cloudflare.com, hotjar.com, jsdeliver.net, tiqcdn.com, ytimg.com
Does anyone know anything about these? These are instances which NoScript finds on some websites.
For example google-analytics has been talked about negatively on this forum, because of what it does.
On a related note: when NoScript finds youtube.com on a website; is that a reason to be turned off?
also googletagmanager.com
Hotjar is a surveillance company and a tax evasion scam based on Isle of Man. They embed session replay scripts on sites that send keystrokes and mouse movements to the HQ.
Cloudflare:
https://notabug.org/crimeflare/cloudflare-tor
> when NoScript finds youtube.com on a website; is that a reason to be turned off?
Better use uMatrix and uBlock Origin. Then you can block all 3rd party requests (and JS too) and allow only ones which you really need on a case by case basis.
Mymy. Bad stuff around every corner I see.
BTW, zigote, I believe you misunderstood my question and/or are not aware of what JS can do. On the same note I don't believe uBlock Origin has the possibility to block out individual JS instances like NoScript has.
edit typo: "aware of what NoScript* can do"
I write JS sometimes so I am aware what JS can do.
> I don't believe uBlock Origin has the possibility to block out individual JS instances like NoScript has.
Don't believe. Check.
You can block individual .js files as well as inline JS + things you cannot block with NoScript. It is a universal network request blocker.
I'll be sure to check it out!
Anyway what I meant originally was;
"should *I* (as in the person I am) be *turned off* (as in a feeling of distrust) if NoScript lists youtube.com as a JS instance".
Now... sometimes I shoot out questions I really "know the answer" to. But I find other people's elaborations may inform me of something I haven't taken into consideration.
> "should *I* (as in the person I am) be *turned off* (as in a feeling of distrust) if NoScript lists youtube.com as a JS instance".
Chances are this means that the webpage has an embedded YouTube video. Whether this is a "turn off" is for you to judge for yourself.
> You can block individual .js files as well as inline JS + things you cannot block with NoScript. It is a universal network request blocker.
Thanks for the tip. I had been using uBlock Origin passively as an ad-blocker without realizing that it can also do the things I use NoScript for (and more). I've removed NoScript and am now using uBlock Origin for everything.
uMatrix can also block scripts and has even more flexibility in regards to blocking or whitelisting only particular resources. I use both uMatrix and uBO. In my setup it is multilayer:
1. Block JS in the browser itself (and allow it only for particular sites temporarily)
2. Block 3rd party (and known bad host) requests using uMatrix
3. Block everything else (content etc) with uBO
I see no need for any other extensions whatsoever.
You can also use your hosts file to block lots of unwanted websites.
Adblockers are using that, to prevent those website to be loaded (okay, adblockers also hide, delete some parts of the websites to keep the page clean).
You can use this[1] hosts file and most of the things will be blocked by default on all your applications.
Bonus: if you can edit the hosts file of your router, all devices connected to your router, will also be protected from those domains even if you don't(or can't) use an adblocker :)
On problem with this approach is, if you use Tor, it will bypass the hosts file of your router...
> On problem with this approach is, if you use Tor, it will bypass the hosts file of your router...
Exactly. While it is still possible to use:
https://2019.www.torproject.org/docs/tor-manual.html.en#MapAddress
it is not recommended.
What is also a big cons of hosts file approach is that you can't block 3rd party HTTP requests which is essential to online privacy.
"What is also a big cons of hosts file approach is that you can't block 3rd party HTTP requests which is essential to online privacy."
What do you mean by that? Can you explain this?
I'm using hosts file(not for Tor or TorBrowser, but to other software). And 3rd party HTTP calls are also blocked(tracking, ad, ...)
Of course some sites are broken, who depends on those blocked 3rd parties.
Suppose the following HTML hosted on example.com (I am deliberately adding syntax error because otherwise the forum attempts to display the images):
[img src="pic.jpg">
[img src="http://facebook.com/tracking-pixel.png">
The first image creates a 1st party HTTP request (to example.com).
The second one creates a 3rd party HTTP request (to facebook.com) as a result of which the 3rd party receives your IP address, can fingerprint your browser and can also set cookies (if you have 3rd party cookies enabled in browser settings).
With uMatrix and uBlock you can set a global policy to block 3rd party requests by default and enable only those which you want.
> I'm using hosts file(not for Tor or TorBrowser, but to other software). And 3rd party HTTP calls are also blocked(tracking, ad, ...)
Consider again the example from above.
If your hosts file has a line:
0.0.0.0 facebook.com
that would certainly block the request to FB. However it is not because it is a 3rd party request but because the domain is simply in your blacklist. Only the browser knows what is 1st or 3rd party. The DNS (hosts file) is merely for name resolution.
Thank you for the clarification.
Yes of course.
When using hosts file, it will just block the requests to that domain.
> When using hosts file, it will just block the requests to that domain.
And unless you add all possible subdomains you are really blocking *only* the domain.
With uM/uBO you can easily control subdomains too.