[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnuzilla] GNU LibreJS won't be removed from GNU IceCat

From: Ivan Zaigralin
Subject: Re: [Bug-gnuzilla] GNU LibreJS won't be removed from GNU IceCat
Date: Wed, 21 Feb 2018 21:21:26 -0800
User-agent: KMail/4.14.10 (Linux/4.4.115-gnu; KDE/4.14.32; x86_64; ; )

I think NoScript is an essential privacy+security tool with a feature set not 
fully replicated by icecat, so including it would not hurt anyone :)

It should be considered that LibreJS, which is enabled by default, is already 
intended to block all non-free JavaScript. So at least from the gnuzilla's 
point of view, all non-free JavaScript is already disabled, and there seems to 
be no danger in NoScript whitelisting some unsavory domains. The same 
consideration makes it theoretically unimportant to turn off the JavaScript 
completely via browser config.

However, LibreJS cannot possibly detect non-free software with any kind of 
reliability, and it is easy to argue that drive-by-downloads, which are un-
auditable by their very nature, are non-free no matter what license is 
attached to them. To wit, LibreJS will incorrectly mark an obfuscated piece of 
GPL-licensed code as free every time. So from the practical point of view, 
starting out with all JavaScript disabled is the way to go.

On Wednesday, February 21, 2018 23:04:48 Julie Marchant wrote:
> On 2018年02月21日 22:02, address@hidden wrote:
> > Hmmm...If that'd be the case, is it well worth considering "NoScript"
> > and "HTTPS Everywhere" as part of the default extensions suite?
> I still think shipping with JavaScript disabled entirely by default
> would be preferable. Perhaps add an extension with a "danger button"
> that allows all scripts on a particular page to run (like LibreJS's
> similar option, instead of being like what NoScript does).
> Note regarding NoScript: it would have to be modified, since its default
> settings whitelist dozens of websites serving proprietary JavaScript
> code. Anyway, I wouldn't see much point.
> --
> Julie Marchant
> https://onpon4.github.io

Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]