Reviews for NoScript Security Suite
NoScript Security Suite by Giorgio Maone
Review by Firefox user 13553842
Rated 2 out of 5
by Firefox user 13553842, 8 years agoGeorgio wrote:
> Unfortunately I cannot do the impossible (recreating legacy NoScript on the new, much more limiting WebExtension platform)
> just because "people" ask for the impossible. And I've the duty to provide the best security NoScript
BUT maybe it is not so much about recreating the old thing, than understanding what the problem with the new thing is. First you need to accept that the current approach is simply not intuitive. As a dev (I am one myself, so I had this problem myself) its hard to understand when that happens, because for you its as familiar as a part of your body, but it is obviously a mistery for everbody else.
Also, about your "duty": Its true what you said, but: if many people now dont use NoScript at all, because they do not get it anymore, you decreased web security by a lot.
So:
- Simpler is better. Simpler might be less safer, but if the alternative is not using it at all, it's still better. Way better.
- get rid of the slider. It looks mhm good(?), but its not recognizable as one.
- there is way to much clickable stuff, one does not get what is a button, what a link and whatnot...
- make it simpler: hide everything exept: domain name, status icon and -depending on the status- two buttons for each entry.
- clear design, dont change font size and font color at any time
- No xss-popups. In fact, never, ever use popups.
Instead:
- a simple list of domains like before, each with a status icon in front of it: your blue "S", for allowed, same with a little clock for temporarily allowd, red crossed "S" for disallowed
- depending on the current status of an entry, two buttons:
- if currently allowed: "disallow" and "temp. disallow"
- if currently disallowed: "allow" and "temp. allow"
- these buttons need to be different than the status icon. I would use red X and green hook/check, each with and without a little clock.
- dont make anything but the buttons clickable! not the text, not the status icon.
Thats it.
You can add a (clearly seperated from the other buttons, clearly different graphic) button behind each list entry to hide all the detailed settings, for the expert. Everybody else gets the simple list.
At the very buttom of the list go -clearly separated - three entries: "temp allow all" and "save permissions for this site" and "deactivate noscript".
No problem to do that in html. And believe me, people will love you again. :)
If you would like me to make a mockup of what Ive just desrcibed, just say so and tell me where to send it.
And btw.: You dont owe us anything. People have no right being rude to you about something you gave us for free. But maybe see their ill-advised passion as a testament to how important NoScript is to us. That is something I think, even if you must hate the internet right now.
I thank you for the old NoScript and that it helped increase my security. But I won't use the current one. So I would thank you again if you make it simple and easy to use again.
> Unfortunately I cannot do the impossible (recreating legacy NoScript on the new, much more limiting WebExtension platform)
> just because "people" ask for the impossible. And I've the duty to provide the best security NoScript
BUT maybe it is not so much about recreating the old thing, than understanding what the problem with the new thing is. First you need to accept that the current approach is simply not intuitive. As a dev (I am one myself, so I had this problem myself) its hard to understand when that happens, because for you its as familiar as a part of your body, but it is obviously a mistery for everbody else.
Also, about your "duty": Its true what you said, but: if many people now dont use NoScript at all, because they do not get it anymore, you decreased web security by a lot.
So:
- Simpler is better. Simpler might be less safer, but if the alternative is not using it at all, it's still better. Way better.
- get rid of the slider. It looks mhm good(?), but its not recognizable as one.
- there is way to much clickable stuff, one does not get what is a button, what a link and whatnot...
- make it simpler: hide everything exept: domain name, status icon and -depending on the status- two buttons for each entry.
- clear design, dont change font size and font color at any time
- No xss-popups. In fact, never, ever use popups.
Instead:
- a simple list of domains like before, each with a status icon in front of it: your blue "S", for allowed, same with a little clock for temporarily allowd, red crossed "S" for disallowed
- depending on the current status of an entry, two buttons:
- if currently allowed: "disallow" and "temp. disallow"
- if currently disallowed: "allow" and "temp. allow"
- these buttons need to be different than the status icon. I would use red X and green hook/check, each with and without a little clock.
- dont make anything but the buttons clickable! not the text, not the status icon.
Thats it.
You can add a (clearly seperated from the other buttons, clearly different graphic) button behind each list entry to hide all the detailed settings, for the expert. Everybody else gets the simple list.
At the very buttom of the list go -clearly separated - three entries: "temp allow all" and "save permissions for this site" and "deactivate noscript".
No problem to do that in html. And believe me, people will love you again. :)
If you would like me to make a mockup of what Ive just desrcibed, just say so and tell me where to send it.
And btw.: You dont owe us anything. People have no right being rude to you about something you gave us for free. But maybe see their ill-advised passion as a testament to how important NoScript is to us. That is something I think, even if you must hate the internet right now.
I thank you for the old NoScript and that it helped increase my security. But I won't use the current one. So I would thank you again if you make it simple and easy to use again.
2,395 reviews
- Rated 5 out of 5by Firefox user 19311874, 7 hours ago
- Rated 2 out of 5by Michael Rabinovsky, 7 days agoNo Script is an incredibly useful add-on. In the past, I'd have given it five stars; it now gets only two (see issues below). All in all, I'd say it's still better to have it than not, but that's only because there is no better alternative, and there is no difference between having to completely disable it on a page versus not having it at all.
First of all, it would have gotten three due to the issues I list further down, but it gets two because of a major functionality problem that makes it obnoxious to use, and by its admission, not private in private windows.
In the past, when you set it to trust top-level domains, it would automatically set them to temp trusted; however, for whatever reason, it now sets them to "custom," for me, which functions the same as untrusted, and changing it doesn't even refresh the page for you.
The default setting handling is a huge inconvenience, but that is not where the problems end. You cannot restore previous functionality by manually setting the top-level domain to temp trust. To enable scripts on the page, you must set it to trust, which makes it permanently trusted, and keeps a log of every page you visit in private windows. If you try to change it to temp trust and refresh the page, it goes back to "custom."
Besides that, the description for the extension is outdated. Not only does it still mention Flash, but it also claims no loss of functionality when you need it, which is not true. In most cases, enabling some scripts will return the functionality you need, but there are several reasons why that's not always the case.
Sometimes, certain scripts you need will be on sub-domains of the top-level domain, and they need to be enabled separately; however, NoScript doesn't show them because it thinks they are part of the main domain, so you have no way to make the site work without completely disabling the addon for the page.
In other instances, sites won't load all the scripts until they load some other domains. For example, a CDN containing vital scripts might not appear on the list because it's called after an analytics script has run. There is no way to know that unless you enable each script on the list, one by one. The domain doesn't need to be related; it's just something about how the page loads. - Rated 1 out of 5by Angel, 10 days agoEsta vaina debería tener un modo automático para aquellos que no saben de programación.
- Rated 5 out of 5by whatever, 10 days ago
- Rated 5 out of 5by HunterMirror, 12 days agoHe notado en las demás reseñas, que las personas no parecen comprender el propósito de este addon. La idea es que bloquee los scripts, si una página se rompe por ello, es algo perfectamente esperable, no es culpa de la extensión perse, sino de quien desarrolló dicha página web, queda a tu criterio si lo quieres añadir a la lista blanca o no. Lo realmente triste y reprochable, es más bien que hoy en día hayan tantas páginas que quieran que actives los scripts si o si para poder usarlos, incluso páginas que no los necesitan para nada.
El abuso de los scripts y la manía de convertir las páginas web en "aplicaciones", es lo que ha causado que ahora usar el navegador implique un consumo cada vez mayor de RAM, sin contar los riesgos de seguridad innecesarios del uso de scripts, tanto para el usuario como para el webmaster/desarrollador. Así que por mi parte, prefiero que se rompan las páginas que sean, no les voy a activar los scripts si no son páginas que hagan un uso inteligente y justo de ellas. - Rated 5 out of 5by k4mmi, 14 days ago
- Rated 5 out of 5by Firefox user 19265671, 14 days agoIt give me the power to control every script on every sites.
- Rated 5 out of 5by Firefox user 18710229, 20 days agoThis add-on works as intended and has saved me from a lot of potential problems and annoying website antics.
- Rated 3 out of 5by Air, a month agoVery useful on a computer, however, enabling it by default on a mobile phone will block many important features, including but not limited to any AI features and video browsing
- Rated 2 out of 5by Firefox user 19157064, a month agoCompletely breaks reddit on mobile, site becomes unusable. I only got it for help blocking reddits creepy tracking bs on this browser.
- Rated 1 out of 5by Cory Sanin, a month agoOne star for SidebarUtil.tab.js
Disruptive as hell and for what? Why do you need to know if I have a sidebar open? I don't even know what a sidebar is. Remove this nonsense. - Rated 5 out of 5by Firefox user 19145735, a month ago
- Rated 5 out of 5by And?, a month ago
- Rated 5 out of 5by A Tea Daze, a month ago
- Rated 5 out of 5by srzlt, 2 months ago
- Rated 5 out of 5by jordan9543, 2 months ago
- Rated 5 out of 5by vit55555, 2 months ago
- Rated 5 out of 5by Firefox user 18218075, 2 months ago
- Rated 5 out of 5by fiendkaka, 2 months ago
- Rated 5 out of 5by Shannon Sobeck, 2 months ago
- Rated 5 out of 5by Flyyyyyyyyyyyyyyyy, 2 months ago
- Rated 5 out of 5by Firefox user 19088604, 2 months ago
- Rated 5 out of 5by kk, 2 months ago