To add to what I say in the parent comment, I want to comment a bit more about the security issue. From the OP:
… if a page isn’t working right, you simply click the NoScript icon and whitelist any domains you trust, or temporarily whitelist any domains you trust less.
But how the heck do I know what domains I trust? This security model requires me to know, and think, about what domains are “trustworthy” and what ones are not… in the face of constant, highly lucrative (and therefore highly incentivized) efforts at deception and treachery on the part of the ad-tech companies (and other bad actors)!
Which of the following is a better approach to security:
Personally undertake to decide which external scripts and assets come from “trustworthy domains” (and are therefore safe… presumably?), for every website I visit which implements some potentially desirable JavaScript functionality which I would want to enable.
To add to what I say in the parent comment, I want to comment a bit more about the security issue. From the OP:
But how the heck do I know what domains I trust? This security model requires me to know, and think, about what domains are “trustworthy” and what ones are not… in the face of constant, highly lucrative (and therefore highly incentivized) efforts at deception and treachery on the part of the ad-tech companies (and other bad actors)!
Which of the following is a better approach to security:
Personally undertake to decide which external scripts and assets come from “trustworthy domains” (and are therefore safe… presumably?), for every website I visit which implements some potentially desirable JavaScript functionality which I would want to enable.
Delegate that vigilance to the Electronic Frontier Foundation.
To me, this does not seem to be a difficult question.