google chrome and noscript

Quick link to a short post by Giorgio Maone on why Chrome does not have NoScript. This sparks two thoughts of mine, both of which appear in the comments of that post.

First, even a company as large and purposeful as Google, building and releasing a very important (to them) piece of software like Chrome, is just building it first and securing it later. It isn’t about building it up secure from the start. This is part of human behavior (imo) and as Rich Mogull recently mentioned (in a post worthy of separate mention!), don’t expect human behavior to change. (I understand this can be an argued topic, particularly on the part where I say building it securely first is not human behavior; maybe it’s just the way we’re taught that forms this bad habit…you learn how to assign a variable before you learn how to assign a variable securely.)

Second, keep in mind that a majority of the things NoScript disables in daily browsing are web ads. Yes, the ads that Google lives by. They have simply no interest in allowing them to be blocked. And even if they figure out some proprietary way to whitelist their own ads (possibly not legal…), we all know that plenty of malware rides in through those ads or the holes to enable those ads.