Advice Request How to configure Noscript for ordinary users

Please provide comments and solutions that are helpful to the author of this topic.
Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,875
Conclusion:
So how do you setup Noscript for ordinary folks? Well, you create your own instance, tweak it - and then export the settings. When you help other people configure their browser, you can then import the settings. The basic idea is to allow scripts and a few other elements in the Default zone, which solves 99% of all problems with Noscript + non-techies. You can optionally make the setup even more elegant with creating your own trusted, untrusted and custom lists.

Is this foolproof? Of course not. No technology is. In between the broken-and-confusing Web experience that Noscript purposefully creates as part of its cleansing mission, and veteran nerds who know exactly what they're doing, it's still possible to make this extension useful for the common users. My testing is limited, but I believe the configuration I outlined above works well, provides extra security, improves privacy, and does not break the surfing. Have a go, throw this at your unsuspecting relatives, and share your findings. We're done.
Click to expand...

How to configure Noscript for ordinary users

Article explaining how to setup Noscript Security Suite (NSS) for ordinary, non-techie users, with scripts enabled by default and custom blocking of specific domains and fonts, always-active XSS protection, and a few other handy tricks
www.dedoimedo.com www.dedoimedo.com
 
  • Like
  • Thanks
  • +Reputation
Reactions: cryogent, Lenny_Fox, upnorth and 5 others
Lenny_Fox

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
This is complete and utter nonsense

The only thing dedoimedo blocks by default is ping. You can do that by adding a custome rule to My Filters in uBO
||*$ping

The other aspect dedoimedo thinks is dangerous is allowing remote fonts. With Windows10 this risk is minimal, but for all paranoids who want to block remote fonts and having installed uBo just enter this rule to my rules
no-remote-fonts: * true

Now you can de-install No-Script, because everything else is handled either by your browser (XSS sanitizing is implemented in modern day browsers since Microsoft published the "nozzle and sozzle" sanitizing research in improving IE11 javascript handling) or uBO (which has way more user friendly user interface to deal with 3rd-party scripts and frames).

What a nonsense blog of dedoimedo (n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)(n)

Using Kees958 user friendly eas-medium mode is a much better reduction of the attack surface.
 
Last edited:
  • Like
  • +Reputation
Reactions: forgottenuser79643, TairikuOkami, Oxygen and 1 other person
F

forgottenuser79643

Level 8
Jun 21, 2020
363
If you're using Firefox, which most of these guide authors do, you can disable ping in about:preferences. Simply set:
  • [hyperlink auditing/ping] 'browser.send_pings to 'false',
  • [for CSP reports] security.csp.enabled to 'false',
  • [for beacon api] beacon.enabled to 'false'.
And that is 90% of all guides regarding 'for ordinary'-users or "preferred" browser preferences in Firefox guides. And no need for extensions for those specific things for Firefox users.
Note: That setting browser.send_pings is set to 'false' by default in Firefox, but it can't hurt to double-check in case you accidentally had it changed.

Now to test whether the browser picks up the setting with any website like Browser Privacy Test or Ping Spotter or whatever else is out there.
 
Last edited:
  • Like
Reactions: Jan Willy
Lenny_Fox

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@rain2reign

I did not know Firefox was that complex ordinary users need a guide to configure FF. I knew security was bad of Firefox, but thought it tried to look like Chrome (at least that is what I see users complaining about), so it should be straight forward to use.
 
F

forgottenuser79643

Level 8
Jun 21, 2020
363
Lenny_Fox said:
@rain2reign

I did not know Firefox was that complex ordinary users need a guide to configure FF. I knew security was bad of Firefox, but thought it tried to look like Chrome (at least that is what I see users complaining about), so it should be straight forward to use.
Click to expand...
Most of the time, I am not sure why some bother to write these copy-paste guides for FF. It's fairly straightforward, just terminology can differ in about:preferences if you are used to Chromium. Of course, there are some things that need explaining, but if you want those features... Chances are you were already looking them up on Mozilla.org, advanced forum sections on the internet and such places from which the same can be said for Chromium browsers.

Guides for FF have existed for almost 2 decades, just more come to light in recent years with the privacy movements.
 
  • Like
Reactions: Lenny_Fox

Similar threads

Bot
    • Like
What’s coming for the Windows Insider Program in 2023
Replies
0
Views
1,049
Windows 11
Bot
Bot
Adrian Ścibor
    • Like
    • +Reputation
    • Thanks
AVLab.pl Avast Ultimate – how to properly configure protection to get maximum results?
Replies
0
Views
1,602
Security Statistics and Reports
Adrian Ścibor
Adrian Ścibor
SpyNetGirl
    • Like
    • +Reputation
    • Hundred Points
Harden Windows Security | Only with official documented methods | Always up to date
Replies
75
Views
18,298
Other security for Windows, Mac, Linux
Warencom
W

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top