Q&A How to configure Noscript for ordinary users

Gandalf_The_Grey

Level 47
Verified
Trusted
Content Creator
Apr 24, 2016
3,610
Conclusion:
So how do you setup Noscript for ordinary folks? Well, you create your own instance, tweak it - and then export the settings. When you help other people configure their browser, you can then import the settings. The basic idea is to allow scripts and a few other elements in the Default zone, which solves 99% of all problems with Noscript + non-techies. You can optionally make the setup even more elegant with creating your own trusted, untrusted and custom lists.

Is this foolproof? Of course not. No technology is. In between the broken-and-confusing Web experience that Noscript purposefully creates as part of its cleansing mission, and veteran nerds who know exactly what they're doing, it's still possible to make this extension useful for the common users. My testing is limited, but I believe the configuration I outlined above works well, provides extra security, improves privacy, and does not break the surfing. Have a go, throw this at your unsuspecting relatives, and share your findings. We're done.
 

Lenny_Fox

Level 21
Verified
Oct 1, 2019
1,061
This is complete and utter nonsense

The only thing dedoimedo blocks by default is ping. You can do that by adding a custome rule to My Filters in uBO
||*$ping

The other aspect dedoimedo thinks is dangerous is allowing remote fonts. With Windows10 this risk is minimal, but for all paranoids who want to block remote fonts and having installed uBo just enter this rule to my rules
no-remote-fonts: * true

Now you can de-install No-Script, because everything else is handled either by your browser (XSS sanitizing is implemented in modern day browsers since Microsoft published the "nozzle and sozzle" sanitizing research in improving IE11 javascript handling) or uBO (which has way more user friendly user interface to deal with 3rd-party scripts and frames).

What a nonsense blog of dedoimedo (n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)

Using Kees958 user friendly eas-medium mode is a much better reduction of the attack surface.
 
Last edited:

rain2reign

Level 5
Jun 21, 2020
204
If you're using Firefox, which most of these guide authors do, you can disable ping in about:preferences. Simply set:
  • [hyperlink auditing/ping] 'browser.send_pings to 'false',
  • [for CSP reports] security.csp.enabled to 'false',
  • [for beacon api] beacon.enabled to 'false'.
And that is 90% of all guides regarding 'for ordinary'-users or "preferred" browser preferences in Firefox guides. And no need for extensions for those specific things for Firefox users.
Note: That setting browser.send_pings is set to 'false' by default in Firefox, but it can't hurt to double-check in case you accidentally had it changed.

Now to test whether the browser picks up the setting with any website like Browser Privacy Test or Ping Spotter or whatever else is out there.
 
Last edited:
  • Like
Reactions: Jan Willy

Lenny_Fox

Level 21
Verified
Oct 1, 2019
1,061
@rain2reign

I did not know Firefox was that complex ordinary users need a guide to configure FF. I knew security was bad of Firefox, but thought it tried to look like Chrome (at least that is what I see users complaining about), so it should be straight forward to use.
 

rain2reign

Level 5
Jun 21, 2020
204
@rain2reign

I did not know Firefox was that complex ordinary users need a guide to configure FF. I knew security was bad of Firefox, but thought it tried to look like Chrome (at least that is what I see users complaining about), so it should be straight forward to use.
Most of the time, I am not sure why some bother to write these copy-paste guides for FF. It's fairly straightforward, just terminology can differ in about:preferences if you are used to Chromium. Of course, there are some things that need explaining, but if you want those features... Chances are you were already looking them up on Mozilla.org, advanced forum sections on the internet and such places from which the same can be said for Chromium browsers.

Guides for FF have existed for almost 2 decades, just more come to light in recent years with the privacy movements.
 
  • Like
Reactions: Lenny_Fox
Top