1. 57
  1. 12

    I see you’re already using ublock origin. Is there a reason you’re not just using that to block JavaScript?


    1. 10

      There’s also uMatrix for people who want fine-grained control over both Javascript and all sorts of other things (including cookies). I’ve adopted to uMatrix’s interface and find it nice, but it’s probably not what you want if you want to be routinely enabling Javascript on sites.

      1. 2

        I suggest to use uBO with medium mode rather than install uMatrix along uBO. uMatrix’s default ruleset makes it more similiar to uBO’s medium mode.

        When using another blocker (uMatrix included) along uBO, this can prevent uBO from using its neutered resources/scripts, which are quite useful to prevent site breakages or to work around anti-blockers.

        For example uBO redirects script from googletagservices.com to a local neutered version, and this prevents a lot of breakage (googletagservices.com is not blocked by EasyPrivacy due to the high likelihood of page breakage). But if uMatrix blocks the script from googletagservices.com, then uBO won’t be able to redirect to the local neutered script, because blocking has priority over redirecting in the WebExtensions API.

        from the author: https://www.reddit.com/r/firefox/comments/706xrr/umatrix_vs_ublock_origin_medium_blocking_mode/dn1goxr?utm_source=share&utm_medium=web2x

    2. 16

      I’ve been using NoScript for many years, but stopped.

      Should I write a blog post about why I stopped using it? Are folks interested?

      1. 14

        I think that there’s a whole series of articles that would potentially be of interest to me:

        • I don’t use NoScript
        • I don’t obsessively block ads
        • I don’t really advocate for my own privacy, and sometimes volunteer my PI to google
        • I develop single page applications
        • I use modern cloud server architecture
        • I use CI/CD for personal projects
        • I like Microsoft
        • I built something using PHP7 and it was fine

        I see a lot of “counter culture” style posts about these, but I rarely see the posts that talk about why one might actually do any of these things, and there’s a lot of good reasons that all of them exist.

        Realistically, I’m not sure how popular any of these would be, because it’s more chic to be against something than it is to be for something, especially if that thing is relatively new.

        1. 9

          But this will ruin my claim that nobody ever writes blog posts about doing the default thing and having it work. :)

          1. 5

            This in particular is tempting ;)

            I’ll easily be discredited due to my bias, though: “Firefox Security engineer says Firefox Security is great”

            1. 3

              I’d be interested in reading that even if it would be inherently biased.

              P.S. Tracking protection in Firefox looks overly strict, for example it blocks cross-origin fetches to www.reddit.com even when using anonymous calls.

              P.P.S. Lobsters now have a special homepage field in profile info.

          2. 5

            Sounds good.

            1. 2

              Since you asked, I’m not really interested. I’d rather not ‘need’ to allow tons of javascript to run on my computer just to read articles. If you don’t care then that’s your thing.

              1. 2

                Yes please.

              2. 4

                Like others who have commented here, I’ve also been all-in on NoScript for the last 6 months.

                Of course, I’m an engineer and my values are different from the general public’s. But I prefer to browse through a slightly broken website if that means I’m blocking all the crap it’s trying to send me.

                And, for websites that don’t work without js, I can decide whether to whitelist them temporarily or permanently, with a good level of granularity. Or just skipping that website at all.

                I encourage all fellow crustaceans to try it out: after all, we’re the target audience for Noscript. Nowadays, a browser is almost an operating system where you’re constantly running third party code delivered over the internet. That’s crazy. Noscript, at least, lets me give permission to websites that seem trustworthy to do so.

                1. 3

                  My parents are both in their 60s. Not idiots, and also not IT people, nor life-long computer users.

                  Both are using NoScript, and it took me about 10 minutes to explain how to use it.

                  1. 5

                    Well, YMMV. I would characterize my parents the same way, but I don’t think introducing NoScript to them would be a good idea. I have enough trouble on my own remembering NoScript is enabled and could be the reason something isn’t working. Usually it’s fine, but sometimes I just… forget.

                  2. 6

                    Your website uses Javascript. Assuming you are wholly responsible for the content, this seems a little weird doesn’t it?

                    That said, it is readable without JS huge win for that. So many websites aren’t anymore. :)

                    1. 17

                      A few points -

                      1. It’s not my website, it’s a community site whose content I don’t control (although I do like the site in general)
                      2. As I sort of imply in the post, I’m not actually against JavaScript, I’m only against running tons of third party JavaScript purely for someone else’s benefit and at my own risk.
                      1. 6

                        I’m only against running tons of third party JavaScript

                        I actually stopped using NoScript for this reason; I switched to uBlock Origin, which makes it really easy to block all 3rd-party JS without blocking same-site scripts which are more likely to be legitimate: https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium-mode

                        1. 5

                          Mostly agreed on point #2. JS is disabled in my browser by default, but I turn it on here and there as needed. I’d much prefer entire websites were not created 100% in JS, that’s super annoying. A little JS here and there to make the website more friendly I’m OK with, but I’d rather people just learn proper HTML5 where most of those things are not needed anymore.

                          As for #1: I actually like the layout as well! I did say “wholly responsible”, you are not, so fair enough.

                          1. 8

                            I tend to be of the mind that if a site wont load without javascript, it’s not worth my time.

                            It’s not the best attitude, and I definitely miss out on some good stuff, but I have a low bandwidth, temperamental connection, and most sites I don’t care that much about so I have to draw the line somewhere.

                            1. 4

                              I think the same thing when a site obscures itself with a popup claiming “We respect your privacy”, but doesn’t provide a “No thanks” button. I just move on to the next news story or search result.

                        2. 5

                          That said, it is readable without JS huge win for that. So many websites aren’t anymore. :)

                          to not let them entirely off the hook, the previous version of their site was much less hostile:


                        3. 1

                          If you just want to block third party scripts, isn’t Privacy Badger enough?

                          1. 6

                            Privacy badger only block trackers, not potentially malicious JS that you load from some random blog.

                          2. 1

                            I started to do the same last week and up to now I have been really happy.