I hadn’t tried NoScript before. Wearing my security-minded developer’s hat, I like the idea. It’s a great way to see which scripts are invoked by various websites, and to understand how those sites behave with those scripts enabled or disabled.
Wearing my civilian hat, I’d wonder about the level of effort required to make those kinds of granular decisions. Douglas Crockford observes:
You might think that you would have to spend a lot of time managing the policy, but surprisingly, you don’t.
On the one hand I’m inclined to agree. We’ve seen the same thing with firewalls that do outbound filtering. But on the other hand, NoScript prompts occur much more frequently. Will civilians be willing to deal with that? I’d be curious to know how non-geeks are getting along with NoScript.
Just curious: Why?