❌ Software Removal | NoScript #1638

New Issue

2020-01-08T21:20:10Z

smnthermes commented

2020-01-08 21:20:10 +00:00

(Migrated from github.com)

Description

Its developer has been engaging in dishonest and malicious pratices: https://liltinkerer.surge.sh/noscript.html.

Also, uMatrix is superior anyway.

## Description Its developer has been engaging in dishonest and malicious pratices: https://liltinkerer.surge.sh/noscript.html. Also, **uMatrix** is superior anyway.

👍 1

stoically commented

2020-01-13 18:37:29 +00:00

(Migrated from github.com)

3 / 42
Only a few scan engines detected this file as a threat. If you think it might be a false positive, find out how to contact the engine vendor on our blog.

That is one hell of a "definitely". The only specific entry has it as "Riskware/SpeedUpMyPC" which, after a quick google, states it is "unwanted software". Pro tip: if you don't want it, don't install it, NoScript certainly does not force or trick you to install it.

https://news.ycombinator.com/item?id=12624000

And there was this other drama were NoScript circumvented ABP lists, the authors reply was: https://hackademix.net/2009/05/04/dear-adblock-plus-and-noscript-users-dear-mozilla-community/

> > 3 / 42 > > Only a few scan engines detected this file as a threat. If you think it might be a false positive, find out how to contact the engine vendor on our blog. > That is one hell of a "definitely". The only specific entry has it as "Riskware/SpeedUpMyPC" which, after a quick google, states it is "unwanted software". Pro tip: if you don't want it, don't install it, NoScript certainly does not force or trick you to install it. https://news.ycombinator.com/item?id=12624000 And there was this other drama were NoScript circumvented ABP lists, the authors reply was: https://hackademix.net/2009/05/04/dear-adblock-plus-and-noscript-users-dear-mozilla-community/

ghost commented

2020-01-13 20:55:45 +00:00

(Migrated from github.com)

Why should an addon be removed from ptio when itself is not affected by the website's advertising?

Mikaela commented

2020-01-13 21:17:26 +00:00

(Migrated from github.com)

Do I understand correctly that the argument for removal is 4 years old case? Or is there still wrongdoing on the part of NoScript?

stoically commented

2020-01-13 21:25:35 +00:00

(Migrated from github.com)

Do I understand correctly that the argument for removal is 4 years old case?

Yes

Or is there still wrongdoing on the part of NoScript?

Afaik, imho, no. If there were something substantial problematic with NoScript, it wouldn't be a part of Tor Browser anymore at this point.

> Do I understand correctly that the argument for removal is 4 years old case? Yes > Or is there still wrongdoing on the part of NoScript? Afaik, imho, no. If there were something substantial problematic with NoScript, it wouldn't be a part of Tor Browser anymore at this point.

👍 1

Mikaela commented

2020-01-13 21:30:50 +00:00

(Migrated from github.com)

Looking at the website at a bit more closely, I have to agree that it's a bit questionable.

this advertisement still exists, however it goes to 404 error for me.
*
- military grade encryption sounds alarm bells in my head and utm_source=aff-6398-noscript.net sounds suspicious to me and I am not confident PureVPN fullfills our VPN criteria (if it did, someone would surely have suggested it to us already?), but I am not interested in digging into it right now.

Based on previous delisting of https://github.com/privacytoolsIO/privacytools.io/pull/1560, I think the second point might be ground for delisting, but...

Afaik, imho, no. If there were something substantial problematic with NoScript, it wouldn't be a part of Tor Browser anymore at this point.

...but as it's included in Tor Browser (which we do recommend) and I am sure Tor project is thinking more about what they include in it than we are, I would be hesistant to outright remove it.

@dngray What do you think being the author of #1560?

Looking at the website at a bit more closely, I have to agree that it's a bit questionable. * ![kuva](https://user-images.githubusercontent.com/831184/72293225-f8ed4300-364a-11ea-81db-3729534a3df0.png) this advertisement still exists, however it goes to 404 error for me. * ![kuva](https://user-images.githubusercontent.com/831184/72293275-16221180-364b-11ea-8672-a193e2ffb9f4.png) - *military grade encryption* sounds alarm bells in my head and `utm_source=aff-6398-noscript.net` sounds suspicious to me and I am not confident PureVPN fullfills our VPN criteria (if it did, someone would surely have suggested it to us already?), but I am not interested in digging into it right now. Based on previous delisting of https://github.com/privacytoolsIO/privacytools.io/pull/1560, I think the second point might be ground for delisting, but... > Afaik, imho, no. If there were something substantial problematic with NoScript, it wouldn't be a part of Tor Browser anymore at this point. ...but as it's included in Tor Browser (which we do recommend) and I am sure Tor project is thinking more about what they include in it than we are, I would be hesistant to outright remove it. @dngray What do you think being the author of #1560?

👀 2

dngray commented

2020-01-14 06:59:56 +00:00

(Migrated from github.com)

The virus total link seems to be inaccurate as there does not appear to be any issues

The AMO link is checked anyway which is really where you should be getting it from. So you really do not need to visit the noscript.net website.

Additionally the source code is available on Github: https://github.com/hackademix/noscript/

I don't support removing it, even though I prefer uMatrix myself blocking in 1st party mode. Noscript s a simpler option for those who don't need as granular configuration and is certainly better than nothing.

The Tor Project still includes it so there's obviously no issues there. It is also included in the Debian, Archlinux, Fedora, CentOS repositories and a variety of other distributions.

The [virus total link](https://www.virustotal.com/gui/file/1beb01e5089fd91ee5fc525b1175a5ba310d38c218d78b8aad48b824fa749670/detection) seems to be inaccurate as there does not appear to be any issues The [AMO link](https://addons.mozilla.org/en-US/firefox/addon/noscript/) is checked anyway which is really where you should be getting it from. So you really do not need to visit the noscript.net website. Additionally the source code is available on Github: https://github.com/hackademix/noscript/ I don't support removing it, even though I prefer uMatrix myself [blocking in 1st party mode](https://github.com/gorhill/uMatrix/wiki/How-to-block-1st-party-scripts-everywhere-by-default). Noscript s a simpler option for those who don't need as granular configuration and is certainly better than nothing. The Tor Project still includes it so there's obviously no issues there. It is also included in the Debian, Archlinux, Fedora, CentOS repositories and a [variety of other distributions](https://pkgs.org/download/noscript).

This repo is archived. You cannot comment on issues.