NoScript started as a Firefox extension. Nowadays, many people consider it as one of the best security extensions for the browser. Created and maintained by Giorgio Maone of the Mozilla Security Group, this extension is now available for Chrome too.

So what does NoScript do, and why is it so popular? Keep on reading to see how it works and why you should start using it too.


What Does NoScript Do?

NoScript was created for Mozilla-based browsers. It is a free browser add-on that disables active (executable) web content. The reason it exists is that some people want to block dynamic web content like JavaScript, Java, Silverlight, and Flash, among others.

There have been cases of browser vulnerabilities allowing hackers to exploit JavaScript and Flash in the past. It resulted in a vocal group of people encouraging everyone to block executable content, especially one written in JavaScript. Hence the birth of NoScript and its ability to disable scripts that some consider security risks. NoScript also implements other countermeasures against a few other known security exploits.

But disabling scripts does result in websites not working correctly or sometimes at all. So NoScript lets users choose ‘allowed’ and ‘trusted’ sites.

If a website is ‘allowed,’ the add-on doesn’t block the scripts for that one session until you close the browser. Sites in the ‘trusted’ camp can always load these scripts.

What is JavaScript, and Why to Disable It?

JavaScript is a dynamic programming language. It is integrated with most browsers and often used when creating web pages. It is one of the most used programming languages on the web right behind Python and Java. ***

JavaScript allows web pages to load and send content in the background. So many developers use JavaScript for web apps and interactive content.

Even though most people consider it safe to use, some people disagree. And they have valid reasons to do so. There might be some merit to the argument against JavaScript. But browsers all have their own built-in JavaScript engines. It makes it impossible for each to have the same vulnerabilities.

*JavaScript and Java are two different programming languages and not related.

Disabling JavaScript is Unnecessary, But NoScript is Still Good

Disabling scripts like Java and Flash can be irritating. It often causes websites to load incorrectly. But they’re fine for the most part. Disabling JavaScript, however, can be a real pain because most modern sites these days use it. That doesn’t mean NoScript is an impractical extension, though.

The core idea behind NoScript isn’t a bad one at all. There are browser-based exploits that it protects against. Many websites abuse JavaScript by implementing invasive advertising and annoying pop-ups. You can add sites that you use a lot to the ‘trusted’ list if NoScript is causing any problems. Web apps like Gmail tend to use JavaScript the most. And these are usually well-protected anyway.

But NoScript also highlights a broader issue in today’s online community – the need for less invasive technology and more privacy. Other tools can help in this area too. Password managers, HTTPS Everywhere add-on, a good firewall, and a virtual private network, to name a few.

So it’s smart to use NoScript in conjunction with other useful security tools. Look at getting a VPN (NordVPN is a leading option) and a private browser ( Tor and Brave are both solid choices). There are also other extensions (like Ghostery and Click&Clean ) that work well and add another layer of privacy and security on top of NoScript.


Final thoughts

It’s challenging to prevent every possible threat out there. Keeping browsers updated and using security add-ons is a great start. They might not protect against everything every time, but most people never have to face malicious exploits if they’re careful.

In the end, the biggest cybersecurity threats are the lack of knowledge and ignorance to use preventive measures. So, first, focus on cybersecurity in the areas where it matters the most. Learn how to spot phishing emails and scan your devices for malware. Browser add-ons like NoScript are only the cherry on top.

You can download NoScript for Firefox in their extensions website and Chromium browsers users can download it in the Chrome store.

source: onehack.us [modified]