Linked by Thom Holwerda on Thu 23rd Sep 2010 21:36 UTC, submitted by google_ninja
Internet & Networking Now this is a subject sure to cause some discussion among all of you. LifeHacker's Adam Pash is arguing that Chrome has overtaken Firefox as the browser of choice for what he calls 'power users'; polls among LifeHacker's readership indeed seem to confirm just that. He also gives a number of reasons as to why this is the case.
Thread beginning with comment 442508
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: I need NoScript
by Panajev on Fri 24th Sep 2010 13:31 UTC in reply to "RE[3]: I need NoScript"
Panajev
Member since:
2008-01-09

What I am saying is that if you are using a browser with decent security, blocking javascript is not worth destroying your browsing experience over.


Overstatement of the year ;) .

Reply Parent Score: 1

RE[5]: I need NoScript
by google_ninja on Fri 24th Sep 2010 16:59 in reply to "RE[4]: I need NoScript"
google_ninja Member since:
2006-02-05

not really, you are turning off any kind of interactivity. It may just be a subtle glow effect, or a fade in/out, or maybe you are just breaking menus. In any case, you are basically hobbling the intent behind the design and development of the site.

Again, it is completely arbitrary. I understand flashblock, cause plugins like flash is where almost all browser vulnerabilities come from. Yes, there have been exploits through javascripts, but also through jpegs/pngs/gifs, and styles. If you are going to turn one off and whitelist it back, you may as well go for all 3. That would be 3x as secure as just noscript, and instead of just going back in time by about 10 years (when javascript was barely used for anything), you will go back 30-35 years, which is essentially the lynx experience.

Of course, you could just uninstall flash/silverlight/java/etc, which will make a way bigger difference then blocking javascript. But it seems like "power users" who use noscript also tend to have every adobe plugin under the sun installed as well, no matter how bad, frequent, and widely publicized security issues with those plugins are.

but hey, as long as it makes you feel safer, its totally up to you. I just find it baffling.

Edited 2010-09-24 17:00 UTC

Reply Parent Score: 2

RE[6]: I need NoScript
by wirespot on Fri 24th Sep 2010 21:09 in reply to "RE[5]: I need NoScript"
wirespot Member since:
2006-06-21

I just find it baffling.


That's probably because you are clueless.

You are mixing vulnerabilities up. Exploits that target rendering (images, CSS, HTML) and plugins, are used to get out of the browser space and provide remote access to your system. JavaScript vulnerabilities do not provide access to your system but instead to websites that you visit, under your credentials.

Both are equally serious, just the data being exposed is different.

Then there's also the concern with people who don't want to break in anywhere, they just want to spy on you. JavaScript can be used for that too. Remember the "everlasting cookie" article a few days ago? And here's another example:
http://www.mikeonads.com/2008/07/13/using-your-browser-url-history-...

NoScript and cookie whitelist extensions (CookieSafe or Cookie Monster) are extremely useful for protecting your privacy and preventing creative malicious uses of JavaScript. This is stuff that's actively exploited on a wide scale and works no matter what OS the browser runs on, unlike the other type of exploits.

I use such Firefox extensions (and builtin about:config settings) to create a super-hardened browser that I use exclusively when visiting my banking site, sensitive accounts or whenever I have to enter my credit card data. You cannot do that with Chrome (not to mention Google themselves spying on you with it).

Such privacy concerns strike you as paranoid? Suit yourself, it's your choice.

Edited 2010-09-24 21:27 UTC

Reply Parent Score: 3