox (to which I haven't added any
security options) in order to access sites that do (e.g.)
online billing.
From time to time I'll take a look at what NoScript is
doing, and the ubiquitous Google comes up all over the
place. I'm trying to opt out of the surveillance state -
is this becoming an impossible dream?
--
/~\ Charlie Gibbs | They don't understand Microsoft
\ / <cgi...@kltpzyxm.invalid> | has stolen their car and parked
X I'm really at ac.dekanfrus | a taxi in their driveway.
/ \ if you read it the right way. | -- Mayayana
locked down pretty tightly. Lately, though, more and more
web sites have stopped working. It seems that JavaScript
has become so pervasive that any attempts to block it cause
many sites to fail. I use Seamonkey as my browser, since
I don't like the way the Firefox user interface has been
evolving - but more and more I find I have to grit my teeth
and fire up a copy of Firefox (to which I haven't added any
security options) in order to access sites that do (e.g.)
online billing.
From time to time I'll take a look at what NoScript is
doing, and the ubiquitous Google comes up all over the
place. I'm trying to opt out of the surveillance state -
is this becoming an impossible dream?
--
/~\ Charlie Gibbs | They don't understand Microsoft
\ / <cgi...@kltpzyxm.invalid> | has stolen their car and parked
X I'm really at ac.dekanfrus | a taxi in their driveway.
/ \ if you read it the right way. | -- Mayayana
Grant Taylor
Jul 9, 2021, 4:12:20 PM7/9/21
to
On 7/9/21 12:11 PM, Charlie Gibbs wrote:
> I'm running NoScript on my web browsers and have things locked down
> pretty tightly....
> I'm running NoScript on my web browsers and have things locked down
>
> From time to time I'll take a look at what NoScript is doing, and
> the ubiquitous Google comes up all over the place. I'm trying to opt
> out of the surveillance state - is this becoming an impossible dream?
I use uBlock Origin and uMatrix in Firefox to do what I used to do with
> From time to time I'll take a look at what NoScript is doing, and
> the ubiquitous Google comes up all over the place. I'm trying to opt
> out of the surveillance state - is this becoming an impossible dream?
NoScript.
It's been many years since I last looked at NoScript. I have no idea
what it's current status is or how NS compares to uBO / uM. You might
give uBO / uM a look. They have options to allow specifying what 3rd
party site JavaScript can be run on in relation to the 1st party site
that you're visiting.
--
Grant. . . .
unix || die
Johnny
Jul 9, 2021, 4:26:55 PM7/9/21
to
On 9 Jul 2021 18:11:52 GMT
allow. There is one website I visit often, and there are 26 scripts
set to run when you visit the website. I only have to allow 3 to have
a fully functional website.
Have you tried Waterfox? MXlinux has it in its repositories. Or you
can download a .deb file and install it.
Charlie Gibbs <cgi...@kltpzyxm.invalid> wrote:
> I'm running NoScript on my web browsers and have things
> locked down pretty tightly. Lately, though, more and more
> web sites have stopped working. It seems that JavaScript
> has become so pervasive that any attempts to block it cause
> many sites to fail. I use Seamonkey as my browser, since
> I don't like the way the Firefox user interface has been
> evolving - but more and more I find I have to grit my teeth
> and fire up a copy of Firefox (to which I haven't added any
> security options) in order to access sites that do (e.g.)
> online billing.
>
> From time to time I'll take a look at what NoScript is
> doing, and the ubiquitous Google comes up all over the
> place. I'm trying to opt out of the surveillance state -
> is this becoming an impossible dream?
>
NoScript works fine for me. You just have to know which scripts to
> I'm running NoScript on my web browsers and have things
> locked down pretty tightly. Lately, though, more and more
> web sites have stopped working. It seems that JavaScript
> has become so pervasive that any attempts to block it cause
> many sites to fail. I use Seamonkey as my browser, since
> I don't like the way the Firefox user interface has been
> evolving - but more and more I find I have to grit my teeth
> and fire up a copy of Firefox (to which I haven't added any
> security options) in order to access sites that do (e.g.)
> online billing.
>
> From time to time I'll take a look at what NoScript is
> doing, and the ubiquitous Google comes up all over the
> place. I'm trying to opt out of the surveillance state -
> is this becoming an impossible dream?
>
allow. There is one website I visit often, and there are 26 scripts
set to run when you visit the website. I only have to allow 3 to have
a fully functional website.
Have you tried Waterfox? MXlinux has it in its repositories. Or you
can download a .deb file and install it.
Computer Nerd Kev
Jul 9, 2021, 10:26:46 PM7/9/21
to
Charlie Gibbs <cgi...@kltpzyxm.invalid> wrote:
> I'm running NoScript on my web browsers and have things
> locked down pretty tightly. Lately, though, more and more
> web sites have stopped working. It seems that JavaScript
> has become so pervasive that any attempts to block it cause
> many sites to fail. I use Seamonkey as my browser, since
> I don't like the way the Firefox user interface has been
> evolving - but more and more I find I have to grit my teeth
> and fire up a copy of Firefox (to which I haven't added any
> security options) in order to access sites that do (e.g.)
> online billing.
>
> From time to time I'll take a look at what NoScript is
> doing, and the ubiquitous Google comes up all over the
> place. I'm trying to opt out of the surveillance state -
> is this becoming an impossible dream?
Yes, in particular as soon a a site demands a Captcha, which nine
> I'm running NoScript on my web browsers and have things
> locked down pretty tightly. Lately, though, more and more
> web sites have stopped working. It seems that JavaScript
> has become so pervasive that any attempts to block it cause
> many sites to fail. I use Seamonkey as my browser, since
> I don't like the way the Firefox user interface has been
> evolving - but more and more I find I have to grit my teeth
> and fire up a copy of Firefox (to which I haven't added any
> security options) in order to access sites that do (e.g.)
> online billing.
>
> From time to time I'll take a look at what NoScript is
> doing, and the ubiquitous Google comes up all over the
> place. I'm trying to opt out of the surveillance state -
> is this becoming an impossible dream?
times out of ten is provided by Google these days, then you're
deliberately prevented from any means of getting through without
allowing Google scripts through (requires two reloads - as NoScript
only discovers the second Google script that's required after you
temporarily allow the first one). At least it doesn't force you to
allow Google Analytics.
Short of the Captcha case, it is sometimes possible to get around
script requirements by inspecting the source code, or simply viewing
the page without CSS which might uncover lots of hidden text and/or
links. I still have lots and lots of exemptions set in my NoScript
configuration though, plus those like Google that I regularly have
to allow through on a temporary basis for certain sites.
Then you've got some sites where the JS doesn't work in Firefox
even without extra privacy settings and add-ons. Sometimes those
sites still work in the last pre-Quantum Firefox ESR release.
Without denying that there are useful applications for it (only
a small percentage of what it gets used for, mind you), I wish that
client-side scripting had never been invented.
--
__ __
#_ < |\| |< _#
NSquared
Jul 9, 2021, 11:22:14 PM7/9/21
to
I NoScript everything - and only manually allow
a handful of scripts. Makes some pages pretty ugly,
but usually still usable. IMHO, people should block
as many scripts as they can possibly get away with.
Equally annoying these days - those "We Use Cookies"
notices that block half the screen. No, I won't let
you use cookies ! uBlock gets rid of such trash for
the moment.
Final straw. use a hyper-minimalistic browser that
doesn't run scripts at all. If you can't use a site
then it doesn't deserve your patronage. Most of the
time you can find whatever elsewhere anyhow ... at
less intrusive locations.
a handful of scripts. Makes some pages pretty ugly,
but usually still usable. IMHO, people should block
as many scripts as they can possibly get away with.
Equally annoying these days - those "We Use Cookies"
notices that block half the screen. No, I won't let
you use cookies ! uBlock gets rid of such trash for
the moment.
Final straw. use a hyper-minimalistic browser that
doesn't run scripts at all. If you can't use a site
then it doesn't deserve your patronage. Most of the
time you can find whatever elsewhere anyhow ... at
less intrusive locations.
Andreas Kohlbach
Jul 10, 2021, 4:38:59 AM7/10/21
to
On 9 Jul 2021 18:11:52 GMT, Charlie Gibbs wrote:
>
> I'm running NoScript on my web browsers and have things
> locked down pretty tightly. Lately, though, more and more
> web sites have stopped working. It seems that JavaScript
> has become so pervasive that any attempts to block it cause
> many sites to fail. I use Seamonkey as my browser, since
> I don't like the way the Firefox user interface has been
> evolving - but more and more I find I have to grit my teeth
> and fire up a copy of Firefox (to which I haven't added any
> security options) in order to access sites that do (e.g.)
> online billing.
>
> From time to time I'll take a look at what NoScript is
> doing, and the ubiquitous Google comes up all over the
> place. I'm trying to opt out of the surveillance state -
> is this becoming an impossible dream?
Using a system wide ad-proxy here. No need to deal with NoScript, uBlock
>
> I'm running NoScript on my web browsers and have things
> locked down pretty tightly. Lately, though, more and more
> web sites have stopped working. It seems that JavaScript
> has become so pervasive that any attempts to block it cause
> many sites to fail. I use Seamonkey as my browser, since
> I don't like the way the Firefox user interface has been
> evolving - but more and more I find I have to grit my teeth
> and fire up a copy of Firefox (to which I haven't added any
> security options) in order to access sites that do (e.g.)
> online billing.
>
> From time to time I'll take a look at what NoScript is
> doing, and the ubiquitous Google comes up all over the
> place. I'm trying to opt out of the surveillance state -
> is this becoming an impossible dream?
and such - and not various variants of them for the four browsers I use.
Most pages work. If not it's usually f**k it and I move on. But if the
page is important I can deactivate the use of the proxy with two clicks.
Am using this proxy for more than a decade and am happy not to need to
deal with add-ons.
Running the same proxy in a second process on a different port. This
serves the web through Tor.
--
Andreas
PGP fingerprint 952B0A9F12C2FD6C9F7E68DAA9C2EA89D1A370E0
Michael Uplawski
Jul 10, 2021, 6:33:19 AM7/10/21
to
Good afternoon.
Like most of the other contributors I am fine with NoScript and tend to
deliberately allow very few routines on selected web-sites.
It is of course a difficulty that web-site authors impose on us, to know
which script is acceptable. I cannot know this in all cases. But the
situation has not changed much since I use NoScript.
Whereas I do not like to talk about *my* uses of NoScript and the few
Web-Sites *I* use to visit frequently, when the topic is just
“NoScript”, it is however my opinion, that the so-called web-designers
nowadays see constraints where there are none or have to submit to
tendencies which I do not understand, personally.
In Consequence, I can content with blocking permanently the same ol'
range of well-meaning scripts from doubleclick, outbrain, abtasty and a
bunch of others. This is not “total security” but spares me a lot of trouble.
NoScript does probably not have a problem. In my Web-environment, it is
mainly the public services who have the problem to lack money. Their
Web-sites are, as a direct consequence, created by the wrong people with
the wrong audience and objectives in mind.
Stopping the Web would not even suffice to raise the quality of some
sevice. I cannot blame NoScript for that.
Cheerio
Michael
--
Le progrès, ce n'est pas l'acquisition de biens. C'est l'élévation de
l'individu, son émancipation, sa compréhension du monde. Et pour ça il
faut du temps pour lire, s'instruire, se consacrer aux autres.
(Christiane Taubira)
Like most of the other contributors I am fine with NoScript and tend to
deliberately allow very few routines on selected web-sites.
It is of course a difficulty that web-site authors impose on us, to know
which script is acceptable. I cannot know this in all cases. But the
situation has not changed much since I use NoScript.
Whereas I do not like to talk about *my* uses of NoScript and the few
Web-Sites *I* use to visit frequently, when the topic is just
“NoScript”, it is however my opinion, that the so-called web-designers
nowadays see constraints where there are none or have to submit to
tendencies which I do not understand, personally.
In Consequence, I can content with blocking permanently the same ol'
range of well-meaning scripts from doubleclick, outbrain, abtasty and a
bunch of others. This is not “total security” but spares me a lot of trouble.
NoScript does probably not have a problem. In my Web-environment, it is
mainly the public services who have the problem to lack money. Their
Web-sites are, as a direct consequence, created by the wrong people with
the wrong audience and objectives in mind.
Stopping the Web would not even suffice to raise the quality of some
sevice. I cannot blame NoScript for that.
Cheerio
Michael
--
Le progrès, ce n'est pas l'acquisition de biens. C'est l'élévation de
l'individu, son émancipation, sa compréhension du monde. Et pour ça il
faut du temps pour lire, s'instruire, se consacrer aux autres.
(Christiane Taubira)
Nomen Nescio
Jul 10, 2021, 10:30:05 AM7/10/21
to
Charlie Gibbs <cgi...@kltpzyxm.invalid> [CG]:
CG> It seems that JavaScript has become so pervasive that any
CG> attempts to block it cause many sites to fail
That's because the HTML code understood by your browser is
created locally on the fly (by running some javascript code
on some boilerplate), instead of being served directly by the web server.
It is certainly bad with respect to privacy but has certain advantages:
- for DB report type of web pages the data shuttled between server
and browser can be significantly less
- by serving just the static part of the web pages the web
presents a smaller attack surface (Their dynamic part is created
locally, hence any bugs/malicious code will crash your web browser and
not the web server)
CG> It seems that JavaScript has become so pervasive that any
CG> attempts to block it cause many sites to fail
That's because the HTML code understood by your browser is
created locally on the fly (by running some javascript code
on some boilerplate), instead of being served directly by the web server.
It is certainly bad with respect to privacy but has certain advantages:
- for DB report type of web pages the data shuttled between server
and browser can be significantly less
- by serving just the static part of the web pages the web
presents a smaller attack surface (Their dynamic part is created
locally, hence any bugs/malicious code will crash your web browser and
not the web server)
0 new messages