Opinion about NoScript plugin affairs

[2009/05/06] NLnet funds a significant number of projects, some of which provide very important functionality to end users. In many cases projects depend on other financial means as well, as we provide highly targeted funding rather than blanket funding. In some cases additional income involves web advertising models, which may be invasive to peoples privacy if no adequate measures are taken. More and more people are starting to take such measures, which puts pressure on funding. This may be challenging, certainly if one has the power to override these measures.

Recently, it came to light that one of the projects which receive funding from NLnet --the people responsible for coding the quintessential browser plugin NoScript-- crossed that line. It made the regrettable move to take invasive countermeasures against another plugin that blocks advertisements, which can be regarded as (hacker)ethically irresponsible. Since NoScript itself also functions as an advertisment blocker for websites that uses Javascript to draw iframes with advertisments, exceptions were made for this as well. Meanwhile this mechanism has been undone, and we are assured by the team that this error in judgement will not happen again.

There is an important lesson. We consider the type of functionality that NoScript provides quintessential to modern web users, as it is currently the state-of-the-art in protection against the risks that many 'web 2.0' technologies invoke --with both usability and security in mind. We think that Mozilla, Webkit, Microsoft and other browser suppliers should implement this natively --Opera has already taken the first steps-- thus taking the implementation of this type of important protection mechanism into their regular quality control system. We believe anything less is ultimately detrimental not only to the privacy of the user, but to the trust of the user in web tools such as browsers.