A quiet war has broken out between the authors of AdBlock Plus and NoScript and money is on the table. Both are trying to outdo each other by disabling each other's functionality. The issue at stake is NoScript's behaviour of showing a change log window whenever it gets a new update, which of late has been updated rather frequently. And unsurprisingly, that change log window is filled with ads that generate revenue for NoScript.
AdBlock Plus on the other hand is committed to blocking ads regardless of where they are from; and this has stepped on the tail of the author of NoScript.
Disclosed in the blog of the author of AdBlock Plus are tales of deception, manipulation and trickery by NoScript, designed to subject it's users to it's ads and the race by each side to block and disable each other's technological defences.
https://addons.mozilla.org/en-US/firefox/addon/722#reviews
"...automatically removes the controversial "NoScript Development Support Filterset" deployed with NoScript 1.9.2.3 and above on startup, permanently and with no questions asked."
so good news but it was a dumb move to start with.
I don't care who started what - this extension was about not trusting sites and blocking potentially harmful content. Now this extension's integrity itself is put into question by the motives of the developer. With the recent "whoops" of facebook for example, you would have thought that upfront disclosure would have been a no-brainer; but once again someone hoped that no one would notice the change.
I myself don't use flashgot (another extension by the same author) because there are way too many attempts to read / change the registry that can't be explained by normal operation, and the number of advertising related IP addresses attempting an inbound request increase dramatically with the extension installed. I haven't noticed this on noscript (yet) but seems to be where the extension was being taken.
It is also interesting that an older version of noscript allowed you to block references (for ads) - and now it doesn't because of "performance issues". I'll put money on it (or rather someone put money into someone's pocket) to take this feature out. This action a year ago is congruent with this attempt at advertising money.
There are other extensions that are clear from these intentions and are open-source so that you can review what is going on (if you either have the ability or time).
Now I will also add that I am not opposed to having the developer being paid in some manner for the work - noscript was a great product; however, getting paid by backdoor tactics just isn't good business - and even just wrong.
I have removed noscript as an extension, and highly encourage all to do the same.
Last edited by ricksterto on 02 May 2009 - 19:32
It reminds me of the issue with Patchou and MsgPlus. He left the checkmark to add some toolbars enabled by default, and this caused an uproar... now it's unchecked by default...
Even in NoScript (apparently) the changes were shown throughout the documentation (update page and changelogs i think)
I know the situations aren't exactly the same, but both authors made bad decisions and also realized it (apparently the NoScript author was going to address this before it made such a big splash, but that doesn't matter to people)
I don't think this actually puts into question the integrity of the program itself, and I think the author will be more careful now
Maybe he thought he could slip one past the community. Regardless, he pulled back the changes... he could've just as easily pushed forward with them and ignored the people that protest
This is open source if I remember correctly, so anyone can go over the code themselves.
For the code, try taking a look at it. It is not good programming by any means; it would take a good few days just to put it in order to even start analyzing it. This spaghetti code is one of the reasons why there are so many updates needed.
This is the only issue I am aware of
I'am still sticking with both of them
i don't want ads, and i don't want js, xss etc... running without permission
It seems that you are forgetting that a malicious addon is far more dangerous than a malicious javascript code.
How is it not okay for js, xss to run without permission, while patching the web browser, other addons, or user preferences without permission is okay?!
Errm, I have to ask, why are you guys disabling Javascript? Its not going away, its becoming more popular. Don't you have to sit there enabling it for every site in order to use it.
all that being said, i will still use NoScript, and if they actually prompt me later in the future to whitelist themselves i will happily do so
Bad move by NS in the first place though.
"i've been following this since the issue began, there is no real excuse for what the dev has done which was manipulate ABP to its advantage, yeah sure cat-and-mouse games were played on both sides but only because the noscript site had tried to avoid being blocked by ABP for so long
noscript has its purpose and ABP has theirs, and thats to block ads, yes even noscripts ads... thats the breaks, you don't mess with their addon behind the scenes, without user consent, manipulating code and breaking things in the process
sure, NOW a day later things are fixed but any person with morals would have said to themselves before hand, is this the right move? the obvious answer is no, i point that out because apparently the admin/dev hadn't known any better and likely needs it pointed out
one addon cannot screw with another, without user consent, period, end of story
we dont need a 'paid' version of an addon, that is retarded, if the admin is that hard up for cash maybe he shouldn't rely on an addon to make his living and provide for his family, something like noscript should be a hobby of his not somebodys financial backbone *shakes head
noscript is a great little addion to the browser but the author made a really stupid mistake and took things too far, i'm not leaving this in the hands of NoScript or ABP, i wont be redirected to this site each and every update (which i didn't really mind before),a lesson needs to be taught here, a hard one"
i'll be keeping noscript.firstrunredirection set to false from here on out
var AdBrite_Referrer = document.referrer == "" ? document.location : document.referrer;
AdBrite_Referrer = encodeURIComponent(AdBrite_Referrer);
Hmmmm....fixed for the adblock conflict maybe......
In addition, going through the FF config, I ran into exceptions not listed anywhere in the GUI options
I would encourage everyone to about:config and filter on noscript to take a boo. The default whitelist still has his sites (so on an update they will be back). Another key noscript.xblHack doing something with another site by the author http://hackademix.net/. On further looks, this doesn't seem to be the product advertised....maybe it's always been this way and only now did I actually pay attention.
Last update on my look-see: something is going on with google-analytics and yieldmanager too. Haven't run through the code to find out what, and I guess I won't bother - this extension is not what it puts itself out as.
Last edited by ricksterto on 02 May 2009 - 20:14
http://forums.mozillazine.org/viewtopic.ph...033035#p6033035
http://noscript.net/faq#qa2_5
http://noscript.net/faq#qa1_5
I have gone back to using Hostsman (http://www.abelhadigital.com/) and Phoenix (addon) to block scripts from specific sites....until I get the energy to write my own extension to list scripts before execution, allow me to select any I want to run, with a site exception option. Maybe the scripts being loaded can be grouped into certain categories to make the allow/block process more friendly. But again....when I have some extra programming time.
Treaded? I think you are in serious need of a new dictionary for Christmas.
Try "...this has trodden on the tail..."
Trodden is a past form of tread...
And I've always been baffled with blocking every possible ad in existence.
How do people expect to make a livlihood on the internet without ads? You know you aren't going to pay subscriptions if you can get something free...
I guess it would be like going to a doctor for a cold and having the doctor prescribe a drug to "cure it" and then the doctor get paid by the drug manufacturer for peddling their product. I know that happens too, but it still doesn't make it right.
Mozilla itself has even involved themselves by proposing a new AMO which can be found at: http://blog.mozilla.com/addons/2009/05/01/no-surprises/
Last edited by ricksterto on 02 May 2009 - 22:32
Well not really, sites function just fine once its whitelisted, and externally loaded javascript never runs but in most cases is never needed to be whitelisted unless under certain circumstances, e.g. reading lifehacker.com comments. NoScript could perhaps have an optional preference to auto-whitelist the site you click/visit to just to rid the minor annoyance.
I guess it would be like going to a doctor for a cold and having the doctor prescribe a drug to "cure it" and then the doctor get paid by the drug manufacturer for peddling their product. I know that happens too, but it still doesn't make it right.
Note how I said "every possible ad in existence" ... that is, doing it without regard for any of the above.
IMPORTANT UPDATE FOR ADBLOCK PLUS USERS: NoScript 1.9.2.6 automatically and permanently removes the controversial "NoScript Development Support Filterset", with no questions asked.
I sincerely apologize with those ABP users who missed the information about it given on the AMO install page, on this site's install page, on the release note landing page (shown on updates) and in the FAQ http://noscript.net/faq#qa3_21
Not including a prompt asking for permission beforehand from the start has been a very wrong thing to do, and I want all the ABP users who felt betrayed to know how much I'm sorry for that. As a sign of good will, current NoScript 1.9.2.6 completely removes the filterset itself, if found there, on startup with no questions asked. Thanks for your patience.
-- Giorgio
with the option left up to the user, would of saved him from a ****storm, seems he sees his error though... if in fact it was an error, not including this sort of notification seems intentional and probably done out of spite
If the product allows these (and it now says it does for "clear-click" reasons) through, explicitly tell folks rather than hiding it.
A section: This product allows you to stop scripts from running on FF. This will, by its nature prevent many ads from loading on the webpage. However, the extension has been explicityly modified to allow:
- all ads featured on my sites to load regardless of your specific settings. This is done to support the development of the software and allow me to go for a beer or two on Friday nights.
- Google-analytics and Yieldmanager is passed through to those services after being tagged as permitted by Noscript.
Accuracy and honesty is all I want.
If you removed the whitelist entries in ABP, NoScript would re-add them the next time you restarted the browser (say, after an extension update)
First explanation was "they were warring" - second....well Maone there hasn't said why other than a lame "clearclicks didn't work unless I allowed them". Well, google-analytics, ebay and yieldmanger aren't the only clearclick affected sites...why these ones and not the others? We wait to here the response. I have been chatting with Mr. M to point out some other flaws in noscript that allow adbrite scripts to run when called from an allowed script.
After everything that has come to light, it seems like these one-off exceptions kind-of let the ad-related info flow through directly to the intended sites. So Noscript yes blocks malicious scripts, but in no way does it block everything that it says it does.
"Why such a tight release schedule? Version 1.9.2.6 automatically and permanently removes the cotroversial NoScript Development Support Filterset deployed with NoScript 1.9.2.4. I sincerely apologize with those ABP users who missed the information about it given on the AMO install page, on this site's install page, on this very release note page and in the FAQ. Not including a prompt asking for permission beforehand from the start has been a very bad omission, and I want all the ABP users who felt betrayed to know how much I'm sorry for that. As a sign of good will, current NoScript 1.9.2.6 completely removes the filterset itself, if found there, on startup with no questions asked. Thanks for your patience.
-- Giorgio "
because it appears that NoScript is the bad guy here, NOT Ad block.
If I were you, I would go with the third. Adblock is definitely the best addon for Firefox.
Once the trust has been breached, it's damned near impossible to restore. His "quick fix" doesn't mean Jack Squat to me and many others - he did something he should not have done, and the only fathomable reason he did it was to ensure income from the ads forced upon unsuspecting users, new and old, with the all too frequent updates.
400,000 new users last week looking at his front page ads... that's a considerable chunk of change, I'd say.
Regardless, he blew it, and the apology is a cop-out because he got busted for doing something he shouldn't have done in the first place. If he coded NoScript to do it's thing, that's fine, but as soon as his code altered/modified another piece of code that isn't his and did so without any particular user intervention - and let's not forget the obfuscated code buried in the Javascript, something your casual user (a big chunk of the 400,000 I might add) would never dare dream of trying to look at or even decipher - well, let's just say he pooched it very very seriously.
This is a pooch screw of absolutely epic proportions, and a damned shame, it truly is.
And what value do i change to counter the whitelisted ads?
I do know that the pass-thrus to google-analytics and yieldmanager don't seem to be configurable.
I recommend dumping Noscript, using adblock plus (add in element helper too), and using hostsman - a fast and simple to use hosts file program that comes with a library of over 60,000 sites which can easily be added to.
The combo of the two keeps web pages clean.
But remember, you can't and shouldn't remove all ads - support the pages you go to. The ones I don't like are the hidden things. Some pages provide information of your visit to 10's of other non-related sites. Have you ever noticed that your firewall starts pinging about intrusions when you go to certain sites? Normally your IP has been passed on and some other site taking a look at you - who knows for what reason
if you really want the same functionality, Firefox has that builtin. Of course, if you're really that paranoid about Javascript, you should start rethinking the sites that you browse.
Adblock Ftw, once and always.
Jeez, Neowin...
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.