

Gawker told me to disable NoScript - threepipeproblm

I told Gawker I am a NoScript user having trouble telling which of around a dozen third-party JavaScript domains will let me view comments.  I included some links to tips on Gawker blogs to enhance one's security using NoScript.  Here is their response:<p>'Unfortunately, the only advice I can give from my end is to just disable NoScript in general (it just doesn't play well with our sites).'<p>'And unfortunately, I don't have a list of third party domains to give you ( and if I ask the tech team, they're just going to tell me to have you disable Noscript, since its a known problem causer/ is just a pain in the butt from their end), so your best bet is to either play around from your end or just disable the plug-in. Let me know if you have any other questions/concerns.'
======
UnoriginalGuy
I'm going to strongly side with them.

You are essentially breaking the internet. Then you're asking them to help you
work around all the stuff you broke and posting a public complaint here when
they tell you "no." Sorry but too bad.

I might have some sympathy if you even explained why you need to "NoScript"
their site in particular. If you had accessibility issues (e.g. handicaps) I
would definitely feel sympathy for your position.

NoScript rolls the web back to pre-1997 levels.

~~~
merinid
I agree, accessibility issues aside, the web is a language, and like every
other language it evolves in order to be able to express more and more
complicated ideas. Design is a language which changes too. Gawker and you may
not be on the same page, but asking them to deviate from the state of the art,
asking people to do things like support older versions of IE, in the end just
stifles progress. Going forward is one of the main principles of technological
development, and sometimes we just have to leave things behind. That said,
everyone is entitled to be any kind of user they want to be - and I totally
respect your position, just don't think Gawker should be compelled to comply.

~~~
dman
But what about accessibility issues?

~~~
10dpd
What accessibility issues are you specifically referring to?

All modern screen readers (such as JAWS, WindowEyes etc) work well with
Javascript-enabled sites _as long_ as appropriate standards such as ARIA are
adhered to and keyboard focus is managed correctly.

~~~
27182818284
Yes, the old JavaScript can't be used for accessibility argument is pretty
dead to me. 98.6% reported to use JavaScript
<http://webaim.org/projects/screenreadersurvey4/>

------
Yaa101
NoScript was meant to use on sites like gawker's and other primarily US based
sites that include an awful lot of 3rd party scripts.

I think websites that include 3rd party scripts should be liable when one of
these script run amock.

But I am not going to wait for that, so sites like that are removed from my
attention field when I am not able to make them function from enabeling
scripts of their own domain.

------
benologist
The solution is simple... install Ghostery so you can easily identify which
sites are hostile to their visitors, then use sites that aren't.

~~~
threepipeproblm
I quit reading all the Gakwer blogs except Lifehacker after they recently
butchered their comments system. But I just can't give up Lifehacker. And I
thought it might be nice to read the comments without disabling the most
important piece of security software on my system. In any event, will check
out Ghostery.

------
ScottWhigham
Why not use Internet Explorer?

.

.

.

.

.

haha - couldn't help myself :D

On a more serious note, I sort of agree with UnoriginalGuy's POV. He's right
in the sense that you are "breaking the internet" and then asking them to help
you fix it (great analogy, I thought). I don't agree with his idea that
NoScript "rolls the web back to pre-1997 levels" though. I think NoScript
makes things so much safer that anyone who doesn't run it by default is taking
a huge security risk when they visit unknown/new sites. That said, it seems
silly/over-reacting to create a tattle-tale post here.

~~~
threepipeproblm
yes i appreciate the POV, in that JavaScript is widely accepted now and it's
curmudgeonly to assume otherwise. NoScript's design takes this into account,
for those who are willing to white list domains.

That said, the idea that just because x% of people are happy to run arbitrary
code from an arbitrary number of 3rd and 4th party domains, and that this is
an acceptable or sustainable situation, I question.

It is ridiculous for a mainstream publisher like Gawker to run code from a
laundry list of 3rd party domains, which are probably dynamically loading even
more (that's what's usually going on when fiddling with individual domains
still doesn't work). If all this code is trustworthy, they really can't
download it and serve it to us directly? Of course, they have no ability to
verify that it is safe when pointing to so many code bases.

It is also ridiculous that they cannot answer the question of which third
party domains are needed to support comments on their system. This is how you
take your more security conscious users and say "we don't care about you."
With all the things that people will seemingly do to bump usage of their site
a few percent, a sane JavaScript policy seemingly isn't always one of them.

Gawker can do what ever they want of course. And I can do what ever I want,
which includes pointing out how silly it is!

------
brokentone
Serious question--are you reliably able to use the Internet with JS
effectively disabled?

~~~
threepipeproblm
Heck no, but NoScript allows you to permanently white list domains and there
is a pareto like distribution of domain usage.... white list for a few days
and most of the internet works. By then you've gotten in the habit of
twiddling with the NoScript menu wen it doesn't. And you start noticing how
many domains that are just designed to serve you ads, spy on you, and God
knows what (like unregistered IP addresses) you are avoiding granting access
to.

There are only a few situations where it's a challenge. First, when there are
just so many third party domains that is is pragmatically difficult to quickly
weed out the ones that are making your experience better vs. worse. Second,
when the third party domains dynamically load 4th party domains NoScript seems
to puke, although it's getting better. If you visit some of the 3rd party
domains though, you can sometimes figure out what the 4th party domains are
and enable them.

Once in a blue moon, I do just have to view a site in Internet Explorer lol.

A surprising amount of stuff does still work with JS "effectively disabled"
though. And even if you don't whitelist domains, NoScript will still turn of
flash and let you "click through" to enable individual videos and stuff. It's
a refreshing (and speedy) experience not to have to much "flashing" at one.

