Slashdot Mirror
NoScript Adds Subscriptions To Adblock Plus
hahiss writes "Apparently, NoScript has taken to adding its own whitelist updates to Adblock Plus — so that the ads on the NoScript page show up — without notifying users. (It is described on the NoScript addon page, however.) This was a part of the last update to NoScript. Wladimir Palant, the main developer of Adblock Plus, describes the situation in an informative blog post."
Update — 5/02 at 12:30 GMT by SS: Reader spyrochaete notes that "InformAction, makers of the NoScript extension for Firefox, have removed the recently introduced AdBlock exceptions which unblocked the revenue-producing ads on the NoScript homepage with little or no warning to the user. According to the changelog, InformAction pushed out an update specifically addressing this controversial decision 'permanently and with no questions asked.'"
Start a project that blocks ads that is funded by advertising on their website and donations.
Sounds real smart.
They have 3 AdSense ad units (the max) on their home page, a couple of small buttons and a set of sponsored links. The sponsored links also don't use the rel="nofollow" tag but I guess google doesn't penalize everyone for that or nobody has reported them.
Seriously, this is a business model that shoots itself in the foot.
Dual Opteron < $600
Little Snitch on the Mac, which helps you identify when apps 'phone home, itself 'phones home, and you can't block it using Little Snitch itself.
I like to call this the Communism trait, for the Party elite always manage to make themselves more equal than others.
(Moderators: this isn't an anti-communism or pro-capitalism post. An important part of growing up is knowing that ideals are merely the primary colours, and life requires a mixture.)
It is a useful tool, it shouldn't be too hard to strip out all the dodgy code and host it on another site.
i'm not so much concerned about what money who makes from what as I am as extensions, without ample notification, acting as malware against other software/extensions i have installed in order to make a buck. I moved to linux long ago b/c i was tired of having to run scans once a week. I switch to FF b/c i prefered a more secure browser (made even more secure by extensions). Now basically, this guy, has managed to get malware in both firefox and linux. Seriously, total douchebag move.
It's somehow okay now that an extension goes behind the users back and circumvents other plug-ins? Especially a plug-in that most users use presumably to protect themselves against malware and intrusive JavaScript driven ads?
I sure hope the community will step up and create a new open source plug-in that goes "back to the basics" (disable JavaScript per site + whitelist) and people ditch NoScript faster than you can say "WTF!"....
Apparently the NoScript developers (which is btw. the most obnoxious plug-in I currently have installed; re: updates...) heads have gotten a bit to big for their own good.
I can't wait to see the fallout from this one. Hopefully at the end NoScript in it's current form won't exist anymore!
Like many Slashdot users, I run both NoScript and AdBlock Plus.
Had NoScript asked me if I wanted to whitelist adds on their site (in my AdBlock preferences) to support NoScript development, I would have happily clicked "Yes."
As it is, I've left the NoScript whitelist intact in my AdBlock preferences, because I do want to support their development (NoScript leaves a comment in the AdBlock preferences indicating that this whitelist can be disabled easily). That said, I would have been much happier had my permission been asked!
Abe Simpson, is that you?
NoScript has no business injecting itself into the AdblockPlus-addon. PERIOD!
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
If I have ad blocking software installed, that means I don't want to see ads (unless I explicitly approve them).
If I have script blocking software installed, that means I don't want to run scripts (unless I explicitly approve them).
How difficult is that to understand?
I don't care if the Noscript developer relies on ads for revenue. If I have ad blocking software installed, I don't want to see ads, period.. that doesn't mean "except on noscript's site, of course!". If the Noscript developer doesn't like that, it's too fucking bad.
This behaviour is disgraceful, and Noscript should be blocked by Mozilla (is this possible? Or, at least, not hosted on their site..) because at this point, it's clearly malware.
I am the maverick of Slashdot
NoScript will no longer be permitted on any of my computers, period. This is unacceptable behavior. If I'd payed for the addon, I'd be demanding a refund. As it is, all I can do is try to take back the favorable word-of-mouth I've been giving the author, and try to find a version without the invasive behavior.
Just another "DOJ fascist authoritarian totalitarian bootlicker" -- Zeio
For some time now, I have been getting more and more annoyed with the regularity of NoScript updates, especially as it would ALWAYS open the home page after every update, this is after the nuisance of me already having been asked to restart Firefox for the addon update.
Now it makes sense, they clearly artificially make this happen just for adrevenue. The addon probably doesn't even need that many updates.
Anyway, even though I know I can change the option to not go to the homepage after each update, I am tired of having to restart Firefox once a week for software which is for the most part adware. I barely use noscript, except on 1 site, I'll wait for someone else to make an addon which doesn't piss me off, or simply tolerate the minor annoyance of that one site.
As for the real world security benefits of noscript, they are questionable at best. If a website codes itself so it needs javascript, one would likely turn on noscript, and then the website could run malicious code.
Sure you may not be bothered by some ads on their site, but it's a slippery slope they should avoid. Users place their trust in add-ons like AdPlus and NoScript when they allow a third party to filter content. They proved they're willing to cross the line for a few dollars in ad revenue. What would they do for a significant amount of money?
This is an exact example of why it's so important for source code to be freely viewed. The OSS model works - this demonstrates why and how. When developers are motivated by the wrong sources and use unethical means for obtaining their ends, users can be made aware of their digressions. Good work by the Adblock team.
I have left slashdot and am now on Soylent News. FUCK YOU DICE.
The bottom line is: don't install untrusted extensions.
It was always a risk.
By the way, you now know never to trust NoScript, and to warn anyone who tells you they're using it.
I find it incredibly ironic that two ad blockers are at war with each other over blocking ads that support their service. I hope this isn't a preview of what's to come if the use of ad blocking software becomes widespread.
A Magic the Gathering Article and Forum Aggregator
"I must admit I don't have much expertise in this area. I've never used either Adblock or Noscript."
You should have stopped right there.
"(If I recall correctly)"
"Of course that's just how I remember the whole thing. I never visit the AdBlock Plus page and I am deliberately blind to most ads anyway."
So, your entire post was based on a guess? You don't have any direct experience with AdBlock either? Are you kidding me? Why are you posting again?
If NoScript screws with AdBlock any more, I'm just deleting it, AdBlock is the more valuable of the addons to me. I definitely don't like a developer screwing with someone else's addon, and then when it can't be deleted claims it's a "bug". No way it's a bug, just an undocumented feature.
Absolutely. What many programmers and companies do not realise is that there there needs to be a large amount of trust between users and themselves. Ultimately, by installing software, users are giving huge control of their systems and software to people they have never met and who will never meet them.
If find that most people are if anything, to trusting on the Internet. Hence botnets. But even cautious people do tend to give others the benefit of the doubt. But if they should be given reason to go back on that, it can mean a permanent end to that trusting relationship.
I know someone who recently installed Google Desktop(Something I would never, ever, do). They were happy at first, as they were happy to use a multitude of Google Apps. However, trouble struck when the geniuses at Google Desktop decided that when you search using their internet search, it should also bring up search results from your Desktop index.
Imagine someones surprise when their personal computer files appear on an internet search page. It wasn't pretty. The user wanted to uninstall Google desktop, sign out of Gmail, and stop using Google search forever. As I tried to explain that the page was linking to local files, not on the internet, I realised my words were in vain. This person had simply been too shaken my the incident. From their perspective, they had been betrayed. Their personal files had been cast online, or at least, they now recognised that outcome was possible due to the control they had given to a private company.
All trust in Google, and all its products, was lost forever. The trusting and confident relationship Google had with this person had been shattered by a single incident. I've seen this happen multiple times, with multiple pieces of software. Frustration, data loss, jarring incidents. Even the smallest thing can rupture the good feelings of people towards the people whom they entrust with their data.
This is such an incident. NoScript is forever tainted, never to rise again. Hundreds of thousands of people will likely uninstall it today alone. It will cease to be recommended, and ultimately another virtually identical extension will takes its place. A good lesson to all who would be so careless with their reputations. You need your users trust to survive.
May the Maths Be with you!
Yes, clearly, directing me to a single web page (requiring a single mouse-click to close) that displays a couple of ads (which I've never actually noticed, to be honest) once every 5-14 days as part of updating an optional extension to an optional web browser is equivalent to vandalizing my automobile and forcibly raping my female companion as part of maintaining a very expensive and critical piece of equipment that I need to properly navigate the modern world.
Bravo on an analogy that is completely valid and reasonable. You sir are a true champion of good taste and rational analysis.
Try not to take me more seriously than I take myself.
Until 1 minute ago I had NoScript installed.
All the guy had to do was ask: "Do you want to whitelist the noscript webpage in adblock? I depend on these ads for revenue." I'd have damn well clicked yes.
It's unfortunate how the sleazy way out seemed appropriate to someone who's supposed to be developing software against malware...
I only visit the site to update software, software they provide me free of charge, I'm not going to complain.
It's not about whether or not the product is free and whether or not he deserves a little coin for his hard work.... the fact of the matter is that he is providing updates that modify extensions that are not his without the consent of the user. That is called malware, and to avoid just that is part of the reason why I installed NoScript in the first place.
It isn't a "stupid trick." I installed NoScript specifically to help prevent things running in FF that would screw with my system behind my back. This behavior, screwing with ABP's configuration WITHOUT ASKING ME FIRST is EXACTLY THE SORT OF SHIT I installed it to PREVENT. This has nothing to do with how "trivial" said screwing is, or how much money the author does or doesn't make from the damn plugin. It's a matter of trust and what the damn plugin was built to do. The author just used his plugin to do exactly what we all installed it to PREVENT. I (and apparently a lot of others) no longer feel that we can trust the author or his software since he's now stooped to the tactics used by the people and software his plugin was designed to prevent.
The problem is NOT seeing ads on the Noscript website. Like many of the others here that didn't faze me one bit. The problem is he is hijacking OTHER software to shovel his ads. Now THAT is a problem.
It says on the Noscript website it is software under the GPL, that means the source code is available, yes? Can we get a fork please? I mean we seem to have a bazillion OO.o forks now, and there wasn't anything wrong with OO.o that I could see to begin with(that said I prefer to give out oxygen office as it has all the clip art and slideshow presets to make it useful like MS Office) and here we do have something seriously wrong.
Until we get whichever group is responsible for JavaScript to actually fix the security in it, or get websites to dump it like they did ActiveX, we are going to need a way to filter it selectively. Unfortunately just like ActiveX in the 90s you can't just kill JavaScript dead because there are too many websites like banks(WTF?) that need to have JavaScript to be useful. I don't mind making money, and if the guy would have asked nicely I would have been happy to add his little whitelist so he could keep making the tool I use, seems fair to me. But pulling this backdoor install BS just don't cut it. But frankly I haven't seen any other tool that does the job so this jerk kinda has us over a barrel. Proxies and fiddling all day with HOSTS files is frankly a royal PITA.
So does anybody know of ANY software that can give us roughly the same functionality as Noscript without being a PITA? Because those of us that have to use Windows really need the extra protection.
ACs don't waste your time replying, your posts are never seen by me.
What do you define as malicious behavior? A Firefox extension can modify the browser in almost regard. There's not much you can do to sandbox the extensions without removing the flexibility of the extensions feature altogether.
Bottom line: You, the user, take responsibility for any software you install on your computer, even Firefox addons.
Ironically, people install NoScript for the specific reason of not trusting others on the internet.
Hundreds of thousands of people will likely uninstall it today alone.
Maybe, maybe not. I uninstalled it less than an hour after installing. I just found the damn thing too much of an intrusive speed-bump to what I do. However, I rarely see any ads, since I have a large hosts file to lock out most of the offending domains, and a combination of adblock and flashblock to fine-tune the rest. NoScript is more or less redundant.
it desperately asks for an answer
So, begs the answer surely?
"1) Giorgio Maone himself has pointed out repeatedly, including at the thread in question, that anyone can disable his pages' ads with NoScript just by blocking the Google-Syndication scripts. NoScript itself cannot be circumvented in this blocking, even by NoScript. :)"
Except the NoScript site serves ads from other sources than just Google. For example, I count 3 "pop-up on hover" adds from DoClix, Inc. on the "GetIt" page alone. Please note the references to "s3.buysellads.com" as well as a "sponsored links" sections that is not from Google in addition to the doclix.com ads. Not that either side of this point is actually relevant to how inappropriate the action was.
"2) For those who think the updates are a revenue-(ad-viewing)-generator, aside from the fact that the NS FAQ includes simple instructions for turning off the home-page redirect for each update (try reading the FAQ before criticizing)"
Except - as has been pointed out many times - the user has to set this up themselves in about:config, rather than a simple checkbox from the NoScript GUI. Not that either side of this point is actually relevant to how inappropriate the action was.
The fact of the matter is that Giorgio crossed a line, violating user trust and behaved in a manner exactly like malware. Rationalizing the action by saying there was an "an aggressive EasyList campaign against sites sponsoring NoScript development" or that it was an "attack" on the NoScript site, indicates a problem of acceptance of responsibility and does not help - it only compounds the mistake. Giorgio needs to apologize, promise not to do anything like this again in the future and try to regain user trust.
Me and U(buntu) - my blog about Ubun
As it is, Giorgio acted like a piece-of-shit, scumbag, newbie-hacker throwing a temper tantrum, should be ashamed of himself for embarrassing himself, YOU, and everyone on the project , and needs to make public apology for his misguided attempt. Here's a hint. If you put it in the documentation, README or changelog it WILL NOT BE READ. Get out an update which says, "SORRY! We've rolled back all the patches for this to version xxxxxx, and we will never make any changes outside our application without your PRIOR EXPRESS INFORMED CONSENT. And then learn from this mess -- and don't fuck up like this again.
Technology -- No Place For Wimps! Grateful Dead and Jerry Garcia Chatroom -- http://www.wemissjerry.org
Giorgio released version 1.9.2.6 which disables the filter. I quote from http://noscript.net/?ver=1.9.2.6&prev=1.9.2.5
It seems that he eventually got it right.
It seems that he eventually got caught.
To fight the war on terror, stop being afraid.