NOSCRIPT CONFIGURATION FOR PALE MOON SPECIFICALLY

I wrote an article before about making Pale Moon more private. I covered a few of the settings and back end changes I make each time I install it. I mentioned Noscript, but I didn’t give any details about how I set it up. First though, you have to get the version already marked for your version of “Firefox” or in this case, Pale Moon. If you went to https://addons.palemoon.org/addon/noscript/ you would probably find the Pale Moon addons page devoted to the newest possible Noscript being marked specifically for Pale Moon. Other versions may work, but these are hybrid addons and the closer we get to Noscript 10, the less I trust it to work with Pale Moon specifically. I just opt to stick with 5.0.6.

There have been people asking about what happens when Maone, the developer stops supporting the hybrid versions of Noscript, “Will it work with Pale Moon?” Why yes it will. Noscript blocks scripts, that’s its main function and it will do that as long as Java script exists on a page. Java script is what crypto-currency miners utilize to force your computer to mine for bitcoins. By now, most of these you have probably blocked already with a hosts file or with some ad blocking extension. I don’t blame you. I have blocked these in my hosts file as well, but never hurts to run this also. It only allows what I tell it to. Noscript will also continue to block most click jacking attempts. It doesn’t use definitions to do this so it will never stop. Noscript, unlike blockers, doesn’t really slow down your browser. It can potentially speed it up on pages with lots of interactive content.

To install the addon, go to the link above and scroll down until you see a big, green button that says Install Noscript. Pale Moon will ask you first, assuming you have it set up the way I showed you. To set up Noscript, once you’ve installed it of course, go to the icon of an S in a big white orb. Maone calls him the script worm, a mascot for Noscript. It will usually look like so: 

 Once in the menu, search for options and find:

On the General tab,

go down to the bottom and tick the box by “automatically reload affected pages when permissions change” And then make sure that “reload current tab only” is checked. Then go to the Embeddings tab. I generally tick the boxes by Forbid IFRAME and Forbid FRAME:

 and I also put a check in the box by Forbid WEBGL. WEBGL can be used in canvas fingerprinting as well. It also can cause load on a cpu if your graphics are not up to par. Next go to Notifications tab: and uncheck the box by ABE, this won’t turn it off, but it silences the constant full page warning messages that you get every time you load youtube. Then navigate to Advanced:

 I leave these up to you, but I usually check the ones you see in the screenshot. You can go to the subtabs like HTTPS and ABE, but this is beyond the scope of this tutorial. Next you can go to Appearance and change the way messages popup and how the menu displays web pages, but I wouldn’t mess with this. The defaults are generally enough.

 Finally, go to White list and remove any sites you don’t want to allow to run scripts when you go to them. The default is there for users who don’t want to configure a lot of sites, but I just remove all of these put my own list of sites in there. Noscript allows you to take a text file with a list of sites and put them in there as well. You can also put them in one at a time. This prevents sites from breaking every time you visit them. Sites I recommend allowing are youtube.com, ytimg.com, googlevideo.com, your banking site, and any social media sites you decide you want to use. Noscript automatically blocks click jacking, even if you suddenly globally allow scripts for a site, but it is not recommended.