If you're worried about tracking, you can block ads and tracking scripts without disabling javascript. If you're worried about viruses, well, all I can say there is that in my experience and understanding, if you keep your browser updated, the odds of getting a virus via browser JS are exceedingly low. Doubly so if you're not frequenting sketchy sites.
I don't know, it seems to me like advice from a time before security was a priority for browser makers, and high-quality ad blockers existed. At this point, I really don't see the value.
Not to mention that a host of vulnerabilities were image related a few years back (one of the original rookits exploited a TGA bug).
> uBlock Origin
Honestly, this is the antivirus of the web. I helped my niece set up my old computer for Minecraft today, and she was explaining how her friend had installed viruses (adware, really) 3 times. Every one of those instances was caused by download link confusion for Minecraft mods. Disabling JavaScript isn't going to save you from being tricked into downloading shady software, only an adblocker will.
[1]: https://www.macrumors.com/how-to/disable-content-blockers-sa...
Javascript is a privacy and security nightmare. It's almost equivalent to downloading and silently executing untrusted code on your machine. I say "almost" because Javascript code is virtualized and sandboxed. Though I have no doubt people have already discovered vulnerabilities that enable code to break out of the sandbox.
Disabling Javascript makes most of this insulting crap go away, and sometimes it is the only way to read the content.
IME, 9 times out of 10, web developers are using JS for non-necessary reasons. The user configurable settings of popular browsers make it easy to designate the small number of sites that actually require JS and keep JS disabled for all other sites. They anticipate that the user will not have one default JS policy for all websites. In other words, these web browsers do not expect that all users should just leave JS enabled/disabled for every website, they acknowledge there will be situations where it should be disabled.
However as we all know most users probably never change settings. Doubtful it is a coincidence that all these browsers have JS enabled by default.
The number of pages I visit that actually require JS for me to retrieve the content is so small that I can use a client that does not contain a JS interpreter. Warnings and such one finds on web pages informing users that "Javascript is required" are usually false IME. I can still retrieve the content with the use of an HTTP request and no JS.
There is nothing inherently wrong with the use of JS. It is nice to have a built-in interpreter in a web browser for certain uses. For example, it makes web-based commerce much easier. However, I believe the largest use of JS today is to support the internet ad industry. Without having automatic execution of code by the browser without user review, approval or even interaction, I do not believe the internet ad "industry" would exist as we know it.
I believe this not because I think having a JS or other interpreter is technically necessary, but because these companies have become wholly reliant upon it.
That's why disabling JS stopsa remarkable amount of ads and tracking.
I browse the web with JS disabled by default. If I encounter a site that has trouble with that, I enable it for that site until I can determine if it is worth leaving it enabled, which usually means at some point I'll be back there again and need it on.
For the most part, it is a superior experience to what I was seeing before with just an ad blocker. The most noticeable thing about it is probably how many images simply don't load because developers lean on JS for loading and scaling them.
Brave's browser claims a speedup over AdBlock plus, but was inspired by UBO, so the performance is fairly similar, but is baked into the browser instead of being an extension.
> We therefore rebuilt our ad-blocker taking inspiration from uBlock Origin and Ghostery’s ad-blocker approach.
AFAIK, JavaScript the language has neither privacy nor security issues of "nightmare" level.
> It's almost equivalent to downloading and silently executing untrusted code on your machine.
No it's not. The code is run in a VM, which is run in a browser. So, the code is limited in doing things to the browser, which itself is limited in what it can do to your computer (files and whatnot). So it's not at all like running untrusted code "on your machine".
> I say "almost" because Javascript code is virtualized and sandboxed.
It's virtualized (in the browser) such that all the code will run almost the same on different browsers and chipsets. Again, the browser code is what keeps the computer safe from any code it runs, including CSS code or other VMs it may use, like Java or Flash. Also the OS keeps the computer safe from the browser (or at least it should).
So, no it's not JavaScript that is the boogeyman here.
As a lover of old image formats and the security issues they can cause* this sounds fascinating, but some quick google searches don’t seem to surface what you are referencing. Can you share any more details?
* I once fell into discovering a memory disclosure flaw with Firefox and XBM images
Also just so you know, Brave isn't "written" in Rust alone, it is a big software with a lot of parts, including but not limited to a rendering engine, a JS VM and a WASM engine.
The Rust part at most (unconfirmed) would be the glue that connects them together, and I doubt that's where the bottleneck is for most browsers.
>The new algorithm with optimised set of rules is 69x faster on average than the current engine.
The "security features" of popular browsers will never protect the user from the tentacles of internet advertising. Companies/organizations that author popular web browsers generally rely on the success of internet advertising in order to continue as going concerns; as such, they are obviously not focused on internet advertising, and collection of user data, as a "security threat".
I swear I've had ones that popup as I move the mouse to close the tab.
Jesus, why does everyone these days automatically assumes that everyone else is using Chrome or Chromium? It's almost as crazy as calling Windows a "PC".
this is not about how "you" do things, It is more about how it should be done! js is almost never provides want I want when I browse, I expect to get some information! I am not on the circus looking for adventures!
people who love to use javascript to prove that they have some kind of taste about how ux etc. I think these people should use some other platform for people who are insterested in show bussniss. think of this as public transportation is designed based on who the driver is that day! is this sound ok to you? do you understand this one?
web is just connection to other people, not a tool for others to bully you just bein' smart about "the code" they wrote is brilliant!
Heydon is a developer, and an influencer of developers. He's saying: web development is now absolutely obsessed with JavaScript, and it in no way has to be. The basics, HTML, CSS. That's what's important.
But I must say I hate GDPR banners and this could convert me.
[1]: https://apps.apple.com/us/app/purify-block-ads-and-tracking/...
Use a tracking pixel (eg. image) to make further requests and cookie will be included in the request.
Inspect element -> remove
Browsers should really add "remove element" directly to the context menu.