It's crazy Steve Gibson (of all people) calls this too impractical to use.

If you're a total tech-novice, sure, but as a power user it's fine. I'm blocking ycombinator.com right now. I can still submit this. If something doesn't work, just click the icon and trust its domain. If pictures don't show, trust a CDN. Amazon, Paypal, 99% of sites work with an initial adjustment of trust settings.

The percentage of sites that function without JavaScript enabled is decreasing over time.

Things like React are accelerating that curve. Even for sites that could function without it, they are throwing up hands with "welp, they can't disable it anyway because other sites...so let's not test that use case anymore."

I don't like it, but it is what it is. Technical people aren't going to drive the decision to work without JS. In the end, it's a cost decision, with the usual PHB[1] outcomes.

[1] https://www.urbandictionary.com/define.php?term=PHB

You can often enable it for the site, but block the doubleclick et al tracking scripts. It's not all or nothing.

Steve Gibson is ... well, he used Windows XP until fairly recently. He's not some one you should take advice from.

I used noscript until Firefox changed to the new web API and noscript stopped working briefly. I switched to ublock origin in medium mode and haven't looked back. More compatible and practical nowadays.

If you blanket trust a CDN, doesn't this allow bad actors to still send JS to your browser? Anyone could use that CDN.

I found uMatrix easier to use and more configurable than NoScript.