Re-evaluate NoScript

[ghost]

As of now NoScript is recommended on the 'Security and Privacy Advice' page. But I am not sure it is a good idea to recommend it like that without asterisks.

1. Adding extra attack-surface and another party to trust
2. You are potentially making yourself more-fingerprintable if you block some domains and not others
3. Weakening site-isolation

Almost all browsers already have a per-site JS toggle making NoScript's main functionality somewhat redundant. I did not look into NoScript's XSS and CSRF protection. So I can't comment on that

[beerisgood]

Browser extensions are never recommend and beside higher attack surface, badness enumeration just don’t work.

Extensions also can’t fix broken browser security like Firefox have.

[brandsimon]

@ghost: can you please elaborate, how noscript weakens site-isolation?