Welcome to the Fast-Air Tech Talk newsletter. The Tech Talk newsletter is a free service for all Fast-Air customers. Please suggest newsletter topics.
Advertisements are one of the more pervasive ways people are tracked online. Security challenges exist as well because often ads come in the form of Flash. Running Flash videos inside a web browser requires JavaScript.
Even without Flash, JavaScript is used at many web sites. JavaScript, not be confused with Java, is a sneaky but popular way for installing malware, such as ransomware.
Learning to configure and control JavaScript is a challenge for some web browser users who want better security and privacy. Unlike cookies, Firefox is not designed with a nice interface for configuring JavaScript.
A sledge hammer approach is to disable JavaScript completely. To disable JavaScript in Firefox:
- Click in the Firefox Location Bar.
- Type about:config and press Enter.
- Acknowledge any dialog box to be careful.
- Use the search text box to find javascript.enabled.
- Change the value to false.
Using this sledge hammer means some web sites will not function at all without JavaScript, but most sites will remain viewable and accessible. Disabling JavaScript will affect how you might be accustomed to viewing certain web sites. Disabling JavaScript often means not being able to watch dancing pig videos.
Much like controlling cookies by creating a cookies white list, a happy compromise is creating a JavaScript white list. As Firefox does not provide that easy interface for JavaScript, controlling JavaScript requires an add-on. The most popular add-on is called NoScript Security Suite.
Configuring a JavaScript white list requires a little more sweat equity than creating a cookies white list. Yet not too much more.
For most users, the default configuration of NoScript is a decent starting point. The default configuration contains a basic white list of sites that are unlikely ever to pose a problem with JavaScript. With all other web sites JavaScript is not allowed to run.
Outside the defaults, there are three ways to allow JavaScript while using NoScript:
- Allow all scripts globally.
- Temporarily allow scripts for the current web site.
- Permanently allow scripts for the current web site.
The first option is dangerous because all JavaScript protections are removed. Worse, many users will forget they enabled this option and will have no protection thereafter.
Temporarily allowing JavaScript for the current web site means closing Firefox will remove those permissions. The next time Firefox is launched, JavaScript will not run at that same web site, unless again temporarily allowing.
Permanently allowing JavaScript means the web site is added to the white list and will survive closing Firefox. The next time Firefox is run, JavaScript will run at that web site.
A tricky part to configuring JavaScript white lists is understanding that many web sites today are designed to use content delivery networks. That is, visiting a single web site means actually connecting to many web sites. The web browser displays the page of the desired web site, but underneath there are many additional web sites that are connected. Sometimes the overall function of the primary web site fails because JavaScript is blocked with those additional sites.
Allowing JavaScript to run might require allowing JavaScript for more than one site. This requires some patience and some practice to learn how to know which additional sites to allow.
Once mastered, NoScript provides tremendous peace of mind that malicious scripts are unlikely to run, but does promote peace of mind that no malicious scripts are installing malware as well reducing web page noise.
For additional help with NoScript:
The Firefox NoScript guide you have all been waiting for
Block scripts in Firefox (video)
Controlling JavaScript is one way to control intrusive and malicious ads. Online advertisements have become untrustworthy because many contain malware. Ads are just plain intrusive and noisy. There are two Firefox extensions that can help block ads (only one is needed):
Blocking ads and controlling JavaScript provides many users with peace of mind, but basic web design continues to frustrate many web users. Many users are weary of tiny fonts and can find relief with a Firefox extension called NoSquint Plus. Using this add-on allows adjusting font sizes per site. The changes are saved and survive to the next time Firefox is launched.
For users who are weary of all the noise, clutter, and useless bling on many web sites, a useful Firefox feature is called Reader View. This feature allows users to strip the nonsense from a web page to mostly text, which dramatically improves readability. A great but simple add-on to toggle Reader View is Activate Reader View.
By the way, Java is another significant security problem. Java plugins should be disabled or not installed unless absolutely necessary.
Family time: True or false — only female mosquitoes bite humans and animals. Think you know? Search the web.
Next issue: Protecting Privacy with Google Chrome
Are you new to the web? Then you probably never saw the Hamster Dance!
Video
- Free Gift Phishing Scams (Notice 2020-001) - January 15, 2020
- Tech Support Phone Scam (Notice 2019-001) - March 14, 2019
- VPNFilter Router Malware (Notice 2018-007) - May 30, 2018