Forum Feedback & Announcements forum

Resolved Question

Exactly Which Are The Minimum NoScript

by tobeach / November 15, 2011 2:51 PM PST

permissions required to ENABLE log-in for the Assorted forums??

I used to have the answer BEFORE the recent changes to the current Blue/Grey/Red restyle but THAT NO LONGER WORKS!!

I was going to post in Security as that IS part of the problem but also IS part of the access to Forums also.

After 2 weeks of trying to log-in,
I confirmed w/ accounts my account is ok!

As of NOW, I can ONLY log-in after giving permissions to EVERY ONE of the following (all of page) many of which I have NO NEED (say Facebook & Twitter w/ no accnts as they're now major malware routes) But All Of:

eyereturn
fbcdn
bkrtx
bulekai
crowdscience
facebook
gigya
twitter
servingsys
scorecard research
comcom
adtechus
reviscicnet
atdmt
cbcstatic
cnet 16 in total!!

The LAST 2 seem reasonable but many like adtmt ,bluekai,bkrtx are undesirable from privacy and anti tracking spyware perspective.I don't want them residing on my machine.

So Which are the REALLY required for sign in function???

Which of the cookies they place need to remain
beyond log-out??
cnet urssession ID,purs_1,surs_1,tempsessionid,at least 1/2 dozen more w/cnet plus adtech several, atdmt several.

Speaking of Logout, why do I NOT even SEE a button for loging out??

My brain is either spinning or becoming fried just typing this post!

Please help so I can still login without compromising my privacy & security!!

Thanks, Sandy ConfusedWink

tobeach has chosen the best answer to their question. View answer
Discussion is locked
You are posting a reply to: Exactly Which Are The Minimum NoScript
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Exactly Which Are The Minimum NoScript
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Best Answer chosen by tobeach

Collapse -
Here's the rundown...
by John.Wilkinson / November 17, 2011 10:27 PM PST

In short, you only need to allow three of those you listed - all of the others are third-party and can be safely blocked. (I blocked them all with my HOSTS file - really helps the site load faster.)

When it comes to cookies, I believe purs_1 is the only part crucial to your login/logout status. The rest will be updated/recreated as you use the site, but can generally be blocked/deleted without ill-effects. Some may be used to provide useful functionality, though, so tread carefully.

And as to logging out, mouse over your username in the top right corner under the search bar and you should see a 'log out' option along with a link to your member profile.

Hope this helps,
John


Needed:
=================
*.com.com
*.cnet.com
*.cnetstatic.com

(Note: The asterisk means 'anything' - so *.com.com includes i.i.com.com, tobeach.com.com, etc.)


Not needed:
=================
fbcdn (Facebook)
facebook
gigya (login with a Facebook/Yahoo/Google account)
twitter
atdmt (ads)
revsci (ads)
crowdscience (surveys)
scorecard (surveys)
eyereturn (ads)
bkrtx (ads)
bulekai (ads)
servingsys (ads)

Note: This post was edited by a forum moderator add 'asterisk' note on 11/18/2011 at 6:30 AM PT

Collapse -
Using FF and Noscript
by Bob__B / November 18, 2011 1:16 AM PST
In reply to: Here's the rundown...

Needed.
*.cnetstatic.com
No such thing on this machine but I do see "cbsistatic"......which is needed.
As I recall and recall seems to fade quickly now days there was something about allow "third party cookies" in FF other wise things got a little wonky with the forums......login problem?

Collapse -
Yep, and cbsistatic.com...
by John.Wilkinson / November 18, 2011 3:17 AM PST
In reply to: Using FF and Noscript

That's used interchangeably with *.cnetstatic.com - both are needed.

Third-party cookies aren't needed for login here (I have them blocked and can login just fine) unless you want to login with your Facebook/Yahoo/Google account.

Jon

Collapse -
Hi Again, John! No Such Luck...
by tobeach / November 20, 2011 3:25 PM PST

with only "required" permissions,
BUT looking in my currently stored c-net cookies, I no longer see purs_1
so perhaps that's the hang up !

So, I've now deleted ALL c-net cookies and re-logged in w/ "all this page alowed" to post now.

As logged in now, I do have a purs_1 & surs_1. Also rbSessionid, urs_sessionid, tempSessionid.

Also seeing curs_gigya appid?? For a installed application?? That might cause cursor errors? Don't know.

I also noted in my cookie manager that all the stored cookies for c-net show as "expires at end of session" BUT,
in fact,there's about 1 dozen there from previous days visits, definately NOT gone.

Apparently c-nets "may set session cookies" is allowing permanent cookies
to say they're session only and hanging around. Maybe this conflict explains so of the weird behavior cursor etc. here.

At top right, with cursor over my name I get blank box w/Yahoo/Facebook icons
& Below & to the right, I get only
the "My Pr" showing. The balance of the word profile is off the screen.

However, I now see that in the bottom arrow black band, when I click on my name, I get profile links at the bottom right of which THERE IS a logout button.<<<< Yea!

Any rate when I allow all, machine behaves conflicted w/ considerable slow down of all actions (about 4-6 times as long).

A system restore to "before" seems to bring back the proper speed although running CCleaner does not.

Since I haven't been doing a lot of posting of late, I guess I'll just settle for read only mode w/o cookies
but good speed!

Thanks to all who have spent their time brain power trying to help!! Sandy Sad

Collapse -
CNET cookies...
by John.Wilkinson / November 20, 2011 10:06 PM PST

Some browsers will automatically continue your previous session when you restart the browser, letting you pick up here you left off. Basically, it's the browser's responsibility to determine when a session ends, and delete any session-only cookies accordingly.

The curs_giga cookie is not for an installed application; it's for social login (Facebook/Yahoo/Google), and exists whether you login with those or not - not harmful. And the logout option when hovering over your username sounds like a browser rendering issue.

Now, I saw you said you're using SeaMonkey 1.1 (end of life: March, 2010) - I would definitely recommend upgrading to the current version (2.4), which provides numerous security and functionality enhancements. That should give you better Javascript performance and resolve the logout issue, among other benefits like CSS3 support.

Hope this helps,
John

Collapse -
Answer
Difficult
by MarkFlax Forum moderator / November 15, 2011 7:58 PM PST

and I understand your frustration Sandy.

In general you are fine to allow nearly all scripts in CNET. When the forums changed recently I don't remember having any problems, although I may have had to tell NoScript to "Allow all" for CNET.

I trust CNET and I assume they are not going to 'deliberately' cause me problems. There will always be the odd occasion when that happens. However, I have disallowed the 3 following, Facebook, Gigya and Scorecard Research without any problems.

No real reasons for my choices, except I am anti-social and hate Facebook! Happy but the others I found I could disallow without any ill-effects.

I've never checked my CNET cookies. Cookies are mystical to me and I have never been able to understand them completely, so I shut my eyes and hope.

If you want to Log Out, find your name top right of the CNET window. You will see, if you have 20/20 vision, a dark grey down arrow to the right of your name. That's the sub-menu, but even if you can't see it, click your name and you will see the Log Out option.

Do you use AdBlockPlus? I've used it to block adverts and also, (under the previous forum version), to block the Facebook/Google/Yahoo login buttons. I am not even sure the are still there under this new version.

Does that help?

Mark

Collapse -
Hi Mark! Thanks For Your Post!
by tobeach / November 16, 2011 3:19 PM PST
In reply to: Difficult

For the moment, it seems the easy answer is to leave a check mark in the "Remember me for auto log-in" but that implies a permanent tracking cookie (?).

Using that, I've been to open 2 times with ONLY cnet, comcom,cbsstatic allowed.
Today I found several more had been added incl. clicktale & version tracker.

I have tried allowing all & then dis-allow 1 by 1 but beyond tedious didn't prove anything but I suspect comcom.com may be critical for buttons?
Not using adblocker only Sea Monkey pop-up blocker.
I actually have no logout button shown and when click name just get blank box w/ twitter & facebook icons in it.

Today, I was also getting many "script may be busy or have stopped" want to continue or stop?? This seems to be triggered buy scorecard, gigya & others trying to force their way thru (despite blocking) which FREEZES machine. I actually see "transferring data from gigya etc at bottom of screen before download freezes.

Not running a GIGABYTE monster machine
(only 10/100 e-card) may be the problem as it tries in vain to deal with the massive (16+)injection sent.

Thanks again & if you hear of more info on "which" please post it for me!!
Sandy HappyWink

Collapse -
Re: gigya
by Kees_B Forum moderator / November 16, 2011 3:55 PM PST

I used my hosts-file to block gigya. Seems to work quite nice.

Kees

Collapse -
Hi, Kees! Thanks For The Info!!
by tobeach / November 17, 2011 3:26 PM PST
In reply to: Re: gigya

I don't think gigya specifically is the main problem but just one contributing part of a large download of scripts
all trying to sink lines into my system! I suspect many of the routes they planned to use don't exist or are disabled for security reasons on this old OS so they stand stunned! LOL! Happy Sandy

Collapse -
I think you're right
by MarkFlax Forum moderator / November 16, 2011 7:54 PM PST

about com.com, and also i.i.com, (for images?), they both may be needed.

Do you not see Log Out as I do in the image below?
http://imageshack.us/f/856/logoute.jpg/

It's strange that you're getting multiple script errors. Is this the same if you allow all scripts and cookies?

Have you updated SeaMonkey to its latest version yet? I see 2.4.1 was released in Sept 2011;
http://www.seamonkey-project.org/releases/

I'm not sure that a 10/100 e-card would be responsible, as long as your internet connection is a good one.

Mark

Collapse -
Hi Again, Mark! I Think I Posted Too Soon...
by tobeach / November 17, 2011 3:18 PM PST
In reply to: I think you're right

Despite leaving remember me/auto log-in checked upon leaving yesterday, upon return today, got the same no log-n
situation without allow all this page enabled.

I've discovered that cbsstatic IS needed for the bottom black bar w/arrow & log-in/join which also brings up log-in screen BUT DOES NOT enable the reply to be received there when attempted, just rebound to the before log-in screen shown. Still only can log in w/ all allowed.

I see in NS com.com permission but i.i.com does not appear in the list for approval.

I do not see log-out as in your screen shot, only blank rectangle w/ small Facebook & Twitter icons.

The script error notice pops-up when ALLOW ALL this page is engaged.
The progress green bar at bottom freezes at 1 square short of full/completed/done.

My conection is Rogers Broadband Cable
(which has apparently started throtlling in last 1/4 year) but a cnet speed test page shows above 400+ kps normally.

I also have noticed that the cursor often does not show on cnet text boxes despite actualling being there & some erroneos actions during cursoring back a bit to say correct spelling. I even tried changing mice but no change.

I recall this/ or similar happening several years ago when cnet last did a rework of the site/boards software updating to what was current until 2 months ago.

If it matters my default encoding is UTF-8 w/ western.xx as fall back.
My Image manager is set to show all images.

Yes, Iam still running my OLD Sea Monkey 1.1.19 w/ matching Sun java of 1.4.2_19 which was the LAST version applicable to my old XP SP1 OS which still works fine & seems to avoid all infections easily since Vipre,SAS & MBAM never find anything (probably thanks to CCleaner). The SP2 laptop
seems to have similar problems at this newer cnet (but it's extremely slow due to overloading of basic hardware by too many programs & more that 60% of HD used).

Strangely, I get no errors or problems on any of the other 5 or 6 sites I regularly post to, not even on the one I MOD & Admin for (a phpBB board)!! Only at c-net do these appear to happen.

Mind you, all those sites download nothing or at most perhaps 1 stat counter & maybe 1 session cookie to log-in and track around site, but nothing more & they still work fine even if I deny those 1 or 2 w/ NoScript.

Sadly, I'm still thoroughly perplexed!

Cry Thanks for your & others continuing efforts!! Sandy Happy

Collapse -
Correction!! Where The Log-out Should Be There Is...
by tobeach / November 17, 2011 3:34 PM PST

only Facebook & YAHOO! (which I don't trust at all)! S Wink

Collapse -
Answer
minimum required script access
by QMT / November 21, 2011 1:31 PM PST

Here are the four "allows" needed, as of right now, to get cnet.com reasonably functional. Notes after each is my observation of what they do.

cbsistatic.com - login seems to be dependent on it, at least since Nov. 1.
com.com - 'reply' links in articles do not function without it.
cnet.com and cnetstatic.com - comments to articles will not appear without both of these allowed.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?