Maybe I just don't have the "broken Internets" problem very often, or I don't notice it. I can use important sites such as my email provider's web interface (when I'm not near my regular email client) and my credit union's mobile site without enabling scripts, so there really isn't much I'm going to allow in the wild.
JLH: I also open a different browser on those rare occasions when I have to enable .js. (And I remove the list of whitelisted sites that stock NoScript allows.) I don't think these are unreasonable habits! On Tue, Sep 10, 2013, at 08:01 AM, Al Billings wrote: > Clearly not a battle I'm going to "win" in any sense with this audience > but, really, the current Internet (for many many reasons) is pretty > broken in places (and I don't just mean Facebook) when you turn off JS. > We talk about this at work a lot and even amongst my peers with NoScript > installed, most people find it more trouble than it is worth, and these > are security professionals. I know many here probably would say these > folks are stupid but given that these folks are also the security team > for a major browser, I would say that if they find it too broken, most > normal folks are not going to touch it. > > Anecdotal data is, of course, anecdotal. :-) > > I deal with JS issues largely by running the nightly build of my browser > but then I am also aware of the unfixed vulns in it that are being worked > on so my experience isn't normal either. > > -- > Al Billings > http://www.openbuddha.com > http://makehacklearn.org > > > On Tuesday, September 10, 2013 at 4:55 PM, Joseph Lorenzo Hall wrote: > > > On 9/9/13 2:55 PM, Al Billings wrote: > > > I suggest your use of the net is well outside the mainstream, even > > > amongst security folks. Some of us actually use social networking, for > > > example, or don't want ugly, half broken websites simply because we fear > > > a JavaScript zero day. > > > > > > > > > Hi Al, big fan. I use FF with NoScript and Request Policy both > > configured to block by default... and open links in session-only Chrome > > when I need something that requires that stuff. Not ideal, but it works > > for me and it's certainly not about JS zero-days. > > > > Anyway, I'm definitely the only one I know that surfs like that... but I > > suspect there are even wilder set-ups represented on this list in > > particular. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
