NS blocking identification on LeBonCoin french site in Firefox ESR 128?

[user0022]

Hello! I am under Lubuntu 22.04 OS, and NoScript seems to cause a problem in Firefox ESR 128.

The problem.

As a french user, I am registered on Leboncoin.fr, which is the main french classifieds site (a french eBay one could say). I don't remember very well, but I think that maybe 2 or 3 years, or a few months ago, I could log on this site normally. "Today", after long time not using it, I saw I couldn't. A LBC page shows a warning saying "Please enable JS and disable any ad blocker". So I allow temporarily 1 or 2 scripts in NoScript, and this warning disappears. So I click on "Se connecter" (means "Connexion"), but then site tells me things like "you have been blocked". It can tell it right away, or after having given me a CAPTCHA...

My small tests and understanding.

So I have done several small tests (as I have a low computing level).

• I allowed temporarily every script on this site (NS shows me e.g. 2 scripts, I allow them, page reloads, 8 new scripts to allow, page reloads, 3 new scripts to allow, page reloads, no more scripts shown to allow). But then the problem remains.
• I disabled NoScript itself: and then I could login (which I find strange considering it didn't work with the first action that I would have thought to be equivalent).
• I also had first (before finding NS also causes the same blocking) disabled an about:config setting, privacy.resistFingerprinting was on true (I must have put it on true a certain time ago to try to make FF more secure but I don't remember well the circumstances), so I put it back to its defaut position that is on false, then, passing from true to false fixed the login issue, and as it was with all addons disabled, I concluded that this only setting could make the problem happen. Like it is warmed in fact in about:preferences#privacy when put to true:

  You're using Resist Fingerprinting (RFP), which replaces some of Firefox's fingerprinting protection settings. This might cause some sites to break

• I also had tried to empty all history or cache, but it didn't change anything.
• I also have a Firefox 129 Snap version, where the problem doesn't occur. I didn't check many details, but there I saw a difference, that is that on a LBC page, NS shows only 1 script, (...leboncoin.fr, the only one that I have to allow in the Snap FF to make login work), while in FF ESR, NS shows 2 scripts (...leboncoin.fr and ...aticdn.net).
• I could have tried to reinstall NS to have a brand new one, but I didn't even try as my previous addon reinstalls showed me they came back in the same state, settings, etc, where kept.

I also have 1 or 2 other privacy/security addons, uBlock Origin and LocalCDN in ESR, they don't seem to cause a problem, uBO can be used to replace NS I've heard, but I did'nt find yet how to achieve this. (On Snap version, I have uBO with different lists and 2 or 3 different privacy/security addons.) I put the settings in about:preferences#privacy at rather high choice too.

Conclusion for what I will do to use this site though.

So what I see for now, is that the simple fact to have NS enabled (even allowing every script of the site where there is a problem) prevents me from login on LBC in ESR. (And it possibly blocks things on other sites I jsut didn't come across I imagine.) I feel that I am maybe a very rare case, and the problem could be there because I have inherited of certain ancient NS settings or features, that could come from years ago, as I have migrated my /home directory between 2 or more OS, an ancient one being even in 32 bits.

My personnal choice could be simply to use the Snap FF, but my current session, with all the tabs I am interested in, is in the ESR, and I don't have enough RAM to open these 2 browsers at the same time. But yet maybe I will, use the Snap FF. I don't really want either to migrate my ESR session to the Snap version. Or continue using the ESR, and disabling NS when I am on LBC, but I wouldn't really like it. I could hope a fix for this but I don't have a big hope it will happen. I could also try to learn how to use uBO like NS.

Thank you!...

[user0022]

Hello again. The problem seems to have disappeared! I don't know how it happened, but when this week (after weeks or months of failure) I discovered I could enter again in my account by disabling NS, I did, and then the following time I wanted to, 2 or 3 days later, instead of disabling it I simply allowed (first) 1 and (second) 3 or 4 scripts, and surprise I saw the login page instead of the warning.

Maybe I will delete this topic, but for the moment I think I will leave it for a little while if it can be useful for someone else or if the problem comes back.

[user0022]

Hello again. I was about to delete this topic like I had said, as the problem had disappeared and I thought it was maybe very specific and very rare, but it just came back, and a bit more complicated this time. I had just updated Firefox from 128.3esr to 128.3.1esr, so it surely came from this.

Make searches on the site issue (without having logged/identified).

NS enabled, and main script allowed (...leboncoin.fr):

• Before update, worked normally.
• Now can't make searches (I type the item name in their searchbar, and then that's all, I can't make the search happen).

NS disabled:

• Can make searches and use the "region where to search" option.
• Cannot use other filter options (by price, etc).

NS disabled + Tracking content allowed: [In about:preferences#privacy, I had chosen Custom and blocked/checked more or less maximum security choices, among them Tracking content (In all windows of course) was blocked.]

• Then I can use all filters. If this site continues to need this Tracking content not blocked, it bothers me but I guess I will allow it when needed on this site...

I still allow tracking content, an I re-enable NS with only the main script allowed:

• I can make searches and use the "region" filter.
• Other filters not working. There are 13 other scripts, allowing them all makes filters work again. But as I want to allow as few scripts as possible, I block them again and try them one by one, I find it is ...privacy-center that I have to allow (I tried all the other ones even after having found this one, in case a second one would have the same behavior, I didn't think it could be but who knows).

With then these 2 scripts allowed, I tried to block Tracking content again, but no, filters didn't work, so conclusion I have to allow these 2 scripts PLUS allow Tracking content.

Login issue.

The "search" thing was different from the login issue, which made me open this topic. But now (surely because of FF update, like I said), the login issue had come back too, like the first time. So I tried to login with NS enabled and all scripts allowed, and it didn't work, just like the first time, showing a message telling I had to allow javascript though I had allowed everything in NS. Then I disabled NS (AND I blocked again Tracking content as maybe it is needed for search options but not for login), and yes I could then login. So I logged off, and re-enabled NS, and allowed only the main script and Tracking content still blocked, and I saw the login still worked, so having logged 1 time without NS had unblocked the situation for login with NS, like the firs time. About Tracking content, blocking it still didn't prevent from login, but still prevented from using filters in the search, even with NS disabled.

Provisory conclusion.

I had noted a site in english which seemed to have the same behavior. I should find it later in notes. Maybe my case is more general than I thought. A troubleshooting when a problem with NS comes on one site could be to disable NS, do what one wanted to do, and re-enabling NS can show the problem has disappeared (???).