Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Gawker told me to disable NoScript
6 points by threepipeproblm on March 7, 2013 | hide | past | favorite | 12 comments
I told Gawker I am a NoScript user having trouble telling which of around a dozen third-party JavaScript domains will let me view comments. I included some links to tips on Gawker blogs to enhance one's security using NoScript. Here is their response:

'Unfortunately, the only advice I can give from my end is to just disable NoScript in general (it just doesn't play well with our sites).'

'And unfortunately, I don't have a list of third party domains to give you ( and if I ask the tech team, they're just going to tell me to have you disable Noscript, since its a known problem causer/ is just a pain in the butt from their end), so your best bet is to either play around from your end or just disable the plug-in. Let me know if you have any other questions/concerns.'



I'm going to strongly side with them.

You are essentially breaking the internet. Then you're asking them to help you work around all the stuff you broke and posting a public complaint here when they tell you "no." Sorry but too bad.

I might have some sympathy if you even explained why you need to "NoScript" their site in particular. If you had accessibility issues (e.g. handicaps) I would definitely feel sympathy for your position.

NoScript rolls the web back to pre-1997 levels.


I agree, accessibility issues aside, the web is a language, and like every other language it evolves in order to be able to express more and more complicated ideas. Design is a language which changes too. Gawker and you may not be on the same page, but asking them to deviate from the state of the art, asking people to do things like support older versions of IE, in the end just stifles progress. Going forward is one of the main principles of technological development, and sometimes we just have to leave things behind. That said, everyone is entitled to be any kind of user they want to be - and I totally respect your position, just don't think Gawker should be compelled to comply.


But what about accessibility issues?


What accessibility issues are you specifically referring to?

All modern screen readers (such as JAWS, WindowEyes etc) work well with Javascript-enabled sites as long as appropriate standards such as ARIA are adhered to and keyboard focus is managed correctly.


Yes, the old JavaScript can't be used for accessibility argument is pretty dead to me. 98.6% reported to use JavaScript http://webaim.org/projects/screenreadersurvey4/


The solution is simple... install Ghostery so you can easily identify which sites are hostile to their visitors, then use sites that aren't.


I quit reading all the Gakwer blogs except Lifehacker after they recently butchered their comments system. But I just can't give up Lifehacker. And I thought it might be nice to read the comments without disabling the most important piece of security software on my system. In any event, will check out Ghostery.


NoScript was meant to use on sites like gawker's and other primarily US based sites that include an awful lot of 3rd party scripts.

I think websites that include 3rd party scripts should be liable when one of these script run amock.

But I am not going to wait for that, so sites like that are removed from my attention field when I am not able to make them function from enabeling scripts of their own domain.


Why not use Internet Explorer?

.

.

.

.

.

haha - couldn't help myself :D

On a more serious note, I sort of agree with UnoriginalGuy's POV. He's right in the sense that you are "breaking the internet" and then asking them to help you fix it (great analogy, I thought). I don't agree with his idea that NoScript "rolls the web back to pre-1997 levels" though. I think NoScript makes things so much safer that anyone who doesn't run it by default is taking a huge security risk when they visit unknown/new sites. That said, it seems silly/over-reacting to create a tattle-tale post here.


yes i appreciate the POV, in that JavaScript is widely accepted now and it's curmudgeonly to assume otherwise. NoScript's design takes this into account, for those who are willing to white list domains.

That said, the idea that just because x% of people are happy to run arbitrary code from an arbitrary number of 3rd and 4th party domains, and that this is an acceptable or sustainable situation, I question.

It is ridiculous for a mainstream publisher like Gawker to run code from a laundry list of 3rd party domains, which are probably dynamically loading even more (that's what's usually going on when fiddling with individual domains still doesn't work). If all this code is trustworthy, they really can't download it and serve it to us directly? Of course, they have no ability to verify that it is safe when pointing to so many code bases.

It is also ridiculous that they cannot answer the question of which third party domains are needed to support comments on their system. This is how you take your more security conscious users and say "we don't care about you." With all the things that people will seemingly do to bump usage of their site a few percent, a sane JavaScript policy seemingly isn't always one of them.

Gawker can do what ever they want of course. And I can do what ever I want, which includes pointing out how silly it is!


Serious question--are you reliably able to use the Internet with JS effectively disabled?


Heck no, but NoScript allows you to permanently white list domains and there is a pareto like distribution of domain usage.... white list for a few days and most of the internet works. By then you've gotten in the habit of twiddling with the NoScript menu wen it doesn't. And you start noticing how many domains that are just designed to serve you ads, spy on you, and God knows what (like unregistered IP addresses) you are avoiding granting access to.

There are only a few situations where it's a challenge. First, when there are just so many third party domains that is is pragmatically difficult to quickly weed out the ones that are making your experience better vs. worse. Second, when the third party domains dynamically load 4th party domains NoScript seems to puke, although it's getting better. If you visit some of the 3rd party domains though, you can sometimes figure out what the 4th party domains are and enable them.

Once in a blue moon, I do just have to view a site in Internet Explorer lol.

A surprising amount of stuff does still work with JS "effectively disabled" though. And even if you don't whitelist domains, NoScript will still turn of flash and let you "click through" to enable individual videos and stuff. It's a refreshing (and speedy) experience not to have to much "flashing" at one.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: