I have a question about NoScript. I run Ghostery which blocks all tracking and analytics js files, preventing most of the tracking I'd like to avoid. What does NoScript offer here? Seems like you'd want to block analytics even if you're browsing a "trusted" site.
First of all ghostery is far more beholden to advertisers than ABP. On that basis alone they can't be trusted. It also only screens for known vulnerabilities which leaves you open to js zero days that noscript would have prevented if you are aggressive about what you permit to run.
I used to be a big RequestPolicy believer, but single-page apps (which feels like saying "horseless carriages" in mid-2015) make it a lot of work. https://github.com/gorhill/uMatrix/wiki/Changes-from-HTTP-Sw... is the best thing I've found if you're into granular control over sites. uBlock also has an ~"I'm an advanced user" option which will give you a little more blunt but still useful control over cross-site requests.
This is just a default whitelist that's trivial to remove. Yes, it's dumb, but it doesn't completely compromise NoScript if you're aware of the whitelist.
I think you're expecting it to solve a problem it's not intended to solve.
I'm not expecting it to block all javascript, or all malicious javascript. I'm just expecting it to block most or all of the annoying stuff on the web.
To the extent that this is the job it's being hired for, you don't really need to 'trust' it. You run it and it either does what you want or it doesn't. Personally it suits my needs perfectly.
