Why Edward Snowden gave a shoutout to the NoScript add-on for Firefox

Now that Edward Snowden, living in asylum and charged with espionage, has endorsed NoScript, the Firefox plugin stands to become hugely popular.

Snowden, formerly an NSA contractor, called out the open-source add-on alongside the Tor anonymity network and the Ghostery plugin to show how sites track users during his video appearance at South by Southwest today.

It’s hardly the first time NoScript has gotten a shoutout from an Internet luminary. Free Software Foundation founder Richard Stallman has talked about it, as have JavaScript and JSON figurehead Douglas Crockford and Jeremiah Grossman, the interim chief executive of White Hat Security.

It makes sense for such people to speak in favor of technology like that when attacks on people’s web activity continue to pop up. NoScript can do a number of things to prevent web surfers from inadvertently getting hit with attacks.

The Firefox add-on has actually been available since 2005. People download it around 20,000 times a day, said Giorgio Maone, a cofounder of the Italian software-development company called Informaction and the main developer behind NoScript, in an instant-message interview on Skype.

Maone believes it’s been downloaded more than 50 million times.

The concept for NoScript occurred to Maone because it was something that he wanted.

“I started developing NoScript mainly for my personal needs of security, since I perceived that web browsers were becoming the most vulnerable spot of our digital life, and our digital life was becoming more and more our “real” life — relationships, finance and all,” Maone wrote.

Often, warnings about attacks suggested turning off JavaScript in the browser, and that wasn’t the most convenient thing to do all of the time. NoScript takes care of that; JavaScript doesn’t run unless you manually approve its operation.

In 2007, the project added a cross-site scripting (XSS) filter to stop attackers from pushing malicious scripts onto websites and stealing login credentials.

Most contemporary browsers have since incorporated similar prevention mechanisms, although “NoScript’s is still the most powerful and safe among them,” Maone wrote.

NoScript also contains technology to block clickjacking, or causing actions that people don’t necessarily intend to take as they click around on a website when Flash is enabled.

Maone wasn’t caught off guard by the Snowden allusion to NoScript, he wrote.

“[A] mention doesn’t come as a surprise since NoScript has been often cited as a ‘defensive weapon’ for activists and other people targeted by oppressive governments,” he concluded.