The AchieVer Posted April 12, 2019 Share Posted April 12, 2019 NoScript extension officially released for Google Chrome After more a decade, NoScript is finally available for Chrome users. Starting today, the NoScript Firefox extension, a popular tool for privacy-focused users, is also available for Google Chrome, Giorgio Maone, NoScript's author, has told ZDNet. The NoScript Chrome port, on which Maone has worked for months, is now available from the official Chrome Web Store, via this link. USERS HAVE BEEN ASKING FOR A CHROME PORT FOR YEARS NoScript's availability for Google Chrome will make many people happy. The extension has a mythical status among privacy-minded users, who have dogged Maone for a Chrome version for years. The original Firefox add-on was launched on May 13, 2015, to rave reviews. At the time, it was introducing a novel concept that a browser add-on could intercept and block the loading or execution of dangerous or unwanted JavaScript code. The extension gathered a huge following across the years, and because of its unique features, it has also been selected as one of the very few add-ons that come built into default installations of the Tor Browser. It is also one of the most-used and must-use extensions in the arsenal of security researchers that visit sites with malicious code, as the extension can prevent the execution of some exploits. It's for these reasons that users have been asking Maone for a Chrome port for years. NOSCRIPT FOR CHROME FACED SOME DEVELOPMENT HURDLES Work on the Chrome version started last year after the original NoScript for Firefox version was ported from the old Firefox XUL API to the more modern WebExtensions API, which is compatible with both Firefox and Chromium extensions systems. Everything almost fell apart in January this year, when Chrome engineers were planning to roll out a set of features that would have killed not only NoScript's ability to do its job, but also ad blockers and other similar extensions that needed to interact with JavaScript resources. Google backtracked on some of its proposed changes following a huge backlash from both users and extensions developers, and today we have the first version of NoScript for Chrome. Nonetheless, Maone still fears that some of Google's planned changes, even in their current form, will still eventually impact NoScript in the long-run. "I and other worried developers are [still] lobbying Google to rethink this plan," Maone told ZDNet today. "Some concessions have already been done, but I'm also studying alternative approaches for the worst case scenarios." But in spite of some looming problems, the Chrome port is almost identical with the Firefox (Tor Browser) version, in terms of blocking/whitelisting abilities, and settings section. NOSCRIPT'S XSS PROTECTION NOT AVAILABLE IN CHROME VERSION "Talking about differences across supported browsers, the code base is now is exactly the same," Maone told ZDNet. "But on Chromium, I had to disable, at least for the time being, NoScript's XSS filter." Below is an image of NoScript's XSS filter showing an alert in the Tor Browser, a feature not available in the Chrome version, according to Maone. "Chromium users will have to rely on the browser's built-in 'XSS Auditor,' which over time proved not to be as effective as NoScript's 'Injection Checker'," Maone told us. "But the latter could not be ported in a sane way yet, because it requires asynchronous processing of web requests: a feature provided by Firefox only. "To be honest, when Firefox switched to the WebExtensions API, which was largely inspired by Chrome, Mozilla made me contribute to its design and implementation in order to ensure that it supported NoScript's use cases as much as possible," Maone said. "Regrettably, the additions and enhancements which resulted from this work have not been picked up by Google." A STABLE RELEASE EXPECTED IN JUNE Currently, NoScript for Firefox has over 1.5 million users, and the expectation is that the Chrome version will pick up even a bigger following due to Chrome's larger userbase. "I'm very satisfied of this first public Chromium-compatible NoScript's beta (10.6.x). I plan to bless NoScript 11 as a 'stable release for Chrome' by the end of June," Maone told ZDNet. "I feel the urge to thank the awesome folks at the Open Technology Fund for the huge support they gave to this project, and before that to NoScript's WebExtension migration," Maone added. "And I'm excited that under the same umbrella Simply Secure will start working next week on improving NoScript's usability and accessibility." Source Link to comment Share on other sites More sharing options...
Starting today, the NoScript Firefox extension, a popular tool for privacy-focused users, is also available for Google Chrome, Giorgio Maone, NoScript's author, has told ZDNet. The NoScript Chrome port, on which Maone has worked for months, is now available from the official Chrome Web Store, via this link. USERS HAVE BEEN ASKING FOR A CHROME PORT FOR YEARS NoScript's availability for Google Chrome will make many people happy. The extension has a mythical status among privacy-minded users, who have dogged Maone for a Chrome version for years. The original Firefox add-on was launched on May 13, 2015, to rave reviews. At the time, it was introducing a novel concept that a browser add-on could intercept and block the loading or execution of dangerous or unwanted JavaScript code. The extension gathered a huge following across the years, and because of its unique features, it has also been selected as one of the very few add-ons that come built into default installations of the Tor Browser. It is also one of the most-used and must-use extensions in the arsenal of security researchers that visit sites with malicious code, as the extension can prevent the execution of some exploits. It's for these reasons that users have been asking Maone for a Chrome port for years. NOSCRIPT FOR CHROME FACED SOME DEVELOPMENT HURDLES Work on the Chrome version started last year after the original NoScript for Firefox version was ported from the old Firefox XUL API to the more modern WebExtensions API, which is compatible with both Firefox and Chromium extensions systems. Everything almost fell apart in January this year, when Chrome engineers were planning to roll out a set of features that would have killed not only NoScript's ability to do its job, but also ad blockers and other similar extensions that needed to interact with JavaScript resources. Google backtracked on some of its proposed changes following a huge backlash from both users and extensions developers, and today we have the first version of NoScript for Chrome. Nonetheless, Maone still fears that some of Google's planned changes, even in their current form, will still eventually impact NoScript in the long-run. "I and other worried developers are [still] lobbying Google to rethink this plan," Maone told ZDNet today. "Some concessions have already been done, but I'm also studying alternative approaches for the worst case scenarios." But in spite of some looming problems, the Chrome port is almost identical with the Firefox (Tor Browser) version, in terms of blocking/whitelisting abilities, and settings section. NOSCRIPT'S XSS PROTECTION NOT AVAILABLE IN CHROME VERSION "Talking about differences across supported browsers, the code base is now is exactly the same," Maone told ZDNet. "But on Chromium, I had to disable, at least for the time being, NoScript's XSS filter." Below is an image of NoScript's XSS filter showing an alert in the Tor Browser, a feature not available in the Chrome version, according to Maone. "Chromium users will have to rely on the browser's built-in 'XSS Auditor,' which over time proved not to be as effective as NoScript's 'Injection Checker'," Maone told us. "But the latter could not be ported in a sane way yet, because it requires asynchronous processing of web requests: a feature provided by Firefox only. "To be honest, when Firefox switched to the WebExtensions API, which was largely inspired by Chrome, Mozilla made me contribute to its design and implementation in order to ensure that it supported NoScript's use cases as much as possible," Maone said. "Regrettably, the additions and enhancements which resulted from this work have not been picked up by Google." A STABLE RELEASE EXPECTED IN JUNE Currently, NoScript for Firefox has over 1.5 million users, and the expectation is that the Chrome version will pick up even a bigger following due to Chrome's larger userbase. "I'm very satisfied of this first public Chromium-compatible NoScript's beta (10.6.x). I plan to bless NoScript 11 as a 'stable release for Chrome' by the end of June," Maone told ZDNet. "I feel the urge to thank the awesome folks at the Open Technology Fund for the huge support they gave to this project, and before that to NoScript's WebExtension migration," Maone added. "And I'm excited that under the same umbrella Simply Secure will start working next week on improving NoScript's usability and accessibility." Source
steven36 Posted April 12, 2019 Share Posted April 12, 2019 Google don't want them tracking you with JavaScript no way they have another way websites can track you without ruining your user experience with . So using this want help you at all because newer versions of Chrome, Safari, and Opera will no longer allow you to disable hyperlink auditing, https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing This is noting Google done to improve your privacy you been able to block JavaScript in Chrome for ages with other extensions . They are all kinds of backdoors in browsers and Google and Apple are removing the settings to close them . It does no good to close 1 backdoor when you have like a 100 more open . other browsers that use NoScript by default like TOR Browser try to close all back doors they find, closing 1 is just a false sense of security. Someone need to make and extension to block hyperlink auditing now if they can . Blocking JavaScript is nothing new they had uMatrix witch is a fork of and extension that could do the same thing that it can do that was out before they had one . uMatrix was a Chrome extension ported to Firefox latter . Extensions that block JavaScript are a hindrance to user experience anyway because they break more stuff than they fix . So if you worried about your privacy to the point and extension is needed to block JavaScript why not use a browser that will let you close known backdoors yourself or just use Tor browser witch try to close them for you? I have 2 browsers with Extensions that block JavaScript and 2 that don't when I'm watching videos and things i don't want too have to configure and Extension so and Adblocker and popup blocker is good enough . Link to comment Share on other sites More sharing options...
IronY-Man Posted April 12, 2019 Share Posted April 12, 2019 3 hours ago, steven36 said: hyperlink auditing Trace Extension is available for both now , but chrome port works better cos fox add-on culture is in state of pandemonium right now ! It supports that many more things with sources where you can verify its work but it becomes a nightmare sometimes on sites that use the new recaptcha v3 or even v2 !! The new No-script addon is totally weak as compared to what it was , uMatrix is much better option ! Link to comment Share on other sites More sharing options...
steven36 Posted April 13, 2019 Share Posted April 13, 2019 10 hours ago, IronY-Man said: Trace Extension is available for both now , but chrome port works better cos fox add-on culture is in state of pandemonium right now ! It supports that many more things with sources where you can verify its work but it becomes a nightmare sometimes on sites that use the new recaptcha v3 or even v2 !! The new No-script addon is totally weak as compared to what it was , uMatrix is much better option ! I got stuff in my host files on Linux that do better a better job . Auto Host Automate hosts file updates on Linux and MacOS. Block Firefox telemetry, Google snooping and web trackers at the root. Hosts file are a useful redundancy when coupled with ad blockers like uBlock Origin and uMatrix - while debugging or 'Temporarily Allow All on this Site' with Noscript can open you up to underlying attacks or privacy intrusions. In-browser filters won't protect you if the browser itself is phoning home. If you have an up-to-date hosts file, the risk is severely lessened. https://github.com/angela-d/autohosts So I'm protected better than most with just using and adblocker. Just host-files only work in normal browsers , tor browser bypasses host files and ip blocking so you need script blocker in it but with normal browsers im good with just and adblocker . also +1 most exploits are made for windows users but Linux has them sometimes but not much. Link to comment Share on other sites More sharing options...
erp-ster0 Posted April 13, 2019 Share Posted April 13, 2019 I had been using ScriptSafe in Google Chrome for a few years and I'll give the Chrome version of Noscript a shot Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.