I prefer to turn JavaScript off in the browser itself. NoScript just increases the attack surface and also increases browser fingerprintability. There has to be a small subset of users who disable embeddings in the NoScript config, or turning off IFRAMEs, and even a smaller subset of people creating custom whitelists, which can all be checked for.
But disabling it on the browser doesn't allow you to whitelist certain websites, which is the general use case for NoScript. I wish the web didn't break without JS, but that's just not the reality we live in.
In Chrome, you can in fact white-list certain websites. It's actually quite nice. In Chrome, the advanced settings has an exceptions button that allows you to include websites that can bypass the rule.
How does that work for a site that imports JS from multiple domains, as is usual? Does adding the top domain mean that it can load JS from everywhere, or do you have to manually find out which domains it needs whitelisted to work? Neither solutions seem particularly attractive; NoScript allows you to enable JS for that domain and stuff like CDNs without having to allow other sutff.
> I wish the web didn't break without JS, but that's just not the reality we live in.
Every time you temporarily enable JavaScript / whitelist a website you are performing a micro violation of your own privacy. In some cases even performing a large violation of your own privacy. Sure, there are some cases where I absolutely must have JavaScript turned on, but those cases are so rare that having JS permanently turned off is preferable in most cases.
This depends on whether you're using an anonymous proxy. Either a single-hop VPN or a multi-hop one like TOR. Enabling JS can potentially compromise these because various identifying bits of information can be gathered like screen resolution, time zone, etc
