Comments on: NoScript against Pop-unders

By: The third Winston Smith

The third Winston Smith — Fri, 22 Jan 2010 04:59:12 +0000

Another problem to report Google "The Chinese don’t ave to know about Tienanmen Sq. if we can sell them Light Bulbs, see it isn’t evil at all"/DoubleClick team have succeeded in getting past you and ABP - blocking the 1-12 names (flagged as advertisers, and even marked) at the top of every search req. should be simple due to tone of bknd and note that these guys are first ‘cuz they advertise How about an option to drop those entries out, along w/everything right of the results list as an option. Second Offender Award goes to Yahoo, paying a lot of freeware to commercialware guys to put a search bar in your browser if you don’t catch the left-field request while concentrating on an install. Block any insert into the ‘fox. spinning the MAC numbers on home firewalls supplied by fFIOS et. al. at the push of a browser button would be a fine system, including an auto-reset for incoming OP3 mail and BOINC charity work or any other requested input - along with determining what info each watcher steals the moment you visit an innocuous web site unless you are making a legit purchase could prove interesting, esp. now that Google can probably choose and financ w2ould be a lot of fun too. Time 6to add a few more teeth to the best info blocker in the world!
Well, here comes a chopper, and I think I hear rats

By: Handbasket

Handbasket — Thu, 21 Jan 2010 00:15:00 +0000

Psuedo Myht

I knew I asked at the right place. Thank you.

Note: This is one of those times where it is shown that I am not really the sharpest tool in the shed, by a longshot.

I’ve attempted to figure this out, on and off, for six months, and it never occurred to me that it was a colon, and not a dot.

By: Psuedo Myht

Psuedo Myht — Thu, 21 Jan 2010 00:08:51 +0000

@Handbasket:

try about:config

(note it is a colon and not a period) Good luck!

By: Handbasket

Handbasket — Wed, 20 Jan 2010 23:07:10 +0000

I arrived at this page after my noscript updated, and it appears that I can ask a question here without registering, and it also appears that folks here know what they’re talking about, so I’ll ask:

I can’t use about.config in FF.

I type it, and my browser is directed to here:
http://guide.opendns.com/?url=about.config

Now, when I searched for days for a solution to the opendns thing, I found a hundred answers that said, "Simply type about.config, and change these particular settings."

Now you can see why I am utterly stumped. The about.config that I am supposed to use to fix the problem IS the problem.

By: Giorgio

Giorgio — Wed, 20 Jan 2010 13:57:48 +0000

@NassimJD: 1. Yes 2. Reset the noscript.surrogate.popunder.sources preference to its default value of ^http:, and put your "whitelisted" sites in noscript.surrogate.popunder.exceptions.

By: NassimJD

NassimJD — Tue, 19 Jan 2010 14:06:45 +0000

in reply to #9
so if one would have the line

@^http:*.imagefap.com *.moviefap.com imagefap.com moviefap.com *.grayvee.com grayvee.com *.empornium.us empornium.us

in the about:config , would this be limiting popunders to only the listed sites.
Q2: how can I allow all sites but some sites, sorta like a a whitelist?

By: Giorgio

Giorgio — Mon, 18 Jan 2010 22:45:24 +0000

@another.noscript.user: You don't need to change anything: now noscript.surrogate.popunder.sources's default value is ^@http:, meaning that all URLs starting with http: matches.

By: another.noscript.user

another.noscript.user — Mon, 18 Jan 2010 19:17:41 +0000

I take it @^http: currently has no value sense the protection is on by default? Or do I need to delete this string?

By: hackademix.net » NoScript against Pop-unders | Drakz Free Online Service

hackademix.net » NoScript against Pop-unders | Drakz Free Online Service — Sat, 09 Jan 2010 15:37:39 +0000

[…] post: hackademix.net » NoScript against Pop-unders Share and […]

By: Giorgio

Giorgio — Thu, 07 Jan 2010 13:03:28 +0000

@alanjstr:

You need either to enable both or to disable both. Recaptcha does not like its parent page to have different permissions, not sure why. However I could probably write yet another script surrogate to work-around this :)
Yes, that would be handy. Maybe when/if I package this as a first-class feature, rather than a script surrogate.
I'm constantly trying to make their lives easier (e.g. Javascript links and combos emulation), but however allowing script globally, albeit not as safe as the default mode, still provides significant protection against stuff like XSS, cross-zone CSRF (via ABE) and clickjacking.