Will the #1 Clickjacking Fix Kill Our Online Income?
Clickjacking and the NoScript Solution
As I wrote about yesterday, clickjacking poses as a potentially serious Internet browsing threat. There’s a plugin called “NoScript” which can be installed in Firefox browsers to protect surfers from clickjacking.
Some people say the clickjacking scare is just fear mongering and that the threat isn’t that bad. I tend to agree with them.
However, a lot of others are talking about it and if all the emails that I’m getting are any indication, a lot of folks are worried. Top the email buzz with articles by the big tech mags, like PC World and ZNet, it’s getting a lot of attention and scaring the crap out of average Internet users.
Major Ads and Services Will Be Inaccessible Unless Trusted by the Surfer
Here’s the problem.
I suspect a LOT of people will be installing NoScript as an addon to their Firefox browsers because for the time being, it’s the easiest and most recommended way to deal with clickjacking. However, with a lot of surfers installing NoScript, it’s quite possible that our online income is going to take a serious nosedive.
The good news is that AdSense ads are automatically white listed by the program.
The bad news is that if you’re using alternative sources of revenue in your blogs or websites, your ad or widget may be blocked. The average Internet user will not unblock these ad streams or statistical tools.
Here’s a partial list of what I found so far that will be blocked from web pages unless the surfer specifically white lists the program:
- Adserver Plus
- Chitika
- Doubleclick Network Ads
- Paydotcom widgets
- Pepperjam Network ads
- Peelaway Ads
- Popshops affiliate ads (partial; some pages seem to work)
- Realmedia ad streams/videos
- ShoppingAds widgets
- The Newsroom (Voxant) - embedded news articles and videos
Networking and statistical tools that are blocked:
- AuthorizeNet (looks like it’s a tracking component of its verification seal)
- Blogrush
- Scoutle stages
- Feedgit Live Web Statistics
- Google Analytics
- Izea Ranks
- Pay Per Post (their special blog traffic tracking)
- SocialSpark (their special blog traffic tracking)
- Tiny URL (for advertiser tracking)
- Adsense Tracker (paid program)
Miscellaneous blocks:
- Logging into your control panels to your websites (if your host installed Secure Net Server, you have to “allow” it in your NoScripts options
- Aweber Forms
- BoldChat (and presumably other live customer service scripts)
- Shockwave Flash (for example, if you have embedded audio)
In short, just about anything that calls for a script is blocked.
Check Your Sites and Please Comment
Like I said, the foregoing is a partial list of what is being automatically blocked by NoScript. You might want to install the Firefox add-on for NoScript (see yesterday’s post) and check your sites. The bar on the bottom of your screen will show how many scripts are being blocked, and the options tab will specify the external sites that are blocked.
If you discover anything else that’s blacklisted, please comment below. I’m putting together a list and will send it to the developer and respective services that are being blocked to see if NoScript can automatically white list the major advertising networks and other programs that we frequently use.
There is no way that the average Internet user will white list your ad programs. Depending on the level of reactions to clickjacking, we and our sponsors will need to take action.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
