[largbae]

Completely disabling JavaScript is a no-go these days. But Firefox+NoScript is both enlightening and refreshing. Did you know that CNN tries to run JavaScript from more than 30 domains on the front page, but is functional and ad-free after enabling 2 or 3?

The Add-on allows you to enable or disable specific domains serving JavaScript, and automatically save those preferences for later visits. I find that I only notice the add-on for a few days on a new device before it is tuned. After that, the only thing I notice is how slow and garbage-laden the same sites are when I'm on a computer without my setup using e.g. Chrome

YMMV but I have been NoScript-ing for 2 years and won't go back by choice.

[brycewray]

> Did you know that CNN tries to run JavaScript from more than 30 domains on the front page, but is functional and ad-free after enabling 2 or 3?

Might try https://lite.cnn.com.

[schiffern]

If you use uBlock Origin (and you should!), it can be configured to work in a similar way. NoScript does have some extra features though.

https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-qu...

https://github.com/gorhill/uBlock/wiki/Blocking-mode

https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-m...

[nolist_policy]

IMHO, NoScript is bad because it discourages you from browsing new sites. As you usually need to first spend 1 minute in the NoScript UI to get the site working.

This also makes it very impractical for day-to-day usage i.e. quickly googling something.

[bee_rider]

Without NoScript, I need to trust a site well enough to download and run programs from it, in order to check it out. With NoScript, I can at least try to use a site.

[DecoySalamander]

Without NoScript you trust your browser's sandbox to handle whatever arbitrary code is thrown into it. Same as with NoScript, really.

[nolist_policy]

And how exactly do you establish trust?

At that level of paranoia you should use a separate device. More secure and, more importantly, more time saving. It will pay off in no time.

Or perhaps use an operating system that provides stronger security guarantees like QubesOS or ChromeOS.

[bee_rider]

If you just browse a site for a little while you can see that it’s a real website, and get a general impression of the place. The set of sites that are both useful, and require JavaScript, is pretty small anyway. So, it isn’t a big loss.

> At that level of paranoia you should use a separate air-gapped device. More secure and, more importantly, more time saving. It will pay off in no time.

This is not a real suggestion, it is an attempt to make my easy middle-ground solution sound ridiculous and impossible by comparing it to something silly like air-gapping my computer. I’m not going for some unattainable perfection. I think the reason people bring this out is that they are uncomfortable with the fact that they are being careless and they want to make even the slightest bit of self-defense sound incomprehensible difficult.

[_a_a_a_]

> Completely disabling JavaScript is a no-go these days

Wrong. I use a browser in a VM when needed, and I don't do that very often, maybe once or twice a day. No ads, fast static text, low cpu, very safe, it's pretty damn good.

[pennomi]

If you need to dip into another browser once or twice every day, you’ve basically proved that you can’t in fact operate entirely without JavaScript.

[_a_a_a_]

ISWYM. I operate 95% - 98% without so, close. Am very happy with it.