NoScript or No NoScript
There was a recent report created by Sunny Suggs called “No More No Script” which brought up the point that many sites don’t work when you have NoScript installed, and that for marketers they could be losing lots of money because of it.
Then there are others who will argue that NoScript makes surfing secure and that you should be using it. It blocks malicious scripts and even XSS attacks which keep you safe.
Before I get to my opinion on it, I do think the fact that it’s been downloaded 25 MILLION times already. That is quite a significant amount of people using it, so can you really expect 25 MILLION people to stop using it? I don’t think it’s possible. So I think it’s in the best interest of the marketers to have websites that operate whether NoScript is on or off.
Now for my opinion – I totally think you should be surfing with Firefox and NoScript installed, but I personally have all scripts allowed globally. This is because NoScript will still block XSS attacks but without disabling everything everywhere.
So what IS an XSS attack? Well it stands for Cross Site Scripting. This is where one site has a script that does things to other sites in the background. It could be used to steal your bank account information, or even possibly made to delete your account at the traffic exchange you are currently surfing, all without you knowing it. NoScript detects these kinds of scripts and stops them in their tracks!
In the end I really want to emphasize the making of websites that work with it enabled even blocking everything. Most people who have it installed will trust it more than you, so they are more likely to click that red X rather than disable it to join your newsletter. I understand websites that are known like Google Analytics or a traffic exchange you use, but for splash pages or what not it really should be pure HTML.
Tracking can be done without javascript as well. In fact 50% of the traffic exchange industry has javascript turned off. Of those with it enabled 70% use Firefox. So you can’t blame it all on NoScript, so you might as well build your site to not require javascript and cash in on ALL the visitors to your website!
I really appreciate this post. I consider the NoScript as part of my overall security plan, which also includes updated antivirus and anti-spyware software. Speaking of that, the anti-spyware comes with a message that cleaning some entries may disable certain programs, even legit ones, from working. This does not make the software bad, it just means the user must realize the impact of what they are doing with the program. It is no different with Noscript. Blaming the plugin is a cop-out on finding a solution.
That all said, I have not read the ebook yet. When I get an opening, I probably will, but my expectations are not high (nothing against the author, just the “selling point”).
I personally would never give up using NoScript. If I have site blocked it’s because I’ve seen it to many times to count on one hand and it’s just something I’m not interested in. Also since installing it I have had very minimal problems with my computer and can surf longer periods of time without my computer crashing or freezing.
The way I see it, if a person can’t take a few extra minutes to learn how to have their site not be blocked by a certain piece of software, then the product or service they are trying to sell is really not that important to them. Just my two cents worth. Not trying to start anything. =)
OK here is question from Techno-challenged old man.
How do I know if I have it turned on or off. I use Firefox
I discovered NoScript just 2 months ago and since that time I can surf the web more secure. Plus when I use Traffic Exchanges, surfing is much smoother that without NoScript. I will not stop to use it for sure. ;)
I agree that trying to convince all the users of No Script to stop using it is crazy. There is no way all those people will stop.
I use it. If a site catches my eye, I will allow scripts temporarily for that page. If I decide I will be returning to the page later, I will add the site to my allow list.
Michelles lastest blog post..Are your banners eye catching?
cjbart
NoScript is an add-on for FireFox, you have to download it from their site.
If you need more help, just PM me
Generally I am in agreement with Tim, to blame NoScript is to miss the point of why people are using it.
I have made my point of view on the issue well known, not everyone agrees, but that’s life :)
DeHawkinz
Richards lastest blog post..nn403 ForbiddennnForbiddennYou don’t have permission to access /commentluvinc/remoteCL5.phpnon this server.nnApache/2.0.52 (CentOS) Server at http://www.fiddyp.com Port 80nn
Count me in as a satisfied loyal user. I generally allow most sites if I have any interest in them. I keep sites with lots of java stuff as disallowed.
Tim explained the XSS part very well. I have read lots of stuff at the noscript site and it was always confusing and he explained it in a couple of sentences. :) Nice.
I originally started using it when I was having so many issues with Traffic Era, they are so slow to respond to surfers needs. One of the main sites I block is Google Analytics because it slows my speed down, especially in the evening.
Tim Wow this is interesting I posted a comment on Robert Puddys blog about his tactic and it was deleted because I had the same Idea you do Tim.
After my comment was deleted I did some research of my own on noscript and found that IE is creating their own version of noscrip not surprising. It must be a great script.
Tim can 25 MILLION downloads be wrong ? Maybe the ones that are making the most noise are the ones that are trying to us the XSS attacks !! just a thought.
Tim I also agree with you every one should be Surfing with Firfox and using Linux for the operating system, I am but that probably wont happen for a while. Since the report cam out I think I will get Noscript and install it sound like a script I should be using oh 25 Million and one download now
I use No Script and wouldn’t want to stop using it.
The network marketers who are complaining about it should stop and think about why so many people use it. I got sick of all their marketing websites playing audio, video etc, slowing down my system and making lots of noise. Its their own fault their sites get blocked. They abused the privilege of running scripts in my browser and now they are paying the price.
Tim while I’m not disagreeing with your post, the fact remains that most people online are more in tune with Chuck and myself. :)
In setting up a new computer recently, of course I added No Script to my FF browser. Not making any changes, just leaving it as the default download, which you and I both know probably 80-90% of the 25 million also do.
Since allowing scripts globally is referred to as “dangerous” I suspect most opt not to make the change?
Oh by the way, after adding noscript using the default only download, couldn’t surf Startxchange until taking the extra step to allow the site. Also, some portions of this very blog were blocked.
After allowing Startxchange, doing some surfing, many sites had scripts not allowed, many subscribe forms were invisible, plus several with payment buttons did not work.
In summary, my point is that No Script is a decent addon to Firefox, however do people actually set it up properly to access safe sites or do they just leave it as the default download?
Not speaking for Sunny, but think her intentions were to make people aware of the issues in her report, much as you are saying webmasters should use more HTML rather than Java Script.
Both are educational issues that many will never undertake.
Guess this also means that I need to stop using the Aweber provided Java script for my subscribe forms and use the bulky html code instead. :)
Hi
I like this post i joined sunny web site and could not find her ebook o well.I have not installed the srcipt,but i do use ad block + which is a good program.I like to read your stuff and I like to read other peoples stuff to( When they are not being sencered by people aka smiley )
David Mosley
Totally agree Tim, well said.
And it all boils down to,: You have to know your tool and use your tool right.
I cant see the “big” problem.
Tim, an excellent post on the matter. Now that I see the name of Robert Puddy, I understand why Sunny was so silly as to write the report and expect people to follow her example.
I use the Community Editions browser which has NoScript installed within. All points raised by Ray White are correct regarding what one needs to do to surf the TEs after installing NoScript. The CE browser is a version of FireFox.
There are too many benefits from using NoScript and when I have a moment I will be updating my own blog and will cover the issue as well as the reasons why I think NoScript is essential to the surfer.
I agree that if someone wants to have their site seen then they need to get rid of the extras and that includes the video flash players. I think I will cover these angles when I do my blog post.
[...] NoScript is essential to the surfer Posted on July 28, 2008 by Maggie In his blog today, Tim Linden has rightfully raised the issue of why surfers need to use a wonderful Firefox ad on called No [...]
I have no regrets using either NoScript or AdBlock. They are essential tools when surfing because they also help to stop those download trojans.
One of the joys of surfing StartXchange happens to be that it is mostly clean.
Those very sites, where it is claimed that the owners might be missing out on sales are to blame because they have added all the bad things that make surfing a nightmare, and that turn people off what it is they are trying to sell.
You will find my own short post on this issue here:
http://surfergirl54.wordpress.com/
These are my not so perfect thoughts on why I think that Sunny’s approach on the subject is way off base.
Margarets lastest blog post..Why NoScript is essential to the surfer
I wouldn’t dream of not using Noscript but if you do not allow TCNTE traffic exchanges you can not surf those exchanges like Traffic Heroes, MaxTrafficPro, TrafficSpace and lots more unless you enable every tcnte exchange separately. Otherwise you will get many invalid clicks and it will not run right. The other exchanges run fine with Noscript but the designer of tcnte exchanges who also just happens to be the owner of StartXchange and the Tim Linden Blog wrote something into the code that makes it impossible to use those scripts without going into the NoScrpirt setting and allowing Traffic Heroes, allowing StartXchange, allowing MaxTrafficPro etc.
It causes the most problems with our users and over half of the support tickets we receive are NoScript issue related.
Rich Morris
I use No Script and will continue to use it. It helps to safe guard my computer when surfing which I do a lot of. Enuf said.
Hello!
Fantastic post, Tim!
In my ebook I’m not COMPLETELY saying not to use NoScript. The ebook shows you ways to use the Firefox Addon effectively. I also encourage people to teach their downline, as well.
NoScript does block Aweber forms, which are used by many, many internet marketers. How many of the 25 million are NOT on your list, because they didn’t know how to use this addon correctly?
Thanks for your Post, Tim
Sunny Suggs
When I started surfing I had immeasurable problems until somebody said use FireFox with noscripts. Hey presto no more problems.
There is one simple easy way to have exchanges use common formatting and that is, only allow a splash page or equivalent.
Scripting is not a tool required for surf exchanges as you only want to get people to look at what you have to offer and then decide to look closer if needed with a simple link URL for that purpose.
I saw ads for that e-book. And I didn’t like NoScript called ‘nasty add-on’.
There are far more nasty sites that use sripts to do damage.
Also, if you ask me, pop-ads and fly-all-over-the-place-ads are far more nasty (my opinion).
You don’t need JavaScript to make interesting splash page. If you must use it, you can use and tags. http://www.w3schools.com/TAGS/tag_noscript.asp
Example:
Please enable JavaScript (+ how to do it).
I tested that with NoScript and it works.
If people are interested in what you have to offer, they will enable it.
Think this post missed the point and I know that people are missing out with Sunny’s book.
Unfortunately too many people jumped to an idea of what it was rather than read it first. Gee why does that surprise me – NOT.
The point is that marketers are against other marketers telling people to use it but not showing them how to use it properly.
This point was made in numerous comments here from people that weren’t even sure if they had added it and if they had they did not know how to set it up properly.
Sunny addressed a need that people need to understand how to use it and tried to provide a solution that in my opinion all marketers should be recommending.
Yes in te’s I use html forms because of this ad on but…
The response from the java script based slide ins for optins is 4 – 5 times the rate from a sidebar optin on a blog. People teaching others to avoid these through recommending no script without education are irresponsible in my opinion.
People that are supposedly trying to be marketers shuld also not be slamming people that are trying to educate proper use of an effective addon when used properly are the problem.
Mike Paetzolds lastest blog post..Week In Review – July 26, 2008
Yes us lazy marketers could use the html code in aweber BUT…
your all supposed to be internet marketers loking for the best result in your marketing and this is the point
The response from the java script based slide ins for optins is 4 – 5 times the rate from an html form
I changed my opinion regarding NoScript, when I found the plugin prevents people from taking advantage of One Time Offers.
A powerful One Time Offer on a free to join site is GOLD for affiliate marketers like myself and almost everybody else using Traffic Exchanges.
Think about your visitor not being able to buy from your affiliate link or join your list, when discussing NoScript instead of blocking annoying sites.
Tim, The OTO will show. However, when you click on an encrypted paypal button, without enabling the site, you can’t complete the transaction.
So, you have to go back to the site and enable scripting and the One Time Offer is no longer there.
“Jerry Reeder (Jerry Reeder) Says:
July 29th, 2008 at 7:12 pm
Tim, The OTO will show. However, when you click on an encrypted paypal button, without enabling the site, you can
The encrypted button is a javascript, so yes the surfer needs to enable PayPal, but as I have said before – the simplest answer is to warn the surfer with a short noscript entry that the site requires scripts to be enabled to work.
incidentally there is a simple way to reset most OTOs, but that is another matter :)
Like any tool NoScript is a tool that used advisedly is a great help – many surfers will vouch for an ‘improved’ surf experience, but used poorly can cause unexpected results. Surfers need to know how and why NoScript works, and the implications this raises. Marketers need to understand that some people will insist on using NoScript in near default settings, and either accept the loss of these surfers, or adapt their strategies to be able to interact with them.
I think Sunny does an excellent job in her book of teaching a surfer how to make noscript work with sites that rely on javascripts. But regretably this follows her opening comments suggesting marketers should be advising surfers to not use NoScript.
It is because of the complexity of the issues surrounding the issue of scripts and their application that I have advocated a dual approach to educate both sides, it should not be seen as a Pro vs Anti issue, but as a matter of clarification and understanding of the others reasons for their decisions. Some marketers will prefer to rely on scripts (and will have to accept that this will cause lost opportunities); likewise some surfers will block everything that looks like a script (and will have to accept that this will cause decreased functionality on many sites)
and with that thought, I am off to check my paypal buttons which are probably the encrypted type :(