Wladimir Palant wrote an interesting post on the Adblock Plus blog yesterday that explains some details of an relatively unseen war going on between Adblock plus and NoScript. Both of these Firefox extensions are on my “Always installed” list, and I’ve never had anything bad to say about either one until now. Here’s a small excerpt of Wladimir’s post that highlights the issues ABP has with NoScript

… And to make sure that somebody sees these ads it goes pretty far. For example, it opens the changelog webpage (full of ads of course) on every single update of the extension, even though the NoScript FAQ claim that it happens only on major updates (yes, if you dig into it you will find the preference to disable this behavior – but how many people do that?). And updates coming roughly each week ensure that this page is opened fairly often. A problem is of course that NoScript will usually disable scripting and consequently also most advertising. That problem is being worked around by putting NoScript’s domains, Google AdSense and a few others on NoScript’s default whitelist (again, the overwhelming majority of users won’t go hunting for bogus entries in their whitelist). Given that NoScript proudly calls itself a security extension this means putting users at risk — for example, a while ago I demonstrated how an XSS vulnerability on a NoScript domain can be used to run JavaScript from any website, despite NoScript. This was countered by implementing anti-XSS measures rather than removing anything unnecessary from the whitelist.

As a web guy with more than a few ads, I can fully understand where the NoScript guys are coming from. What I don’t understand is the lengths they are going to make money here. They aren’t paying for the extension download bandwidth, in fact the only costs they are incurring are from forcing the update page to load…. Basically, they are just being greedy here.

And it gets worse:

What followed was a small war — the website would add various tricks to prevent Adblock Plus with EasyList from blocking ads, EasyList kept adjusting filters. Then, a week ago a new NoScript version was released. A few days later I noticed first bug reports — apparently, Adblock Plus “glitches” were observed with this NoScript version, especially around NoScript’s domains (but not only those). When I investigated this issue I couldn’t believe my eyes. NoScript was extended by a piece of obfuscated (!) code to specifically target Adblock Plus and disable parts of its functionality. The issues caused by this manipulation were declared as “compatibility issues” in the NoScript forum, even now I still didn’t see any official admission of crippling Adblock Plus. Clearly, NoScript is moving from the gray area of adware into dark black area of scareware, making money at user’s expense at any cost.

NoScript released an update as I wrote this:

v 1.9.2.6
NoScript now automatically removes the controversial “NoScript Development Support Filterset” deployed with NoScript 1.9.2.3 and above on startup, permanently and with no questions asked.

Amazing what a few hundred Diggs will do for your cause, eh?