Wow that took some time!
Today’s challenge – NoScript Security Suite – Direct Link to Guide Page
So apparently I jinxed myself!
We seemed to be steaming through the 30 Day Challenge with very little headway, and then we hit NoScript. Now don’t get me wrong, NoScript is amazing, and frightening, and complex, and entirely worth the effort. So what is it?
NoScript is an add-on for Firefox that takes the concept of an Ad-blocker to the next level. What’s an Ad-blocker? It’s a piece of software that you install to prevent all the ads being displayed in your web browser. Which makes browsing most websites both more visually pleasant and faster, as many of the ads take forever to load. These ads are served up using “scripts” – small pieces of computer code that sit behind web pages which determine the most appropriate ads to show to you when you load the page. An Ad-blocker will recognise those scripts and prevent them from running, meaning you don’t get any ads.
So what does NoScript do? It blocks not only the scripts for the ads, but all other scripts that attempt to run when you load a web page. Now that can be a problem, because many websites require some scripts to run to make the page function properly. Airline, retail and banking websites employ scripts extensively to manage your interaction with the page. So if you just block everything, you’ll be unable to use the web page at all. NoScript allows you to create a “safe list” and a “block list” for each individual script that runs on a particular web page. That has two effects: it gives you an amazing insight into how many scripts are being run when you load a web page (sometimes over 100!) but it also takes quite a while to work out which scripts you need to run, and which scripts you can block. So whilst the privacy and security gains of installing NoScript are unparalleled, it is a very steep learning curve, particularly for non-tech people.
So it was with some trepidation that we embarked on Day 11, which turned into Day 11A to Day 11J. Each of the team had their own issues with NoScript, and each required different degrees of support in making the software work for them.
Geoffrey: Whilst I had a good idea of what I was getting into on this one, I was still surprised by how frustrating I found this Challenge. Part of that is the wide variety and number of websites I visit during my work. What I eventually decided to do was to was to hasten my change for using a completely separate computing environment for my work. This is something that has been on the cards for a while, but it will take some time to get up and running. Which as it turns out, will likely be less time than it will take to keep training NoScript for the vast number of websites I visit for work.
Juan: Thankfully Juan doesn’t use the Internet very much. A couple of bank sites, a few news websites and one social media platform. Which is lucky, because Juan just didn’t get NoScript at all. Whilst he understands on an intellectual level why the software is so important, the practical reality of having to figure out what scripts he should allow and what not, well that was a whole other thing entirely. After a good few days of working through the sites he regularly visits, and providing additional training, Juan seems to have got the hang of things.
Diana: As seems to be the way of this Challenge, Diana picked this up pretty quickly. She was absolutely stunned at home many scripts are run on every page she visits, and how many of the same scripts run across multiple sites. Whilst Diana is a much more frequent and varied web user, after a few hours of training and being shown how to look up the scripts that she was encountering, she asked “Ok, what’s next?”
Priscilla: This was another difficult Challenge for Priscilla, particularly because of all of the various online systems she is required to access for work. Banks, accountancy, tax, assets, professional organisations, you name it, she is required to interact with them online. We manged to get the bulk of the frequently used ones working after many hours of effort, and she’s getting much better at figuring out the new ones she needs to allow and the ones she needs to block. This is going to be a long term project, but Priscilla did indicate that she was dismayed about how much data each site was collecting through these scripts.
Previous Days Here:
Day 0 – Introduction to the Team
Day 1 – Installing Operating System and Application Updates
Day 2 – Set Up A Standard User Account
Day 3 – Review Privacy Settings
Day 4 – Setup Private & Secure Email
Days 5&6 – Weekend Project #1
Day 7 – Install a Password Manager
Day 8 – Change Your Passwords
Day 9 – Browser Security
Day 10 – Firefox Security Add-ons