It is open source and on the Mozilla store, did you get the right one? The idea is that you whitelist the websites you trust so only trusted sites can execute js. A lot of websites have js free alternatives like libreX/Y instead of google. There also is GNU librejs which only disables js that doesn’t show its source code. It being a main component of the tor browser tells you a lot about the threat level it’s for. As I understand it the difference to ublock is that it’s lists are on a “allow all but” basis and noscript is on a “block all but” basis.
this post was submitted on 07 Jul 2024
16 points (86.4% liked)
Privacy
30843 readers
928 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 4 years ago
MODERATORS
A lot of user fingerprinting techniques rely on JS. Plus, by shutting off JS, you reduce the attack surface of your browser. If, let's say, there was a zero-day vulnerability in Firefox that required JS to exploit, you'd be shutting off that whole means of attack if you blocked all/most JS out there on the internet. Mining cryptocurrencies on your computer via your browser can only be accomplished with the help of Javascript. A lot of forever cookie techniques require Javascript.
uBlock origin is for kindof a different use case. It's for if you're on one website that you don't necessarily suspect of evil dealings that might include buttons (like social media sharing buttons, for instance) or other scripts (like ad displaying scripts or analytics scripts) from third parties that might include evil tracking stuff. If I started a blog on https://theawesomeestblog.com/ and included script from Facebook that puts a share button on my page, and if you then visited my blog, Facebook would know because your browser would make requests from your IP with cookies they'd placed on your brower previously and JS included with the button could very well be used to do additional fingerprinting.
NoScript is for (among other things) when you don't even necessarily trust the website you're purposefully visiting. Like, I don't know if cnn.com mines Bitcoin via JS on users' browsers (and, honestly, it seems a little unlikely to me, I think), but if I disallow JS on cnn.com, then when I click a link in Lemmy to a cnn.com article (and maybe I don't even really know I'm going to cnn.com when I click the link -- it might use a link shortener or something -- or maybe it's not cnn.com, but some reasonably-trustworthy-sounding news-y-sounding domain that I haven't heard of before), I know it's not mining Bitcoin on my machine.
Oh, and as others have said, NoScript is Open Source. Says so right near the top of the home page.
Any help appreciated :)