Actually, on reflection, I’m not sure why I’m arguing with you lol. There is certainly some overlap between the two addons, but they are both good tools in their own right and there’s nothing wrong with running both if desired.
The problem with blocking scripts is that you’ll never know what you’re missing.
When I make a fantastically useful website feature with javascript, I still have to make sure that people without javascript enabled can still do the same things.
So on any decent website, with js turned off you’re not going to encounter errors or anything, you’ll just be getting a less functional version, and you’ll have no real way of knowing.
The “Quick Reply” box I’m typing in right now is an example. When I submit this form, my reply will get submitted and will appear above, without making me leave the page. So when I hit the “Back” button, I won’t go back to the same thread or a “post reply” form, I’ll go back to to the board. This is a tremendously useful feature, and is entirely based on javascript. If I had js turned off, clicking the submit button would take me to a new page, screwing up the whole back-button dynamic.
Things like this are all over the place. Any time you click something on a site and something changes without you leaving the page, that’s probably javascript. Having to “whitelist” every single feature is, besides being impossible, ridiculous.
It’s akin to disabling all images in the browser to avoid seeing ads. You might love the fact that you see no ads, and things might “seem” fine to you, but you have absolutely no idea what you’re missing.
“Guilty until proven innocent” isn’t a good protection schema in situations like this. Specific ads and scripts should be blocked, not the other way around.
That’s about half the reason why I use it. Much of the Web is filled with inane flashiness that doesn’t really do anything – beauty of it or not. Rotating graphics? Hopping kitties? No thanks, if I want sound, video, or other action I’ll ask for it. And I frequently do, but not from every Web page. If I’m there to read an article, I don’t need functionality, and your hypnocoins aren’t keeping me there longer (they’re annoying me). (Er, that’s the generic “your,” not directed at you.)
Which bizarrely undercuts you first point. It took a few sessions with NoScript to tell when a well-designed Web site lets me get around without JS, and when I needed to enable it. I’m not missing anything but a bunch of useless bandwidth-hogging hoop-de-dos and a lot of ad tracking.
The ad tracking is the other reason I use it. Anyone know if there is a way to get it to block, say, doubleclick, and never ever ask me again?
How do you unlock your car door?
Do you use the key, or the wireless remote fob? Because, if you can use a key, the remote is just needless fluff. Why would they even make the remote when the key works perfectly well?
Rotating graphics and hopping kitties are GIFs or Flash. Sound and video are also Flash. None of these things are javascript. Javascript is used to make anything interactive easier. Yes, you can get by without it (using the key), but if you choose to be ignorant to the rest of the world (remote fobs) you, as I say, don’t know what you’re missing, and you’re missing a lot.
Tell that to the crapulant programmers out there. There are a lot of hopping kitties out there.
What functionality? It’s not like the two seconds it takes to enable a commerce site to filter results or display a map is that much of an effort. But there’s little functionality that I don’t realize is there on the vast majority of pages in which I just want to read text or look at static images. Again, it’s really easy to toggle permissions on regularly visited pages (i.e., the Dope), but for the vast majority of once-or-twice visited pages?
If you’re not going to modern, web2.0ish sites like Digg, Facebook, et al suit yourself. I would have to charge a consulting fee to explain all of the ways that js makes those sites much more usable with any more specificity than “nearly every way imaginable.” On more static sites, the function of js is less noticeable and integral.
The same arguments you make could be made for disabling all images, or colors, or defaulting every font to Courier New.
As I said, I’m a javascript programmer and to me, someone intricately familiar with everything it can and can’t do, having any more than a passing fear of it (especially in Firefox) seems exactly like how everybody was afraid their microwave was going to blow up on jan 1, 2000. If you have a very slow internet connection or a very, very slow computer, disabling javascript can be beneficial, but in any other situation you’re just hindering your experience with no real benefit.
With script blocking disabled in NoScript, you’re still protected from the real security risks (XSS, clickjacking, etc), so there’s no need to fiddle with settings on a per-site basis.
Imagine going to a restaurant where the chef would ask you if it’s OK to add every ingredient before he started cooking your meal (“Are you alergic to tomatoes? To mozarella cheese? To monteyry jack cheese? To wheat? To wheat flour?”). Or even worse, if you had a “whitelist” of allowed ingredients you’re alright with. You might be able to receive some decent meals, but you wouldn’t know what kind of wonderful flavors and ingredients you’d be missing. That’s why, in a restaurant situation, a “blacklist” is used instead. If you’re allergic to something, you say so up-front.
Web filtering should be the same way. Assume everything is good, except for a blacklist of things you don’t want (ads or scripts from a set of known advertisers), and you won’t be missing out on anything.
When you’re on a site that connects to doubleclick, and doubleclick is currently being blocked, you can go to the Untrusted option in the main NoScript pop-up menu and tell it to mark doubleclick as untrusted.
wierdaaron, I get what you’re saying and I understand it. Well-designed, legit sites use JS well. The thing is, it takes less than a second to whitelist a site I know I’ll be using often, and the default blocking of the non-legit sites is more useful to me than that second. I once visited a page that had something like six adware hooks monitoring it; while I could be cautious about what pages I visit and not expose myself to them, I find it easier and more convenient to set up a bouncer. Once I tell the bouncer to let the good sites through, he’ll always let them in from then on. It’s not like NoScript means NO JAVASCRIPT DISPLAYED EVER.
Sorry for the multiple posts.
There are people for whom, if a whitelist in a restaurant like this were possible, it would be the greatest thing ever. But it’s not really feasible as such, until technology advances to the point where you can swipe a card at a diner and get a menu customized to your preferences.
The biggest difference is that websites can and will serve up something malicious before you have a chance to know it’s there, whereas you can check with the waiter in a restaurant as to whether there’s anything bad in the meal.
If you didn’t have cilantro on your whitelist you would have starved to death in 1994.
Even today I can’t get away from it. 
So, the consensus seems to be that it’s annoying as hell at first (which I agree with) but becomes less annoying and more useful as time goes on. On the options for it, there’s usually an option to allow the ‘core’ site whilst blocking everything else, which seems to be working.
That past shenanigans does make me uneasy, although it’s not directed me to the noscript site yet.