| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by hooby 1059 days ago

I can't speak for anyone else besides myself, so I can't answer the question "what is HNs obsession".

But I can share my thoughts on NoScript:

An ad-blocker acts as a blacklist of sites/domains which are not allowed to run JavaScript in your browser. So basically everything is allowed by default - and the plugin downloads a list of known sites/domains that serve ads, track you, serve malware etc. That list is curated by someone else - and with the goal of disabling as many ads as possible while breaking as little site functionality as possible.

NoScript allows you to manage a whitelist of sites/domains which are allowed to run JavaScript in your browser. So by default everything is forbidden - and only sites/domains explicitly added to that list can run JS. And you have to curate that list yourself - so it's up to you to add sites/domains to those you want to trust permanently/temporarily. This is more involved, requires more effort, and many sites will break - loosing legit features, sometimes even breaking static content.

So, there are some parallels in there - one is a general blacklist that's remotely managed for you - and the other is a whitelist that you have to manage on your own.

You get more control and more security - at the cost of increased hassle, as many sites will just be broken out of the gate, and some will still be broken even after you (temporarily) allow first-party scripts a CDN or two. Some less recommendable sites need JS from 20+ domains (some of which dynamically load in even more domains) to work, while other sites work perfectly fine with just first-party scripts allowed and nothing else. For me that's interesting to know.

But you also get to see and learn a lot about what's going on under the hood, which might be interesting too, if you work in the field.

It's up to everyone to decide for themselves, whether that's worth the hassle - for most people it's probably not. But if you are technically minded and have already gained a little bit of experience with NoScript - the hassle isn't actually that great.

All pages you use regularly will be permanently whitelisted - many other pages can deliver you their static content fine even without JS - lots of pages are pretty easy to whitelist temporarily in just a few clicks - and the rest are often best to stay away from anyway.