NoScript: Site Security and Privacy InfoMaybe you haven’t noticed yet (and I admit it’s not an exceedingly discoverable thing), but for a long time now NoScript has offered a “Security and Privacy Info” page.

This feature is meant to help you assess the trustworthiness of any web site shown in your NoScript menu.

You can access this service by middle-clicking or shift-clicking the relevant menu item.

Furthermore, power users can customize it by changing the value of their noscript.siteInfoProvider about:config preference to any URL template of their choice.

7 Responses to “NoScript's "Security and Privacy Info" Feature”

  1. #1 Sonickydon says:

    Woot!
    Really handy feature to be hidden :)

    I guess it's very low priority, but can we have it localized as well?

  2. #2 gabi says:

    Hi,

    Nice feature.

    Is there any way to disable it, or to see the data being sent to noscript.net?

    Are the allow/deny buttons added only locally, or does NoScript send the current's website privileges to noscript.net which decides whhich buttons to show? If it does send the data, I couldn't find out how - probably in the HTTP message body of the GET request? ;)

    Noscript.net is accessed via HTTP (not HTTPS). Is there reason to be concerned about man-in-the-middle?

  3. #3 Thrawn says:

    @gabi:
    - If you want to disable this feature, you could just set the noscript.siteInfoProvider preference to blank or similar. If you want to see what is being sent, you could use a tool like Wireshark.

    - I'm pretty sure that the allow/deny buttons are handled locally. But Giorgio could answer that best.

    - If noscript.net is compromised or MITM-ed, I'd be less concerned about site info, and more concerned about the fact that it is on the default JavaScript whitelist...

  4. #4 Winston E Smith says:

    We've got another thing to block - there's an alleged legit tax-exempt org. out there that brings us our favorite "safe" browser. I hack US IRS 501(c)s for sport - did you ever look up Mozilla's financials? Payments of more than US$100,000 to top officers while Georgio asks we give him a donation? AND DID YOU NOTICE (hey I'm ret. newspaperman who cuts hardware, could never cut code beyond my 1st pc, a 1965 PDP-8, and was always sub aprentice level)Did you notice that when you got your upgrade to 'fox 21 that it gave you a REPORT on YOUR browser use? SHAME! Now I have to either figure out badly, or get an expert (hint) to build a system PREVENTING Firefox from calling Firefox with obviously-personal-identifiable usage! The Friendly Fox seems to be as true to its Manifesto as DoubleScript, a wholly-owned subsidiary of Google "Does No Evil". 'fox, be true, stop taking numbers (and a MAC is a NAME folks), and hire our sponsor as a permanent member of your staff, cut a few $100K salaries by whatever it takes. Integrate n'script into the base code, and redo the basic code in a low-level language (unfortunately, a generalized C, though I consider Assembler the only true low-level language, when you have to build to run on several systems, it cuts cost by 1/number systems).

  5. #5 XSS and Yahoo Mail says:

    My friend got XSS hacked on Yahoo Mail and he has been using Noscript for years now. The ond trick of clicking a link in a spam mail when loggen in to Yahoo Mail so the script steals the session cookie and uses the account to send spam emails. He knew he had XSS protection enabled and he did not know that the yahoo.com domain what listed as an exception along with google and a few more I think this is a mistake as this type of XSS attack must have used some part of the yahoo.com domain to work. What do you think, should you remove the XSS exceptions altogether?

  6. #6 Garcinia Cambogia Extract says:

    I think that you could do with some pics to drive the message home a little bit, but other than that, this is great blog. A great read. I will certainly be back.

  7. #7 Ayawaska last reggae song SÈME - hemp says:

    Hi I am so thrilled I found your site, I really found you by error, while I was looking on Aol for something else,
    Nonetheless I am here now and would just like to say kudos for a
    remarkable post and a all round interesting blog (I also love
    the theme/design), I don't have time to read it all at the minute but I have book-marked it and also added your RSS feeds, so when I have time I will be back to read a lot more, Please do keep up the great work.

Bad Behavior has blocked 2232 access attempts in the last 7 days.