Comment by tmtvl

I more or less use those addons (uMatrix instead of NoScript) plus uBlock Origin. uMatrix doesn't load a large number of JS files. An example from an ecommerce site I'm browsing right now: the site is functional (at least in browsing mode) without the scripts from

    bigcommerce.com
    classyschema.org
    doofinder.com
    elfsightcdn.com
    google.com
    grit.software
    gstatic.com
    hexgator.com
    klarna.com
    skeepers.io
    criteo.com
    googletagmanager.com

It needs only the JS from the first party domain. So they can track me from there but all the other guys don't know about me, unless they buy data from the first party. At least they have to do more work.

I also don't get advertising in any form, maybe because I don't have ecommerce apps on my phone and I block a lot of things with Blockada, but that's another story.

> (window size, font size, and many other factors that do not even require JS

Yeah, they require CSS, which you can also block using noscript and other tools, if you want.

Also, while you might be more "trackable" to those who fingerprint, if you are blocking those cross origin or same origin scripts from loading you are already stopping some of that. You can even blacklist some known hosts completely in your browser's policy settings and prevent those requests from ever reaching their destination.

Without an ad blocker and JavaScript blocker the average website would be 100GB in size and take several years to load. If I really cared about tracking protection I would just not use the regular internet and stick to Gemini. CanvasBlocker is just because the Tor browser itself has one implemented (source: <https://2019.www.torproject.org/projects/torbrowser/design/#...>) so I figured I might as well.

There has to be a happy middle between "no protection" and "complete uniqueness"

The web without ad blocking is revolting. Browsers building in these features makes them more popular.

Aside: Fuck the Washington Post. They have a line in their privacy policy that acknowledges the existence of "Do Not Track" flags in browsers. Their acknowledgement: since there is no industry standard for responding to it, they ignore it.

My experience with uMatrix: most sites work right away. Others require fiddling with the matrix of media, script, xhr, frames and the third parties serving them. After a while it's easy to remember which ones must be temporary enabled and which ones don't. Sites with videos are a little more difficult. Sites with payments require care. I whitelist the minimum set of scripts that make the sites I use often work. There are usually many scripts that can be left out. If everything fails and it's a one shot site, I start Chrome.

It's fine. Sometimes I get annoyed by websites which require JavaScript to show static text (apparently HTML is too difficult?) or which block me with a 'please unblock challenges.cloudflare.com to proceed' (that second one seriously pisses me off when I see it on, for example, the website of the Belgian railways), but by and large I'm fine with just saying 'if it breaks I don't need it'. But I handle my e-mail with isync, mu, and mu4e; and as far as I understand e-mail tends to be a sticking point for those who care for their digital rights. I also don't have Xitter or Facebook or any of that nonsense.

If there's one thing I don't like its the fact that NoScript doesn't integrate with Multi-Account Containers. It would be neat if instead of having to temporarily allow GitHub JavaScript and re-disable it when I'm done; I could just allow GH JS in a GitHub or Microsoft container and it only being enabled in that container.

I use LibreWolf at work, and I exempt most internal sites from aggressive anti-tracking stuff, but otherwise it works fine.