Other > Non-Avast security products
Pale Moon NoScript 'crisis'
polonus:
Read: https://forum.palemoon.org/viewtopic.php?t=17619
Scripts can import all sort of functionality into a browser, but they are also easily abused by malcreants to inject all sorts of malcode into your browser. This is where the crisis stems from NoScript has now being blacklisted and is being blocked as an extension, while it apparently breaks webpages (in the hands of the uninformed and non-tech-savvy).
This means a victory for the general dumbed down click-sh**ple, facebook's Mr. M.Z. is so fond of, his dumb f-word+s!
We have the following dilemma: Blocking scripts creates disfunctionality, allowing (all) threats and risks.
For the non-tech-savvy the in between is no option. Who looks under the *hood aka in the browser developer's console can see what (s)he/it blocks or not (but it only seems polonus and a few other's are capable of deciding what to block and what not).
This is one part of the story, the other is it conflicts with the demands of Big Silicon Valley Tech firms ad-launching circus and Deep State Surveillance, so root it out, block it, make it no longer available, much of that seen also in the Russian Federation now with encrypted chat-apps being officially blocked. The going gets narrow, Internet freedom and your last vestiges of privacy are at stake.
Is everybody blind to what is happening? (info credits go to security dot nl's Aha)
polonus
DavidR:
Well NoScript had previously shot itself in the foot, by adding a great number of sites to load scripts in their default allow list/s and this apparently was more revenue related than not an issue.
At that point many dropped NoScript in favour of uBlock Origin.
With all ad blockers there is an overhead, the user really has to be in control (time and hassle) of what is allowed and what should remain blocked and not just allow all. If they are going to do that, then there is little point in having an ad blocker.
Also, should users go the extra step and control 3rd party site access, Request Policy (of old) and uMatrix. In combination with ad blockers, these can but a crimp in the bad guys activities. But it also puts a load on the user in what they allow and as mentioned these ad-ons can break site layout when scripts can't format the layout or import content.
However, when a browser developer effectively blocks the use of ad blockers just because they could break some site code (by not allowing it to run), this should be (IMHO) an informed choice for the user and not browser developers.
Asyn:
Hi guys, I only had a quick look at the PM thread, but it seems they just say that they won't provide support for NS issues.
IMO, that's OK, as it's an add-on after all and has its own support forum (https://forums.informaction.com/viewforum.php?f=3).
--- Quote from: DavidR on May 12, 2018, 01:21:09 PM ---Well NoScript had previously shot itself in the foot, by adding a great number of sites to load scripts in their default allow list/s and this apparently was more revenue related than not an issue. At that point many dropped NoScript in favour of uBlock Origin.
--- End quote ---
Hi Dave, are you mixing up NS with ABP..!? ;)
DavidR:
--- Quote from: Asyn on May 12, 2018, 04:32:46 PM ---<snip>
--- Quote from: DavidR on May 12, 2018, 01:21:09 PM ---Well NoScript had previously shot itself in the foot, by adding a great number of sites to load scripts in their default allow list/s and this apparently was more revenue related than not an issue. At that point many dropped NoScript in favour of uBlock Origin.
--- End quote ---
Hi Dave, are you mixing up NS with ABP..!? ;)
--- End quote ---
That is quite a possibility, as I no longer have NoScript or ABP, which is probably where the confusion reigns. Mozilla has stopped the Legacy extensions/add-ons in the regular FF release stream, I couldn't see any point in keeping it in the FF ESR builds when I have Synchronise Now in my Firefox browser settings.
polonus:
As an alternative in Iridium for instance I now run uMatrix x uBlock origin (with special lists) x new Privacy Possum x Block Referer extensions, on Android I run mask and Brave browser (to cull unwanted ads and scripts) and regularly delete all of the Android browser cache and memory through the general settings.
But the going gets narrower all the time! We have been manipulated into a position where we have to competely fence for ourselves.
(The same as with original av no longer is protecting against all modern hacker attacks (white, grey, black hackers and state sp**ks and state actors). You are constantly in an "after the facts" position and lucky not to trod on a zero-day or non-documented state spyware or being under drag-net surveillance.
What did not help either was the identical browser engines for all major browser's mono-culture and developers going more and more for "single page applications". Also with the smart TV, smartphone, notebook and laptop experience all becoming more and more identical & similar accross various platforms, it is all being taken out of the hands of the end-user and overseen and steered elsewhere into a certain direction, of which we can easily guess the outcome when you live in to-day's world. :D ;)
After doing away with WHOIS and working towards doing away with anything outside the non-public cloud (http, full e2e encryption), what will there be left of protection of our last vestiges of privacy and individuality?
polonus (volunteer website security analyst and website error-hunter)
Navigation
[0] Message Index
[#] Next page
Go to full version