12 March 2007

Firefox, NoScript, Woe is me.

For the past few months on my work computer (and even longer on my home computer) I've noticed that my web browsing via Firefox has slowed to an absolute crawl. Firefox would take almost 45 seconds just to load up, and each page loaded with the horrifying speed of glass (which is actually an extremely viscous liquid -- ha ha, science! *thrusts finger in air*).

I realized right away that this wasn't Firefox's fault. Why? Because I'd use other peoples' computers with Firefox, and their copies loaded quickly, browsed quickly, and rendered quickly...

That left only one thing, right? It was an extension slowing me down. But which one?

I figured it was one of two -- either NoScript or Adblock.

Now, Adblock used to slow me down until I figured out my tried-and-true-two-entries-only-blocking-list:


These two lines stop almost all banner ads of any sort, and it's easy for the Adblock engine to parse. The problem of a huge Adblock-list plagued me some time ago, but after replacing my enormous block list with these two lines, the problem went away.

Now about a year or so later, the problem has arisen once again, and this left only one possible answer: NoScript.

You would think so, eh? Turns out it wasn't that easy. I've installed Firefox on new computers and added NoScript, and it ran with no problems -- fast as can be. Then what was wrong with my installation, specifically?

Well, what was the difference between a NoScript installation on a new computer and my main NoScript installation?

My banned/allowed scripts list, of course. My five-thousand-line-long banned/allowed scripts list.

If you're picky like me, you don't like having ad farms deliver content to you. You don't like being the target of "customer-orientated advertising campaigns," you don't like having "relevant marketing content" delivered to you, and you definitely don't like being the source of "valid consumer visitation information" for companies. You like buying the things that you want to buy, not things that you've been subtly prodded into buying. (Trust me -- just go to Tacoda.net and look at some of their "consumer profiles." You're not a person to these organizations -- you're not even a group of people. You're just a line in a database somewhere.)

I stop almost every single bit of JavaScript that runs in my browser when I'm web-surfing, except for whatever's coming from the main site that I'm visiting. (Trust me, I program JavaScript as a career. I know what it can do, and I don't want it doing it!) Well, over time, my "blocked/allowed domains" list in NoScript had become very, very, very large. And everytime I started up Firefox or tried to load a new page, NoScript was having to check each and every bit of JavaScript against that enormous list... even clicking on the NoScript context menu to bring it up was starting to take a full three seconds.

So, what do you do? Well, it seems the makers of NoScript must have come across this problem, because they've included a feature to always allow JavaScript from whatever domain you're currently visiting -- this is something I always allow anyway, since the main culprits of JavaScript-delivered ad-farming are almost always off-site domains (tacoda.net, doubleclick.net, etc.). You're pretty safe in always allowing the domain you're visiting to run JavaScript on your computer.

I turned on this option, but I still had to get rid of that giant permissions list, now didn't I? You can do that from within the NoScript control panel, but my list was so large that every time I tried to remove the entire thing, Firefox would lock up. Poor thing... :(

I tried uninstalling and reinstalling the extension... to no avail. Unfortunately, Firefox keeps the settings of whatever extensions you've installed. (There really should be an option to stop that!)

I wasn't going to re-install Firefox, so what now? Well, on NoScript's site, they talk about this exact thing:

"If you want to erase your whitelist you can either use the NoScript Options user interface (recommended option) or remove from the aforementioned prefs.js all the preference entries whose name starts with 'capability.policy.maonoscript'.:"

The prefs.js file seems to be a collection of items in some sort of array, and the particular entry for NoScript was disgusting huge. So, I uninstalled NoScript first (just to make sure I wasn't editing its prefs.js section while it was installed), took out the relevant lines from prefs.js, and turned on the "allow top-level sites" option.

Ah... browsing revisited. Running NoScript in this fashion -- allowing all top-level JavaScript and only banning off-site scripts -- is so much more efficient.

No comments:

Post a Comment