Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Resolved Question

Exactly Which Are The Minimum NoScript

Nov 15, 2011 2:51PM PST

permissions required to ENABLE log-in for the Assorted forums??

I used to have the answer BEFORE the recent changes to the current Blue/Grey/Red restyle but THAT NO LONGER WORKS!!

I was going to post in Security as that IS part of the problem but also IS part of the access to Forums also.

After 2 weeks of trying to log-in,
I confirmed w/ accounts my account is ok!

As of NOW, I can ONLY log-in after giving permissions to EVERY ONE of the following (all of page) many of which I have NO NEED (say Facebook & Twitter w/ no accnts as they're now major malware routes) But All Of:

eyereturn
fbcdn
bkrtx
bulekai
crowdscience
facebook
gigya
twitter
servingsys
scorecard research
comcom
adtechus
reviscicnet
atdmt
cbcstatic
cnet 16 in total!!

The LAST 2 seem reasonable but many like adtmt ,bluekai,bkrtx are undesirable from privacy and anti tracking spyware perspective.I don't want them residing on my machine.

So Which are the REALLY required for sign in function???

Which of the cookies they place need to remain
beyond log-out??
cnet urssession ID,purs_1,surs_1,tempsessionid,at least 1/2 dozen more w/cnet plus adtech several, atdmt several.

Speaking of Logout, why do I NOT even SEE a button for loging out??

My brain is either spinning or becoming fried just typing this post!

Please help so I can still login without compromising my privacy & security!!

Thanks, Sandy Confused Wink

Discussion is locked

tobeach has chosen the best answer to their question. View answer

Best Answer

- Collapse -
Here's the rundown...
Nov 17, 2011 10:27PM PST

In short, you only need to allow three of those you listed - all of the others are third-party and can be safely blocked. (I blocked them all with my HOSTS file - really helps the site load faster.)

When it comes to cookies, I believe purs_1 is the only part crucial to your login/logout status. The rest will be updated/recreated as you use the site, but can generally be blocked/deleted without ill-effects. Some may be used to provide useful functionality, though, so tread carefully.

And as to logging out, mouse over your username in the top right corner under the search bar and you should see a 'log out' option along with a link to your member profile.

Hope this helps,
John


Needed:
=================
*.com.com
*.cnet.com
*.cnetstatic.com

(Note: The asterisk means 'anything' - so *.com.com includes i.i.com.com, tobeach.com.com, etc.)


Not needed:
=================
fbcdn (Facebook)
facebook
gigya (login with a Facebook/Yahoo/Google account)
twitter
atdmt (ads)
revsci (ads)
crowdscience (surveys)
scorecard (surveys)
eyereturn (ads)
bkrtx (ads)
bulekai (ads)
servingsys (ads)

Note: This post was edited by a forum moderator add 'asterisk' note on 11/18/2011 at 6:30 AM PT

- Collapse -
Using FF and Noscript
Nov 18, 2011 1:16AM PST

Needed.
*.cnetstatic.com
No such thing on this machine but I do see "cbsistatic"......which is needed.
As I recall and recall seems to fade quickly now days there was something about allow "third party cookies" in FF other wise things got a little wonky with the forums......login problem?

- Collapse -
Yep, and cbsistatic.com...
Nov 18, 2011 3:17AM PST

That's used interchangeably with *.cnetstatic.com - both are needed.

Third-party cookies aren't needed for login here (I have them blocked and can login just fine) unless you want to login with your Facebook/Yahoo/Google account.

Jon

- Collapse -
Hi Again, John! No Such Luck...
Nov 20, 2011 3:25PM PST

with only "required" permissions,
BUT looking in my currently stored c-net cookies, I no longer see purs_1
so perhaps that's the hang up !

So, I've now deleted ALL c-net cookies and re-logged in w/ "all this page alowed" to post now.

As logged in now, I do have a purs_1 & surs_1. Also rbSessionid, urs_sessionid, tempSessionid.

Also seeing curs_gigya appid?? For a installed application?? That might cause cursor errors? Don't know.

I also noted in my cookie manager that all the stored cookies for c-net show as "expires at end of session" BUT,
in fact,there's about 1 dozen there from previous days visits, definately NOT gone.

Apparently c-nets "may set session cookies" is allowing permanent cookies
to say they're session only and hanging around. Maybe this conflict explains so of the weird behavior cursor etc. here.

At top right, with cursor over my name I get blank box w/Yahoo/Facebook icons
& Below & to the right, I get only
the "My Pr" showing. The balance of the word profile is off the screen.

However, I now see that in the bottom arrow black band, when I click on my name, I get profile links at the bottom right of which THERE IS a logout button.<<<< Yea!

Any rate when I allow all, machine behaves conflicted w/ considerable slow down of all actions (about 4-6 times as long).

A system restore to "before" seems to bring back the proper speed although running CCleaner does not.

Since I haven't been doing a lot of posting of late, I guess I'll just settle for read only mode w/o cookies
but good speed!

Thanks to all who have spent their time brain power trying to help!! Sandy Sad

- Collapse -
CNET cookies...
Nov 20, 2011 10:06PM PST

Some browsers will automatically continue your previous session when you restart the browser, letting you pick up here you left off. Basically, it's the browser's responsibility to determine when a session ends, and delete any session-only cookies accordingly.

The curs_giga cookie is not for an installed application; it's for social login (Facebook/Yahoo/Google), and exists whether you login with those or not - not harmful. And the logout option when hovering over your username sounds like a browser rendering issue.

Now, I saw you said you're using SeaMonkey 1.1 (end of life: March, 2010) - I would definitely recommend upgrading to the current version (2.4), which provides numerous security and functionality enhancements. That should give you better Javascript performance and resolve the logout issue, among other benefits like CSS3 support.

Hope this helps,
John

- Collapse -
Answer
Difficult
Nov 15, 2011 7:58PM PST

and I understand your frustration Sandy.

In general you are fine to allow nearly all scripts in CNET. When the forums changed recently I don't remember having any problems, although I may have had to tell NoScript to "Allow all" for CNET.

I trust CNET and I assume they are not going to 'deliberately' cause me problems. There will always be the odd occasion when that happens. However, I have disallowed the 3 following, Facebook, Gigya and Scorecard Research without any problems.

No real reasons for my choices, except I am anti-social and hate Facebook! Happy but the others I found I could disallow without any ill-effects.

I've never checked my CNET cookies. Cookies are mystical to me and I have never been able to understand them completely, so I shut my eyes and hope.

If you want to Log Out, find your name top right of the CNET window. You will see, if you have 20/20 vision, a dark grey down arrow to the right of your name. That's the sub-menu, but even if you can't see it, click your name and you will see the Log Out option.

Do you use AdBlockPlus? I've used it to block adverts and also, (under the previous forum version), to block the Facebook/Google/Yahoo login buttons. I am not even sure the are still there under this new version.

Does that help?

Mark

- Collapse -
Hi Mark! Thanks For Your Post!
Nov 16, 2011 3:19PM PST

For the moment, it seems the easy answer is to leave a check mark in the "Remember me for auto log-in" but that implies a permanent tracking cookie (?).

Using that, I've been to open 2 times with ONLY cnet, comcom,cbsstatic allowed.
Today I found several more had been added incl. clicktale & version tracker.

I have tried allowing all & then dis-allow 1 by 1 but beyond tedious didn't prove anything but I suspect comcom.com may be critical for buttons?
Not using adblocker only Sea Monkey pop-up blocker.
I actually have no logout button shown and when click name just get blank box w/ twitter & facebook icons in it.

Today, I was also getting many "script may be busy or have stopped" want to continue or stop?? This seems to be triggered buy scorecard, gigya & others trying to force their way thru (despite blocking) which FREEZES machine. I actually see "transferring data from gigya etc at bottom of screen before download freezes.

Not running a GIGABYTE monster machine
(only 10/100 e-card) may be the problem as it tries in vain to deal with the massive (16+)injection sent.

Thanks again & if you hear of more info on "which" please post it for me!!
Sandy Happy Wink

- Collapse -
Re: gigya
Nov 16, 2011 3:55PM PST

I used my hosts-file to block gigya. Seems to work quite nice.

Kees

- Collapse -
Hi, Kees! Thanks For The Info!!
Nov 17, 2011 3:26PM PST

I don't think gigya specifically is the main problem but just one contributing part of a large download of scripts
all trying to sink lines into my system! I suspect many of the routes they planned to use don't exist or are disabled for security reasons on this old OS so they stand stunned! LOL! Happy Sandy

- Collapse -
I think you're right
Nov 16, 2011 7:54PM PST

about com.com, and also i.i.com, (for images?), they both may be needed.

Do you not see Log Out as I do in the image below?
http://imageshack.us/f/856/logoute.jpg/

It's strange that you're getting multiple script errors. Is this the same if you allow all scripts and cookies?

Have you updated SeaMonkey to its latest version yet? I see 2.4.1 was released in Sept 2011;
http://www.seamonkey-project.org/releases/

I'm not sure that a 10/100 e-card would be responsible, as long as your internet connection is a good one.

Mark

- Collapse -
Hi Again, Mark! I Think I Posted Too Soon...
Nov 17, 2011 3:18PM PST

Despite leaving remember me/auto log-in checked upon leaving yesterday, upon return today, got the same no log-n
situation without allow all this page enabled.

I've discovered that cbsstatic IS needed for the bottom black bar w/arrow & log-in/join which also brings up log-in screen BUT DOES NOT enable the reply to be received there when attempted, just rebound to the before log-in screen shown. Still only can log in w/ all allowed.

I see in NS com.com permission but i.i.com does not appear in the list for approval.

I do not see log-out as in your screen shot, only blank rectangle w/ small Facebook & Twitter icons.

The script error notice pops-up when ALLOW ALL this page is engaged.
The progress green bar at bottom freezes at 1 square short of full/completed/done.

My conection is Rogers Broadband Cable
(which has apparently started throtlling in last 1/4 year) but a cnet speed test page shows above 400+ kps normally.

I also have noticed that the cursor often does not show on cnet text boxes despite actualling being there & some erroneos actions during cursoring back a bit to say correct spelling. I even tried changing mice but no change.

I recall this/ or similar happening several years ago when cnet last did a rework of the site/boards software updating to what was current until 2 months ago.

If it matters my default encoding is UTF-8 w/ western.xx as fall back.
My Image manager is set to show all images.

Yes, Iam still running my OLD Sea Monkey 1.1.19 w/ matching Sun java of 1.4.2_19 which was the LAST version applicable to my old XP SP1 OS which still works fine & seems to avoid all infections easily since Vipre,SAS & MBAM never find anything (probably thanks to CCleaner). The SP2 laptop
seems to have similar problems at this newer cnet (but it's extremely slow due to overloading of basic hardware by too many programs & more that 60% of HD used).

Strangely, I get no errors or problems on any of the other 5 or 6 sites I regularly post to, not even on the one I MOD & Admin for (a phpBB board)!! Only at c-net do these appear to happen.

Mind you, all those sites download nothing or at most perhaps 1 stat counter & maybe 1 session cookie to log-in and track around site, but nothing more & they still work fine even if I deny those 1 or 2 w/ NoScript.

Sadly, I'm still thoroughly perplexed!

Cry Thanks for your & others continuing efforts!! Sandy Happy

- Collapse -
Correction!! Where The Log-out Should Be There Is...
Nov 17, 2011 3:34PM PST

only Facebook & YAHOO! (which I don't trust at all)! S Wink

- Collapse -
Answer
minimum required script access
Nov 21, 2011 1:31PM PST

Here are the four "allows" needed, as of right now, to get cnet.com reasonably functional. Notes after each is my observation of what they do.

cbsistatic.com - login seems to be dependent on it, at least since Nov. 1.
com.com - 'reply' links in articles do not function without it.
cnet.com and cnetstatic.com - comments to articles will not appear without both of these allowed.