[conspire] NoScript fine-tuning (was: Firefox question)

[Rick Moen]

Quoting Paul Zander (paulz at ieee.org):

> Thanks for the info.  I will check it out.   When visiting a web-site,
> there is an icon for no-script.  It allows control of web-site being
> displayed and web-sites it want to link to.    My problem was a bit of
> an odd case in that the "other site" wasn't in play until I tried to
> do something specific.  

Yes, this is often the way it goes.  E.g., sometimes you're browsing a
news site with NoScript, and suddenly realise the reader-comment feature
is missing from the bottom of the page, and the reason for that is that
it's outsourced to a different Web site and is Javascript-driven.

The icon of which you speak gives immediate access to a pop-up menu
listing all of the fully-qualified domain names whose Javascript
snippets are referenced from the current page and, in NoScript's
absence, would have been run blithely.  The controls permit blocking or
unblocking each of those (following which, the page automatically
reloads), or other actions such as a temporary override of NoScripts
control to enable & run _all_ Javascript snippets referenced.

The latter control is useful as a quick check if you think 'Hey, I
_think_ there's a feature missing from this page, and NoScript's
blocking might have caused that.'  Temp-reenable all Javascript and
reload the page.  If the feature suddenly is present and working, then,
yes, your suspicion is correct, and _now_ you can either (a) figure out
which Javascript snippet, and enable only that one, (b) decide you don't
care about the feature, or (c) change the temporary override to
permanent and prospectively tolerate arbitrary Javascript junk from
pages on that site.

Tools like NoScript or uBlock Matrix / uBlock Origin simply require user
engagement to get per-site ACLs right, i.e., there is unavoidable work
up-front, but then the idea is that you don't subsequently have to
fiddle with those settings.  Once set, you have a much, much better
experience, better performance, less bloat, faster page loads, fewer
security risks, less junk in your life.  Achieving that is just never
going to be automated, because there's simply too much money devoted to 
overwhelming you with junk, attacking you, and spying on you.  So, 
"Yes, you can de-junk your Web experience, but it takes iterative work 
using tools you must install and configure on your own initiative"'
is the hand we got dealt.  Be grateful we have that much on Linux for
the desktop (and other desktop OSes).  Smartphone users are much worse
off, for example.  They are natural prey for adtech/spying/malware
abuse.

> Yesterday, I was having some problems with audio that made it
> difficult to say anything.  I've had many meetings using other
> software without problem.  Now I have some time to investigate and
> maybe find a headset before the next CABAL.

A number of Logitech's models have gotten good evaluations by Linux
users I respect.

Locally, I have an easy solution, using old Apple earbuds with built-in
mic on the cable.  As I keep suggesting, earbuds or headphones have the
advantage that, when a Jitsi Meet or Zoom conference gets interrupted by
some participant's audio feedback loop or local noise problem, and the
search for the culprit ensues, you will at least know it's not you.