[shapov]

> there is no evidence that NoScript itself is harmful

The article states that every time the plugin updates, it automatically opens up a webpage that serves malware. So technically the article is not wrong. NoScript forces your browser to open a malicious page, therefore it can be considered itself harmful.

[josefx]

> serves malware

It opens a page with an advertisement link for "Speedup My PC", not even the article claims that it serves malware, just that it "promotes" it. Going by the description of the detected malware signatures Speedup My PC isn't even harmfull by itself, it just is snake oil with no real use bejoind selling its own license.

Unless you click the link, download the exe, install it, fall for the detected issues notification and then proceed to buy a license nothing will happen.

[Houshalter]

Some users will fall for it though. The author wouldn't do it if they didn't make money from it. I think it's wrong to support such shady stuff that will harm some percent of its users.

[Dylan16807]

Even "harm" is a bit of an overstatement if josefx is right, because if anyone pays money they do so on purpose, and they get value back in the form of the extension.

[Dylan16807]

It opens a webpage that has an ad link to malware that must be manually installed. That's not a malicious page.

[carterehsmith]

Sure.

Now, the question is, do I trust a plugin that serves ads for malware?

BTW any info on when did they start doing that?

[revanx_]

Source code for NoScript is available, if you manually update and compare the code you should be safe.

[croon]

Sure, but trust is widely used in security, in exchange for dramatically higher usability/productivity.

If I were to personally inspect every software (and hardware where possible) I use I would barely be up to date on 1995 versions of computing.

I outsource this trust to an aggregation of online communities I believe in. This post dramatically lessens my trust in NoScript.

[wtallis]

Do you place any trust in Mozilla's add-on review process, which NoScript is subjected to? https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Revie...

[croon]

Absolutely. To the extent it's servicable. I however don't trust every app on Apples appstore merely for passing review. I wouldn't be too scared to still use NoScript, but if there are alternatives why would I?

[steanne]

the release notes page? there's a checkbox for "display the release notes on updates".

[qbrass]

When you first install it, you have to restart Firefox to complete the install and access the config menu. When you restart Firefox, it automatically loads the Noscript website to display.

You have to disconnect from the internet, restart Firefox, let it fail to load the page, then go to the settings menu and uncheck the box.

[posterboy]

That's funny. I have never seen the ad, I think, because NoScript blocks it by default, can't imagine this self defeating practice yields any substantial income.