@f00fc7c8
> uBlock Origin on Firefox blocks all YouTube ads for me

I use this as a backup. My primary digital prophylactic is NoScript, which gives me full control over which domain names websites can pull JavaScript from to run in my browser:

https://noscript.net/usage/

#NoScript #TrackingBlockers

@malwaretech @potatogunkelly

**jshelter**

#firefox #extension #noscript #jshelter #ublock #umatrix

NoScript блокирует загрузку отдельных скриптов или объектов. Всё то же самое умеют делать uBlock и uMatrix.

Дополнительно нужна защита от XSS, CSRF, позволяющая гибко настраивать правила, как в правилах файрвола. Помогает от всяких банков, которые любят прозванивать порты на 127.0.0.1

https://addons.mozilla.org/ru/firefox/addon/javascript-restrictor/

JShelter же блокирует/перехватывает доступ к конкретным API вызовам и либо блокирует либо подменяет на фейковые данные по гибким настройкам.
С помощью JShelter гораздо проще сломать сайт и не понять почему, но позволяет подменить трекинговые вызовы API, что не может сделать NoScript.

Достаточно зайти на сайт измерения фингерпринта (https://polcak.github.io/jsrestrictor/test/test.html) с NoScript и JShelter и увидеть, что JShelter значительно понижает уникальность, а NoScript лишь блокирует рекламные скрипты.

FAQ (https://jshelter.org/faq/)
blog (https://jshelter.org/blog/)

@AudraTran not with #Firefox & #NoScript

@dragonmantank
Strongly recommend #TorBrowser w highest Safety level and #uBlock added, as per how #TailOS provide Tor to #journalists. Great for browsing the #clearnet and onion sites. Put the #NoScript addon button in the topbar to easy enable js for trusted sites.

For #I2P we recommend a Firefox based browser that is hardened like TorBrowser. A good place to start is the spyware.neocities.org site, and the Archlinux wiki (surprisingly), on hardening Firefox-based browsers.

I feel like #NoScript doesn't really help me much. I can think of ways around anything it does for me. So I can't rely on it, and have to defend against the same threats I'd have to defend against without it.

@matthiasott

In the talk @hdv asked if we would like to have #noscript from <popover> also for <dialog> -

What I would really want to is if I could use the same elements in popover, dialog, datalist etc.

In any ActivityPub App one of my major UI concern is “duplication of content” for the base-html-only experience.
I mean, e.g. to not repeat the actors-elements in the inbox-view …

@matthiasott
Do we have a special hashtag for problems where the majority still says "use jquery" while it can be an html-only thing?
How about #noscript ?
PS - This is nice:
https://codepen.io/noahblon/pen/ZbjmbK

@hdv

@RL_Dane
love it when the website has a #noscript version but dislike a black page just saying: "you need to enable javascript for this webpage to work"

@anipatok

I used to use #NoScript years ago, but haven't in a really long time.

I do use w3m a lot and really like it. links is a bit more advanced, but its keybindings aren't configurable (that I've been able to discover, anyway). w3m is not quite as good at rendering various types of pages (although it is better than lynx), but its incredibly configurable, and I've got mine set up with some very nice vi-style keybinds.

@defcon @torproject
2/
…without the need to enable JS (please see above hashtag for our previous writings on how this might work),
2) Access to the #NoScript addon, allows enabling javascript on a per-domain basis as was the case in previous versions,
3) Try lowering security to [Safer,Standard] Mode.
b) Last we checked #TailsOS uses uBlock in #TorBrowser, why does the official not? We've tested it. Many sites work fine,
c) Might 'Block CloudFlare MITMAttack (#BCMA)' addon be included in…2/3

It seems that maybe #NoScript's XSS filter might have caught it?

El 99% de los sitios web son vulnerables a ataques por JavaScript debido a la presencia de numerosos complementos de terceros. Solo el 1.1% tiene una seguridad realmente efectiva, lo que los hace susceptibles de exponer información sensible y ser víctimas de robo de datos, convirtiéndolos en una amenaza potencial.

Para protegerse, se recomienda utilizar un complemento popular llamado "NoScript" (disponible también en Firefox para #Android). En el caso de #Firefox en PC, se sugiere utilizar "Disable JavaScript", que desactiva automáticamente JavaScript por defecto. Si una página no se carga correctamente, al hacer clic en el icono gris de "js" en la barra de la URL del navegador, se activará JavaScript y se recargará la página automáticamente. Esta práctica también ayuda a evitar mucha publicidad no deseada.

Dejo los enlaces de los complementos
https://addons.mozilla.org/es/firefox/addon/noscript/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search

https://addons.mozilla.org/es/firefox/addon/javascript/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search

#SeguridadWeb #Vulnerabilidades #JavaScript #Ciberseguridad #NoScript

@zalintyre Ich bin ja dafür knallhart wie #NoScript, #uBlockOrigin und @torproject #TorBrowser zu sein und alles was mensch nicht explizit zustimmt knallhart wegzublocken!

Würde mir wünschen @mozilla würde das knallhart durchsetzen!

@hacks4pancakes What about blocking JavaScript?

@ma1's #NoScript is so nice.

@strypey @tripleo
I just opened one of my public #GitHub repos in #FirefoxMobile on #Android, used the #NoScript extension to block all scripts from both github.com and githubassets.com, and I can still read source code files, browse commit history, etc.

On the mobile site, the page element containing the repo's root directory is hidden by default (presumably to conserve screen real estate). Naturally, un-hiding that hidden page element requires #JavaScript, so that's why the "view code" link doesn't work. However, that's the only part of the mobile site that I could find which requires JS.

A simple fix: Enable the "Desktop site" toggle in your mobile browser settings. 😉

@TheDeckie

Ja, du hast leider Recht. Hatte noch Adguard aktiviert und deshalb war es noch clean.

Aber wie schon gesagt: Wer auf Werbelinks klickt, ist selbst Schuld.

Ein bisschen Mitdenken muss man halt, wenn einem Datenschutz wichtig ist.

Sonst kann man auch gleich Google nehmen.

Und ein paar Addons installieren ist auch kein Hexenwerk.

#AdGuard
#ClearURLs
#Ghostery
#NoScript
#PrivacyBatcher
#uBlockOrigin

to be continued.

@jfml @MJung @SheDrivesMobility

Does anyone know if there's a way to get LibreJS and NoScript to play nicely together? What I'd like is for NoScript to automatically trust JS from any domains that LibreJS confirms as Free Code.

#LibreJS #NoScript

Navegación más segura

Interesante extensión #JShelter Comparte desarrolladores con #NoScript (que es la que usaba) pero trae un modo por defecto para minimizar los problemas de funcionamiento de la webs y así desentenderse de la tediosa configuración de permisos en NoScript.

https://jshelter.org/

Heise cookie monster sagt, ich müsse mindestens petsonalisierter Werbung mit Profilbildung zustimmen. Ähm nö, dann lieber noscript. Wtf

#heise #noscript #cookies

@newdefined Ja, https://bahnhof.se macht das mit nem entsprechenden #DNS...

Nachteil: Ist Lokalanbieter in #Stockholm.

Erschwerend kommt hinzu, dass #DNS allein nicht für #AdBlocking reicht!

Sonst würde einfach nur https://oisd.nl als #Blocklist reichen und mensch bräuchte nicht #uBlockOrigin & #NoScript!

https://github.com/greyhat-academy/lists.d/blob/main/blocklists.list.tsv