Forum
Comments:
-
- on Tue 22 Sep 2009
- 09:06:10 PM UTC
-
That's a good idea, but from what I interpreted a lot of users here have a bad attitude towards NoScript because there used to be a scandal with anti-ad-blocking (it's here on the forum). [Nevertheless, I am still using it because I think it is in any way safer to use it than not to]
--
Per aspera ad astra -
- on Tue 22 Sep 2009
- 09:43:39 PM UTC
Bad rap
Yeah, NoScript has a less than "honorable" history because the author basically pulled a doozy when he hid some blocking on the AdBlock add on . . . http://www.techjaws.com/the-noscript-controversy/
I still use it myself, but my sense is that WOT wouldn't want to soil its good reputation by partnering with NoScript . . . guilt by association? Maybe, but a soiled association nevertheless.
For that reason, I wouldn't recommend that WOT partner with NoScript.
-
- on Tue 22 Sep 2009
- 11:20:57 PM UTC
I still use it
Yes, I remember NoScripts blunder. Read more here: http://www.mywot.com/en/forum/3284-noscript-oh-no
I also remember that the story was not quite so simple, when you read the whole story. My own conclusion is more or less that a single mistake shouldn't be enough to dismiss an otherwise very useful idea. And I still use it...
One way or another, a combination of WOT and NoScript could be interesting.
But what does WOT say about it. Sami..? -
- on Tue 22 Sep 2009
- 11:58:58 PM UTC
WOT & NoScript
WOT is a neat add-on to have ... but the protection it offers is entirely passive. NoScript, on the other hand, is such a great tool, that it's usage is officially recommended by the United States Department of Homeland Security's National Cyber Security Division as constituting a "safe browsing practice" ... something which few, if any other add-ons can claim. That's some pretty high praise!
http://en.wikipedia.org/wiki/NoScript
The NoScript vs AdBlock fiasco involved a matter of ethics, as opposed to criminality. It's not as though the dude got busted for installing spyware on user's machines. The simple truth is that NoScript remains an extremely valuable security-themed add-on. Users who uninstalled NoScript after the unfortunate AdBlock fiasco have substantially increased their risk of successful malware exploitation.
-
- on Wed 23 Sep 2009
- 10:49:56 PM UTC
Re: I still use it
But what does WOT say about it.
We are open to suggestions. If someone is interested in co-operation, we are happy to hear what they have in mind.
-
- on Wed 23 Sep 2009
- 12:48:50 AM UTC
i agree, team up w noscipt
i agree, team up w noscipt is a great idea...
-
- on Wed 23 Sep 2009
- 01:58:35 AM UTC
Noscript & WOT
The add-ons are two very different things.. I'm not exactly sure how you can integrate either into each other.. As for the AdBlock Plus \ No Script blunder.. That was a one time thing as far as I can remember and has been resolved..
Peace
---------
Jared Gray -
- on Wed 23 Sep 2009
- 05:56:01 AM UTC
Yes, but
It has been resolved, and Maone even made an apology, but the fact remains that his credibility has taken a hit and will remain in question.
Read that techjaws article I linked to in my previous post, and specifically the comment made by Colin ("cotojo" screen name here).
Nevertheless, I still use NoScript and consider it a good add on. I'm just saying that WOT may not want to partner with something that has lost credibility. Ultimately though, it's going to be WOT's decision.
-
- on Wed 23 Sep 2009
- 09:12:48 AM UTC
Because
It's "up for debate" because others may not share your opinion . . . especially the WOT staff.
I have no idea if they think it's a good idea or not, or if it's even feasible, but it's always good to hear both sides of the argument. Some may not see it as certain as you.
-
- on Wed 23 Sep 2009
- 09:58:52 PM UTC
This doesn't account for unknown vulnerabilities
I like NoScript's default behavior of "distrust unless you explicitly decide to trust"
I like WOT's behavior of innocuously providing a ranking in the Navigation Toolbar.
There are a couple of potential scenarios where tying WOT's site reliability scores to NoScript's trusted/untrusted security model would put you at greater risk.
For example, assume you've never visited the nytimes.com website. When you visit that site for the first time, noscript prevents all scripts loaded from their domain from executing in the browser.
However, WOT rates NYTimes green, so if I take it correctly, the suggestion is that sites rated green on WOT would automatically be flagged for trust. So the first time you visited NYTimes.com in this scenario, scripts would load without you having to give explicit permission to the domain.
So what happens if:
-- you use noscript to prevent obnoxious ads from loading
-- the site falls victim to a cross-site scripting vulnerability
-- the site is hacked and scripting code added to each page which foists malware onto the visitor's PCIn these scenarios, the proposed combined security model leaves the visitor *less* secure and more vulnerable to attacks.
NoScript, Adblock, and WOT are all plugins that I use, but I would propose that they remain as they are -- separate, operating independently of one another, and not reliant on one another to provide the chunk of functionality that I enjoy.
-
- on Thu 24 Sep 2009
- 10:30:46 PM UTC
they should give u the
they should give u the option to based on wot rating or not if noscript happen to be intergated w wot...
-
- on Fri 25 Sep 2009
- 01:23:25 PM UTC
Unknown vulnerabilities are unknown
It's true enough, but I don't think it's the whole story...
Yes, nyt.com may fall victim to a cross-site scripting vulnerability. But so may (almost) any site. Remember, no site is 100% safe 100% of the time. Even domains like gov, mil, edu have been compromised in the past. And it won't be better in the future...
WOT with or without NoScript would actually make no difference in the case of nyt.com: I have already allowed the basic domain - but not all the extra domains that smelled of ads. This should protect me from third parties, but if the main domain gets sick too - too bad. WOT ot not. And NoScript or not...
The point of NoScript is not letting users flick scripts on and off; any browser allows that already. The whole point is to let users do this easily, and individually - and decide site by site. I can't see why this functionality should be removed, if WOT partners with NoScript...
Finally, I can't see any problems if sites rated red by WOT get scripts blocked automatically. That wouldn't affect New York Times, but save people from getting infected by new and unknown sites...
-
- on Wed 20 Jan 2010
- 02:33:31 PM UTC
i think if we add all wot
i think if we add all wot red/orange sites to no script untrusted list it'll be cool as for the green site, it should have an option to base on ur perference, eg, allow only 5/5 confident level green site or something like that or just turn it off & allow manaully...
Platinum Level Member of the WOT Community
Suggestion: Team up with noscript
I love WOT, and i think it works brilliantly.
noscript is okay, but sometimes blocks too much. what'd be cool, is if you teamed up with them to make a version which only blocks scripts from untrusted sites.
that way, i can visited websites such as wtso.net (a safe sites, apart from their advertising partners), in peace.
and it also means dodgey sites automatically get blocked, rather than just having a message overlayed over them.