As I said with the Ghostery Firefox extension back in May (Ghostery Mozilla Firefox extension review), it bowls me over when I go to some sites to see just how much sneaky crap is going on behind the scenes, and how most people simply have no idea. With NoScript, I'm starting to see the same thing, and it's rapidly getting much worse.
So many scripts!
Now having a trillion different things trying to run on a page perhaps is to be expected with so many external Web 2.0 services jostling for our attention all over the place now, and the number of scripts attempting to run doesn't necessarily translate to less security and privacy, but I am becoming increasable wary of the direction things seem to be heading.
Why Worry? (apologies to Chet Atkins)
More scripts are a problem. Each script introduces a new potential vector for attack, meaning the more we have the greater the surface area of the target we're wearing on our backs as we browse. Unfortunately as this progresses tools such as NoScript could potentially become less effective for the same reason the Windows Vista UAC system ultimately failed; as we start to drown in the sheer number of scripts, picking out legitimate scripts from sneaky ones is also only going to get harder which means many people will simply give up and allow all scripts again, defeating the purpose. As more pages start to depend on scripts to operate, so too will people's frustration.
I just shudder to think all that nonsense would be running unfettered in my browser if I didn't have an extension like NoScript for Firefox, and it makes me shudder even more that the vast majority of internet users don't use such a utility.
It also makes me wonder just how many of these scripts are really necessary at all and whether they're also systematic of a broken web architecture that's failed to keep up with what we've ended up using it for. As with Flash, will HTML5 help to alleviate some of the need for client side scripting?