Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I got NoScript as an add-on for Firefox browser. Every website I open it says that a certain number of scripts are currently forbidden. How do I know if the site is dangerous or not? And I have a vague idea of what scripts are but what's so dangerous about them? Thanks.
I've used NoScript for years. Unfortunately I've found it to be, both a helpful/simple process as well as potentially difficult.
Here are my global thoughts and/or $0.02:
I use it and let it stop stuff. From the start, most everything is blocked and I slowly add what I agree with, however I know sometimes it is difficult to determine what should be agreed with
The main website such as linuxquestions.org, I accept, as an example, because I intentionally got there
A secondary script that looks close, like lq-feedback.org, I'd probably accept that, but also ONLY if I felt there were items on a page where I could not see or do stuff, I am actually fine with not accepting a script if I feel that a page I'm looking at operates how I need it too
The more difficult ones are things like my bank. NoScript does print out the list of scripts blocked in the status bar, or also in the NoScript menu. You can "temporarily" accept a script and see what that does for you. You can then also disallow that script if you feel it did you no good, and once you get a page where you want it, you can then make the permissions permanent.
The bigger problems are very active pages, like movie pages, game pages, stuff where advertisement is huge, and the site is more commercial. I only go so far, but if I think I really want to see something (usually I'm not surprised to see that it is something stupid and I needed have bothered actually) I'll temporarily accept all for that page. Only to find that there are now newer added scripts needing to be approved. Sometimes at that point I'll see enough to say, "Gee, do I really want to see this stupid video, versus not? Or I'll choose to forge ahead and accept the next round.
Largely, once I go to enough of my regular web pages and accept the right scripts, things are fine and I have little maintenance for it at all. But bear in mind that I'm probably a very boring web user. For instance I'm already saying that I don't kill myself to play games or watch videos online, so I'm mainly reading stuff, news, technical stuff, or searching for information
Install WOT add on and then search the url. I Fly with Ghostery myself instead of No Script.
I know it is not as thorough as No Script but the nets shotgun approach of loading scripts made
using No Scripts a PITA for me.
Edit: To answer your original question. Is it a good idea? Yes it is. I am just a laid back linux user who flys loosey goosey.
It's more of a PITA than it's worth, IMO. All but a tiny fraction of web sites require Javascript. You can spend 10 minutes or so trying to figure out which of the blocked sites on the page need to be allowed to let the page work, but on many sites even "Temporarily allow all this page" needs to be clicked on two or three times in order to get all the necessary levels of scripting allowed. Then there's the issue of commerce sites where at some point you are warned, "Do not reload the page or use your browser's "Back" button or you may be charged twice," and you find yourself stuck on some page that won't load without some script that's still blocked, and you try to allow it in NoScript, only to see the message that the page needs to be reloaded in order to do that. What do you do now? Was your order entered or not? Eventually you learn to "Allow scripts globally (dangerous)" whenever you're doing anything that involves real money.
I use it in a similar way yo post #2. If I don't have a visible need for a script then do I need it? For example I have been running noscript on LQ for a while now and I have managed quite well without google-analytics
It's more of a PITA than it's worth, IMO. All but a tiny fraction of web sites require Javascript. You can spend 10 minutes or so trying to figure out which of the blocked sites on the page need to be allowed to let the page work, but on many sites even "Temporarily allow all this page" needs to be clicked on two or three times in order to get all the necessary levels of scripting allowed. Then there's the issue of commerce sites where at some point you are warned, "Do not reload the page or use your browser's "Back" button or you may be charged twice," and you find yourself stuck on some page that won't load without some script that's still blocked, and you try to allow it in NoScript, only to see the message that the page needs to be reloaded in order to do that. What do you do now? Was your order entered or not? Eventually you learn to "Allow scripts globally (dangerous)" whenever you're doing anything that involves real money.
This is how I think. I used to use it, and it works, but managing it is a PITA, and many sites you have to enable SO MUCH to get their content to work (CNN.com, NFL.com) that it does absolutely no good. I also found that the already poor performance of firefox was made even WORSE when noscript was running but allowing everything. So eventually I just gave up and removed it entirely.
I've used NoScript for years. Unfortunately I've found it to be, both a helpful/simple process as well as potentially difficult.
Here are my global thoughts and/or $0.02:
I use it and let it stop stuff. From the start, most everything is blocked and I slowly add what I agree with, however I know sometimes it is difficult to determine what should be agreed with
The main website such as linuxquestions.org, I accept, as an example, because I intentionally got there
A secondary script that looks close, like lq-feedback.org, I'd probably accept that, but also ONLY if I felt there were items on a page where I could not see or do stuff, I am actually fine with not accepting a script if I feel that a page I'm looking at operates how I need it too
The more difficult ones are things like my bank. NoScript does print out the list of scripts blocked in the status bar, or also in the NoScript menu. You can "temporarily" accept a script and see what that does for you. You can then also disallow that script if you feel it did you no good, and once you get a page where you want it, you can then make the permissions permanent.
The bigger problems are very active pages, like movie pages, game pages, stuff where advertisement is huge, and the site is more commercial. I only go so far, but if I think I really want to see something (usually I'm not surprised to see that it is something stupid and I needed have bothered actually) I'll temporarily accept all for that page. Only to find that there are now newer added scripts needing to be approved. Sometimes at that point I'll see enough to say, "Gee, do I really want to see this stupid video, versus not? Or I'll choose to forge ahead and accept the next round.
Largely, once I go to enough of my regular web pages and accept the right scripts, things are fine and I have little maintenance for it at all. But bear in mind that I'm probably a very boring web user. For instance I'm already saying that I don't kill myself to play games or watch videos online, so I'm mainly reading stuff, news, technical stuff, or searching for information
Thanks rtmistler. Wow. I had no idea this was so complex. (By the time I got reading all these posts I'd been logged out!)
Well, I hear what you're saying about getting to the point where you have little maintenance, but I don't know as much as you do. And I have already had some problems with using Firefox (like doing "e-signatures") and don't want to have problems using my online banking. And on top of that I've been using Xubuntu for about four years now and have never had a problem (never using NoScript). I guess I can always disable NoScript when I do my bank stuff and then turn it back on when I surf the web. I think it's a good idea. It will just take a while to get the hang of it. Appreciate all your feedback.
Install WOT add on and then search the url. I Fly with Ghostery myself instead of No Script.
I know it is not as thorough as No Script but the nets shotgun approach of loading scripts made
using No Scripts a PITA for me.
Edit: To answer your original question. Is it a good idea? Yes it is. I am just a laid back linux user who flys loosey goosey.
Thanks rokytnji. I had an earlier post about WOT and in it someone mentioned Bitdefender Traffic Light for Firefox. That one actually appealed to me more than WOT. That might be a way for me to go instead of NoScript. I don't know. Ha ha. I've got a lot to think about. (Ghostery seemed more about avoiding being tracked.)
It's more of a PITA than it's worth, IMO. All but a tiny fraction of web sites require Javascript. You can spend 10 minutes or so trying to figure out which of the blocked sites on the page need to be allowed to let the page work, but on many sites even "Temporarily allow all this page" needs to be clicked on two or three times in order to get all the necessary levels of scripting allowed. Then there's the issue of commerce sites where at some point you are warned, "Do not reload the page or use your browser's "Back" button or you may be charged twice," and you find yourself stuck on some page that won't load without some script that's still blocked, and you try to allow it in NoScript, only to see the message that the page needs to be reloaded in order to do that. What do you do now? Was your order entered or not? Eventually you learn to "Allow scripts globally (dangerous)" whenever you're doing anything that involves real money.
Thanks rknichols. Wow. That does sound like a PITA. I've had enough trouble using Paypal without NoScripts. I don't know. Right now I'm leaning toward using the NoScript but whenever I want to do online banking or buy something online disalbing it. Or I might get this Bit Defender Traffic Light for Firefox and forego NoScript altogether. Appreciate your feedback.
Almost never see a site that doesn't get some stuff blocked.
The more ways you limit exposure the better.
One time it saved my behind. It blocked an advertisement on Popsi.com that was malware.
If I go to a site, I only what that site. You'll see news type pages seem to be the worst.
Thanks jefro. Yeah, if it saves you it's worth it. But don't you think something like WOT or Bitdefender Traffic Light for Firefox would alert you that the Posi.com site was nasty? (I'm looking to keep it simple.)
I have gotten to quite like NoScript as it helps control misbehaving scripts; even well-intentioned websites can have misbehaving, but not necessarily malicious, scripts. I use NoScript routinely and find it's well worth the little bit of effort it takes to manage it, once you get the hang of it.
I read lots of newspaper websites, and some of them are quite heavily scripted (any Gannett site is virtually unusable, but Gannett is the MacDonalds of news so who cares?).
If I trust the site, I will routinely tell NoScript to trust all scripts from that site. I tend to trust sites that I know are run by trustworthy folks. For example, I trust my local newspaper's site, as I've been reading the paper since I was a wee tyke and I know how they do business.
Occasionally, depending on the site, I will tell NoScript to allow all scripts on that site; LQ would be one such site, eff.org would be another.
Sometimes, as when I wish to play an embedded video that doesn't want to play, I will tell NoScript to temporarily allow all scripts from the site.
I am too lazy to wade through the list of scripts one-by-one, and, if I'm browsing a site I know is legit, I think that's overkill to begin with. If it's a site I know is not legit, you won't find me browsing it in the first place.
there is a ton of information available on the middle click option
now as much as i DISLIKE cloudflare this forum USES IT!!! for the top menu
|| home || forums || HGL || reviews || and so on.....
Thanks John. Interesting. I'm just wondering if I need that much information. It's like I went to Goodreads and it wouldn't let me do the least thing there. So I looked at the stuff on the menu and the first thing was something like gr.links (I made that up) and so I investigated it with hitting the shift and some other key (I have no middle click) and it seemed okay, so I hit 'temporarily allow gr.links' and I still couldn't do anything. So I hit 'temporarily allow all this page' and then it opened up.
And I went to that cloudflare link. (see attachment) Isn't that rating kind of messed up with the other font stuff? And how do you interpret that number? It was 92 but there was no reference point.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.