Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Meet the 'cowboy' in charge of the NSA

Shelley shelley at
Tue Sep 10 08:16:43 PDT 2013

Maybe I just don't have the "broken Internets" problem very often, or I
don't notice it.  I can use important sites such as my email provider's
web interface (when I'm not near my regular email client) and my credit
union's mobile site without enabling scripts, so there really isn't much
I'm going to allow in the wild.

I also open a different browser on those rare occasions when I have to
enable .js.  (And I remove the list of whitelisted sites that stock
NoScript allows.)  I don't think these are unreasonable habits! 

On Tue, Sep 10, 2013, at 08:01 AM, Al Billings wrote:
> Clearly not a battle I'm going to "win" in any sense with this audience
> but, really, the current Internet (for many many reasons) is pretty
> broken in places (and I don't just mean Facebook) when you turn off JS.
> We talk about this at work a lot and even amongst my peers with NoScript
> installed, most people find it more trouble than it is worth, and these
> are security professionals. I know many here probably would say these
> folks are stupid but given that these folks are also the security team
> for a major browser, I would say that if they find it too broken, most
> normal folks are not going to touch it.  
> Anecdotal data is, of course, anecdotal. :-)
> I deal with JS issues largely by running the nightly build of my browser
> but then I am also aware of the unfixed vulns in it that are being worked
> on so my experience isn't normal either. 
> -- 
> Al Billings
> On Tuesday, September 10, 2013 at 4:55 PM, Joseph Lorenzo Hall wrote:
> > On 9/9/13 2:55 PM, Al Billings wrote:
> > > I suggest your use of the net is well outside the mainstream, even
> > > amongst security folks. Some of us actually use social networking, for
> > > example, or don't want ugly, half broken websites simply because we fear
> > > a JavaScript zero day.
> > > 
> > 
> > 
> > Hi Al, big fan. I use FF with NoScript and Request Policy both
> > configured to block by default... and open links in session-only Chrome
> > when I need something that requires that stuff. Not ideal, but it works
> > for me and it's certainly not about JS zero-days.
> > 
> > Anyway, I'm definitely the only one I know that surfs like that... but I
> > suspect there are even wilder set-ups represented on this list in
> > particular.

More information about the liberationtech mailing list