Conversation

For many many years, I've thought of my infosec friends with NoScript enabled by default as hopelessly paranoid. Today, I have NoScript enabled by default. It's actually not that painful.

Quote Tweet

Jake Williams

@MalwareJake

Jan 4, 2018

There's a JavaScript POC for #Spectre. Ads frequently include JavaScript. If you're not using an ad blocker in your browser, start. Also, enable site isolation in Chrome. For the first time ever, I'm considering whether preventing all JavaScript on unknown sites is the best move.

122

Replying to

I recommend umatrix for even more fine grained control than noscript offers.

Replying to

I've looked at its UI and ran in horror

Replying to

and

I switched recently and actually it's better once you've figured it out (because apart from the more fine-grained control, it shows you what domains you actually need through the request numbers)

Replying to

and

I did recoil in horror initially as well though

11:58 PM · Jan 4, 2018Twitter Web Client