-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I used to use LibreJS, but I switched to NoScript and haven't looked back. I would like to use LibreJS, but I found it to be horribly inconvenient and, ironically, encouraging me to run non-free JavaScript code.
First thing's first: LibreJS has a lot of false positives for proprietary JavaScript code. This is understandable; there is no truly reliable way to find out whether or not something is free automatically, and false positives are a lot better than missing proprietary JavaScript code and allowing it to execute. With this in mind, a core focus of LibreJS really ought to be making it easy and convenient for users to manually take care of these inevitable false positives. There should be a button, or something similar, next to every script in the list of blocked scripts that says, "You are mistaken, LibreJS. I reviewed this script and have found it to be free software. The license is this free software license, and the source code is at http://the.website."; This should add the script to a whitelist of scripts LibreJS thinks by its analysis are non-free, but that the user has assured it are in fact free. But LibreJS doesn't offer such a mechanism. All LibreJS offers, in the event of a false positive, is to just tell LibreJS, "I don't care about freedom, just execute all the scripts on this page." Even worse, the whitelist feature of LibreJS isn't a whitelist of scripts, but a whitelist of domains where you want LibreJS to just blindly allow all scripts to execute. So what is the result of this? Back when I used LibreJS, and still today, almost no sites use the special comment tags required for LibreJS to automatically detect if they are free or not. So all I could do was build up a big whitelist of domains: the domains I visited most often, basically. In effect, LibreJS taught me to just trust web sites to not only make all of their code free, but to at the same time never use any third-party non-free software. This, and a bug that I've mentioned somewhere where forum posts and other text fields get extra newlines thrown into them, is why I stopped using LibreJS. NoScript doesn't have the nifty feature of showing me a list of all the scripts on the page it's blocking, but it at least gives me more control over what is blocked and what isn't blocked, and that at least makes it possible for me to carefully think about who I am trusting to send me scripts. That's still not very good, but it's a lot better than what LibreJS currently offers. Since I'm no JavaScript developer, this is an appeal to anyone who develops LibreJS or is capable of doing so: please improve this situation. (And fix that bug with the extra newlines; that's annoying. But it's less important than the other one.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSq1XoAAoJELP1a+89AVMCVzQH/iJ6xj71W6/4ZwJe210SszVR jxK+4L7NiwAAhNo03gArEae+gaONY68rozHp0iSDZYa11gtfzDAeM/+NEKovP791 D7g23Yth+9NhXqNCwuYVnvWHpLnTR7odlWvzJePG8cx7p9u4TZYRQNs6HUhkGgI9 CyGeRrSJEbm1ePaNmmj1QSNaVtk+xFs8NHh30C7RJmR4mK/vGPfxA120ezePp1Uu U8W0HSKbNCnAeojtHwGJPBGsfv3VkheDFVlx7diFvkG0NeD6OJNV+6WJIW6zBUD9 iUftuzemKl3EjSc4DlmnYnrHomni9uqaL91gWaC8+vNInmOdhcl2WDtYc14JTGU= =Yf9W -----END PGP SIGNATURE-----
