| Saturday May 28th 2016

NoScript: Security or Malware?

Attention NoScript users · by Wladimir Palant
Recently I wrote about how not giving extension developers a good way to earn money might lead to very undesirable effects. The recent events give an impression of the kind of effects we should expect here. This is going to be about the popular NoScript extension which happens to make its money from ads. And to make sure that somebody sees these ads it goes pretty far. AdBlock Plus logoFor example, it opens the changelog webpage (full of ads of course) on every single update of the extension, even though the NoScript FAQ claim that it happens only on major updates (yes, if you dig into it you will find the preference to disable this behavior – but how many people do that?). And updates coming roughly each week ensure that this page is opened fairly often. A problem is of course that NoScript will usually disable scripting and consequently also most advertising. That problem is being worked around by putting NoScript’s domains, Google AdSense and a few others on NoScript’s default whitelist (again, the overwhelming majority of users won’t go hunting for bogus entries in their whitelist). Given that NoScript proudly calls itself a security extension this means putting users at risk…

Wow, I stopped using NoScript several months ago because the frequent updates were becoming annoying. It never occurred to me that the updates might be a ploy to drive more traffic to their ads. Messing with ABP is equally sleazy if true.

For those of you that use NoScript, try YesScript. It allows JS by default but you can blacklist any site with a click of its icon.


Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.