Security and Javascript

Wes Packer mail at wespacker.me.uk
Fri Jun 28 10:32:11 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I do the same on my laptop: chromium for day to stuff I don't care about
and a (fairly) locked-down IceCat for the important stuff.

And I agree: the more people use NoScript, the better. Maybe we could
put together some kind of "best practices" site - that goes into
slightly more depth than Prism Break? I'd be happy to work on that
content as I'm not much of a developer.

Wes

On 28/06/13 11:06, MJ Ray wrote:
> On 28/06/13 10:18, Alessandro Rubini wrote:
>> It is true (modulo my ignorance of javascript), we don't want to tell,
>> because it would be seen as paranoid.  The tech world is way beyond
>> this.
>
> "# Keep Flash, Java and JavaScript disabled in your web browser, except
> for sites that really need it." -- Andrew Ludgate, Sophos (proprietary
> anti-virus vendor)
>
> I'm sure you can find many more experts offering similar advice.
>
> It's mainly those with some interest in javascript, like browser makers
> and hipster website developers who, are "way beyond this", not the tech
> world.
>
> I'd love it if we shared good practice and encourage people to install
> things like noscript.net.
>
> On my (CyanogenMod10 and f-droid) phone, I have two browsers: one with
> javascript that I use for a few web apps that don't work without it
> (including one of the telco ones, annoyingly!); plus one with scripts
> switched off.  That's worth it, isn't it?
>
> Regards,

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJRzWYrAAoJEMQ3v+MnqkS1p/8H/iNRNqs33HTaliwS/ECxyVPe
1R9j33jpc6Z32ymudVF9XJJzdidJA7wm8459gqn8+wFdjm40BC/9yYM9Vw+aX5kV
sW7AnFEx9f22cuBJIVo5vz8mhte6bJNLZDkRvx0l4SdZg480b4iDgs9lt9jA9+zz
6QDaCHwvWcNMikdORctzdc5kAkX5oOW78dyhhJA7fuQCZkWwhjGhyYPQ06ZJP53x
LmTNkreAy374e3m3rDQwgQc/LRRw8x41RF08XjWFvwxMN8Ii091RSY0h9qj/uH3X
vWVhNtBg9IUMIQgrhbDpIvNw7P3i21gMnQntdufkQuhbNMYnBFhfbhqTN+n0ZM8=
=Tg67
-----END PGP SIGNATURE-----




More information about the Discussion mailing list