Using the NoScript plug-in for Firefox is a great way to protect your computer from malicious JavaScript code. But, No-Script does more than that. It also protect you from all sorts of sneaky, underhanded, dubious, coding techniques designed to make your browser do what the website wants it to do, not what you want it to do.
The Firefox NoScript add-on is particularly useful if your Internet browsing occasionally takes you off the beaten path of corporate websites and into the bowls of forums, technical sites, and downloading sites. As a quality freelance writer, I often have to research subjects beyond whatever is offered on the press release and written up on the Wikipedia post. Often, the best places for such information are also the places that spammers, hackers, and tricksters like to hang out. NoScript keeps my computer from turning into some botnet slave sending out DOS attacks and posting my credit card numbers wherever it wants to.
The downside is that plenty of legitimate websites use Javascript and other scripting and programming that NoScript blocks. By adding these sites to the NoScript Whitelist, that functionality is restored. Over time, less and less websites show up with blocked content.
However, there are some domains that keep coming up on websites, some legit, some not. These sites don’t necessarily warrant a spot on the various blacklists that are published, or at least, not on the ones that aren’t overly aggressive. But, just because as site or domain isn’t “bad”, doesn’t mean that I want it running it’s code on my computer. Tracking services, ad networks, and so on are all things that I don’t want or need and just slow down my browsing. But, who is ok, and who isn’t? Configuring NoScript properly is a must to keep it from bugging you too much or letting in a malicious site.
That is where the NoScript Graylist comes in. Most of these sites are legitimate companies, running real services for brand name companies all over the Internet. Sometimes, based on what they do, I’ll give them WHITE status. Other times, I’ll give them BLACK status. Either way, knowing what they do is always useful information.
I’ve compiled some of these gray area sites below. I’ll add more as I find them and become comfortable with my decisions. In any case, I have included the details of what I found so that you can make your own choices. If you would rather just go with my recommendation, that is included too.
I hope you find this list useful. Feel free to ask about other sites you have seen or about the sites I have listed here.
Sites That I Have Seen Enough Times to Make Me Wonder If They Should Be Allowed
- Revsci.net – Ad service of some kind. Used widely on legitimate websites. Installs tracking cookie. Current Action: Block revsci.net cookies. Do not allow JavaScript.
- EyeWonder.com – Sounds like it might be a way to deliver good multimedia? Not. It’s an ad service. Current Action: Do not allow JavaScript.
- ATDMT.com – Ad network with tracking cookie that some consider spyware. Current Privacy Action: Block cookies. Current Security Action: Do not allow JavaScript.
- Quantserve – Tracking network (ad network?) of Quantcast.com. Similar it seems to Google Analytics with Google Ads. Does install a tracking cookie that shows up as “spyware” in some scanners. Not really spyware, so much as online tracking, like lots of different services do. Current Actions: Neutral. Allow Temporarily.
- Fbcdn.net – Facebook domain for running JavaScripts. Apparently this helps with speed. Current Action: Allow JavaScript.
- OpenX.org – Ad Server for businesses to use and install on their own servers. Nothing malicious, per se, but just serves up ads, so what allow it? Current Action: Block JavaScript
- Woopra.com – “Real Time” Analytics for websites. If you allow Google Analytics, this is the same thing. Current Action: Allow JavaScript
- Tynt.com – A tracking service, but not what you think. It tracks YOUR websites (that you own, not that you visit) to see where your content ends up. Current Action: Allow JavaScript
- Simplecdn.net – A service that hosts and serves high-bandwidth applications like flash and video. Sort of like webhosting for bandwidth hungry, reusable services. Doesn’t appear to have anything to do with ads or tracking. Current Action: Allow JavaScript
- Turnto.com – An online service that uses a widget embedded in retailer sites to provide recommendations or notifications that “friends” have bought a similar product to the one you are shopping for. The flip side of this equation, is that it keeps track of what you purchased so it can make similar recommendations for your friends. If you are a privacy junky, this probably should be blocked, as well as if you consider such automated recommendations to be ‘ads’. No real issues from other angles. Current Action: Allow Temporarily.
- 2mdn.net – Can’t know for sure, but it appears to be used to serve up Javascript and/or Flash based ads for doubleclick.com. It also appears to be owned by Google according to name records which list Google DNSAdmin as the contact for the domain. Current Action: Block For Being Advertising
- FSDN.com – Popular “CDN” host. A CDN is basically a webhosting service dedicated to serving the “static” parts of a website to improve performance. This trick is used by many larger websites with high, unpredictable traffic volumes. FSDN.com is the CDN for slashdot.org among others. – Set to Allow with some reservations. (Just because the good guys use this site properly doesn’t mean everyone will. For extra protection consider using temporary enable instead and revoke temporary positions before browsing anywhere dicey.)
- Akami.net – An online service that caches online objects like graphics and scripts and then mirrors those to download when a webpage is accessed. The idea is that the downloads occur from the servers closest to the user accessing the website. Appears to be a legitimate content hosting service with no ads or tracking. Set to Allow.
Sites Added To NoScript Permanent Blacklist
- REVSCI.NET
- EYEWONDER.COM
- ATDMT.COM
- OPENX.ORG
Sites Added to NoScript Permanent Whitelist
- FBCDN.net
- WOOPRA.com
- TYNT.com
- SIMPLECDN.net
- FSND.com (see notes)
- Akami.net
Sites Given Temporary Permission In Order to View Specific Sites Better
- QUANTSERVE.com
- TURNTO.com
2 thoughts on “NoScript Plug-in Blacklist”