Definitely curious about the negative reaction to NoScript - I did some digging and there appears to have been (or still is?) some controversy around the NoScript author displaying 'dubious' ads? Not sure I've even seen a NoScript-injected ad, but I'd definitely be interested in why HN doesn't like recommend it anymore. One commenter on an older HN thread said that all script blockers eventually 'give in' to some form of monetary gain in exchange for ads - I wasn't aware that NoScript was in that category.
About 10 years ago, I was in a meeting with our security czar and I asked him what he was 'fiddling' around with in his browser toolbar. He replied, "NoScript. Highly recommended." Ever since then, I've become adept at picking out the 'minimum' amount of JS required to enable as much website functionality as I require and don't think about it much anymore (unless I'm visiting a new site). Highly recommended!
I run in the mode of deny everything. And it is annoying. If I whitelisted it probably would be a lot easier. I think there are maybe 2 sites where I did that. I have gotten pretty good at picking out the bare min too. But every once and awhile you have to pull out the 'allow all' just to get a site to work. Usually it is some sort of redirect and the redirect is doing some weird bit of JS and by the time you get to it it has already failed and the GUI has no idea what to show you.
My thinking of 'deny all' is something like facebook where everyone seems to like to embed little bits into their pages. But I used to also use facebook. So if I made it work for one I would accidently make it work when I did not want it to on external sites.
I have been using it like this for so long I hardly even notice it anymore though. But that is just me. If I give this sort of solution to anyone I usually just give them an adblocker. That gets most of the silly things.
Half the web you don't really want to use... the majority of sites I come across in search results etc. are perfectly fine being static content, and if they somehow require JS to show that content, then I'm more likely to go find the same content somewhere else (i.e. the next search result.)
It seems to be getting a lot worse lately. I've been browsing with no-script for years both on mobile and desktop but I think I have caught a case of no-script fatigue.
HN is one of my main news sources and due to its link submission nature I frequently visit sites I have never visited before. It seems like 90 percent of submissions need at least one round of whitelisting just to see the text content. And frequently a second or third round to get embedded code snippets or other relevant content to load.
It's tiring and I noticed that I frequently just give up and copy paste the url into an alternative browser without blockers.
Yep. Somewhere a long the line running executables arbitrary third parties sent you became common practice instead of something you warn people not to do.
