ballsystemlord
commented
4 years ago Scriptsafe already allows the scripts of the webpage to run by default, it just doesn't download the others (even from the same domain), that follow. So it seems it partially trusts by default. Which is a little weird. Your advice would be welcome, though.
w-barath
Let's face it, this plugin is about 4 things:
1) Security. We want to prevent 3rd party scripts from scraping login data or hijacking the site.
2) Privacy. We want to prevent 3rd party scripts from scraping data about our browsing habits.
3) Performance. We want to prevent 3rd party scripts from including the kitchen sink into our pages, destroying our mobile battery performance, causing multiple page repaints, and just plain slowing down our browsing experience.
Do you see a pattern? We're talking about 3rd party scripts 99% of the time.
There's also another goal of this plugin:
4) Being usable so that a majority of users can benefit from these protections.
Running ScriptSafe, I probably spend more time interacting with ScriptSafe enabling local scripts on the domain and reloading than I do reading the page content. And that's fine if my goal is to make myself feel safe on the web by proactively micro-managing the known universe.
But really, all I want from this app is for it to block 3rd party scripts by default so that I get 99% of the protection I want without adversely affecting the majority of sites that already respect my rights.
I get that not everyone wants this level of convenience in their day to day browsing. Not everyone is prepared to accept the risks associated with running the scripts hosted by the site owner. But there's a lot more to security than blocking scripts. All this micro-managing doesn't protect us if the site owners want to be evil. Blocking scripts isn't stopping them from collecting data and distributing it to 3rd parties server-side. MITM attacks can still hijack a site without needing to inject scripts. All this effort is wasted if the user isn't aware of other attack vectors. Self-congratulation (inevitable result of gamification/reward loop) to overcome the repetition of the task gives us a false sense of security and robs us of the time spend thinking about other aspects of online security. It's great that we're doing something about our security, but is it the best use of our time, or are we just spinning our wheels to comfort ourselves?
I strongly feel that blocking 3rd party scripts is the lion's share of the protections we all seek. I strongly feel that many users will stop using ScriptSafe because it is so painfully tedious to have to manually enable local scripts for nearly all the sites we visit in order for them to render satisfactorily, which ultimately leads to users not using the plugin, or disabling it more often than they should, which then leads to LESS security, LESS privacy, LESS performance, for the majority of users.
The flags I'd like added to the plugin are:
[Heading: Trust local content:] [ x ] Trust the Visited Domain, ie xyz.com when visiting xyz.com [ x ] Trust all subdomains, ie cdn.xyz.com when visiting xyz.com [ x ] Trust WWW Parent, ie xyz.com when visiting www.xyz.com [ x ] Trust subdomains of WWW Parent ie cdn.xyz.com when visiting www.xyz.com [ x ] Trust Image from above [ x ] Trust Audio / Video from above
[ x ] Trust Scripts from above
[Heading: Trust some 3rd party content:] [ x ] Treat a frame like a new tab, ie trust scripts from YOUTUBE.COM for pages of YOUTUBE.COM in a frame embedded into XYZ.COM. (1) [ x ] Trust IMG, AUDIO, and VIDEO from 3rd parties (2)
(1) If this preference isn't available, and if ScriptSafe becomes ubiquitous among users (wouldn't that be great?), then site owners will feel compelled to open 3rd-party hosted HTML5 content in new tabs instead of frames, which will make many legitimate use cases (news feeds, videos, minigames, support chat, etc) unwieldly for end-users. Let's avoid being part of making the web a worse place to be.
(2) Most mainstream sites won't render properly without allowing some 3rd party non-script content, including external stylesheets, fonts, images, audio, and video, but all of these should be disabled by default since all can be used to compromise privacy.