cloudflare.com, hotjar.com, jsdeliver.net, tiqcdn.com, ytimg.com

16 risposte [Ultimo contenuto]
GrevenGull
Offline
Iscritto: 12/18/2017

Does anyone know anything about these? These are instances which NoScript finds on some websites.

For example google-analytics has been talked about negatively on this forum, because of what it does.

On a related note: when NoScript finds youtube.com on a website; is that a reason to be turned off?

GrevenGull
Offline
Iscritto: 12/18/2017

also googletagmanager.com

loldier
Offline
Iscritto: 02/17/2016

Hotjar is a surveillance company and a tax evasion scam based on Isle of Man. They embed session replay scripts on sites that send keystrokes and mouse movements to the HQ.

https://arstechnica.com/tech-policy/2017/11/an-alarming-number-of-sites-employ-privacy-invading-session-replay-scripts/

zigote
Offline
Iscritto: 03/04/2019

Cloudflare:

https://notabug.org/crimeflare/cloudflare-tor

> when NoScript finds youtube.com on a website; is that a reason to be turned off?

Better use uMatrix and uBlock Origin. Then you can block all 3rd party requests (and JS too) and allow only ones which you really need on a case by case basis.

GrevenGull
Offline
Iscritto: 12/18/2017

Mymy. Bad stuff around every corner I see.

BTW, zigote, I believe you misunderstood my question and/or are not aware of what JS can do. On the same note I don't believe uBlock Origin has the possibility to block out individual JS instances like NoScript has.

GrevenGull
Offline
Iscritto: 12/18/2017

edit typo: "aware of what NoScript* can do"

zigote
Offline
Iscritto: 03/04/2019

I write JS sometimes so I am aware what JS can do.

> I don't believe uBlock Origin has the possibility to block out individual JS instances like NoScript has.

Don't believe. Check.

You can block individual .js files as well as inline JS + things you cannot block with NoScript. It is a universal network request blocker.

GrevenGull
Offline
Iscritto: 12/18/2017

I'll be sure to check it out!
Anyway what I meant originally was;

"should *I* (as in the person I am) be *turned off* (as in a feeling of distrust) if NoScript lists youtube.com as a JS instance".

Now... sometimes I shoot out questions I really "know the answer" to. But I find other people's elaborations may inform me of something I haven't taken into consideration.

chaosmonk

I am a member!

I am a translator!

Offline
Iscritto: 07/07/2017

> "should *I* (as in the person I am) be *turned off* (as in a feeling of distrust) if NoScript lists youtube.com as a JS instance".

Chances are this means that the webpage has an embedded YouTube video. Whether this is a "turn off" is for you to judge for yourself.

chaosmonk

I am a member!

I am a translator!

Offline
Iscritto: 07/07/2017

> You can block individual .js files as well as inline JS + things you cannot block with NoScript. It is a universal network request blocker.

Thanks for the tip. I had been using uBlock Origin passively as an ad-blocker without realizing that it can also do the things I use NoScript for (and more). I've removed NoScript and am now using uBlock Origin for everything.

zigote
Offline
Iscritto: 03/04/2019

uMatrix can also block scripts and has even more flexibility in regards to blocking or whitelisting only particular resources. I use both uMatrix and uBO. In my setup it is multilayer:

1. Block JS in the browser itself (and allow it only for particular sites temporarily)
2. Block 3rd party (and known bad host) requests using uMatrix
3. Block everything else (content etc) with uBO

I see no need for any other extensions whatsoever.

Libreshop
Offline
Iscritto: 10/27/2018

You can also use your hosts file to block lots of unwanted websites.
Adblockers are using that, to prevent those website to be loaded (okay, adblockers also hide, delete some parts of the websites to keep the page clean).

You can use this[1] hosts file and most of the things will be blocked by default on all your applications.
Bonus: if you can edit the hosts file of your router, all devices connected to your router, will also be protected from those domains even if you don't(or can't) use an adblocker :)

On problem with this approach is, if you use Tor, it will bypass the hosts file of your router...

[1]: https://github.com/StevenBlack/hosts

zigote
Offline
Iscritto: 03/04/2019

> On problem with this approach is, if you use Tor, it will bypass the hosts file of your router...

Exactly. While it is still possible to use:

https://2019.www.torproject.org/docs/tor-manual.html.en#MapAddress

it is not recommended.

What is also a big cons of hosts file approach is that you can't block 3rd party HTTP requests which is essential to online privacy.

Libreshop
Offline
Iscritto: 10/27/2018

"What is also a big cons of hosts file approach is that you can't block 3rd party HTTP requests which is essential to online privacy."

What do you mean by that? Can you explain this?

I'm using hosts file(not for Tor or TorBrowser, but to other software). And 3rd party HTTP calls are also blocked(tracking, ad, ...)

Of course some sites are broken, who depends on those blocked 3rd parties.

zigote
Offline
Iscritto: 03/04/2019

Suppose the following HTML hosted on example.com (I am deliberately adding syntax error because otherwise the forum attempts to display the images):

[img src="pic.jpg">
[img src="http://facebook.com/tracking-pixel.png">

The first image creates a 1st party HTTP request (to example.com).
The second one creates a 3rd party HTTP request (to facebook.com) as a result of which the 3rd party receives your IP address, can fingerprint your browser and can also set cookies (if you have 3rd party cookies enabled in browser settings).

With uMatrix and uBlock you can set a global policy to block 3rd party requests by default and enable only those which you want.

> I'm using hosts file(not for Tor or TorBrowser, but to other software). And 3rd party HTTP calls are also blocked(tracking, ad, ...)

Consider again the example from above.
If your hosts file has a line:

0.0.0.0 facebook.com

that would certainly block the request to FB. However it is not because it is a 3rd party request but because the domain is simply in your blacklist. Only the browser knows what is 1st or 3rd party. The DNS (hosts file) is merely for name resolution.

Libreshop
Offline
Iscritto: 10/27/2018

Thank you for the clarification.

Yes of course.
When using hosts file, it will just block the requests to that domain.

zigote
Offline
Iscritto: 03/04/2019

> When using hosts file, it will just block the requests to that domain.

And unless you add all possible subdomains you are really blocking *only* the domain.

With uM/uBO you can easily control subdomains too.