Bonum Certa Men Certa

Managing NoScript Whitelists and Some Tor Browser Observations

Reprinted with permission from Ryan Farmer

One of the things that does bug me about using NoScript….



Is that is keeps the text file it exports in a different format with “modern” browsers.



So I can pass around one exported list by occasionally stomping the exported file with a fresh one with the latest permissions from LibreWolf and then pass it around to my other browsers that can use the WebExtension.



SeaMonkey, on the other hand, uses a “Classic” unsupported version of NoScript which uses a different list format.



So I end up maintaining a special version of the list, a second time, just for SeaMonkey.



I’m hoping that the upcoming update adds enough backported JavaScript and WebComponents work that more sites start behaving normally in SeaMonkey.



Having to pay my electric bill through another browser is a real bummer, and some sites like Walmart just look weird, although humorously, Walmart is currently bungled in Firefox to the point where you can’t schedule a grocery pickup time and checkout, but in SeaMonkey that works fine, but the site looks a little weird. So I can shop for food in SeaMonkey, but not Firefox.



I’d report a site compat bug to Mozilla, but I’d get the usual “Go to Hell, also CoC” Standard Reply assuming they even took any action on the bug report at all.



Even the modern version of NoScript does not appear to have a special button to disable WASMs.



I think you can stop them with blocking Object to Trusted Sites, but not sure about this, and it seems more destructive than surgically removing WASM with a preference.



I noticed while I was playing with the Tor Browser last night, that the “Safer” setting, starts disabling some features that aren’t widely used while just browsing the Web. It leaves JavaScript on (but only for HTTPS sites), but it starts disabling some of the crappy features that you often don’t need.



If you look at the monthly Mozilla security updates, a lot of them address High and Critical CVEs that WASM itself adds to the browser.



That’s why I set javascript.options.wasm to False in all my browsers in about:config, so even sites I allow to run JavaScript can’t load WASM blobs on me.



I just want to pay my phone bill, not risk having executables sent down the hatch.



It seems the Tor Project agrees that WASMs are a special danger that adds a significant amount of attack surface to the browser, beyond what JavaScript alone is capable of, and it’s not really that important.



So I’ve set my copy of the Tor Browser to the safer setting. It’s not what I’d like (static content Web sites), but it’s probably the best you can do and have the Web as it is work at all.



They should move the slider closer to the user interface so the user can dial it up and down faster, and set it to Safest if they want to run silent, run deep for a while, and not take chances on scripts and stuff on .onion sites.



Best practices for .onion sites are to remain accessible to users who can only look at static content.



The way that people typically get unmasked on Tor is partially “active content” being on in the browser, and partially that the police will set up a site that requires logging in.



Then the court issues a broad warrant that authorizes a “Network Investigative Technique” or a NIT, which is just fancy talk for “You are authorized to attack every user who sets up an account and attempt to plant malware on the machine.”



Basically, interacting with a site like this adds you to the warrant’s scope, so sites that require logging in are a big red flag that “there’s a reason why”.



So the issue of Tor unmaskings are part technical and part legal.



In most cases, it’s a two-part thing where the user hands them both parts.



Unfortunately, Tor Browser is set by default to have almost all the same vulnerabilities as Mozilla Firefox.

Recent Techrights' Posts

European Patent Office (EPO) Series: Czech Mate: EPO Kingmaker or Merely a Pawn in the Game?
recent "missions" of the EPO President
SLAPP Censorship - Part 131 Out of 200: A Big Win for the Media in the United Kingdom (UK) Today
In a democratic society the Right to Know, which is closely connected to freedom of the press (or what one might label "blogging" or "blag"), comes above all else, except where there are lives being put at risk
IBM's Fedora Plans to Integrate Slop Into "Fedora Workstation as a Default Feature."
IBM does not care whether the community wants this or not
The Media Talks a Lot About XBox Layoffs, a Closer Look at the Data Shows Microsoft 'Bloodbath'
'Bloodbath' is the term insiders use
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 07, 2026
IRC logs for Tuesday, July 07, 2026
Links 07/07/2026: Microsoft Cuts Doom "id Software" and Turkey Detains Journalists
Links for the day
Gemini Links 07/07/2026: Old Computer Challenge (OCC) and Hardware Tests
Links for the day
A Break From the Routine
What matters is what whistleblowers keep feeding information to us
SLAPP Censorship - Part 132 Out of 200: When You Cannot Pay a Million Pounds (1,335,520.00 United States Dollar) to Lawyers But Have a Strong Community
Techrights compensates for its fiscal poverty with a wealth of community spirit
Fame is Not the Goal
"Fame" kills
Mental Health in Free Software Communities
clearly there is a subject that merits debate and it ought not be a taboo anymore
The Era of Sponsored Spam
There is no "era of AI", there is era of BRIBES to PRETEND there is an "era of AI"
Gemini Links 07/07/2026: Cleaning, Old Computer, and More
Links for the day
Links 07/07/2026: Le Monde Combats LLM Slop Plagiarism, "ACLU Launches Largest Ever Midterm Electoral Program"
Links for the day
Extremism in the Free Software World is Mostly a Myth
Only the firm belief that justice applies to all will produce a just society
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 06, 2026
IRC logs for Monday, July 06, 2026
Links 07/07/2026: Kernelized Secure Operating System (KSOS) and "Exploiting Thoughtcrime in LLMs"
Links for the day
SLAPP Censorship - Part 130 Out of 200: Jealousy, Envy, Hubris
This site is primarily about Free software
Gemini Links 06/07/2026: Still Mostly Dry, GoToSocial, and More
Links for the day
European Patent Office (EPO) Series: Effective Dispute Resolution… But Not For EPO Staff
Slovenia fielded one of the few Administrative Council delegations which managed to maintain its own independent line against the tyrannical EPOnian "Sun King"
Community Sites Need Genuine Collaboration and True Autonomy
People who want to communicate, federate and organise for effective change need to evolve
Free Software Foundation (FSF) Covers Quibble, Free Software for Secure Communications, in the FSF Summer Bulletin
The Georgia Tech folks are bringing Free software education and contributions to one of the better known Computer Science hubs in the US
Microsoft Layoffs Include Windows, Bing, Slop (CoPilot etc.) and There Will More More Rounds (or Waves) to Come
"43% of Xbox laid off"
Obscene Contradiction in Microsoft's Layoffs Tally ("Official" Numbers Do Not Add Up)
Notice how they treat "LinkedIn" as separate
Preserving Comments About the Real IBM Before They Get Deleted
IBM in the 1980s is not what it is right now
Cybershow on "Escaping Prisons For Your Mind"
"THE CYBER SHOW: Stealing technofascism's boots, and stomping on its own face with them."
Links 06/07/2026: At Least 20% Staff Reduction in XBox (Microsoft), Taiwan Sees Uptick in Chinese Aggression/Provocation, Senator Rodante Marcoleta Arrested
Links for the day
Confirmed: Microsoft Layoffs Come in Two Waves, Just Like Last Summer
To us, what stands out is the admission from Microsoft that there are two (or more) waves
In Praise of the UK's Stance on Free Speech (but Some Reservations)
At the moment there is a healthy discussion going on with the objective of disrupting attacks on British press
Exposing Corruption at the European Patent Office (EPO), a Call for More Whistleblowers
We predict that, provided enough whistleblowers speak out, António "the unready" won't even finish his current term
Leaving Our Pets for Several Days
This week our pets will be worried that "mommy and daddy" are away
Dating Trees and Dating 'Apps'
several high-profile stories in the news about scandals in "dating apps"
DW Documentary About Julian Assange Turns 2
It was released just days after Assange had turned 53 and about two weeks after he had left the UK
Independent Media is the Only Form of Legitimate Media
Independent media is, indeed, what we need to demand more of
The Story of the European Patent Office (EPO) Wagging the Dog (EU)
The aim of the series is to properly inform the world - not just Europeans - how Europe's second-largest institution is run [...] How did a corporate hub of monopolies become so detached from the Rule of Law?
GNU/Linux Up to New High in Libya, Windows Down to All-Time Low
GNU/Linux touches 5% there, based on statCounter
Links 06/07/2026: Artists Reject Slop (or Even de Facto Bribes to Market/Endorse Slop)
Links for the day
SLAPP Censorship - Part 129 Out of 200: Iranian Tactics
Hunger for revenge compels people to do overzealous, irrational things
Quiet Week
Many in the US are still enjoying an extended weekend
The Media Needs to Speak of Slop as a Climate Issue Like It Did With Bitcoin
But the slop industry keeps paying the media to play along with the hype
IBM's Fall
IBM's fate is closely connected to that of the Free software movement because of the salaries
Social Dialogue at the European Patent Office (EPO) is Dead, the Strikes and Work Stoppage-Like Actions Carry on
What next for the EPO?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 05, 2026
IRC logs for Sunday, July 05, 2026
Links 05/07/2026: Shadows of the Upper Peninsula and 2026 Old Computer Challenge
Links for the day