I don’t do as much web surfing as I once did on my laptop (Apple), but I do some.
I used to think that the NoScript add on was an important part of basic internet security. But it’s incredibly inconvenient these days; sometimes forms and entire sites don’t work, and I have to temporarily whitelist a bunch of servers, and sometimes even after they’re all whitelisted, it STILL doesn’t work. And I’ve heard stuff that makes me question whether it’s really necessary these days.
Does having NoScript offer a significant amount of internet security protection these days? Or could I turn it off and not see a significant difference in my general risk level (assuming all other measures stay the same, of course)?
IMO, it was never worth it. Javascript turned the web from static pages to dynamic applications. Disabling Javascript is pretty much disabling all progress on the web for about two decades.
Install uBlock Origin and Privacy Badger. Get rid of NoScript. It’s useless if you’re just going to whitelist things as you come across them anyway.
I still use Noscript, and I think it’s great. Unknown domains are blocked automatically. In other contexts, it was also pretty useful for detecting yandex SEO hackers infiltrating a website I used to oversee.
I do also like seeing what nonsense crops up and managing my own privacy. If you’re disinterested in that and want an automatic experience, I suspect the post above me has the length of it. But for me, this remains the way to go. I like to stay abreast of this sort of thing.
Back when I used NoScript, I didn’t generally leave JavaScript off for any pages that I actually had any reason to interact with. I mostly used it to prevent third-party scripts from running, And, even to this day, there are only a few sites that I would ever need to directly interact with, so making forms not work was never that big a deal.
But with all the improvements in adblocking to block trackers and malware scripts, browser fixes for clickjacking, badsite lists, popup/under bllocking, and so on, I no longer think NoScript is worth it. Just get uBlock Origin and enable the protection stuff, and make sure you use the security settings in your browser–in Chrome, the medium option is fine.
There was perhaps a case to be made back when dynamic pages were a pretty new thing, and there were usually fallbacks available. Allowlisting wasn’t a huge deal and maybe there was some value in just blocking everything by default. But it’s been a pretty long time since that was true. And at most it would have only caught a pretty narrow slice of vulnerabilities. Image parsing errors and the like were always more serious, IMO.
In the limited time I actually used NoScript, one of the biggest annoyances is that it applied a low level of brokenness to everything. “Responsible” developers that used JS for simple form checking, etc. were blocked too, but as a user I just found that buttons would stop working, or I couldn’t fill in certain fields, etc. Was it a crappy broken web page or was NoScript interfering? Often the latter, but hard to tell.
I used NoScript until FireFox became unusable for me, and I had to switch to IE and then Edge. It worked ok with the old SDMB except when posting – which I didn’t do much of. But towards the end one of the important JavaScript libraries decided to break non-supported browsers (they were probably one of the first major players to decide that ‘non-supported’ means ‘we will deliberately break’), and pages started unloading when the library broke. NS was trying to catch up by adding script surrogates but they were behind the pace at that point.
Then I had to give up on FF, and there wasn’t a NS version for IE or Edge.