[liberationtech] Meet the 'cowboy' in charge of the NSA

[Al Billings]

Clearly not a battle I'm going to "win" in any sense with this audience but, really, the current Internet (for many many reasons) is pretty broken in places (and I don't just mean Facebook) when you turn off JS. We talk about this at work a lot and even amongst my peers with NoScript installed, most people find it more trouble than it is worth, and these are security professionals. I know many here probably would say these folks are stupid but given that these folks are also the security team for a major browser, I would say that if they find it too broken, most normal folks are not going to touch it.  

Anecdotal data is, of course, anecdotal. :-)

I deal with JS issues largely by running the nightly build of my browser but then I am also aware of the unfixed vulns in it that are being worked on so my experience isn't normal either. 

-- 
Al Billings
http://www.openbuddha.com
http://makehacklearn.org


On Tuesday, September 10, 2013 at 4:55 PM, Joseph Lorenzo Hall wrote:

> On 9/9/13 2:55 PM, Al Billings wrote:
> > I suggest your use of the net is well outside the mainstream, even
> > amongst security folks. Some of us actually use social networking, for
> > example, or don't want ugly, half broken websites simply because we fear
> > a JavaScript zero day.
> > 
> 
> 
> Hi Al, big fan. I use FF with NoScript and Request Policy both
> configured to block by default... and open links in session-only Chrome
> when I need something that requires that stuff. Not ideal, but it works
> for me and it's certainly not about JS zero-days.
> 
> Anyway, I'm definitely the only one I know that surfs like that... but I
> suspect there are even wilder set-ups represented on this list in
> particular.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130910/1cf2367f/attachment.html>