Snos - do you use SpyBot’s Tea Timer memory resident feature? When I run SpyBot these days there is hardly every anything there as Tea Timer has caught them first.

And with entrecard sites - is it best to only temporarily allow a site or permanently allow a site?

I can understand how to use this but because I don’t really get what’s okay and what’s nasty out there, I’m figuring just willy-nilly allowing scripts is going to defeat the purpose of having no script. So I’m just trying to get it clear in my head what to do here.

Thanks.

The only way you can tell if you have a keylogger is to use a specific piece of software that checks to see if anything is trying to access the net. Most keyloggers are completely untraceable by virus software and with good reason - if you’re using net nanny for your kids, you don’t want the virus software telling them it is on there. The same goes for software that opens the back door to your computer.

I have AVG antivirus here on my computer. It did not tell me that there was a javascript exploit, it did not warn me. I only found out when I ran spybot which is a little program I use daily. Then we spent a good couple of hours looking at the code of the exploit, trying to work out what it was trying to do.

Like I said, most people never know they have a KL on their computer - most people never know that they are vulnerable, most people believe in their antivirus software and trust that it is protecting them. Most people only find out when weird stuff starts happening.

You should only have small obstacles once you have been using the software for a little while. That’s because generally you visit the same sites over and over and you’ll have either approved or not approved what they run. You’ll have a small core list of scripts you allow (statcounter type ones, entrecard, etc) and you won’t allow the rest.

The only time I have the pinprick these days is when I visit a new site. I only ever allow the site - I don’t allow new scripts on new sites - and once you have allowed the site you never need to do it again for that site.

Perhaps if you combine it with adblocker it might make less work, because I’d say the majority of scripts on new sites you go to will be ads.

Maybe there is a way to allow sites, but not scripts globally? That might solve it for you.

The thing is, it’s just not like a needle to me. It’s not a pinprick because after half an hour of using it I am so frustrated by the obstacles it puts in my way I want to scream. (Obviously, I tried it for much longer than half an hour though.) It’s terrible for my productivity, and that’s bad enough already.

Sephy, if you set it to allow scripts globally, but have populated the pseudo blacklist, will those scripts on the blacklist still be blocked? I could live with that and would be prepared to invest my time and energy in building and maintaining that blacklist. Otherwise, is there a blacklist alternative to using noscript’s whitelist method?

I’ve been a scambaiter since 2004 or so now. A long time. The things I have seen scammers do in that time to people you honestly would not believe. Theft of money, theft of identity, theft of trust, and even murder.

The next big thing in the scamming world is identity theft and also hacking into people’s email or websites. There’s been a scam lately where they get into your email account and then send email to all your friends and family pretending they are you, saying you’re in trouble / danger and you need money. Imagine the pain of having to explain that to everyone. Imagine the even worse pain if someone you know and love did send money - a substantial amount of money, even. That has happened to many people - many of them elderly grandparents who were worried that their grandkids were in danger.

If they can get your banking information, your email password(s) or even just information on you that allows them to “borrow” your identity, life could be a big mess for a long time. Some people never recover their credit rating and it can go on for years - imagine never being able to get a loan if you needed it, and black marks on your credit record which you never created yourself. You do the time for someone else’s crime.. Some people lose their email accounts and are blackmailed by the scammers to get them back - imagine having to contact everyone you’ve ever emailed and letting them know you have a new email address because your last one is being held hostage. Imagine your bank account info being used to create fake checks that are sent all over the world.

The pain involved in any of the above, I can’t even get into. Some victims literally lose everything - they end up killing themselves. Many lose thousands, hundreds of thousands, and in some cases millions.

Compared to that kind of pain, a moment to reload the page is nothing. These exploits have been used in the past to steal all the passwords saved in browsers (and I don’t know about you but I rely on that myself because I have 60 zillion passwords), to install nasties on people’s computers like keyloggers (enabling the scammers to get every keystroke you type in emailed to them and you will never, ever know that this is happening until you start to get the bills you never agreed to pay) and to open backdoors onto people’s computers.

Scammers are also getting into social networking to find new victims, and they are starting up their own blogs. In some cases they steal the content - pretending to be someone they are not in order to scam people. They create fake banking websites. They’ll do anything to get what they want - and what they want is your money, because they don’t want to have to work for it.

I know it seems like a pain to use it. The truth is, I would never NOT use it, because I know the pain that can be caused far exceeds that momentary little pinprick. It’s like a vaccination. I hate needles, but I know I’d hate getting any of the diseases a vaccine can protect me from, so I do it because I have to.

Not only that, but some people just don’t know too much is enough, and they load up their pages with all kinds of shyte scripts that I am not interested in loading. You may not know what they are for - my rule is, if I don’t know what it does, I don’t allow it. And that’s the bottom line.

I probably have too many ones that I know what they are allowed - I might go through and cut them back. For example I noticed I’d allowed the Izea real rank one but I no longer trust that company, so I’m going to get rid of it.

Cheers,
Snoskred

1. Although you supposedly save on load, in my experience reloading pages time and time again to allow each script actually increases it.

2. Many places I visit are on subdomains. I could allow blogspot, for example, to avoid the annoyance of having to deal with scripts every time I visit blogs I read daily there, but there are other pages on blogspot that are not trustworthy so it would defeat the purpose of running no script. They could have malicious scripts within their blog.

3. Having to deal with scripts every time I open a page is excessively tedious and time consuming. Yes, sometimes I could just leave it everything blocked, but I want to see what I’m getting when I open a page, and the script lists tell me nothing. It’s not always obvious what blocked scripts are hiding. (amazonaws, for example, isn’t exactly intuitive when you’re wanting to allow Entrecard).

4. Because the script lists mean nothing to me, it is highly likely that I would allow bad scripts anyway because I don’t know what they are for.

All in all, knowing the risks, the aggravation of my computer being corrupted (which can be easily fixed with proper backups in the worst case scenario) is far less than the aggravation of trying to go about my daily web travels having to deal with this every single time I load a site.

This seems really negative (and possibly technically ignorant) but I really appreciate that you took the time to write this. I even want to be able to use noscript, but the experience of using it is so painful that it just doesn’t seem like a solution.

Bit of a bummer for advertisers if more and more people use it though.

I’m downloading it now so perhaps it’ll get clearer as I begin to play with it?