[Bug-librejs] LibreJS really needs to be as convenient as NoScript

[Julian]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I used to use LibreJS, but I switched to NoScript and haven't looked
back. I would like to use LibreJS, but I found it to be horribly
inconvenient and, ironically, encouraging me to run non-free
JavaScript code.

First thing's first: LibreJS has a lot of false positives for
proprietary JavaScript code. This is understandable; there is no truly
reliable way to find out whether or not something is free
automatically, and false positives are a lot better than missing
proprietary JavaScript code and allowing it to execute.

With this in mind, a core focus of LibreJS really ought to be making
it easy and convenient for users to manually take care of these
inevitable false positives. There should be a button, or something
similar, next to every script in the list of blocked scripts that
says, "You are mistaken, LibreJS. I reviewed this script and have
found it to be free software. The license is this free software
license, and the source code is at http://the.website."; This should
add the script to a whitelist of scripts LibreJS thinks by its
analysis are non-free, but that the user has assured it are in fact free.

But LibreJS doesn't offer such a mechanism. All LibreJS offers, in the
event of a false positive, is to just tell LibreJS, "I don't care
about freedom, just execute all the scripts on this page."

Even worse, the whitelist feature of LibreJS isn't a whitelist of
scripts, but a whitelist of domains where you want LibreJS to just
blindly allow all scripts to execute.

So what is the result of this? Back when I used LibreJS, and still
today, almost no sites use the special comment tags required for
LibreJS to automatically detect if they are free or not. So all I
could do was build up a big whitelist of domains: the domains I
visited most often, basically. In effect, LibreJS taught me to just
trust web sites to not only make all of their code free, but to at the
same time never use any third-party non-free software.

This, and a bug that I've mentioned somewhere where forum posts and
other text fields get extra newlines thrown into them, is why I
stopped using LibreJS. NoScript doesn't have the nifty feature of
showing me a list of all the scripts on the page it's blocking, but it
at least gives me more control over what is blocked and what isn't
blocked, and that at least makes it possible for me to carefully think
about who I am trusting to send me scripts. That's still not very
good, but it's a lot better than what LibreJS currently offers.

Since I'm no JavaScript developer, this is an appeal to anyone who
develops LibreJS or is capable of doing so: please improve this
situation. (And fix that bug with the extra newlines; that's annoying.
But it's less important than the other one.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSq1XoAAoJELP1a+89AVMCVzQH/iJ6xj71W6/4ZwJe210SszVR
jxK+4L7NiwAAhNo03gArEae+gaONY68rozHp0iSDZYa11gtfzDAeM/+NEKovP791
D7g23Yth+9NhXqNCwuYVnvWHpLnTR7odlWvzJePG8cx7p9u4TZYRQNs6HUhkGgI9
CyGeRrSJEbm1ePaNmmj1QSNaVtk+xFs8NHh30C7RJmR4mK/vGPfxA120ezePp1Uu
U8W0HSKbNCnAeojtHwGJPBGsfv3VkheDFVlx7diFvkG0NeD6OJNV+6WJIW6zBUD9
iUftuzemKl3EjSc4DlmnYnrHomni9uqaL91gWaC8+vNInmOdhcl2WDtYc14JTGU=
=Yf9W
-----END PGP SIGNATURE-----