Slashdot Mirror

← Back to Domains

Domain: noscript.net

Stories and comments across the archive that link to noscript.net.

Comments · 347

  1. Re:Cool web site by cffrost · · Score: 3, Informative · on Federal Judge Dismisses Movie Piracy Complaint

    It sounds like you accidentally failed to install NoScript.

  2. Still on Firefox 8... by Xenolith0 · · Score: 2 · on Firefox 21 Arrives

    Since Firefox has started their crazy version numbering, I've given up on upgrading. I use 27 different addons and perfectly configured to make my web browser do what I want. It is near impossible to do an upgrade without spending hours reconfiguring the addons, some of which need to be manually downloaded and have their "MaxVersion" incremented so they will install. Maybe in 6 more months when we reach Firefox 50 I'll give it a try, but until then. Firefox 8 all the way!

    Application: Firefox 8.0 (20111104165243)
    Total number of items: 27

    - Active Stop Button 1.4.10
    https://addons.mozilla.org/firefox/addon/active-stop-button/
    - Adblock Plus 1.3.10
    http://adblockplus.org/en/
    - BetterPrivacy 1.68
    http://nc.ddns.us/extensions.html
    - ColorfulTabs 7.1
    http://www.binaryturf.com/free-software/colorfultabs-for-firefox/
    - Cookie Monster 1.1.0
    https://addons.mozilla.org/en-US/firefox/addon/cookie-monster/?src=api
    - Copy Link Name 1.3.2
    http://www.captaincaveman.nl/
    - Download Statusbar 0.9.10
    http://downloadstatusbarapp.com/
    - DownloadHelper 4.9.14
    http://www.downloadhelper.net/
    - DownThemAll! 2.0.8
    http://downthemall.net/
    - Export Cookies 1.2
    https://addons.mozilla.org/en-US/firefox/addon/export-cookies/?src=api
    - Find Toolbar Tweaks 3.0.0
    http://homepage3.nifty.com/georgei/extension/ftt_en.html
    - Firebug 1.8.4
    http://www.getfirebug.com/
    - Greasemonkey 0.9.13
    http://www.greasespot.net/
    - HeaderControlRevived 1.1
    https://addons.mozilla.org/en-US/firefox/addon/headercontrolrevived/?src=api
    - Hide Caption Titlebar Plus 2.4.1
    https://addons.mozilla.org/firefox/addon/13505/
    - Menu Editor 1.2.7
    http://menueditor.mozdev.org/
    - Movable Firefox Button 1.4
    https://addons.mozilla.org/en-US/firefox/addon/movable-firefox-button/
    - NoScript 2.1.7
    http://noscript.net/
    - OptimizeGoogle 0.78.2
    http://www.optimizegoogle.com/
    - RequestPolicy 0.5.27
    http://www.requestpolicy.com/
    - Screen Capture Elite 2.0.0.23
    http://www.grizzlyape.com/
    - Searchbastard 1.5.5
    http://searchbastard.rosell.dk/
    - SkipScreen 0.6.1.2

  3. Re:Google hates privacy by Synerg1y · · Score: 2 · on Google, Apple Lead Massive List of Companies Supporting CISPA

    How about I link you to a google free internet experience instead?

    http://noscript.net/

  4. Re:ROLLOVER AD by daem0n1x · · Score: 1 · on DARPA Tackles Machine Learning

    What

    ads?

  5. Re:Java and flash... by TwilightXaos · · Score: 1 · on Apple Nabs Java Exploit That Bypassed Disabled Plugin

    http://noscript.net/

    Maybe.

  6. Re:Slow news day? by Giorgio+Maone · · Score: 1 · on A Few Improvements for Firefox's Android UI

    ... and NoScript.

  7. Re:Why isn't there a whitelist-only mode? by bcrowell · · Score: 1 · on Security Expert Says Java Vulnerability Could Take Years To Fix, Despite Patch

    http://noscript.net/faq#qa1_3

    http://forums.mozillazine.org/viewtopic.php?p=1586359&highlight=flashblock+noscript#1586359

    http://flashblock.mozdev.org/faq.html#fbNojavascript

    But anyway I think the real problem with noscript is the untrustworthy behavior of its author.

  8. Re:Getting worse and worse by Synerg1y · · Score: 1 · on Making Earbuds That Fit (Video)

    Let's approach that from the other angle... most slashdot users aren't competent enough to figure out how to block the video: here's one of a thousand methods: NoScript. I do agree though, most of the videos aren't worth watching, so another option is rather than stop publishing videos, stop publishing shitty videos, I can sympathize with that.

  9. JavaScript is wonderful for exploits by Anonymous Coward · · Score: 0 · on Why JavaScript Is the New Perl

    Because all of you lusers have your browser running all my JS.

    Get informed http://noscript.net/

  10. Google safe browsing diagnostic page by INowRegretThesePosts · · Score: 1 · on Ask Slashdot: Actual Best-in-Show For Free Anti Virus?

    I was auditing my Noscript whitelist. For every domain in the whitelist, I checked the Noscript page on it - such as http://noscript.net/about/test.com;test.com.

    I am puzzled by the Google Safe Browsing Diagnostic results. It yields worrying results for a lot of domains that are listed as safe by all the other tools.
    For example, see http://www.google.com/safebrowsing/diagnostic?site=gmodules.com

    What am I supposed to do? It seems that every other domain (including important domains like gmodules.com) has acted as an intermediary resulting in further distribution of malware! Should I block them all (excluding some very essential ones)?

  11. Fuck JavaScript by Anonymous Coward · · Score: 0 · on W3C Group Proposed To Safeguard User Agent State Privacy

    http://noscript.net/

  12. Re:Blah by Baseclass · · Score: 2 · on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux

    NoScript

  13. Re:Distrust by Anonymous Coward · · Score: 3, Informative · on Google Files Antitrust Complaint Against Microsoft, Nokia

    It takes an unreasonably large amount of technical prowess to actually eradicate all of Google's tendrils.

    DuckDuckGo, NoScript, and OpenPGP?

    What am I missing? A robots.txt file?

  14. Re:Java sucks by MadMaverick9 · · Score: 1 · on New Targeted Mac OS X Trojan Requires No User Interaction

    If the browser plugin IS enabled, then by default it should work only on explicitly whitelisted sites or domains

    http://noscript.net/faq#qa1_8

    the NoScript add-on for Firefox already does exactly this.

  15. HTTP Policies by improfane · · Score: 1 · on Some Hotspot Operators Secretly Intercept, Insert Ads In Web Pages

    This is why websites need to publish policy files a bit like ABE (Application Boundaries Enforcer). This would mean that a website would publish what resources that site can request and destinations that are not in that policy are not loaded. Unfortunately if they can intercept anything that you are served then the injector can just modify the policy file too. Perhaps signed policy file could solve this?

    Does anyone know if SSL solves the problem? Can a malicious endpoint act as a proxy so the SSL connection is between the endpoint and the real site and then serve you a different SSL certificate with the adverts included. (Although I doubt they can make a certificate look like the legitimate website.) Alternatively they could just drop everything down to HTTP...

    (Although the guy who wrote ABE/NoScript should be considered in caution because of what he did to NoScript users in the past. He deliberately removed NoScript blocks for his own website so he could raise money on his plugin update page that opens after updates.)

  16. Re:Only a partial list by Giorgio+Maone · · Score: 2 · on Websites Can Detect What Chrome Extensions You've Installed

    You might be interested in this: http://noscript.net/misc/scriptno-detector/

  17. Aehm (Re:The hack doesn't work for me.) by Giorgio+Maone · · Score: 2 · on Websites Can Detect What Chrome Extensions You've Installed
    Ouch: http://noscript.net/misc/notscripts-detector.html

    Disclaimer: the original (and only) NoScript can be detected as well, but at least you couldn't be notified by a JavaScript alert() box on a page where JavaScript isn't supposed to run ;)

  18. Re:Maybe... by Anonymous Coward · · Score: 0 · on German Government Endorses Chrome As Most Secure Browser

    Dude, NoScript.

  19. Re:Excuse me, but you just don't make sense ! by icebraining · · Score: 1 · on Twitter Comes Out Swinging Against Google's Personalized Search

    If you don't want Javascript, why don't you block it?

  20. Re:You can opt out by Anonymous Coward · · Score: 0 · on EU Targets Facebook's Ad System

    Or you can put these lines of code in the ABE module that comes with NoScript (options - advanced):

    # This one allows Facebook scripts and objects to be included only
    # from Facebook pages
    Site .facebook.com .fbcdn.net
    Accept from .facebook.com .fbcdn.net
    Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

    see http://noscript.net/abe/

  21. Re:A shout out to RequestPolicy by icebraining · · Score: 1 · on NoScript For Android Devices Released

    That FAQ is outdated. NoScript as XSS and CSRF protection, and ABE (included in NS) can block by default all cross-site requests too and allow only those you trust.

  22. Re:Duh. The sites themselves have no security. by L4t3r4lu5 · · Score: 1 · on The State of Hacked Accounts

    Analytics script? What's that?

    http://noscript.net/ If it's not from the trusted domain, it doesn't get run. Ever.

  23. Protection is already available by geekprime · · Score: 3, Informative · on To Stop BEAST, Mozilla Developer Proposes Blocking Java Framework

    I have been using noscript http://noscript.net/ for years. Paste from thier page,
    ----------------------
    The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.

    NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...

    You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.
    ----------------------

    I have always thought that a white list approach was the best for anything as powerful as java & javascript, either one is essentially running someone else's unknown programs on your machine there may be a "sandbox" now but I really don't know how secure that is either

  24. Re:This Woman Doesn't Give Two Fucks About "Behavi by plover · · Score: 1 · on Facebook Exec: Online Anonymity Must Go Away

    Yay Ghostery and NoScript!

  25. It can be blocked easily.. by Anonymous Coward · · Score: 0 · on Researchers Expose Tracking Service That Can't Be Dodged

    Quote from the KISSmetrics how it works section: "When a person visits a site that is using the KISSmetrics Javascript API, two javascripts are loaded".

    Guess what? My SeaMonkey browser is using the NoScript plugin. This prevents the initial execution of java applets, javascript, flash and so on.

    So if I want to opt out from this completely (just like I did with Google analytics) I simply tell NoScript to distrust anything from kissmetrics.com. Just like I did for google-analytics.com. Happy tracking!

    How these researchers managed to come up with "it cannot be evaded" while immediately mentioning the AdBlock plugin in the same section is way beyond me.

  26. Vidalia/Tor by Anonymous Coward · · Score: 0 · on House Panel Approves Bill Forcing ISPs To Log Users

    This is the best solution I have found so far:

    1.) Install Vidalia: http://www.torproject.org/

    2.) Install NoScript: http://noscript.net/ (Ghostery may be ok - but I'm not too familiar). This blocks Flash, Javascript, etc - but you can selectively enable certain content.

    3.) Install the EFF's HTTPS Everywhere plugin: http://www.eff.org/https-everywhere
    This will default sites like Google to use the SSL version of their pages if is possible - with Tor Exit Nodes being possibly monitored, SSL is your friend.

    4.) Use AdBlock Plus: http://adblockplus.org/
    This reduces unnecessary traffic through Tor (banner ads, etc).

    Run your browser in Private Browsing mode as well and keep you History clean. Firefox has an option to clear this every time you exit. Tools to keep other things clear (Bleachbit on Linux and C-Cleaner on Windows never hurt)

    If you are super-duper paranoid, you can use a Full Disk Encryption suite like Truecrypt: http://www.truecrypt.org/

    Just make sure to pick a good passphrase (26+ characters) and keep your computer shutdown when you are not around it.

    If you want to help out with Tor like me, I donated a share of my bandwidth to run a Tor Relay: https://www.torproject.org/docs/tor-doc-relay.html.en

    PS I also change my IP address randomly every few weeks Simply changing your MAC address, hostname and then resetting your hardware will do this. Most ISPs do not retain data beyond 6mos so this also doesn't hurt.

    PPS Fuck the police (with a cactus).

  27. Re:One page by just_another_sean · · Score: 1 · on Making Sense of the NoSQL Standouts

    I do use adblock, and noscript, but not everyone does and the main reason I prefer these links was stated in my subject, one page.

  28. Re:Why I don't use NoScript by ColdWetDog · · Score: 1 · on NoScript Awarded $10,000

    [ 0]Though its insistence on opening up the homepage twice a week lately on minor updates is becoming a pet peeve.

    You can change this, but of course, you have to RTFM to discover that. The horrors....

  29. Re:Did they also get a grant... by Anonymous Coward · · Score: 1 · on NoScript Awarded $10,000

    (well, all once he adds support for Firefox Mobile.)

    NoScript 3 alpha for Mobile here

  30. Re:web 101: don't run unknown javascripts by AnnaZed · · Score: 1 · on Poisoned Google Image Searches Becoming a Problem

    I am going to have the second that. After reading this post I installed the NoScript add-on yesterday even though I haven't actually had any problems. I have seen potentially toxic links in Google image searches (and in regular searches as well) but they are pretty easy to identify so I just didn't follow them from the search page. Anyway, 24 hours of NoScript was enough of that (thank you very much). I have to do internet searches for work and monkeying around with that thing would (literally) make the task take up to three times longer. With NoScript what you get is what someone upthread called "an ugly broken thing." I don't have the time or the patience to click through the many options that NoScript offers for each and every page. While it is interesting how much crazy script there is out there in the world attempting to control each and every incidence of it by hand is absurd. Incidentally, I found the uninstall instructions on the NoScript help page http://noscript.net/faq#qa2_3 where they basically call you an idiot for uninstalling their obnoxious, time consuming and esthetically unappealing add-on to be a bit insulting; not to mention that the NoScript home page itself is studded with script and looks like something from 1991. NoThanks

  31. a couple add ons that help by d6 · · Score: 5, Insightful · on Poisoned Google Image Searches Becoming a Problem

    I surf with requestpolicy and noscript up. It is utterly amazing the number of websites that can't render a page without firing scripts or loading content from 6, 8, 10 or more different domains.
    If you haven't tried these, do it and be amazed at how many sites load without stylesheets, pictures etc. It's amazing how badly shit is implemented - zero thought about graceful degradation.

    no script
    requestpolicy

  32. Re:Facebook opt-out by VortexCortex · · Score: 1 · on Google/Facebook: Do-Not-Track Threatens CA Economy

    To riff on your post - there are firefox addons that significantly reduce, if not outright kill, these cookie-less tracking techniques. Given your knowledge of the problem, I think you are aware of the addons, but for anyone else reading along who wants to start to take control back themselves rather than rely on the political process to come up with a "compromise":

    noscript - http://noscript.net/

    Yes, Noscript is very useful -- In fact, it implements the very "DNT:1" HTTP header that I mentioned -- Firefox4 does (my build does, not sure if all Firefox4 versions do, but the current trunk & nightly builds do. Microsoft has said that IE9 will support the anti-tracking header. Google chrome of course will not -- and that my friend's is why I don't use chrome (I have an ugly Chromium patch that adds this feature though!)

    Here's a PDF if you would like to read more about the DNT:1 header.

    ghostery - http://www.ghostery.com/ Ghostery specifically blocks when one page pulls in javascript and other "bugs" from those tracking sites. It will even give you a quick list of the trackers on each page when it loads.

    I use noscript with most, but not quite all, javascript blocked in conjunction with ghostery to keep guys like facebook and doubleclick/google from tracking me. Of course I block all cookies and do other things too, those two are just the most pertinent to the discussion.

    Of course, this doesn't keep the partners of Facebook and Google/doubleclick from tracking you. Imagine if slashdot and othe sites you visit were paid a small fee per line of their server logs -- No sort of client side solution will stop them from tracking you this way short of not using the web. (What if they partner with your ISP!?)

    Unfortunately legislation is the only answer -- Without any monetary penalties for ignoring our privacy demands, these companies will continue do just that.

    The DNT:1 header tells Slashdot and any 3rd party hosts that your user information should not be saved -- This nips the problem in the bud, as evidenced by the outcry of some of the largest web-tracking companies.... If it wouldn't work, they wouldn't care!

  33. Re:Facebook opt-out by Jah-Wren+Ryel · · Score: 1 · on Google/Facebook: Do-Not-Track Threatens CA Economy

    To riff on your post - there are firefox addons that significantly reduce, if not outright kill, these cookie-less tracking techniques. Given your knowledge of the problem, I think you are aware of the addons, but for anyone else reading along who wants to start to take control back themselves rather than rely on the political process to come up with a "compromise":

    noscript - http://noscript.net/
    Noscript is the heavy-hitter, with all of the settings turned up to the max, no javascript gets executed from any site and it won't even try to access those tracking sites like facebook and google analytics, much less pull in javascript code from them. But, running with that configuration can make the web a harsh and unlivable place due to all of the useful javascript that gets blocked too.

    ghostery - http://www.ghostery.com/
    Ghostery specifically blocks when one page pulls in javascript and other "bugs" from those tracking sites. It will even give you a quick list of the trackers on each page when it loads.

    I use noscript with most, but not quite all, javascript blocked in conjunction with ghostery to keep guys like facebook and doubleclick/google from tracking me. Of course I block all cookies and do other things too, those two are just the most pertinent to the discussion.

  34. Reminds me. I owe that guy money. by blair1q · · Score: 5, Interesting · on NoScript Anywhere In Development For Android

    NoScript is probably the most useful thing on my computer aside from the browser itself. And without it, I'd think the internet and by extension the browser were awful, so the probability is approaching unity.

    Time to donate to the cause.

  35. Re:Lighten the Load by MauganRa · · Score: 1 · on Ask Slashdot: Best Small-Footprint Modern Browser?

    As hinted out by http://noscript.net/faq#qa1_3 you actually should only install NoScript since it is also able to block flash.

  36. Re:No wonder. by psyclone · · Score: 1 · on Massive SQL Injection Attack Compromises 380K URLs

    Maybe you should try noscript to block unwanted 3rd party scripts.

  37. Re:NoScript? by AlienIntelligence · · Score: 1 · on First Look At Chrome 10

    I'm still waiting for NoScript, so I can use Chrome without being blasted with pop-unders and unwanted noisy video ads. Until then, I'll suffer the slowness of Firefox.

    http://www.google.com/search?aq=2&oq=proxo&sourceid=chrome&ie=UTF-8&q=proxomitron

    or

    http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=privoxy

    -AI

  38. NoScript? by AnotherScratchMonkey · · Score: 3, Insightful · on First Look At Chrome 10

    I'm still waiting for NoScript, so I can use Chrome without being blasted with pop-unders and unwanted noisy video ads. Until then, I'll suffer the slowness of Firefox.

  39. Re:Classic Discussion System (D1)? by Anonymous Coward · · Score: 0 · on Slashdot Launches Re-Design

    As far as I can tell, there's not actually a link to it anywhere on the site

    There is, if you install NoScript or similar. Then, you will get a helpful suggestion to switch to classic, with exactly the link you posted.

  40. Re:I laughed, but... by d6 · · Score: 1 · on Auto Incorrect

    Ad Block No script fix the problem nicely.
    Not sure what add-on gets rid of "stories" like this. Did anyone else think "paid link" once the site loaded?

  41. Re:There's only one upgrade needed for Google by Yvanhoe · · Score: 1 · on Google Give Searchers 'Instant Previews' of Result Pages

    http://noscript.net/
    Just block google.

  42. NoScript to rescue? by Anonymous Coward · · Score: 0 · on How To Protect Against Firesheep Attacks
    [disclaimer]
    Posting anon as I'm not sure if I know what I'm talking about. Please be gentle with flamthrowers...
    [/disclaimer]

    If I've understood correctly what the firesheep is taking advantage of and what NoScript HTTPS FAQ states, then NoScript will offer protection against this vulnerability.
    Quote from the FAQ http://noscript.net/faq#qa6_4

    Q: What can NoScript do against HTTPS cookie hijacking?
    A: HTTPS cookie hijacking happens when a site sets sensitive cookies (e.g. those identifying authenticated sessions) over HTTPS connections but "forgets" to flag them as "Secure". This means that subsequent unencrypted (non-HTTPS) requests for the same site will leak the session cookies away, even if you logged in securely. NoScript provides means to mitigate this issue, configurable in NoScript Options|Advanced|HTTPS|Cookies. If Enable Automatic Secure Cookies Management is checked, NoScript will try to "patch" insecure cookies set by HTTPS sites on the fly:

    1. If the site matches the "Ignore unsafe cookies..." pattern list, NoScript lets its cookies pass through untouched
    2. If the site matches the "Force encryption for all the cookies..." pattern list, NoScript appends a ";Secure" flag to every non-secure cookie set by this response
    3. Otherwise, NoScript just logs unsafe cookies BUT if no secure cookie is set in a HTTPS transaction setting other (unsafe) cookies, NoScript patches all these cookies with ";Secure" like in #2. However, if a navigation from an encrypted to a non-encrypted part of the same site (i.e. sharing the same cookies) happens in the same tab, NoScript removes its ";Secure" patch to ensure compatibility. When it happens, this event is logged to the Error Console, along with a recommendation to try forcing HTTPS by listing this site in the HTTPS|Behavior|Force section.

  43. AdBlock Plus or something similar by ChipMonk · · Score: 1 · on Adobe Releases Its Own HTML5 Video Player

    If your browser, or a plugin for it, doesn't support blocking Flash, then you need a new browser.

  44. Re:how about just flipping the damn default? by lonecrow · · Score: 1 · on New Tool Blocks Downloads From Malicious Sites

    noscript. Don't leave your LAN with out it.

  45. Re:I'm back in. by Anonymous Coward · · Score: 1, Informative · on Facebook Is Down

    Oh, so you didnt notice all those advertising scripts running in the background on slashtot?

    What advertising scripts?

  46. Re:Staged Photo by Anarki2004 · · Score: 1 · on 'Old School' Arcade Still Popular In NYC

    I think this is better Obviously not work friendly. I also suggest using something like No Script while visiting this place. Not for the squeamish.

  47. Re:Chrome does NOT have NoScript by icebraining · · Score: 2, Interesting · on Google Chrome Now Has Resource-Blocking Adblock

    Used for this, RequestPolicy is vastly superior than NoScript.

    http://noscript.net/abe/

  48. Re:Uh, not really by ewhac · · Score: 4, Insightful · on Google Chrome Now Has Resource-Blocking Adblock

    Every reason people used to give in favor of Firefox now applies to Chrome, times ten.

    Incorrect. Chrome can't run NoScript.

    And before you say, "Chrome lets you control JavaScript execution, blah blah blah," yes it does at a very coarse level. NoScript is much more fine-grained, and provides substitute scripts for sites that "need" to run crap from google-analytics et al.

    It looks like this functionality may bring NoScript that much closer to Chrome.

    Schwab

  49. Re:Evolution of an exploit by icebraining · · Score: 1 · on YouTube Hit By HTML Injection Vulnerability

    Then you should contact him to update the FAQ, because it says nothing about Youtube.

  50. I feel happier with NoScript by improfane · · Score: 1 · on Google Shares Insights On Accelerating Web Sites

    I think Lynx is the wrong example to use, as it does not have Javascript.

    Run Internet Explorer for a few days. Go to the sites you go to now currently and see how unresponsive they are:

    Enjoy the flash adverts sucking up your CPU.
    Enjoy the diet and belly fat banners
    Enjoy the and accordion and menu animations
    Enjoy the Google Analytics loading
    Enjoy the updating banner ads
    Enjoy loading Prototype/jQuery/Google Ads again and again for every site you go to
    Enjoy vibrant media in-text adverts.
    Enjoy some of the sneaky popunders and fake virus warnings
    I recommend the no-Javascript experience to anyone.

    Load up with RequestPolicy, NoScript and AdBlocker Plus and you're sorted for hiding the crap you don't want to see. The AdBlocker is a way to block the stuff you accidentally let through with RequestPolicy.

    As to the content producers, say escapist magazine, screw them. They obviously forgot about me when accepting that cheque from selling out. You don't block or try counter adblockers. It's my computer, my bandwidth.