NoScript Adds Subscriptions To Adblock Plus 408
hahiss writes "Apparently, NoScript has taken to adding its own whitelist updates to Adblock Plus — so that the ads on the NoScript page show up — without notifying users. (It is described on the NoScript addon page, however.) This was a part of the last update to NoScript. Wladimir Palant, the main developer of Adblock Plus, describes the situation in an informative blog post."
Update — 5/02 at 12:30 GMT by SS: Reader spyrochaete notes that "InformAction, makers of the NoScript extension for Firefox, have removed the recently introduced AdBlock exceptions which unblocked the revenue-producing ads on the NoScript homepage with little or no warning to the user. According to the changelog, InformAction pushed out an update specifically addressing this controversial decision 'permanently and with no questions asked.'"
Really Smart (Score:5, Insightful)
Start a project that blocks ads that is funded by advertising on their website and donations.
Sounds real smart.
They have 3 AdSense ad units (the max) on their home page, a couple of small buttons and a set of sponsored links. The sponsored links also don't use the rel="nofollow" tag but I guess google doesn't penalize everyone for that or nobody has reported them.
Seriously, this is a business model that shoots itself in the foot.
this is like Little Snitch (Score:4, Insightful)
Little Snitch on the Mac, which helps you identify when apps 'phone home, itself 'phones home, and you can't block it using Little Snitch itself.
I like to call this the Communism trait, for the Party elite always manage to make themselves more equal than others.
(Moderators: this isn't an anti-communism or pro-capitalism post. An important part of growing up is knowing that ideals are merely the primary colours, and life requires a mixture.)
Its GPL licenced, someone should fork it. (Score:5, Insightful)
Re:Personally, I couldn't care less. (Score:5, Insightful)
Re:Shhhh! (Score:5, Insightful)
It's somehow okay now that an extension goes behind the users back and circumvents other plug-ins? Especially a plug-in that most users use presumably to protect themselves against malware and intrusive JavaScript driven ads?
I sure hope the community will step up and create a new open source plug-in that goes "back to the basics" (disable JavaScript per site + whitelist) and people ditch NoScript faster than you can say "WTF!"....
Apparently the NoScript developers (which is btw. the most obnoxious plug-in I currently have installed; re: updates...) heads have gotten a bit to big for their own good.
I can't wait to see the fallout from this one. Hopefully at the end NoScript in it's current form won't exist anymore!
I Would Have Allowed It (Score:5, Insightful)
Like many Slashdot users, I run both NoScript and AdBlock Plus.
Had NoScript asked me if I wanted to whitelist adds on their site (in my AdBlock preferences) to support NoScript development, I would have happily clicked "Yes."
As it is, I've left the NoScript whitelist intact in my AdBlock preferences, because I do want to support their development (NoScript leaves a comment in the AdBlock preferences indicating that this whitelist can be disabled easily). That said, I would have been much happier had my permission been asked!
Re:Timeline of events (Score:2, Insightful)
Abe Simpson, is that you?
Re:Timeline of events (Score:5, Insightful)
NoScript has no business injecting itself into the AdblockPlus-addon. PERIOD!
Re:Does this shock anyone? (Score:5, Insightful)
Sleazy and disgraceful (Score:5, Insightful)
If I have ad blocking software installed, that means I don't want to see ads (unless I explicitly approve them).
If I have script blocking software installed, that means I don't want to run scripts (unless I explicitly approve them).
How difficult is that to understand?
I don't care if the Noscript developer relies on ads for revenue. If I have ad blocking software installed, I don't want to see ads, period.. that doesn't mean "except on noscript's site, of course!". If the Noscript developer doesn't like that, it's too fucking bad.
This behaviour is disgraceful, and Noscript should be blocked by Mozilla (is this possible? Or, at least, not hosted on their site..) because at this point, it's clearly malware.
Scum. (Score:5, Insightful)
NoScript will no longer be permitted on any of my computers, period. This is unacceptable behavior. If I'd payed for the addon, I'd be demanding a refund. As it is, all I can do is try to take back the favorable word-of-mouth I've been giving the author, and try to find a version without the invasive behavior.
This suddenly explains a lot (Score:5, Insightful)
For some time now, I have been getting more and more annoyed with the regularity of NoScript updates, especially as it would ALWAYS open the home page after every update, this is after the nuisance of me already having been asked to restart Firefox for the addon update.
Now it makes sense, they clearly artificially make this happen just for adrevenue. The addon probably doesn't even need that many updates.
Anyway, even though I know I can change the option to not go to the homepage after each update, I am tired of having to restart Firefox once a week for software which is for the most part adware. I barely use noscript, except on 1 site, I'll wait for someone else to make an addon which doesn't piss me off, or simply tolerate the minor annoyance of that one site.
As for the real world security benefits of noscript, they are questionable at best. If a website codes itself so it needs javascript, one would likely turn on noscript, and then the website could run malicious code.
Re:Its GPL licenced, someone should fork it. (Score:4, Insightful)
Yes, please. If someone will fork it, I will happily donate five bucks every year. What I will not do is run code on my machine that's obfuscated or that attempts to mess with things it shouldn't mess with.
I'd never understood why NoScript had to have such frequent updates. It seemed like several times a week, sometimes even more than once in a day. It was a nuisance, but I figured the author must just be working really hard. Now I have a sneaking suspicion that it was because the author was playing cat and mouse with adblock.
Why is this even a nontrivial software project? Don't run javascript unless it comes from a site that's on a whitelist. That doesn't seem like it should be a big deal.
I would complain (Score:5, Insightful)
Good thing (Score:4, Insightful)
This is an exact example of why it's so important for source code to be freely viewed. The OSS model works - this demonstrates why and how. When developers are motivated by the wrong sources and use unethical means for obtaining their ends, users can be made aware of their digressions. Good work by the Adblock team.
Re:Personally, I couldn't care less. (Score:5, Insightful)
The bottom line is: don't install untrusted extensions.
It was always a risk.
By the way, you now know never to trust NoScript, and to warn anyone who tells you they're using it.
Ad Supported Ad blockers (Score:2, Insightful)
I find it incredibly ironic that two ad blockers are at war with each other over blocking ads that support their service. I hope this isn't a preview of what's to come if the use of ad blocking software becomes widespread.
Re:Links are helpful (Score:5, Insightful)
You should have stopped right there.
Re:Its GPL licenced, someone should fork it. (Score:5, Insightful)
Re:AdBlock "Plus" vs regular AdBlock (Score:3, Insightful)
"Of course that's just how I remember the whole thing. I never visit the AdBlock Plus page and I am deliberately blind to most ads anyway."
So, your entire post was based on a guess? You don't have any direct experience with AdBlock either? Are you kidding me? Why are you posting again?
If they do this any more... (Score:2, Insightful)
Comment removed (Score:5, Insightful)
Re:Really Smart (Score:5, Insightful)
In a sense, AdBlock is acting as malicious software, because it's altering the site author's message, without their permission.
In what sense? Adblock doesn't modify anything on the server - the content remains unchanged. Once the bits are on my machine, I can do anything I want with them without permission from the author as long as I don't republish the modified version.
Re:Really Smart (Score:5, Insightful)
If you want to make sure people are looking at your ads, come up with a mechanism that ensure they are, and make them leave if they aren't. I don't feel like come up with the mechanism now, but it could be as simple as having the JavaScript for the ad set a variable in page. If the variable isn't set when the page finishes loading, redirect them to another page that tells them to go away.
If I opened a page in links or another text-mode browser I wouldn't see ads either, are you saying those browsers are illegal? If a site doesn't want me there because I'm not looking at their ads, fine, I'll leave. The fact is that advertisers are too greedy, with ads that move, some that even play sound. Internet Advertising is killing itself with bullshit like that, and blaming it on AdBlock Plus is ridiculous. People want to be able to browse the web and read without being constantly distracted by a moving ad on the side, and without worrying that their speakers will suddenly start blasting because they navigated to a page that has a jackass advertiser on it.
If your response is "well not all ads do that, AdBlock should only block the bad ones" then consider advertisers brought the block on themselves by allowing those advertisers to exist. If they want to save their industry, they need to stand up and say that obnoxious ads shouldn't exist, and that they won't do business with anyone who displays them. That means that Google shouldn't show ads for a company that also has obnoxious ads (IBM is a good example). Until serious self-regulation occurs, ABP will keep getting more users.
Re:Really Smart (Score:5, Insightful)
However, AdBlock is illegally manipulating the author's content to remove ads designed to produce revenue.
Bollocks. You must work in the advertising industry. Using your own logic it could be said that NoScript is "illegally" modifying the operation of a web site by disabling the scripting on it.
In reality, neither is illegal. Both practices (blocking script, blocking advertising) are users exercising control over their own computers and their own browsing experience.
Advertising on web pages can generate revenue for both the advertiser and the web page author, but they cost the viewers in terms of:
If advertising was subtle and all scripting was trustworthy then there would be no need to block either. Alas, that isn't the world that we live in.
Re:Really Smart (Score:5, Insightful)
Re:Really Smart (Score:5, Insightful)
Re:Personally, I couldn't care less. (Score:5, Insightful)
Absolutely. What many programmers and companies do not realise is that there there needs to be a large amount of trust between users and themselves. Ultimately, by installing software, users are giving huge control of their systems and software to people they have never met and who will never meet them.
If find that most people are if anything, to trusting on the Internet. Hence botnets. But even cautious people do tend to give others the benefit of the doubt. But if they should be given reason to go back on that, it can mean a permanent end to that trusting relationship.
I know someone who recently installed Google Desktop(Something I would never, ever, do). They were happy at first, as they were happy to use a multitude of Google Apps. However, trouble struck when the geniuses at Google Desktop decided that when you search using their internet search, it should also bring up search results from your Desktop index.
Imagine someones surprise when their personal computer files appear on an internet search page. It wasn't pretty. The user wanted to uninstall Google desktop, sign out of Gmail, and stop using Google search forever. As I tried to explain that the page was linking to local files, not on the internet, I realised my words were in vain. This person had simply been too shaken my the incident. From their perspective, they had been betrayed. Their personal files had been cast online, or at least, they now recognised that outcome was possible due to the control they had given to a private company.
All trust in Google, and all its products, was lost forever. The trusting and confident relationship Google had with this person had been shattered by a single incident. I've seen this happen multiple times, with multiple pieces of software. Frustration, data loss, jarring incidents. Even the smallest thing can rupture the good feelings of people towards the people whom they entrust with their data.
This is such an incident. NoScript is forever tainted, never to rise again. Hundreds of thousands of people will likely uninstall it today alone. It will cease to be recommended, and ultimately another virtually identical extension will takes its place. A good lesson to all who would be so careless with their reputations. You need your users trust to survive.
Re:Personally, I couldn't care less. (Score:3, Insightful)
Yes, clearly, directing me to a single web page (requiring a single mouse-click to close) that displays a couple of ads (which I've never actually noticed, to be honest) once every 5-14 days as part of updating an optional extension to an optional web browser is equivalent to vandalizing my automobile and forcibly raping my female companion as part of maintaining a very expensive and critical piece of equipment that I need to properly navigate the modern world.
Bravo on an analogy that is completely valid and reasonable. You sir are a true champion of good taste and rational analysis.
No more NoScript (Score:2, Insightful)
Until 1 minute ago I had NoScript installed.
All the guy had to do was ask: "Do you want to whitelist the noscript webpage in adblock? I depend on these ads for revenue." I'd have damn well clicked yes.
It's unfortunate how the sleazy way out seemed appropriate to someone who's supposed to be developing software against malware...
Re:Personally, I couldn't care less. (Score:2, Insightful)
I only visit the site to update software, software they provide me free of charge, I'm not going to complain.
It's not about whether or not the product is free and whether or not he deserves a little coin for his hard work.... the fact of the matter is that he is providing updates that modify extensions that are not his without the consent of the user. That is called malware, and to avoid just that is part of the reason why I installed NoScript in the first place.
Re:Its GPL licenced, someone should fork it. (Score:4, Insightful)
Interesting. I'd actually prefer that the site just fail to work in that situation. Then I can make the decision for myself: do I care enough about this site's content, and trust its owners enough, to run their javascript? I suspect that in most cases the answer would be no. I'd mosey on by, and they wouldn't get my eyeballs.
No it's not (Score:5, Insightful)
Re:Good thing (Score:4, Insightful)
Funny, I thought that all Mozilla (Firefox/Thunderbird/Sunbird/etc) add-ons are already, in effect, open source.
The .xpi files that they come in are just .jar/.zip files containing all of their Javascript source code, styles and images. The NoScript author in this very case actually went out of his way to obfuscate the code in the content/noscript/MRD.js file just to make it harder for people to see what he was doing. Luckily, there's an easy way to decode it (credit to the Matt McCutchen who posted in the article's link):
mkdir tmp; cd tmp /dev/fd/3 3MRD.unescaped.js
s/\\\\x([0-9a-f]{2})/pack q{c}, hex(\$1)/ge
EOS
wget http//software.informaction.com/data/releases/noscript-1.9.2.xpi
unzip noscript-1.9.2.xpi
unzip chrome/noscript.jar
perl -np
less MRD.unescaped.js
It shows, unfortunately, that even open source software can be malicious. It's just easer for people to find the nasties.
Re:Its GPL licenced, someone should fork it. (Score:3, Insightful)
And when the author didn't get the level of donations he was expecting, he lashed out like a child, adding obfuscated code to NoScript which modified, without the Firefox user's permission, AdBlock Plus's functionality -- although a later update reversed this, and played only a little nicer by adding new ABP whitelist rules without the user's consent.
Yeah, that's someone who deserves our $5 alright. Try R'ing The FA before being a knee-jerk apologist.
Re:Sleazy and disgraceful (Score:3, Insightful)
If you feel entitled to read someone's content, why do you feel entitled to read it without ads?
I feel entitled to read anyone's content that is published on the Net for everyone to view, in any way imaginable - from my desktop or from my laptop, while picking teeth or sitting on a crapper, with or without ads. In fact, scratch that - there's no "entitlement" in this, even. If content is published to be read, then don't complain when it's read, and don't try to shove your presentation of that content on me. I consider ad blockers in the same category as browser settings that let me override author's hardcoded font face and size, or obnoxious colors. On my PC, I alone have the right to control how stuff is presented to me.
Let's rephrase it that way: why does the author feels entitled to get ad views with his content?
Re:Sleazy and disgraceful (Score:1, Insightful)
That is the stupidest thing I've ever heard. Nobody is hurting him, they just aren't helping him. It's like saying because I didn't give that homeless guy a buck for reading his cardboard sign that I'm hurting him. If he doesn't want people to visit his site or use his bandwidth, he needs to get off the internet, switch to a subscription/pay based service or shut the fuck up.
I'm sick and tired of these whiny little fuckers on MY internet.
Re:Ad Supported Ad blockers (Score:3, Insightful)
I find it incredibly ironic that two ad blockers are at war with each other over blocking ads that support their service
NoScript is supported by ads, and maliciously tries to prevent them being blocked by AdBlock. However, AdBlock itself is not supported by ads, and does not try to block NoScript in a similar fashion. It may be a war, but it's pretty one-sided, and it's fairly clear who's being an asshole here.
I hope this isn't a preview of what's to come if the use of ad blocking software becomes widespread.
It is already widespread, even for IE users.
Re:Sleazy and disgraceful (Score:4, Insightful)
If you feel entitled to read someone's content, why do you feel entitled to read it without ads?
Because it's being displayed on my computer.
TV stations are free to broadcast all the ads they want. But in turn, I'm free to change the channel during a commercial break, or mute the sound and go fix myself a drink, or record the show and watch it later by fast-forwarding through the ads. They decide what to send me; I decide what to accept from them.
Web site operators are free to put all the ads they want on their page. But again, I'm free to pick and choose what I want to pay attention to, or spend my time, bandwidth, and CPU power downloading and rendering.
If the web site operators have a problem with that, then they have a problem with the design of the web itself. When they start paying for my computer and internet connection, then they can tell me how to use it, but not before -- and they still can't tell me what to pay attention to.
I used to read a website where behind the banners, the author had a simple text graphic worked into the background with text along the lines of "If you can read this, you are hurting my ability to pay for the hosting of this site".
See, that's fine. Don't force anything on your users, just be honest with them.
Comment removed (Score:5, Insightful)
Re:Indicative of more serious problem? (Score:4, Insightful)
What do you define as malicious behavior? A Firefox extension can modify the browser in almost regard. There's not much you can do to sandbox the extensions without removing the flexibility of the extensions feature altogether.
Bottom line: You, the user, take responsibility for any software you install on your computer, even Firefox addons.
Re:Really Smart (Score:5, Insightful)
I beg your pardon?
The reason I started using extensions like Adblock Plus is because ads were so bad they were preventing my entire COMPUTER from working. The straw that broke the camel's back in my case was when I was trying to view artwork on Deviantart. They had these really badly coded Flash animations which took up 100% CPU on my (then) single-core desktop machine. It was IMPOSSIBLE to do anything - the entire machine was jamming up to the point where it took more than a minute for the task manager to appear when launched. This is bullshit - ads shouldn't do this, they shouldn't be so obnoxious.
My current machine is a bit more modern and would handle such ads, but it's the principle of the thing, and I don't see things getting any better. The only ads I can deal with are text-based, light image, non-flash/non-JS ads. If people only used these ads and were sensible about using them, then I wouldn't have been pushed into seeking out relief.
So stop painting us as stingy folk. Some of us just want to access the Internet without frustration.
Re:Personally, I couldn't care less. (Score:5, Insightful)
Re:Personally, I couldn't care less. (Score:2, Insightful)
Maybe, maybe not. I uninstalled it less than an hour after installing. I just found the damn thing too much of an intrusive speed-bump to what I do. However, I rarely see any ads, since I have a large hosts file to lock out most of the offending domains, and a combination of adblock and flashblock to fine-tune the rest. NoScript is more or less redundant.
Re:Links are helpful (Score:4, Insightful)
it desperately asks for an answer
So, begs the answer surely?
Re:Really Smart (Score:1, Insightful)
I'm not asking about the technical correctness or factual accuracy of any statement you've made. I am asking about the spirit with which those were written.
Re:I Would Have Allowed It (Score:3, Insightful)
Had NoScript asked me if I wanted to whitelist adds on their site (in my AdBlock preferences) to support NoScript development, I would have happily clicked "Yes."
Exactly. The NoScript author has a point, and I understand he has to generate some revenue to fund his work, but going behind the users' backs is unacceptable.
As it is, I've left the NoScript whitelist intact in my AdBlock preferences, because I do want to support their development (NoScript leaves a comment in the AdBlock preferences indicating that this whitelist can be disabled easily).
I've immediately disabled the filter set, and prevented the NoScript site from being displayed. I will however re-enable it soon, because the next version of NoScript will ask for permission (even retroactively), and allow its modifications to ABP to be reset:
He SHOULD have done so in the first place, and I still feel he should apologize for his error in judgement, but at least he's doing something about the problem. NoScript is an invaluable extension (much more so than ABP, as long as I've got FlashBlock), and I'm grateful for his efforts. I hope next time he'll think twice before he tries a stunt like this.
CJ
Re:A word from a NoScript Forum Moderator (Score:2, Insightful)
Except the NoScript site serves ads from other sources than just Google. For example, I count 3 "pop-up on hover" adds from DoClix, Inc. on the "GetIt" page alone. Please note the references to "s3.buysellads.com" as well as a "sponsored links" sections that is not from Google in addition to the doclix.com ads. Not that either side of this point is actually relevant to how inappropriate the action was.
"2) For those who think the updates are a revenue-(ad-viewing)-generator, aside from the fact that the NS FAQ includes simple instructions for turning off the home-page redirect for each update (try reading the FAQ before criticizing)"
Except - as has been pointed out many times - the user has to set this up themselves in about:config, rather than a simple checkbox from the NoScript GUI. Not that either side of this point is actually relevant to how inappropriate the action was.
The fact of the matter is that Giorgio crossed a line, violating user trust and behaved in a manner exactly like malware. Rationalizing the action by saying there was an "an aggressive EasyList campaign against sites sponsoring NoScript development" or that it was an "attack" on the NoScript site, indicates a problem of acceptance of responsibility and does not help - it only compounds the mistake. Giorgio needs to apologize, promise not to do anything like this again in the future and try to regain user trust.
Re:A word from a NoScript Forum Moderator (Score:5, Insightful)
As it is, Giorgio acted like a piece-of-shit, scumbag, newbie-hacker throwing a temper tantrum, should be ashamed of himself for embarrassing himself, YOU, and everyone on the project , and needs to make public apology for his misguided attempt. Here's a hint. If you put it in the documentation, README or changelog it WILL NOT BE READ. Get out an update which says, "SORRY! We've rolled back all the patches for this to version xxxxxx, and we will never make any changes outside our application without your PRIOR EXPRESS INFORMED CONSENT. And then learn from this mess -- and don't fuck up like this again.
Re:Really Smart (Score:3, Insightful)
What if I'm browsing in text mode? What if I don't happen to have flash installed so I can't see flash adverts?
In order for a webpage to be seen on screen it has to be modified and translated into an image in my computers' memory. You seem to be claiming that I'm violating copyright law by not processing those instructions in the correct way but I'm not aware of any case law that interprets copyright law like that. If website operators want me to view their page in a specific way perhaps they should furnish me with a standard, proprietary browser that would illegal to modify?
By that argument users of MythTV who use the commercial marking features are also in violation because they're using a programme to skip the ads rather than pressing fast-forward themselves.
Re:NoScript 1.9.2.6 fixes it (Score:3, Insightful)
Giorgio released version 1.9.2.6 which disables the filter. I quote from http://noscript.net/?ver=1.9.2.6&prev=1.9.2.5 [noscript.net]
It seems that he eventually got it right.
It seems that he eventually got caught.
Re:Really Smart (Score:1, Insightful)
Bullshit. Sorry to be blunt. (Actually, no, I'm not sorry.)
You have the right to publish whatever you want (as long as you're not breaking the law in doing so) on your web site. If you make that published content available to me, in such a way that a computer program of mine can fetch said content in order for me to receive it, when said content has been transferred from the web server, over the network, to my client program, your control over what I do with said content, as long as it stays on my computer, is utterly none of your business, neither morally nor legally.
Any thoughts on your behalf that you have any more rights over what I do with the content on my machine constitute nothing but delusions. Plain and simple.
You have no idea what you're talking about, but for some reason you feel the need to use many words in order to demonstrate the fact that this is indeed the case.
You are weird. And wrong.
Have a nice day.