NoScript Adds Subscriptions To Adblock Plus

hahiss writes "Apparently, NoScript has taken to adding its own whitelist updates to Adblock Plus — so that the ads on the NoScript page show up — without notifying users. (It is described on the NoScript addon page, however.) This was a part of the last update to NoScript. Wladimir Palant, the main developer of Adblock Plus, describes the situation in an informative blog post." Update — 5/02 at 12:30 GMT by SS: Reader spyrochaete notes that "InformAction, makers of the NoScript extension for Firefox, have removed the recently introduced AdBlock exceptions which unblocked the revenue-producing ads on the NoScript homepage with little or no warning to the user. According to the changelog, InformAction pushed out an update specifically addressing this controversial decision 'permanently and with no questions asked.'"

Really Smart

[rackserverdeals]

Start a project that blocks ads that is funded by advertising on their website and donations.

Sounds real smart.

They have 3 AdSense ad units (the max) on their home page, a couple of small buttons and a set of sponsored links. The sponsored links also don't use the rel="nofollow" tag but I guess google doesn't penalize everyone for that or nobody has reported them.

Seriously, this is a business model that shoots itself in the foot.

Re:Really Smart

[Jafafa+Hots]

"However, AdBlock is illegally manipulating the author's content "

Citation please.

Re:Really Smart

[UncleFluffy]

In a sense, AdBlock is acting as malicious software, because it's altering the site author's message, without their permission.

In what sense? Adblock doesn't modify anything on the server - the content remains unchanged. Once the bits are on my machine, I can do anything I want with them without permission from the author as long as I don't republish the modified version.

Re:Really Smart

[andymadigan]

They're not modifying the content in any way, as the content is the source of the page, not the display. Rather, AdBlock changes the display of content based on the user's preferences. You are not required to watch TV on a color screen, and you are not required to view web pages with a browser capable of displaying ads. Web browsers apply plenty of rules to display a page, adblock merely extends those rules. It is not illegal at all.

If you want to make sure people are looking at your ads, come up with a mechanism that ensure they are, and make them leave if they aren't. I don't feel like come up with the mechanism now, but it could be as simple as having the JavaScript for the ad set a variable in page. If the variable isn't set when the page finishes loading, redirect them to another page that tells them to go away.

If I opened a page in links or another text-mode browser I wouldn't see ads either, are you saying those browsers are illegal? If a site doesn't want me there because I'm not looking at their ads, fine, I'll leave. The fact is that advertisers are too greedy, with ads that move, some that even play sound. Internet Advertising is killing itself with bullshit like that, and blaming it on AdBlock Plus is ridiculous. People want to be able to browse the web and read without being constantly distracted by a moving ad on the side, and without worrying that their speakers will suddenly start blasting because they navigated to a page that has a jackass advertiser on it.

If your response is "well not all ads do that, AdBlock should only block the bad ones" then consider advertisers brought the block on themselves by allowing those advertisers to exist. If they want to save their industry, they need to stand up and say that obnoxious ads shouldn't exist, and that they won't do business with anyone who displays them. That means that Google shouldn't show ads for a company that also has obnoxious ads (IBM is a good example). Until serious self-regulation occurs, ABP will keep getting more users.

Re:Really Smart

[scdeimos]

However, AdBlock is illegally manipulating the author's content to remove ads designed to produce revenue.

Bollocks. You must work in the advertising industry. Using your own logic it could be said that NoScript is "illegally" modifying the operation of a web site by disabling the scripting on it.

In reality, neither is illegal. Both practices (blocking script, blocking advertising) are users exercising control over their own computers and their own browsing experience.

Advertising on web pages can generate revenue for both the advertiser and the web page author, but they cost the viewers in terms of:

1. money - because the ads have to be downloaded to end-users and that bandwidth has to be paid for, and
2. time - because ads are generally garish and/or animated and so distract the viewers from their whole reason of being on the page: to read the actual content.

If advertising was subtle and all scripting was trustworthy then there would be no need to block either. Alas, that isn't the world that we live in.

Re:Really Smart

By this logic lynx is ILLEGAL because it CHANGES the webpage so that it displays on a terminal.

Re:Really Smart

[AnalPerfume]

If advertisers weren't so greedy at shoving their shit down our throats for profit we wouldn't need to block them. When subtle adverts start to get ignored, you make them more aggressive. When a new medium appears and has some value, the advertisers are all over it like flies on shit shoving adverts in our faces yet again. It's multi-national corporate greed, nothing else. Advert blocking / skipping in DVRs are just tech karma in effect.

Re:Really Smart

[GF678]

As an extension author, I can sympathize with the NoScript authors: Firefox users are really stingy. Unless an extension is inherently intertwined with a business opportunity and not just a convenient stand-alone feature, working on a Firefox extension is a losing proposition, at least financially.

I beg your pardon?

The reason I started using extensions like Adblock Plus is because ads were so bad they were preventing my entire COMPUTER from working. The straw that broke the camel's back in my case was when I was trying to view artwork on Deviantart. They had these really badly coded Flash animations which took up 100% CPU on my (then) single-core desktop machine. It was IMPOSSIBLE to do anything - the entire machine was jamming up to the point where it took more than a minute for the task manager to appear when launched. This is bullshit - ads shouldn't do this, they shouldn't be so obnoxious.

My current machine is a bit more modern and would handle such ads, but it's the principle of the thing, and I don't see things getting any better. The only ads I can deal with are text-based, light image, non-flash/non-JS ads. If people only used these ads and were sensible about using them, then I wouldn't have been pushed into seeking out relief.

So stop painting us as stingy folk. Some of us just want to access the Internet without frustration.

this is like Little Snitch

Little Snitch on the Mac, which helps you identify when apps 'phone home, itself 'phones home, and you can't block it using Little Snitch itself.

I like to call this the Communism trait, for the Party elite always manage to make themselves more equal than others.

(Moderators: this isn't an anti-communism or pro-capitalism post. An important part of growing up is knowing that ideals are merely the primary colours, and life requires a mixture.)

Its GPL licenced, someone should fork it.

[ThomasHoward]

It is a useful tool, it shouldn't be too hard to strip out all the dodgy code and host it on another site.

Re:Its GPL licenced, someone should fork it.

[bcrowell]

It is a useful tool, it shouldn't be too hard to strip out all the dodgy code and host it on another site.

Yes, please. If someone will fork it, I will happily donate five bucks every year. What I will not do is run code on my machine that's obfuscated or that attempts to mess with things it shouldn't mess with.

I'd never understood why NoScript had to have such frequent updates. It seemed like several times a week, sometimes even more than once in a day. It was a nuisance, but I figured the author must just be working really hard. Now I have a sneaking suspicion that it was because the author was playing cat and mouse with adblock.

Why is this even a nontrivial software project? Don't run javascript unless it comes from a site that's on a whitelist. That doesn't seem like it should be a big deal.

Re:Its GPL licenced, someone should fork it.

[thesolo]

Has anyone pondered the fact that maybe the updates aren't really that frequent at all, and the developers just push out minor changes so that all updated users get a forced visit to their homepage when they reload Firefox?

Re:Personally, I couldn't care less.

[DigDuality]

i'm not so much concerned about what money who makes from what as I am as extensions, without ample notification, acting as malware against other software/extensions i have installed in order to make a buck. I moved to linux long ago b/c i was tired of having to run scans once a week. I switch to FF b/c i prefered a more secure browser (made even more secure by extensions). Now basically, this guy, has managed to get malware in both firefox and linux. Seriously, total douchebag move.

Re:Shhhh!

[int2str]

It's somehow okay now that an extension goes behind the users back and circumvents other plug-ins? Especially a plug-in that most users use presumably to protect themselves against malware and intrusive JavaScript driven ads?

I sure hope the community will step up and create a new open source plug-in that goes "back to the basics" (disable JavaScript per site + whitelist) and people ditch NoScript faster than you can say "WTF!"....

Apparently the NoScript developers (which is btw. the most obnoxious plug-in I currently have installed; re: updates...) heads have gotten a bit to big for their own good.

I can't wait to see the fallout from this one. Hopefully at the end NoScript in it's current form won't exist anymore!

I Would Have Allowed It

[SpottedKuh]

Like many Slashdot users, I run both NoScript and AdBlock Plus.

Had NoScript asked me if I wanted to whitelist adds on their site (in my AdBlock preferences) to support NoScript development, I would have happily clicked "Yes."

As it is, I've left the NoScript whitelist intact in my AdBlock preferences, because I do want to support their development (NoScript leaves a comment in the AdBlock preferences indicating that this whitelist can be disabled easily). That said, I would have been much happier had my permission been asked!

Re:Timeline of events

[angrydotnerd]

NoScript has no business injecting itself into the AdblockPlus-addon. PERIOD!

Re:Does this shock anyone?

[Anonymous+Brave+Guy]

1. Most people sharing popular Firefox add-ons don't do it to make money.
2. In any case, there is no excuse for modifying the behaviour of other software on a computer without the user's consent. There are words for that sort of behaviour, starting with "malware" and in many places ending in "illegal".

Sleazy and disgraceful

[d_jedi]

If I have ad blocking software installed, that means I don't want to see ads (unless I explicitly approve them).
If I have script blocking software installed, that means I don't want to run scripts (unless I explicitly approve them).

How difficult is that to understand?

I don't care if the Noscript developer relies on ads for revenue. If I have ad blocking software installed, I don't want to see ads, period.. that doesn't mean "except on noscript's site, of course!". If the Noscript developer doesn't like that, it's too fucking bad.

This behaviour is disgraceful, and Noscript should be blocked by Mozilla (is this possible? Or, at least, not hosted on their site..) because at this point, it's clearly malware.

Scum.

[geekboy642]

NoScript will no longer be permitted on any of my computers, period. This is unacceptable behavior. If I'd payed for the addon, I'd be demanding a refund. As it is, all I can do is try to take back the favorable word-of-mouth I've been giving the author, and try to find a version without the invasive behavior.

This suddenly explains a lot

[Mortimer82]

For some time now, I have been getting more and more annoyed with the regularity of NoScript updates, especially as it would ALWAYS open the home page after every update, this is after the nuisance of me already having been asked to restart Firefox for the addon update.

Now it makes sense, they clearly artificially make this happen just for adrevenue. The addon probably doesn't even need that many updates.

Anyway, even though I know I can change the option to not go to the homepage after each update, I am tired of having to restart Firefox once a week for software which is for the most part adware. I barely use noscript, except on 1 site, I'll wait for someone else to make an addon which doesn't piss me off, or simply tolerate the minor annoyance of that one site.

As for the real world security benefits of noscript, they are questionable at best. If a website codes itself so it needs javascript, one would likely turn on noscript, and then the website could run malicious code.

I would complain

[carlzum]

Sure you may not be bothered by some ads on their site, but it's a slippery slope they should avoid. Users place their trust in add-ons like AdPlus and NoScript when they allow a third party to filter content. They proved they're willing to cross the line for a few dollars in ad revenue. What would they do for a significant amount of money?

Re:Personally, I couldn't care less.

[mysidia]

The bottom line is: don't install untrusted extensions.

It was always a risk.

By the way, you now know never to trust NoScript, and to warn anyone who tells you they're using it.

Re:Links are helpful

[bignetbuy]

"I must admit I don't have much expertise in this area. I've never used either Adblock or Noscript."

You should have stopped right there.

Re:Personally, I couldn't care less.

[ObsessiveMathsFreak]

By the way, you now know never to trust NoScript, and to warn anyone who tells you they're using it.

Absolutely. What many programmers and companies do not realise is that there there needs to be a large amount of trust between users and themselves. Ultimately, by installing software, users are giving huge control of their systems and software to people they have never met and who will never meet them.

If find that most people are if anything, to trusting on the Internet. Hence botnets. But even cautious people do tend to give others the benefit of the doubt. But if they should be given reason to go back on that, it can mean a permanent end to that trusting relationship.

I know someone who recently installed Google Desktop(Something I would never, ever, do). They were happy at first, as they were happy to use a multitude of Google Apps. However, trouble struck when the geniuses at Google Desktop decided that when you search using their internet search, it should also bring up search results from your Desktop index.

Imagine someones surprise when their personal computer files appear on an internet search page. It wasn't pretty. The user wanted to uninstall Google desktop, sign out of Gmail, and stop using Google search forever. As I tried to explain that the page was linking to local files, not on the internet, I realised my words were in vain. This person had simply been too shaken my the incident. From their perspective, they had been betrayed. Their personal files had been cast online, or at least, they now recognised that outcome was possible due to the control they had given to a private company.

All trust in Google, and all its products, was lost forever. The trusting and confident relationship Google had with this person had been shattered by a single incident. I've seen this happen multiple times, with multiple pieces of software. Frustration, data loss, jarring incidents. Even the smallest thing can rupture the good feelings of people towards the people whom they entrust with their data.

This is such an incident. NoScript is forever tainted, never to rise again. Hundreds of thousands of people will likely uninstall it today alone. It will cease to be recommended, and ultimately another virtually identical extension will takes its place. A good lesson to all who would be so careless with their reputations. You need your users trust to survive.

No it's not

[Akita24]

It isn't a "stupid trick." I installed NoScript specifically to help prevent things running in FF that would screw with my system behind my back. This behavior, screwing with ABP's configuration WITHOUT ASKING ME FIRST is EXACTLY THE SORT OF SHIT I installed it to PREVENT. This has nothing to do with how "trivial" said screwing is, or how much money the author does or doesn't make from the damn plugin. It's a matter of trust and what the damn plugin was built to do. The author just used his plugin to do exactly what we all installed it to PREVENT. I (and apparently a lot of others) no longer feel that we can trust the author or his software since he's now stooped to the tactics used by the people and software his plugin was designed to prevent.

Re:Personally, I couldn't care less.

[hairyfeet]

The problem is NOT seeing ads on the Noscript website. Like many of the others here that didn't faze me one bit. The problem is he is hijacking OTHER software to shovel his ads. Now THAT is a problem.

It says on the Noscript website it is software under the GPL, that means the source code is available, yes? Can we get a fork please? I mean we seem to have a bazillion OO.o forks now, and there wasn't anything wrong with OO.o that I could see to begin with(that said I prefer to give out oxygen office as it has all the clip art and slideshow presets to make it useful like MS Office) and here we do have something seriously wrong.

Until we get whichever group is responsible for JavaScript to actually fix the security in it, or get websites to dump it like they did ActiveX, we are going to need a way to filter it selectively. Unfortunately just like ActiveX in the 90s you can't just kill JavaScript dead because there are too many websites like banks(WTF?) that need to have JavaScript to be useful. I don't mind making money, and if the guy would have asked nicely I would have been happy to add his little whitelist so he could keep making the tool I use, seems fair to me. But pulling this backdoor install BS just don't cut it. But frankly I haven't seen any other tool that does the job so this jerk kinda has us over a barrel. Proxies and fiddling all day with HOSTS files is frankly a royal PITA.

So does anybody know of ANY software that can give us roughly the same functionality as Noscript without being a PITA? Because those of us that have to use Windows really need the extra protection.

Re:Personally, I couldn't care less.

[Av8rjoker]

Ironically, people install NoScript for the specific reason of not trusting others on the internet.

Re:A word from a NoScript Forum Moderator

[mikelieman]

Tom, Thanks for your contribution. It is imperative you communicate this to *everyone* in the NoScript project -- especially to Giorgio Maone. I think the real issue here is that Giorgio violated our trust, and *appears* to have been acting without integrity and without "Good Faith". This earlier post echoes my, and many others feelings: #27794533

Had NoScript asked me if I wanted to whitelist adds on their site (in my AdBlock preferences) to support NoScript development, I would have happily clicked "Yes."

As it is, Giorgio acted like a piece-of-shit, scumbag, newbie-hacker throwing a temper tantrum, should be ashamed of himself for embarrassing himself, YOU, and everyone on the project , and needs to make public apology for his misguided attempt. Here's a hint. If you put it in the documentation, README or changelog it WILL NOT BE READ. Get out an update which says, "SORRY! We've rolled back all the patches for this to version xxxxxx, and we will never make any changes outside our application without your PRIOR EXPRESS INFORMED CONSENT. And then learn from this mess -- and don't fuck up like this again.