was successfully added to your cart.

To Love and Hate NoScript

  • 0
  • November 21, 2009

Mozilla Firefox has always been one of my favorite browsers. The only contender that was able to knock it from its #1 position was Google Chrome. Even though Chrome is still lacking in a few departments (extensions, bookmark management), I swear by it because of the overall performance. Plus, whenever they release a major version, I know they’ll have further performance enhancements – that’s just what they do. I also prefer the minimalistic nature of their user interface – which, as it turns out, also integrates beautifully with my operating system, Windows 7.

Despite Firefox dropping to #2 in my list, I still use it regularly for web development. They have plenty of extensions to keep me coming back: Firebug, Web Developer, ColorZilla, HTML Validator, and… well, NoScript. All of those extensions are excellent; however, NoScript sometimes irritates me.

NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.
NoScript’s unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality…

NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser. tweet

NoScript’s unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality… tweet

Certainly sounds great – and it works very well too. I really get a sense of safety in knowing I can selectively enable specific elements on webpages, blocking everything else by default. The functionality they offer is great. The problem I have is more with the developers, not the extension. You see, here’s the problem: NoScript is regularly updated, so you’re very likely to see this on a regular basis:

NoScript is updated often - each time you choose to install an update, you have to restart Firefox.

Kind of annoying, but by itself, not a deal breaker. After an restarting Firefox due to the update, I’m immediately greeted by the following page:

The NoScript homepage - content aggressively mixed with advertising, affiliation links, and donation buttons.

Let me state this very clearly: Every time I update NoScript, I’m thrown to that page. Ugh.  Sure, they show me the change log, news, and more – but they also show me ads… a lot of them. Let’s start by looking at how much of the site is devoted to ads. I’ll highlight pure advertisements in red, affiliations in pink, and donation controls in orange:

The NoScript homepage with the advertising, donation controls, and affiliation links highlighted.

That’s quite a lot of advertising on the main page… and it is above the fold of the page. It’s not the worst I’ve ever seen, but it is still a significant assault on my eyes. I won’t show you screenshots of what the rest of the page looks like, but trust me – it follows the same trend. If you’d like to see it all, you can visit it here. That said, I get the whole “we’re starving programmers and we need the money” thing, but I expect a certain amount of elegance in pursuing revenue. Considering their previous shady practices, though, I’m not entirely surprised.

Another aspect of their advertising that particularly bothers me is how they claim to be “your friendly web cop”, keeping you safe, and yet, they are suggesting software that they probably never even tried. I’m particularly referring to the “PC slowing you down? Free scan” and “Top tip! Click here to check if your drivers are up-to-date!” ads. I would never click on those things… but I know some people that might, especially if they are shown on a security-related site. At first glance, even I have to ask myself if it is an ad – it almost looks like it could be another software offering from the same company. Things like that really make me want to start using AdBlock Plus again… and that’s not cool, since I am a web developer myself.

Overall, if their site was more tastefully presented, and the ads were more respectful in number and placement, I’d have less of a problem with them showing me their page every time I update. In its current state, it is just so obvious to me that they are money-hungry – to the point where they put little thought behind the resulting user experience.  Even with that aspect improved,  a pretty page could still be an annoyance if you are automatically thrown to it once a week. Thankfully, the NoScript guys have a way for you to disable the feature. Hurrah!

SolutionHow to make it so the NoScript page does not automatically appear whenever you update.

With the latest version of NoScript installed (In my case, 1.9.9.15):

1) Right-click the NoScript icon, and select Options.

2) Click the “Notifications” tab.

3) Find the checkbox titled “Display the release notes on updates”, and uncheck it.

4) Click “OK”.

That’s it! The NoScript page should no longer be force-fed to you after every update. Take a moment to truly enjoy that fact.

If you’re ever wondering about what they added in a particular update, you can check the update-specific release notes from within Firefox itself. In the Add-ons Manager, click the “Updates” tab, select the NoScript update, and click the “Show Information” button at the bottom of the dialog. Once clicked, you’ll see additional information about the update:

You can view an extension's release notes right in Firefox.

Now… remind me, NoScript developers, why I need to see your homepage every time you release a new minor version? For the sake of your advertising revenue, perhaps?