Consumer Rights Wiki - User contributions [en]

User:Rudxain

2026-03-23T17:21:42Z

Rudxain: remove cloudflare speculation, and minify links

[https://rudxain.github.io/ Website] (includes contact info and bio). Note: The entire domain is a [[GitHub|GH]]-[https://docs.github.com/en/pages Pages] site. Most pages in the domain are <code>no[[JavaScript|script]]</code>-friendly, though.

I believe [https://github.com/Rudxain/blog/blob/main/proposal/DRY-T&C.md my proposal for human-friendly contracts] is relevant for the CRW (possibly [[Hidden EULA language#Resources|there]]?). See [https://discord.com/channels/1324835844812443810/1324835844812443813/1476657529999065250 this message]:<blockquote>I've posted [https://github.com/Rudxain/blog/blob/main/proposal/DRY-T&C.md this proposal for human-friendly contracts] a while back. There's some refs/sources that can be "mined" from it, but I believe most of the proposal is relevant to the CRW, so it deserves to be mentioned in some article. I'm asking because there's many articles where it could be referenced, so I'm not sure which is more "central" or relevant. Maybe this is a sign that there should be an article about "proposals for humane terms-of-service" or something similar? I did mention (in the post) that other people tried to solve similar problems</blockquote>

User:Rudxain

2026-03-23T17:16:35Z

Rudxain: link JS

[https://rudxain.github.io/ Website] (includes contact info and bio). Note: The entire domain is a [https://docs.github.com/en/pages GH-Pages] site (see [[GitHub|GH]]), which is likely hosted on [[Cloudflare|CloudFlare]]'s servers. Most pages in the domain are <code>noscript</code>-friendly (see [[JavaScript|JS]]), though.

I believe [https://github.com/Rudxain/blog/blob/main/proposal/DRY-T&C.md my proposal for human-friendly contracts] is relevant for the CRW (possibly [[Hidden EULA language#Resources|there]]?). See [https://discord.com/channels/1324835844812443810/1324835844812443813/1476657529999065250 this message]:<blockquote>I've posted [https://github.com/Rudxain/blog/blob/main/proposal/DRY-T&C.md this proposal for human-friendly contracts] a while back. There's some refs/sources that can be "mined" from it, but I believe most of the proposal is relevant to the CRW, so it deserves to be mentioned in some article. I'm asking because there's many articles where it could be referenced, so I'm not sure which is more "central" or relevant. Maybe this is a sign that there should be an article about "proposals for humane terms-of-service" or something similar? I did mention (in the post) that other people tried to solve similar problems</blockquote>

Bloatware

2026-03-23T03:43:02Z

Rudxain: add "HTTP Archive: Page Weight" to ext-links

{{StubNotice}}

There are multiple definitions of bloatware within the context of software. They include:

*[[wikipedia:Software_bloat#Bloatware|Pre-installed software]] that is not required for a system functionality
*Redundant or duplicate features included on a device (physical or digital)
*[[wikipedia:Potentially_unwanted_program|Undesirable programs]] that were [https://www.deceptive.design/types/sneaking not requested by the user]
*Software that has [[wikipedia:Software_bloat|become bloated over time]]

While the term "bloatware" is commonly ascribed to software, ''hardware'' bloat also exists.<ref>{{Cite web |last=Ionescu |first=Bogdan |date=2025-09-13 |title=Hosting a WebSite on a Disposable Vape |url=https://bogdanthegeek.github.io/blog/projects/vapeserver/ |access-date=2026-01-15 |website=BogdanTheGeek's Blog |url-status=live |archive-url=http://web.archive.org/web/20260209021718/https://bogdanthegeek.github.io/blog/projects/vapeserver/ |archive-date=9 Feb 2026}}</ref> See [[Internet_of_things|IoT devices]] for examples.

Bloat can be a symptom of a decline in quality of devices and services, colloquially referred to as [[enshittification]].

==Why it is a problem==
Bloatware often arises as pre-installed software and applications because the device manufacturer (OEM) has a contract or partnership with another corporation. The terms and processes leading to these partnerships, however, lack transparency. One study determined that personal data collection and user tracking was prevalent in pre-installed apps, with the data collection including [[wikipedia:Personal_data|personally identifying info]] (PII) and geo-location data, personal email and phone call metadata, contacts, behavioral and usage statistics as well as isolated malware samples.<ref>''J. Gamba, M. Rashed, A. Razaghpanah, J. Tapiador and N. Vallina-Rodriguez, "An Analysis of Pre-installed Android Software," 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2020, pp. 1039-1055, doi: 10.1109/SP40000.2020.00013.'' https://ieeexplore.ieee.org/document/9152633 Accessed 2''6 Feb 2026.'' ([http://web.archive.org/web/20251130162318/https://www.researchgate.net/publication/332932516_An_Analysis_of_Pre-installed_Android_Software Archived])</ref>

Bloat, in any of its forms, raises privacy and security concerns<ref>{{Cite web |last=Hubert |first=Bert |date=2024-02-08 |title=Why Bloat Is Still Software’s Biggest Vulnerability |url=https://spectrum.ieee.org/lean-software-development |access-date=2025-11-21 |website=IEEE Spectrum |url-status=live |archive-url=http://web.archive.org/web/20260131190126/https://spectrum.ieee.org/lean-software-development |archive-date=31 Jan 2026}}</ref>. As a rule of thumb, every added branch of code can make a program exponentially harder to prove for correctness<ref>{{Cite web |last=Howard |first=Gavin |date=2024-03-26 |title=What Computers Cannot Do: The Consequences of Turing-Completeness |url=https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |url-status=dead |archive-url=http://web.archive.org/web/20251214082939/https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |archive-date=2025-12-14 |access-date=2026-01-06 |website=Gavin D. Howard}}</ref>, making it impractical or impossible to verify that a program is not malicious (such as [[spyware]]) or has an exploitable [[wikipedia:Software_vulnerabilities|vulnerability]]. The problem is exacerbated if the [[wikipedia:Source-available_software|source-code of the app is not available]], since [[wikipedia:Reverse_engineering|reverse engineering]] is difficult and (in some cases) illegal. This means that user is unable to control or ensure the safety of their devices.

Bloat is known for causing sub-par [[wikipedia:User_experience|user experience]] (UX):

*Increased latency, "slowness", when using programs and applications<ref>https://developer.mozilla.org/en-US/docs/Web/Performance ([http://web.archive.org/web/20260211103730/https://developer.mozilla.org/en-US/docs/Web/Performance Archived])</ref>
*High memory use prevents or impedes multitasking<ref>https://en.wikipedia.org/wiki/Thrashing_(computer_science) ([http://web.archive.org/web/20260207194502/https://en.wikipedia.org/wiki/Thrashing_(computer_science) Archived])</ref>
*High power usage increases energy bills and reduces battery lifespan
*Over reliance on network connections (e.g., internet) preventing data from being cached locally<ref>{{Cite web |year=2019 |title=Local-first software: You own your data, in spite of the cloud |url=https://www.inkandswitch.com/essay/local-first |url-status=live |website=Ink & Switch |archive-url=http://web.archive.org/web/20260130001648/https://www.inkandswitch.com/essay/local-first/ |archive-date=30 Jan 2026}}</ref>, which can both impede access as well as increase cellular-data billing
*Instability issues due to difficulty in testing and verifying big code-bases<ref>{{Cite web |last=Muratori |first=Casey |date=2018-05-12 |title=The Thirty Million Line Problem |url=https://youtu.be/kZRE7HIO3vk |url-status=live |access-date=2026-03-15 |website=Molly Rocket |via=YouTube}}</ref>

If non-sustainable energy sources are used to power these devices with bloatware, bloat can contribute to [[wikipedia:Climate_change|climate change]]. This is true for any excessive processing (CPU, GPU, etc.) and network abuse (such as [[Artificial_intelligence/training|AI training]]).

==Tools to deal with bloat==
This is a list of tools that can be used (or are primarily used) to reduce bloat. This is not a guide, just a list of suggestions.

*[[wikipedia:UBlock_Origin|uBlock Origin]] (uBO). A general-purpose content blocker for web-browsers. It's worth noting that its "Cosmetic Filtering" (element hiding) can, in rare cases (such as animated elements), improve performance.<ref>{{Cite web |date=2016-02-03 |title=html - Does hiding an animated GIF with CSS conserve browser resources? |url=https://stackoverflow.com/questions/33762652/does-hiding-an-animated-gif-with-css-conserve-browser-resources/35169688#35169688 |url-status=live |archive-url=https://web.archive.org/web/20251215062718/https://stackoverflow.com/questions/33762652/does-hiding-an-animated-gif-with-css-conserve-browser-resources/35169688#35169688 |archive-date=2025-12-15 |access-date=2026-03-15 |website=Stack Overflow}}</ref>
*[[wikipedia:Noscript|NoScript]]. Much more specialized than uBO, as it only deals with [[JavaScript]].
*[https://libredirect.github.io/ LibRedirect]. On-browser (client-side) redirector of popular websites to privacy-respecting alternatives (alts). Most of those alts are lightweight, so it can be used to ''avoid'' bloat rather than ''remove'' bloat.
*<code>[https://privacy.sexy/ privacy.sexy]</code>. A tool for improving security and privacy on popular operating-systems, it also serves as a "debloater".
*[[Android]] debloaters:
**[https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation Universal Android Debloater Next Generation] (UAD-NG). A [[wikipedia:Desktop_computer|desktop]] app that uses [[wikipedia:Android_Debug_Bridge|ADB]] to disable (or "freeze") and pseudo-uninstall almost (OEMs block some) any app (including system packages) without [[Jailbreak|root]]-access.
**[https://github.com/samolego/Canta Canta]. An Android app that uses UAD-NG's bloat-lists as its knowledge-base (KB), and [https://shizuku.rikka.app/ Shizuku] as ADB replacement.
**[https://github.com/MuntashirAkon/AppManager AppManager]. An "all-in-one"/general-purpose package manager that runs on Android. It uses a derivative of UAD's lists as its KB. It can show '''a lot''' of hidden info about apps, which can sometimes be used for reverse-engineering.
**[https://github.com/lavafroth/droidrunco Droidrunco], superseded by [https://github.com/lavafroth/zilch Zilch]
*[https://github.com/M66B/NetGuard NetGuard]. An app that uses [https://developer.android.com/develop/connectivity/vpn the local Android VPN API] to filter internet traffic (like a [[wikipedia:Firewall_(computing)|firewall]]). It can be used as an on-device [[Pi-hole]] to [[Ad block|block ads]] using [[wikipedia:Hosts_(file)|<code>hosts</code>-files]] as rules.<ref>{{Cite web |last=Bokhorst |first=Marcel |date=2016-03-20 |title=Ad Blocking with NetGuard |url=https://github.com/M66B/NetGuard/blob/7308869411ff87649bf3a46a9c7c08f1e5353801/ADBLOCKING.md |url-status=live |access-date=2026-03-15 |website=GitHub}}</ref>
*[https://github.com/celzero/rethink-app Rethink], [[wikipedia:Domain_Name_System|DNS]] + Firewall + [[wikipedia:Virtual_private_network|VPN]] for Android. Can use local and remote DNS.
*[[wikipedia:Youtube-dl|youtube-dl]] & [https://github.com/yt-dlp/yt-dlp YT-DLP]. Audio/Video downloaders or "[[wikipedia:Ripping|rippers]]". Similarly to LibRedirect, it can be used to avoid bloat, by simply downloading the main content of a page. There's also <code>--get-url</code>/<code>--print urls</code> options that can be used to open the URL of the media in a browser, effectively streaming it, without a customized player

==See also==

*[[Electron]]

==External links==

*[https://thatshubham.com/blog/news-audit "The 49MB Web Page"]; a study on popular news/journalism sites. They also talk about cognitive-load and silent automated bidding, criticizing the degraded UX and privacy violations.
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ How web bloat impacts users with slow connections]
*[https://httparchive.org/reports/page-weight HTTP Archive: Page Weight]
*[https://www.keycdn.com/support/the-growth-of-web-page-size The Growth of Web Page Size]
*[https://tonsky.me/blog/js-bloat Javascript bloat in 2024]
*[https://tonsky.me/blog/disenchantment "Software disenchantment"]
*[https://github.com/gorhill/uBlock/wiki/Who-cares-about-efficiency,-I-have-8-GB-RAM-and%7Cor-a-quad-core-CPU uBlock-wiki counterpoint to "Who cares about efficiency, I have 8 GB RAM and|or a quad core CPU"]
*[https://randomascii.wordpress.com/2022/09/29/why-modern-software-is-slow-windows-voice-recorder/ Why Modern Software is Slow–Windows Voice Recorder]

==References==
<references />

[[Category:Common terms]]

Bloatware

2026-03-23T03:37:47Z

Rudxain: /* External links */

{{StubNotice}}

There are multiple definitions of bloatware within the context of software. They include:

*[[wikipedia:Software_bloat#Bloatware|Pre-installed software]] that is not required for a system functionality
*Redundant or duplicate features included on a device (physical or digital)
*[[wikipedia:Potentially_unwanted_program|Undesirable programs]] that were [https://www.deceptive.design/types/sneaking not requested by the user]
*Software that has [[wikipedia:Software_bloat|become bloated over time]]

While the term "bloatware" is commonly ascribed to software, ''hardware'' bloat also exists.<ref>{{Cite web |last=Ionescu |first=Bogdan |date=2025-09-13 |title=Hosting a WebSite on a Disposable Vape |url=https://bogdanthegeek.github.io/blog/projects/vapeserver/ |access-date=2026-01-15 |website=BogdanTheGeek's Blog |url-status=live |archive-url=http://web.archive.org/web/20260209021718/https://bogdanthegeek.github.io/blog/projects/vapeserver/ |archive-date=9 Feb 2026}}</ref> See [[Internet_of_things|IoT devices]] for examples.

Bloat can be a symptom of a decline in quality of devices and services, colloquially referred to as [[enshittification]].

==Why it is a problem==
Bloatware often arises as pre-installed software and applications because the device manufacturer (OEM) has a contract or partnership with another corporation. The terms and processes leading to these partnerships, however, lack transparency. One study determined that personal data collection and user tracking was prevalent in pre-installed apps, with the data collection including [[wikipedia:Personal_data|personally identifying info]] (PII) and geo-location data, personal email and phone call metadata, contacts, behavioral and usage statistics as well as isolated malware samples.<ref>''J. Gamba, M. Rashed, A. Razaghpanah, J. Tapiador and N. Vallina-Rodriguez, "An Analysis of Pre-installed Android Software," 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2020, pp. 1039-1055, doi: 10.1109/SP40000.2020.00013.'' https://ieeexplore.ieee.org/document/9152633 Accessed 2''6 Feb 2026.'' ([http://web.archive.org/web/20251130162318/https://www.researchgate.net/publication/332932516_An_Analysis_of_Pre-installed_Android_Software Archived])</ref>

Bloat, in any of its forms, raises privacy and security concerns<ref>{{Cite web |last=Hubert |first=Bert |date=2024-02-08 |title=Why Bloat Is Still Software’s Biggest Vulnerability |url=https://spectrum.ieee.org/lean-software-development |access-date=2025-11-21 |website=IEEE Spectrum |url-status=live |archive-url=http://web.archive.org/web/20260131190126/https://spectrum.ieee.org/lean-software-development |archive-date=31 Jan 2026}}</ref>. As a rule of thumb, every added branch of code can make a program exponentially harder to prove for correctness<ref>{{Cite web |last=Howard |first=Gavin |date=2024-03-26 |title=What Computers Cannot Do: The Consequences of Turing-Completeness |url=https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |url-status=dead |archive-url=http://web.archive.org/web/20251214082939/https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |archive-date=2025-12-14 |access-date=2026-01-06 |website=Gavin D. Howard}}</ref>, making it impractical or impossible to verify that a program is not malicious (such as [[spyware]]) or has an exploitable [[wikipedia:Software_vulnerabilities|vulnerability]]. The problem is exacerbated if the [[wikipedia:Source-available_software|source-code of the app is not available]], since [[wikipedia:Reverse_engineering|reverse engineering]] is difficult and (in some cases) illegal. This means that user is unable to control or ensure the safety of their devices.

Bloat is known for causing sub-par [[wikipedia:User_experience|user experience]] (UX):

*Increased latency, "slowness", when using programs and applications<ref>https://developer.mozilla.org/en-US/docs/Web/Performance ([http://web.archive.org/web/20260211103730/https://developer.mozilla.org/en-US/docs/Web/Performance Archived])</ref>
*High memory use prevents or impedes multitasking<ref>https://en.wikipedia.org/wiki/Thrashing_(computer_science) ([http://web.archive.org/web/20260207194502/https://en.wikipedia.org/wiki/Thrashing_(computer_science) Archived])</ref>
*High power usage increases energy bills and reduces battery lifespan
*Over reliance on network connections (e.g., internet) preventing data from being cached locally<ref>{{Cite web |year=2019 |title=Local-first software: You own your data, in spite of the cloud |url=https://www.inkandswitch.com/essay/local-first |url-status=live |website=Ink & Switch |archive-url=http://web.archive.org/web/20260130001648/https://www.inkandswitch.com/essay/local-first/ |archive-date=30 Jan 2026}}</ref>, which can both impede access as well as increase cellular-data billing
*Instability issues due to difficulty in testing and verifying big code-bases<ref>{{Cite web |last=Muratori |first=Casey |date=2018-05-12 |title=The Thirty Million Line Problem |url=https://youtu.be/kZRE7HIO3vk |url-status=live |access-date=2026-03-15 |website=Molly Rocket |via=YouTube}}</ref>

If non-sustainable energy sources are used to power these devices with bloatware, bloat can contribute to [[wikipedia:Climate_change|climate change]]. This is true for any excessive processing (CPU, GPU, etc.) and network abuse (such as [[Artificial_intelligence/training|AI training]]).

==Tools to deal with bloat==
This is a list of tools that can be used (or are primarily used) to reduce bloat. This is not a guide, just a list of suggestions.

*[[wikipedia:UBlock_Origin|uBlock Origin]] (uBO). A general-purpose content blocker for web-browsers. It's worth noting that its "Cosmetic Filtering" (element hiding) can, in rare cases (such as animated elements), improve performance.<ref>{{Cite web |date=2016-02-03 |title=html - Does hiding an animated GIF with CSS conserve browser resources? |url=https://stackoverflow.com/questions/33762652/does-hiding-an-animated-gif-with-css-conserve-browser-resources/35169688#35169688 |url-status=live |archive-url=https://web.archive.org/web/20251215062718/https://stackoverflow.com/questions/33762652/does-hiding-an-animated-gif-with-css-conserve-browser-resources/35169688#35169688 |archive-date=2025-12-15 |access-date=2026-03-15 |website=Stack Overflow}}</ref>
*[[wikipedia:Noscript|NoScript]]. Much more specialized than uBO, as it only deals with [[JavaScript]].
*[https://libredirect.github.io/ LibRedirect]. On-browser (client-side) redirector of popular websites to privacy-respecting alternatives (alts). Most of those alts are lightweight, so it can be used to ''avoid'' bloat rather than ''remove'' bloat.
*<code>[https://privacy.sexy/ privacy.sexy]</code>. A tool for improving security and privacy on popular operating-systems, it also serves as a "debloater".
*[[Android]] debloaters:
**[https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation Universal Android Debloater Next Generation] (UAD-NG). A [[wikipedia:Desktop_computer|desktop]] app that uses [[wikipedia:Android_Debug_Bridge|ADB]] to disable (or "freeze") and pseudo-uninstall almost (OEMs block some) any app (including system packages) without [[Jailbreak|root]]-access.
**[https://github.com/samolego/Canta Canta]. An Android app that uses UAD-NG's bloat-lists as its knowledge-base (KB), and [https://shizuku.rikka.app/ Shizuku] as ADB replacement.
**[https://github.com/MuntashirAkon/AppManager AppManager]. An "all-in-one"/general-purpose package manager that runs on Android. It uses a derivative of UAD's lists as its KB. It can show '''a lot''' of hidden info about apps, which can sometimes be used for reverse-engineering.
**[https://github.com/lavafroth/droidrunco Droidrunco], superseded by [https://github.com/lavafroth/zilch Zilch]
*[https://github.com/M66B/NetGuard NetGuard]. An app that uses [https://developer.android.com/develop/connectivity/vpn the local Android VPN API] to filter internet traffic (like a [[wikipedia:Firewall_(computing)|firewall]]). It can be used as an on-device [[Pi-hole]] to [[Ad block|block ads]] using [[wikipedia:Hosts_(file)|<code>hosts</code>-files]] as rules.<ref>{{Cite web |last=Bokhorst |first=Marcel |date=2016-03-20 |title=Ad Blocking with NetGuard |url=https://github.com/M66B/NetGuard/blob/7308869411ff87649bf3a46a9c7c08f1e5353801/ADBLOCKING.md |url-status=live |access-date=2026-03-15 |website=GitHub}}</ref>
*[https://github.com/celzero/rethink-app Rethink], [[wikipedia:Domain_Name_System|DNS]] + Firewall + [[wikipedia:Virtual_private_network|VPN]] for Android. Can use local and remote DNS.
*[[wikipedia:Youtube-dl|youtube-dl]] & [https://github.com/yt-dlp/yt-dlp YT-DLP]. Audio/Video downloaders or "[[wikipedia:Ripping|rippers]]". Similarly to LibRedirect, it can be used to avoid bloat, by simply downloading the main content of a page. There's also <code>--get-url</code>/<code>--print urls</code> options that can be used to open the URL of the media in a browser, effectively streaming it, without a customized player

==See also==

*[[Electron]]

==External links==

*[https://thatshubham.com/blog/news-audit "The 49MB Web Page"]; a study on popular news/journalism sites. They also talk about cognitive-load and silent automated bidding, criticizing the degraded UX and privacy violations.
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ How web bloat impacts users with slow connections]
*[https://www.keycdn.com/support/the-growth-of-web-page-size The Growth of Web Page Size]
*[https://tonsky.me/blog/js-bloat Javascript bloat in 2024]
*[https://tonsky.me/blog/disenchantment "Software disenchantment"]
*[https://github.com/gorhill/uBlock/wiki/Who-cares-about-efficiency,-I-have-8-GB-RAM-and%7Cor-a-quad-core-CPU uBlock-wiki counterpoint to "Who cares about efficiency, I have 8 GB RAM and|or a quad core CPU"]
*[https://randomascii.wordpress.com/2022/09/29/why-modern-software-is-slow-windows-voice-recorder/ Why Modern Software is Slow–Windows Voice Recorder]

==References==
<references />

[[Category:Common terms]]

Artificial intelligence

2026-03-22T23:53:46Z

Rudxain: section about system-prompts and lack of transparency

{{Irrelevant}}{{ToneWarning}}

'''Artificial intelligence''' (AI) is a field of computer science that produces systems designed to solve problems that humans typically solve using intelligence. In the consumer and industry space, it is commonly referred to as chatbots or [[wikipedia:Large language model|large language models]] (LLMs), which have been a main focus of industry since the November 2022 launch of [[OpenAI]]'s [[ChatGPT]], with tens of billions of dollars in funding allocated to producing more popular LLMs. This is also a significant focus on [[wikipedia:Text-to-image model|text-to-image models]], which "draw" an image using a written prompt, and less commonly, [[wikipedia:Text-to-video model|text-to-video models]], which extend the text-to-image concept across several smooth video frames.

AI is not a new concept; it has been of interest since the 1950s. AI is a catch-all term, encompassing many areas and techniques.

[[wikipedia:Generative artificial intelligence|Generative artificial intelligence]] models are trained through vast amounts of existing human-generated content. LLMs gather statistics on word patterns, which allows the model to generate sequences of words that seem similar to what a person might have written. However, an LLM does not understand anything; they cannot reason. They generate randomly modulated pattern of tokens. In this way, they function similarly to autocomplete.

People reading sequences of tokens sometimes perceive things they think are true. Sequences that do not make sense to the reader, or that are false, are called [[wikipedia:Hallucination (artificial intelligence)|hallucinations]]. LLMs are typically trained to produce output that is pleasing to people, exhibiting [[Dark pattern|dark patterns]]. For example, they produce output which seems confidently written, use patterns which praise the user (sycophancy), and employ emotionally manipulative language.

People are accustomed to interacting with others, and many overestimate the abilities of things that exhibit complex, person-like patterns. Promoters of “AI” systems take advantage of this tendency, using suggestive names (like “reasoning” and “learning”) and grand claims (“PhD level”), which make it harder for people to understand these systems.

From November 2022 to 2025, venture capitalists and companies invested hundreds of billions of dollars into AI but received minimal returns. When companies seek returns, consumers can expect that products may be orphaned, services may be reduced, customer data may be sold or repurposed, costs may rise, and companies may reduce staff or fail. Historically, AI has had brief periods of intense hype, followed by disillusionment, and “AI winters.”<sup>[<nowiki/>[[Consumer Rights Wiki:Verifiability|citation needed]]]</sup>

The current well-funded industry of artificial intelligence tools has led to the rampant and unethical use of content. Startups aiming to develop AI services have been rapidly scraping the internet for content to train future models, and members of the field are concerned that they are approaching the limit of publicly available content to train from.<ref>{{Cite web |last=Tremayne-Pengelly |first=Alexandra |date=16 Dec 2024 |title=Ilya Sutskever Warns A.I. Is Running Out of Data—Here’s What Will Happen Next |url=https://observer.com/2024/12/openai-cofounder-ilya-sutskever-ai-data-peak/ |website=Observer |url-status=live |archive-url=http://web.archive.org/web/20251126053705/https://observer.com/2024/12/openai-cofounder-ilya-sutskever-ai-data-peak/ |archive-date=26 Nov 2025}}</ref>

==Why is it a problem==
===Unethical training of data===
:Further reading: [[Artificial intelligence/training]]

Users' work is sometimes silently used in training without their explicit consent, as was the case for [[Adobe's AI policy]].

===Privacy concerns of AI===
AI can be and has been used to generate deepfakes of people with and without their consent. Deepfakes are media generated with the likeness of an individual. Deepfake media can range from harmless to harmful. The latter includes child pornography, revenge porn, blackmail, etc. Since the rampant rise of consumer AI, deepfakes have become even more prevalent, with some websites explicitly specializing in them.<sup>[<nowiki/>[[Consumer Rights Wiki:Verifiability|citation needed]]]</sup>

===Privacy concerns of online AI models===
There are several concerns with using online AI models like [[ChatGPT]], not only because they are proprietary, but also because there is no guarantee of where your data will be stored or used. Recent developments in local AI models offer an alternative to online AI models, which can be downloaded from platforms like [https://huggingface.co/ HuggingFace] and used offline. Common models to run include Llama ([[Meta]]), DeepSeek ([[DeepSeek]]), Phi ([[Microsoft]]), Mistral ([[Mistral AI]]), Gemma ([[Google]]).

In some cases, AI models can be hijacked for malicious purposes. Demonstrated with Comet ([[Perplexity]]), users can run arbitrary prompts to the browser's built-in AI assistant by hiding text in the HTML comments, non-visible webpage text, or simple comments on a webpage.<ref name=":0">{{Cite web |date=Aug 20, 2025 |title=Tweet from Brave |url=https://nitter.us.catsarch.com/brave/status/1958152314914508893 |url-status=live |archive-url=https://web.archive.org/web/20260321120531/https://nitter.us.catsarch.com/brave/status/1958152314914508893 |archive-date=21 Mar 2026 |access-date=Aug 24, 2025 |website=X (formerly [[Twitter]])}}</ref> These arbitrary prompts can then be exploited to obtain sensitive information or gain unauthorized access to high-value accounts, such as those for banking or gaming libraries.<ref>{{Cite web |date=Aug 23, 2025 |title=Tweet from zack (in SF) |url=https://nitter.us.catsarch.com/zack_overflow/status/1959308058200551721 |url-status=live |archive-url=https://web.archive.org/web/20260321120841/https://nitter.us.catsarch.com/zack_overflow/status/1959308058200551721 |archive-date=21 Mar 2026 |access-date=Aug 24, 2025 |website=X (formerly [[Twitter]])}}</ref> See [[wikipedia:Prompt_injection|Prompt injection]].

===Unethical maintenance of data centers===

Due to heavy investments into and increased use of generative AI and LLMs, many data centers have been constructed to host LLMs. These data centers consume large amounts of power and water, in order to power and cool the computer systems running the models. Residents that live in cities where AI data centers have been constructed have complained of an increase in their electricity bills despite no change in their personal usage.<sup>[<nowiki/>[[Consumer Rights Wiki:Verifiability|citation needed]]]</sup> According to a research video by Benn Jordan, these data centers (as well as fracking operations and natural occurrences) cause a high amount of sound pollution, which can cause various symptoms.<ref> https://www.youtube.com/watch?v=_bP80DEAbuo ([https://preservetube.com/watch?v=_bP80DEAbuo Archived])</ref>

=== Hidden directives ===
Most AI apps include an initial "root"/"system" prompt given to the AI, which is hidden from the user. Some corporations go to great lengths to keep those prompts hidden, and to avoid leaking it to the user. Some projects attempt to bring back transparency to these tools, in spite of the restrictions.<ref>https://github.com/elder-plinius/CL4R1T4S</ref>

==Further reading==
*[[Automatic content recognition]]

==External links==

*[https://aisafety.dance/ Nicky Case, ''“AI Safety for Fleshy Humans”'', Hack Club (2024)]

==References==
{{Reflist}}
[[Category:Artificial intelligence]]

Artificial intelligence

2026-03-22T23:44:02Z

Rudxain: dark-pat is already linked, so dedupe. BTW, it shouldn't be in "Further reading", it should've been in "See also"

{{Irrelevant}}{{ToneWarning}}

'''Artificial intelligence''' (AI) is a field of computer science that produces systems designed to solve problems that humans typically solve using intelligence. In the consumer and industry space, it is commonly referred to as chatbots or [[wikipedia:Large language model|large language models]] (LLMs), which have been a main focus of industry since the November 2022 launch of [[OpenAI]]'s [[ChatGPT]], with tens of billions of dollars in funding allocated to producing more popular LLMs. This is also a significant focus on [[wikipedia:Text-to-image model|text-to-image models]], which "draw" an image using a written prompt, and less commonly, [[wikipedia:Text-to-video model|text-to-video models]], which extend the text-to-image concept across several smooth video frames.

AI is not a new concept; it has been of interest since the 1950s. AI is a catch-all term, encompassing many areas and techniques.

[[wikipedia:Generative artificial intelligence|Generative artificial intelligence]] models are trained through vast amounts of existing human-generated content. LLMs gather statistics on word patterns, which allows the model to generate sequences of words that seem similar to what a person might have written. However, an LLM does not understand anything; they cannot reason. They generate randomly modulated pattern of tokens. In this way, they function similarly to autocomplete.

People reading sequences of tokens sometimes perceive things they think are true. Sequences that do not make sense to the reader, or that are false, are called [[wikipedia:Hallucination (artificial intelligence)|hallucinations]]. LLMs are typically trained to produce output that is pleasing to people, exhibiting [[Dark pattern|dark patterns]]. For example, they produce output which seems confidently written, use patterns which praise the user (sycophancy), and employ emotionally manipulative language.

People are accustomed to interacting with others, and many overestimate the abilities of things that exhibit complex, person-like patterns. Promoters of “AI” systems take advantage of this tendency, using suggestive names (like “reasoning” and “learning”) and grand claims (“PhD level”), which make it harder for people to understand these systems.

From November 2022 to 2025, venture capitalists and companies invested hundreds of billions of dollars into AI but received minimal returns. When companies seek returns, consumers can expect that products may be orphaned, services may be reduced, customer data may be sold or repurposed, costs may rise, and companies may reduce staff or fail. Historically, AI has had brief periods of intense hype, followed by disillusionment, and “AI winters.”<sup>[<nowiki/>[[Consumer Rights Wiki:Verifiability|citation needed]]]</sup>

The current well-funded industry of artificial intelligence tools has led to the rampant and unethical use of content. Startups aiming to develop AI services have been rapidly scraping the internet for content to train future models, and members of the field are concerned that they are approaching the limit of publicly available content to train from.<ref>{{Cite web |last=Tremayne-Pengelly |first=Alexandra |date=16 Dec 2024 |title=Ilya Sutskever Warns A.I. Is Running Out of Data—Here’s What Will Happen Next |url=https://observer.com/2024/12/openai-cofounder-ilya-sutskever-ai-data-peak/ |website=Observer |url-status=live |archive-url=http://web.archive.org/web/20251126053705/https://observer.com/2024/12/openai-cofounder-ilya-sutskever-ai-data-peak/ |archive-date=26 Nov 2025}}</ref>

==Why is it a problem==
===Unethical training of data===
:Further reading: [[Artificial intelligence/training]]

Users' work is sometimes silently used in training without their explicit consent, as was the case for [[Adobe's AI policy]].

===Privacy concerns of AI===
AI can be and has been used to generate deepfakes of people with and without their consent. Deepfakes are media generated with the likeness of an individual. Deepfake media can range from harmless to harmful. The latter includes child pornography, revenge porn, blackmail, etc. Since the rampant rise of consumer AI, deepfakes have become even more prevalent, with some websites explicitly specializing in them.<sup>[<nowiki/>[[Consumer Rights Wiki:Verifiability|citation needed]]]</sup>

===Privacy concerns of online AI models===
There are several concerns with using online AI models like [[ChatGPT]], not only because they are proprietary, but also because there is no guarantee of where your data will be stored or used. Recent developments in local AI models offer an alternative to online AI models, which can be downloaded from platforms like [https://huggingface.co/ HuggingFace] and used offline. Common models to run include Llama ([[Meta]]), DeepSeek ([[DeepSeek]]), Phi ([[Microsoft]]), Mistral ([[Mistral AI]]), Gemma ([[Google]]).

In some cases, AI models can be hijacked for malicious purposes. Demonstrated with Comet ([[Perplexity]]), users can run arbitrary prompts to the browser's built-in AI assistant by hiding text in the HTML comments, non-visible webpage text, or simple comments on a webpage.<ref name=":0">{{Cite web |date=Aug 20, 2025 |title=Tweet from Brave |url=https://nitter.us.catsarch.com/brave/status/1958152314914508893 |url-status=live |archive-url=https://web.archive.org/web/20260321120531/https://nitter.us.catsarch.com/brave/status/1958152314914508893 |archive-date=21 Mar 2026 |access-date=Aug 24, 2025 |website=X (formerly [[Twitter]])}}</ref> These arbitrary prompts can then be exploited to obtain sensitive information or gain unauthorized access to high-value accounts, such as those for banking or gaming libraries.<ref>{{Cite web |date=Aug 23, 2025 |title=Tweet from zack (in SF) |url=https://nitter.us.catsarch.com/zack_overflow/status/1959308058200551721 |url-status=live |archive-url=https://web.archive.org/web/20260321120841/https://nitter.us.catsarch.com/zack_overflow/status/1959308058200551721 |archive-date=21 Mar 2026 |access-date=Aug 24, 2025 |website=X (formerly [[Twitter]])}}</ref> See [[wikipedia:Prompt_injection|Prompt injection]].

===Unethical maintenance of data centers===

Due to heavy investments into and increased use of generative AI and LLMs, many data centers have been constructed to host LLMs. These data centers consume large amounts of power and water, in order to power and cool the computer systems running the models. Residents that live in cities where AI data centers have been constructed have complained of an increase in their electricity bills despite no change in their personal usage.<sup>[<nowiki/>[[Consumer Rights Wiki:Verifiability|citation needed]]]</sup> According to a research video by Benn Jordan, these data centers (as well as fracking operations and natural occurrences) cause a high amount of sound pollution, which can cause various symptoms.<ref> https://www.youtube.com/watch?v=_bP80DEAbuo ([https://preservetube.com/watch?v=_bP80DEAbuo Archived])</ref>

==Further reading==
*[[Automatic content recognition]]

==External links==

*[https://aisafety.dance/ Nicky Case, ''“AI Safety for Fleshy Humans”'', Hack Club (2024)]

==References==
{{Reflist}}
[[Category:Artificial intelligence]]

Motorola

2026-03-22T23:34:48Z

Rudxain: mv BL link

{{CompanyCargo
|Description=American mobile device manufacturer owned by Lenovo.
|Founded=1928
|Industry=Electronics
|Logo=Motorola logo.png
|ParentCompany=Lenovo
|Type=Subsidiary
|Website=https://www.motorola.com
}}

'''{{Wplink|Motorola}}''' was an American company founded in 1928 and sold mobile phones, tablets, public safety equipment, and many other electronic products. In 2011, the company was split into two independent entities: '''{{Wplink|Motorola Mobility}}''' for their consumer products such as smart phones, and '''{{Wplink|Motorola Solutions}}''' relating to safety and security products and services (such as police body cameras).

For purposes of this article, "Motorola" is used in reference to Motorola Mobility.

==Consumer impact summary==
{{Ph-C-CIS}}

==Incidents==
This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].

===Bootloader controversy===
Motorola has made it against their Legal Agreements<ref>{{Cite web |author= |title=Unlocking the Bootloader |url=https://en-us.support.motorola.com/app/standalone/bootloader/unlock-your-device-a |website=Motorola |date= |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20260216203142/https://en-us.support.motorola.com/app/standalone/bootloader/unlock-your-device-a |archive-date=16 Feb 2026}}</ref> to resell your phone, after [[Bootloader unlocking|unlocking the bootloader]], sparking concerns over ownership. "''Once you unlock the device, you can only use it for your personal use, and '''may not sell or otherwise transfer the device'''''".<ref name=":0">{{Cite web |author= |title=Boot revised |url=https://en-us.support.motorola.com/ci/fattach/get/741421/1385047216/redirect/1/filename/Boot_revised.pdf |website=Motorola |date= |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20251130172159/https://en-us.support.motorola.com/ci/fattach/get/741421/1385047216/redirect/1/filename/Boot_revised.pdf |archive-date=30 Nov 2025 |format=PDF}}</ref>

They have also mentioned that unlocking your device voids the warranty. This means if the CPU, battery, or any other component unrelated to unlocking a device should stop functioning, it will not be covered under warranty.<ref name=":0" />

Two Senior MotoAgents have stated that the device needs to have an internet connection for one week following the purchase or a reset to allow the functionality of bootloader unlocking.<ref>{{Cite web |author=Vlug1 |title=OEM unlock option greyed out |url=https://forums.lenovo.com/t5/moto-g52/OEM-unlock-option-greyed-out/m-p/5289637 |website=Lenovo |date=9 Feb 2024 |access-date=28 Feb 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0301-1350-44/https://forums.lenovo.com:443/t5/moto-g52/OEM-unlock-option-greyed-out/m-p/5289637 |archive-date=1 Mar 2026}}</ref><ref>{{Cite web |author=Bomkz |title=OEM Unlock option greyed out |url=https://forums.lenovo.com/t5/motorola-one-5G-ACE/OEM-Unlock-option-greyed-out/m-p/5232007 |website=Lenovo |date=17 Jun 2023 |access-date=28 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20250211083509/https://forums.lenovo.com/t5/motorola-one-5G-ACE/OEM-Unlock-option-greyed-out/m-p/5232007 |archive-date=11 Feb 2025}}</ref>

According to a post on Motorola's official forum from one of the MotoAgents, once the device reaches a certain age (no specific age is given), it becomes unable to get a key to unlock the bootloader.<ref>{{Cite web |author=Agent_Jess |title=Your device does not qualify for bootloader unlocking. |url=https://forums.lenovo.com/t5/MOTOROLA-Android-Developer-Community/Your-device-does-not-qualify-for-bootloader-unlocking/m-p/5234690?page=3#6297769 |website=Lenovo |date=26 Mar 2024 |access-date=28 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20250708170853/https://forums.lenovo.com/t5/MOTOROLA-Android-Developer-Community/Your-device-does-not-qualify-for-bootloader-unlocking/m-p/5234690?page=3 |archive-date=8 Jul 2025}}</ref>

Most E-series models, devices with [[Android]] GO pre-installed, some MTK models, [[Amazon Prime]] devices do not support the official bootloader unlock method.<ref>{{Cite web
|author=Agent_Rizza |title=How to root Moto E13 |url=https://forums.lenovo.com/t5/moto-e13/How-to-root-Moto-E13/m-p/5302949?page=1#6312054 |website=Lenovo |date=11 Apr 2024 |access-date=28 Feb 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0301-1421-45/https://forums.lenovo.com/t5/moto-e13/How-to-root-Moto-E13/m-p/5302949?page=1#6312054 |archive-date=1 Mar 2026}}</ref>

====ODM devices====
There is a strong possibility that devices not created by Motorola's core development team but purchased from ODMs will not be able to be officially unlocked.<ref>{{Cite web |author=Lost-Entrepreneur439 |title=bootloader-unlock-wall-of-shame - motorola |url=https://github.com/melontini/bootloader-unlock-wall-of-shame/blob/main/brands/motorola/README.md#unofficial-ways |website=GitHub |date= |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20250729025627/https://github.com/melontini/bootloader-unlock-wall-of-shame/blob/main/brands/motorola/README.md |archive-date=29 Jul 2025}}</ref><ref>{{Cite web |author=shomykohai |title=Moto g24 bootloader unlock ideas |url=https://github.com/orgs/moto-fogorow/discussions/1 |website=GitHub |date=31 Jan 2025 |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20251007190502/https://github.com/orgs/moto-fogorow/discussions/1 |archive-date=7 Oct 2025}}</ref>

For example, the Moto G24, G24 Power, E7 and E7 Power models manufactured by Tinno have a blocked bootloader unlock feature if the device is not a development device. Even if this lock can be bypassed, the bootloader will automatically lock after rebooting the device if it is not a development device.<ref>{{Cite web |author= |title=Bootloader {{!}} Motorola G24/G24 Power |url=https://fogorow.fuckyoumoto.xyz/docs/dev/bootloader#official-way |website=****youmoto |date= |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20251007190438/https://fogorow.fuckyoumoto.xyz/docs/dev/bootloader/ |archive-date=7 Oct 2025}}</ref>

The only way bypass it is to flash a [https://fogorow.fuckyoumoto.xyz/docs/modding/custom-bootloader custom ChouChou bootloader] specially ported for your device, that will disable this check.

====Intentional bootloader unlock restriction on some Motorola models====
On some smartphone models, bootloader unlocking is officially impossible.

For example, on the "Moto G13/G23/G24/G24 Power" models, the <code>fastboot oem get_unlock_data</code> command is missing.<ref>{{Cite web |author= |title=Bootloader {{!}} Motorola G23/G13 |url=https://penangf.fuckyoumoto.xyz/docs/dev/bootloader/#official-unlocking-method |website=****youmoto |date= |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20251007190337/https://penangf.fuckyoumoto.xyz/docs/dev/bootloader/ |archive-date=7 Oct 2025}}</ref> This command is necessary to obtain unique identifiers, which are then used to generate an unlock key. Besides, there are no officially documented alternative methods of getting the key on these phone models.

Notably, on more affordable devices with the same SoC, such as the Moto G31, bootloader unlocking was officially available.

For a long time, customers submitted requests on Motorola's official forum, asking for the ability to obtain an unlock key or an alternative method.<ref>{{Cite web |author=Sylwoo |title=Motorola Moto G13/G23 bootloader |url=https://forums.lenovo.com/t5/moto-g13/Motorola-Moto-G13-G23-bootloader/m-p/5342278 |website=Lenovo |date=27 Oct 2024 |access-date=28 Feb 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0301-1448-19/https://forums.lenovo.com:443/t5/moto-g13/Motorola-Moto-G13-G23-bootloader/m-p/5342278 |archive-date=1 Mar 2026}}</ref><ref>{{Cite web |author=WiktorMC |title=How to unlock bootloader on Motorola moto G23? |url=https://forums.lenovo.com/t5/MOTOROLA-Android-Developer-Community/How-to-unlock-bootloader-on-Motorola-moto-G23/m-p/5277660 |website=Lenovo |date=26 Dec 2023 |access-date=28 Feb 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0301-1456-34/https://forums.lenovo.com:443/t5/MOTOROLA-Android-Developer-Community/How-to-unlock-bootloader-on-Motorola-moto-G23/m-p/5277660 |archive-date=1 Mar 2026}}</ref><ref>{{Cite web |author=talha1276 |title=Moto G23 Bootloader unlock request |url=https://forums.lenovo.com/t5/MOTOROLA-Android-Developer-Community/Moto-G23-Bootloader-unlock-request/m-p/5319977 |website=Lenovo |date=5 Jul 2025 |access-date=28 Feb 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0301-1502-24/https://forums.lenovo.com:443/t5/MOTOROLA-Android-Developer-Community/Moto-G23-Bootloader-unlock-request/m-p/5319977 |archive-date=1 Mar 2026}}</ref><ref>{{Cite web |author=DiabloSat |title=Moto G23 – Request to include SID Keys in next OTA Update |url=https://forums.lenovo.com/t5/moto-g23/Moto-G23-%E2%80%93-Request-to-include-SID-Keys-in-next-OTA-Update/m-p/5344909 |website=Lenovo |date=10 Nov 2024 |access-date=28 Feb 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0301-1505-52/https://forums.lenovo.com:443/t5/moto-g23/Moto-G23-%E2%80%93-Request-to-include-SID-Keys-in-next-OTA-Update/m-p/5344909 |archive-date=1 Mar 2026}}</ref> However, MotoAgents either ignored these messages or responded with: ''"- This phone does not support bootloader unlocking"''.

Later, after numerous inquiries, Motorola issued a formal response: ''"- We will forward this information to the developers."'' However, no further action was taken.

Over time, a community of enthusiasts successfully unlocked the bootloader on Moto G13/G23 by de-compiling the lk (Little Kernel, bootloader) partition, studying the key generation algorithm, and creating a key generator (keygen).<ref>{{Cite web |author= |title=Bootloader {{!}} Motorola G23/G13 |url=https://penangf.fuckyoumoto.xyz/docs/dev/bootloader/#bootloader-unlock |website=****youmoto |date= |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20251007190337/https://penangf.fuckyoumoto.xyz/docs/dev/bootloader/ |archive-date=7 Oct 2025}}</ref><ref>{{Cite web |author= |title=OEM key algorithm {{!}} Motorola G23/G13 |url=https://penangf.fuckyoumoto.xyz/docs/dev/oem-key-algorithm |website=****youmoto |date= |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20251007190411/https://penangf.fuckyoumoto.xyz/docs/dev/oem-key-algorithm/ |archive-date=7 Oct 2025}}</ref><ref>{{Cite web |author= |title=****youmoto-utils/oem_keygen.py |url=https://github.com/moto-penangf/fuckyoumoto/blob/main/oem_keygen.py |website=GitHub |date= |access-date=28 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20250810173853/https://github.com/fuckyoumoto/fuckyoumoto-utils/blob/main/oem_keygen.py |archive-date=10 Aug 2025}}</ref> This proves that bootloader unlocking was originally intended to be possible, ''but Motorola deliberately concealed it from customers by refusing to provide the necessary keys.''

Motorola specifically avoids offering the necessary keys and tools for bootloader unlocking on models with Spreadtrum/Unisoc SoCs, which are often used in more affordable devices.

====List of phones with bootloader unlocking disabled====
This not a complete list of models, in which bootloader cannot be unlocked officially:
*Moto E22i
*Moto E14
*Moto E13
*Moto E7 / E7 Power
*Moto G13 / G23
*Moto G14
*Moto G24 / G24 Power
*Moto G22

===Live lock screen (''2024'')===
In late 2024, Motorola had installed an [[adware]] app called [https://play.google.com/store/apps/details?id=com.taboola.mip Live lock screen] (from Taboola) for their recent devices under the guise of a "security update".<ref>{{Cite web |last=Cubbins |first=Dwayne |title=Motorola users noticing ads on lock screen after recent system updates |url=https://techissuestoday.com/motorola-lock-screen-ads-articles/ |website=Tech-Issues Today |date=21 Nov 2024 |access-date=18 Jun 2025 |url-status=live |archive-url=https://web.archive.org/web/20250508185348/https://techissuestoday.com/motorola-lock-screen-ads-articles/ |archive-date=8 May 2025}}</ref> This is installed as a system-level app and so cannot be deleted, with some speculating Motorola "might be looking for new revenue streams". Some users have found workarounds to removing the app from their phones involving the use of a computer's terminal:<ref name="Reddit">{{Cite web |author=Legal Literature1356 |title=Remove Live lock screen permanently using ADB commands |url=https://old.reddit.com/r/motorola/comments/1h0klyj/remove_live_lock_screen_permanently_using_adb/ |website=[[Reddit]] |date=26 Nov 2024 |access-date=18 Jun 2025 |url-status=dead |archive-url=http://web.archive.org/web/20250121123239/https://old.reddit.com/r/motorola/comments/1h0klyj/remove_live_lock_screen_permanently_using_adb/ |archive-date=21 Jan 2025}}</ref>
<blockquote>1- Download adb files from given link and extract it in your PC (It also includes this video tutorial in Full HD format in case reddit compressed it here. https://drive.google.com/file/d/16cEtQFyLRfR216j7McXS4UpBIV4jcFPL/view?usp=drivesdk

2- Connect your phone to your PC using usb cable.

3- Tap multiple times in your phone build number until developer options in not unlock.

4- Enable Developer options and then USB debugging.

5- Open "cmd-here" terminal files as admisstrator from that given folder and give these commands.

adb devices

adb shell

pm uninstall -k --user 0 com.taboola.mip

6- Restart your phone.

''- u/Legal Literature1356''</blockquote>
<blockquote>Not at all to detract from OP, but if you dont trust .rar files with .exes in them: You can use official sources for "andriod platform tools" from here https://developer.android.com/tools/releases/platform-tools and you dont need "cmd-here", (all it doesis opens a command prompt in the folder it sits in). instead, open command prompt as per usual ("cmd" in windows search does it), click on the address bar of whereever your andriod tools are, copy that, then use that as below.

cd C:\Users\Main\Desktop\New folder\platform-tools

adb devices

adb shell

pm uninstall -k --user 0 com.taboola.mip

Other useful bits, my one had a different package name:

pm uninstall -k --user 0 com.taboola.ody

and this lists the packages in your phone, incase they have changed the name:

adb devices

adb shell

adb shell pm list packages

''- u/Etalon3141''<ref>{{Cite web |author=Etalon3141 |title=Remove Live lock screen permanently using ADB commands |url=https://old.reddit.com/r/motorola/comments/1h0klyj/remove_live_lock_screen_permanently_using_adb/m5rap82/ |website=[[Reddit]] |date=6 Jan 2025 |access-date=28 Feb 2026 |url-status=dead |archive-url=http://web.archive.org/web/20250121123239/https://old.reddit.com/r/motorola/comments/1h0klyj/remove_live_lock_screen_permanently_using_adb/ |archive-date=21 Jan 2025}}</ref></blockquote>

==Products==
{{Ph-C-P}}

==See also==
{{Ph-C-SA}}

==References==
{{Reflist}}

[[Category:Motorola]]

Motorola

2026-03-22T23:33:24Z

Rudxain: link BL-unlock as "See also" template

{{CompanyCargo
|Description=American mobile device manufacturer owned by Lenovo.
|Founded=1928
|Industry=Electronics
|Logo=Motorola logo.png
|ParentCompany=Lenovo
|Type=Subsidiary
|Website=https://www.motorola.com
}}

'''{{Wplink|Motorola}}''' was an American company founded in 1928 and sold mobile phones, tablets, public safety equipment, and many other electronic products. In 2011, the company was split into two independent entities: '''{{Wplink|Motorola Mobility}}''' for their consumer products such as smart phones, and '''{{Wplink|Motorola Solutions}}''' relating to safety and security products and services (such as police body cameras).

For purposes of this article, "Motorola" is used in reference to Motorola Mobility.

==Consumer impact summary==
{{Ph-C-CIS}}

==Incidents==
This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].

===Bootloader controversy===
{{See also|Bootloader unlocking}}
Motorola has made it against their Legal Agreements<ref>{{Cite web |author= |title=Unlocking the Bootloader |url=https://en-us.support.motorola.com/app/standalone/bootloader/unlock-your-device-a |website=Motorola |date= |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20260216203142/https://en-us.support.motorola.com/app/standalone/bootloader/unlock-your-device-a |archive-date=16 Feb 2026}}</ref> to resell your phone, after unlocking the bootloader, sparking concerns over ownership. "''Once you unlock the device, you can only use it for your personal use, and '''may not sell or otherwise transfer the device'''''".<ref name=":0">{{Cite web |author= |title=Boot revised |url=https://en-us.support.motorola.com/ci/fattach/get/741421/1385047216/redirect/1/filename/Boot_revised.pdf |website=Motorola |date= |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20251130172159/https://en-us.support.motorola.com/ci/fattach/get/741421/1385047216/redirect/1/filename/Boot_revised.pdf |archive-date=30 Nov 2025 |format=PDF}}</ref>

They have also mentioned that unlocking your device voids the warranty. This means if the CPU, battery, or any other component unrelated to unlocking a device should stop functioning, it will not be covered under warranty.<ref name=":0" />

Two Senior MotoAgents have stated that the device needs to have an internet connection for one week following the purchase or a reset to allow the functionality of bootloader unlocking.<ref>{{Cite web |author=Vlug1 |title=OEM unlock option greyed out |url=https://forums.lenovo.com/t5/moto-g52/OEM-unlock-option-greyed-out/m-p/5289637 |website=Lenovo |date=9 Feb 2024 |access-date=28 Feb 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0301-1350-44/https://forums.lenovo.com:443/t5/moto-g52/OEM-unlock-option-greyed-out/m-p/5289637 |archive-date=1 Mar 2026}}</ref><ref>{{Cite web |author=Bomkz |title=OEM Unlock option greyed out |url=https://forums.lenovo.com/t5/motorola-one-5G-ACE/OEM-Unlock-option-greyed-out/m-p/5232007 |website=Lenovo |date=17 Jun 2023 |access-date=28 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20250211083509/https://forums.lenovo.com/t5/motorola-one-5G-ACE/OEM-Unlock-option-greyed-out/m-p/5232007 |archive-date=11 Feb 2025}}</ref>

According to a post on Motorola's official forum from one of the MotoAgents, once the device reaches a certain age (no specific age is given), it becomes unable to get a key to unlock the bootloader.<ref>{{Cite web |author=Agent_Jess |title=Your device does not qualify for bootloader unlocking. |url=https://forums.lenovo.com/t5/MOTOROLA-Android-Developer-Community/Your-device-does-not-qualify-for-bootloader-unlocking/m-p/5234690?page=3#6297769 |website=Lenovo |date=26 Mar 2024 |access-date=28 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20250708170853/https://forums.lenovo.com/t5/MOTOROLA-Android-Developer-Community/Your-device-does-not-qualify-for-bootloader-unlocking/m-p/5234690?page=3 |archive-date=8 Jul 2025}}</ref>

Most E-series models, devices with [[Android]] GO pre-installed, some MTK models, [[Amazon Prime]] devices do not support the official bootloader unlock method.<ref>{{Cite web
|author=Agent_Rizza |title=How to root Moto E13 |url=https://forums.lenovo.com/t5/moto-e13/How-to-root-Moto-E13/m-p/5302949?page=1#6312054 |website=Lenovo |date=11 Apr 2024 |access-date=28 Feb 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0301-1421-45/https://forums.lenovo.com/t5/moto-e13/How-to-root-Moto-E13/m-p/5302949?page=1#6312054 |archive-date=1 Mar 2026}}</ref>

====ODM devices====
There is a strong possibility that devices not created by Motorola's core development team but purchased from ODMs will not be able to be officially unlocked.<ref>{{Cite web |author=Lost-Entrepreneur439 |title=bootloader-unlock-wall-of-shame - motorola |url=https://github.com/melontini/bootloader-unlock-wall-of-shame/blob/main/brands/motorola/README.md#unofficial-ways |website=GitHub |date= |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20250729025627/https://github.com/melontini/bootloader-unlock-wall-of-shame/blob/main/brands/motorola/README.md |archive-date=29 Jul 2025}}</ref><ref>{{Cite web |author=shomykohai |title=Moto g24 bootloader unlock ideas |url=https://github.com/orgs/moto-fogorow/discussions/1 |website=GitHub |date=31 Jan 2025 |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20251007190502/https://github.com/orgs/moto-fogorow/discussions/1 |archive-date=7 Oct 2025}}</ref>

For example, the Moto G24, G24 Power, E7 and E7 Power models manufactured by Tinno have a blocked bootloader unlock feature if the device is not a development device. Even if this lock can be bypassed, the bootloader will automatically lock after rebooting the device if it is not a development device.<ref>{{Cite web |author= |title=Bootloader {{!}} Motorola G24/G24 Power |url=https://fogorow.fuckyoumoto.xyz/docs/dev/bootloader#official-way |website=****youmoto |date= |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20251007190438/https://fogorow.fuckyoumoto.xyz/docs/dev/bootloader/ |archive-date=7 Oct 2025}}</ref>

The only way bypass it is to flash a [https://fogorow.fuckyoumoto.xyz/docs/modding/custom-bootloader custom ChouChou bootloader] specially ported for your device, that will disable this check.

====Intentional bootloader unlock restriction on some Motorola models====
On some smartphone models, bootloader unlocking is officially impossible.

For example, on the "Moto G13/G23/G24/G24 Power" models, the <code>fastboot oem get_unlock_data</code> command is missing.<ref>{{Cite web |author= |title=Bootloader {{!}} Motorola G23/G13 |url=https://penangf.fuckyoumoto.xyz/docs/dev/bootloader/#official-unlocking-method |website=****youmoto |date= |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20251007190337/https://penangf.fuckyoumoto.xyz/docs/dev/bootloader/ |archive-date=7 Oct 2025}}</ref> This command is necessary to obtain unique identifiers, which are then used to generate an unlock key. Besides, there are no officially documented alternative methods of getting the key on these phone models.

Notably, on more affordable devices with the same SoC, such as the Moto G31, bootloader unlocking was officially available.

For a long time, customers submitted requests on Motorola's official forum, asking for the ability to obtain an unlock key or an alternative method.<ref>{{Cite web |author=Sylwoo |title=Motorola Moto G13/G23 bootloader |url=https://forums.lenovo.com/t5/moto-g13/Motorola-Moto-G13-G23-bootloader/m-p/5342278 |website=Lenovo |date=27 Oct 2024 |access-date=28 Feb 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0301-1448-19/https://forums.lenovo.com:443/t5/moto-g13/Motorola-Moto-G13-G23-bootloader/m-p/5342278 |archive-date=1 Mar 2026}}</ref><ref>{{Cite web |author=WiktorMC |title=How to unlock bootloader on Motorola moto G23? |url=https://forums.lenovo.com/t5/MOTOROLA-Android-Developer-Community/How-to-unlock-bootloader-on-Motorola-moto-G23/m-p/5277660 |website=Lenovo |date=26 Dec 2023 |access-date=28 Feb 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0301-1456-34/https://forums.lenovo.com:443/t5/MOTOROLA-Android-Developer-Community/How-to-unlock-bootloader-on-Motorola-moto-G23/m-p/5277660 |archive-date=1 Mar 2026}}</ref><ref>{{Cite web |author=talha1276 |title=Moto G23 Bootloader unlock request |url=https://forums.lenovo.com/t5/MOTOROLA-Android-Developer-Community/Moto-G23-Bootloader-unlock-request/m-p/5319977 |website=Lenovo |date=5 Jul 2025 |access-date=28 Feb 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0301-1502-24/https://forums.lenovo.com:443/t5/MOTOROLA-Android-Developer-Community/Moto-G23-Bootloader-unlock-request/m-p/5319977 |archive-date=1 Mar 2026}}</ref><ref>{{Cite web |author=DiabloSat |title=Moto G23 – Request to include SID Keys in next OTA Update |url=https://forums.lenovo.com/t5/moto-g23/Moto-G23-%E2%80%93-Request-to-include-SID-Keys-in-next-OTA-Update/m-p/5344909 |website=Lenovo |date=10 Nov 2024 |access-date=28 Feb 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0301-1505-52/https://forums.lenovo.com:443/t5/moto-g23/Moto-G23-%E2%80%93-Request-to-include-SID-Keys-in-next-OTA-Update/m-p/5344909 |archive-date=1 Mar 2026}}</ref> However, MotoAgents either ignored these messages or responded with: ''"- This phone does not support bootloader unlocking"''.

Later, after numerous inquiries, Motorola issued a formal response: ''"- We will forward this information to the developers."'' However, no further action was taken.

Over time, a community of enthusiasts successfully unlocked the bootloader on Moto G13/G23 by de-compiling the lk (Little Kernel, bootloader) partition, studying the key generation algorithm, and creating a key generator (keygen).<ref>{{Cite web |author= |title=Bootloader {{!}} Motorola G23/G13 |url=https://penangf.fuckyoumoto.xyz/docs/dev/bootloader/#bootloader-unlock |website=****youmoto |date= |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20251007190337/https://penangf.fuckyoumoto.xyz/docs/dev/bootloader/ |archive-date=7 Oct 2025}}</ref><ref>{{Cite web |author= |title=OEM key algorithm {{!}} Motorola G23/G13 |url=https://penangf.fuckyoumoto.xyz/docs/dev/oem-key-algorithm |website=****youmoto |date= |access-date=28 Feb 2026 |url-status=live |archive-url=http://web.archive.org/web/20251007190411/https://penangf.fuckyoumoto.xyz/docs/dev/oem-key-algorithm/ |archive-date=7 Oct 2025}}</ref><ref>{{Cite web |author= |title=****youmoto-utils/oem_keygen.py |url=https://github.com/moto-penangf/fuckyoumoto/blob/main/oem_keygen.py |website=GitHub |date= |access-date=28 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20250810173853/https://github.com/fuckyoumoto/fuckyoumoto-utils/blob/main/oem_keygen.py |archive-date=10 Aug 2025}}</ref> This proves that bootloader unlocking was originally intended to be possible, ''but Motorola deliberately concealed it from customers by refusing to provide the necessary keys.''

Motorola specifically avoids offering the necessary keys and tools for bootloader unlocking on models with Spreadtrum/Unisoc SoCs, which are often used in more affordable devices.

====List of phones with bootloader unlocking disabled====
This not a complete list of models, in which bootloader cannot be unlocked officially:
*Moto E22i
*Moto E14
*Moto E13
*Moto E7 / E7 Power
*Moto G13 / G23
*Moto G14
*Moto G24 / G24 Power
*Moto G22

===Live lock screen (''2024'')===
In late 2024, Motorola had installed an [[adware]] app called [https://play.google.com/store/apps/details?id=com.taboola.mip Live lock screen] (from Taboola) for their recent devices under the guise of a "security update".<ref>{{Cite web |last=Cubbins |first=Dwayne |title=Motorola users noticing ads on lock screen after recent system updates |url=https://techissuestoday.com/motorola-lock-screen-ads-articles/ |website=Tech-Issues Today |date=21 Nov 2024 |access-date=18 Jun 2025 |url-status=live |archive-url=https://web.archive.org/web/20250508185348/https://techissuestoday.com/motorola-lock-screen-ads-articles/ |archive-date=8 May 2025}}</ref> This is installed as a system-level app and so cannot be deleted, with some speculating Motorola "might be looking for new revenue streams". Some users have found workarounds to removing the app from their phones involving the use of a computer's terminal:<ref name="Reddit">{{Cite web |author=Legal Literature1356 |title=Remove Live lock screen permanently using ADB commands |url=https://old.reddit.com/r/motorola/comments/1h0klyj/remove_live_lock_screen_permanently_using_adb/ |website=[[Reddit]] |date=26 Nov 2024 |access-date=18 Jun 2025 |url-status=dead |archive-url=http://web.archive.org/web/20250121123239/https://old.reddit.com/r/motorola/comments/1h0klyj/remove_live_lock_screen_permanently_using_adb/ |archive-date=21 Jan 2025}}</ref>
<blockquote>1- Download adb files from given link and extract it in your PC (It also includes this video tutorial in Full HD format in case reddit compressed it here. https://drive.google.com/file/d/16cEtQFyLRfR216j7McXS4UpBIV4jcFPL/view?usp=drivesdk

2- Connect your phone to your PC using usb cable.

3- Tap multiple times in your phone build number until developer options in not unlock.

4- Enable Developer options and then USB debugging.

5- Open "cmd-here" terminal files as admisstrator from that given folder and give these commands.

adb devices

adb shell

pm uninstall -k --user 0 com.taboola.mip

6- Restart your phone.

''- u/Legal Literature1356''</blockquote>
<blockquote>Not at all to detract from OP, but if you dont trust .rar files with .exes in them: You can use official sources for "andriod platform tools" from here https://developer.android.com/tools/releases/platform-tools and you dont need "cmd-here", (all it doesis opens a command prompt in the folder it sits in). instead, open command prompt as per usual ("cmd" in windows search does it), click on the address bar of whereever your andriod tools are, copy that, then use that as below.

cd C:\Users\Main\Desktop\New folder\platform-tools

adb devices

adb shell

pm uninstall -k --user 0 com.taboola.mip

Other useful bits, my one had a different package name:

pm uninstall -k --user 0 com.taboola.ody

and this lists the packages in your phone, incase they have changed the name:

adb devices

adb shell

adb shell pm list packages

''- u/Etalon3141''<ref>{{Cite web |author=Etalon3141 |title=Remove Live lock screen permanently using ADB commands |url=https://old.reddit.com/r/motorola/comments/1h0klyj/remove_live_lock_screen_permanently_using_adb/m5rap82/ |website=[[Reddit]] |date=6 Jan 2025 |access-date=28 Feb 2026 |url-status=dead |archive-url=http://web.archive.org/web/20250121123239/https://old.reddit.com/r/motorola/comments/1h0klyj/remove_live_lock_screen_permanently_using_adb/ |archive-date=21 Jan 2025}}</ref></blockquote>

==Products==
{{Ph-C-P}}

==See also==
{{Ph-C-SA}}

==References==
{{Reflist}}

[[Category:Motorola]]

JavaScript

2026-03-22T17:06:49Z

Rudxain: swap OJSF & ECMA, again, because this is JS not ES

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://openjsf.org/,https://tc39.es/ecma262/multipage/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> John Gruber says that JS shouldn't be part of browsers;<ref>{{Cite web |last=Gruber |first=John |date=2017-06-22 |title=Gizmodo Investigation Exposes Websites Collecting Form Data Before You Hit 'Submit' |url=https://daringfireball.net/linked/2017/06/22/navistone-form-data |url-status=live |archive-url=https://web.archive.org/web/20260319180650/https://daringfireball.net/linked/2017/06/22/navistone-form-data |archive-date=2026-03-19 |access-date=2026-03-20 |website=Daring Fireball}}</ref><ref>{{Cite web |last=Gruber |first=John |date=2017-06-27 |title=Using Today's Web Without JavaScript |url=https://daringfireball.net/linked/2017/06/27/web-without-javascript |url-status=live |archive-url=https://web.archive.org/web/20260319180612/https://daringfireball.net/linked/2017/06/27/web-without-javascript |archive-date=2026-03-19 |access-date=2026-03-20 |website=Daring Fireball}}</ref> one way that would work is by turning JS into an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] that the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]), makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The main valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS
*[[wikipedia:Instant_messaging|Instant messaging]] (self-evident)

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of ES), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a [[Bloatware|bloated]] pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled, even when its use is "illegitimate":

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate
*[[Discord]]. While its instant-messaging functionality legitimately requires JS, they refuse to let the user change their account settings (including security and privacy ones) unless JS is enabled.

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*Google being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*Discord being extremely bloated to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

Article suggestions

2026-03-22T16:43:54Z

Rudxain: TCL screen "random" turn off

This page is dedicated towards providing a communal list for users to submit potential articles to feature on the wiki, and to give editors inspiration on what pages they might want to add to the wiki. If you create an article based on an entry from this list, or see that someone else has done so, please make sure to delete the row from this page in order to prevent confusion.

Sources should be inserted within the 'refs' section of the table. If using the visual editor, take advantage of '<nowiki/>'''insert reference'''<nowiki/>' via ''''ctrl + shift + k'''<nowiki/>' so that the sources are quick to add to future articles. If you are using the source editor, feel free to copy and paste the formatting from other correctly formatted references on the page. The more sources you include with an article idea, the more likely it is that others will pick the article idea up and run with it, so please attempt to include a good variety of descriptive sources!

Please take note of the wiki's [[Consumer Rights Wiki:Inclusion guidelines|Inclusion criteria]] when submitting article suggestions. If you see article suggestions here which do not fit the Wiki, feel free to remove them, leaving your reasoning in an edit note.

If you are an editor looking for further inspiration to write an article, you can also check out the [[Louis Rossmann - Video Directory|Louis Rossmann video directory]] for a good collection of potential articles.

==Example==
Below is an example of what an entry should appear as:
{| class="wikitable"
|+
!Company
!Summary of Incident
!Refs
|-
|[[Nintendo]]
|In 2025, the company Nintendo stripped Switch 2 consoles that used the MIG switch cartridge of all online functionality
|<ref name=":3">{{Cite web |last=Scattered Brain |date=Jun 16, 2025 |title=Soo... Nintendo banned my Switch 2 (Don't try the MIG Switch!) |url=https://www.youtube.com/watch?v=ExgYTA18_vo&t=656s |url-status=live |archive-url=https://preservetube.com/watch?v=ExgYTA18_vo |archive-date=22 Feb 2026|access-date=Jun 18, 2025 |website=[[YouTube]]}}</ref><ref name=":0">{{Cite news |last=Orland |first=Kyle |date=Jun 17, 2025 |title=Switch 2 users report online console bans after running personal game “backups” |url=https://arstechnica.com/gaming/2025/06/playing-personal-game-backups-could-get-your-switch-2-banned-by-nintendo/ |url-status=live |archive-url=http://web.archive.org/web/20251222013641/https://arstechnica.com/gaming/2025/06/playing-personal-game-backups-could-get-your-switch-2-banned-by-nintendo/ |archive-date=22 Dec 2025|access-date=Jun 19, 2025 |work=Ars Technica}}</ref>
|}

==List of incidents not yet covered==
{| class="wikitable sortable"
!Company
!Summary of Incident
!Refs
|-
|Regus
|A flexible office / workplace provider for freelancers, contractors, small businesses, etc.
This is specifically for their Virtual Office service. I am sure they apply these same predatory and deceptive tactics with the rest of their services as well.
Locks you into a contract for virtual services that they may terminate at any time. You can too only if you follow very specific and exaggerated terms. They will bill you for the entire agreement even with it terminated. You lose access to the services immediately upon termination but are forced to pay for the rest of the agreement. They are predatory with agreements and will not allow you to break them and will charge you for the entire thing regardless of what happens.
Forced arbitration. Force you to waive any right to class action lawsuits.
Contract comes with terms hidden in their "house rules" document, automatically opting the user into services they did not knowingly agree to, by default. These services are NOT included in the original contract in any way except through the referencing to other documents like the "Terms of Service" and "House Rules", not disclosed ahead of time. They clearly show a lower price and do not clearly show any of the additional services you unknowingly opt into.
They lead you into a low price to get the agreement signed. Once signed, you cannot escape or get out with their terms. You find out later that they've made you agree to additional services by default. They require YOU to jump through hoops to opt out of those services, and they bury the information to do it.
They have predatory auto-renewals for the contracts that are typically months to years long, with many being sold into higher 1 year+ contracts for "savings" and "discounts". These auto-renewals cannot be canceled without 3 MONTHS notice! If it renews, you are locked into another term which you will be forced to pay in full even if you terminate.
This is all for VIRTUAL office services that cost nothing to provide or remove.
A lot of deceptive patterns including, but not limited to: Comparison prevention, hidden costs, hidden subscription, obstruction.
|[https://serviceagreement.regus.com/TermsPDF/VirtualOffice/Global20250301.pdf Terms of Service]
[https://serviceagreement.regus.com/PreviewHouseRule.aspx?guidId=840179ed-c894-4e91-8ccc-3b882bcf4b38 House Rules]
[https://www.myregus.com/help#:~:text=you%20can%20give%20notice%20to%20terminate%20your%20agreement%20at%20anytime%20in%20your%20online%20account%20%2D%20but%20you%20will%20be%20charged%20until%20the%20end%20of%20your%20agreement%20term. Help Page - terminate anytime but pay everything]
|-
|GM
|GM originally released the EV1 in 1996 on a lease program, and then instead of selling the much loved used/leased vehicles to consumers, they decided to crush the grand majority of them. Very few surviving examples can be found today, with most in private collections or at universities.
Because it was seen as a failure to major auto manufacturers, It would take over a decade before another EV was produced in the United States.
|
|-
|Wizards of the Coast
|Wizards of the Coast (WotC) seems to be positioning itself to move away from publishing physical books that last forever in favor of pushing digital-only sales and micro-transactions of content and subscriptions. They attempted to amend the OGL (Open Game License) to include language that would require third party authors of D&D content to give up rights to their own content, so WotC can sell it to consumers without crediting the original authors.
Notably, as a direct response to these anti-consumer activities and policies, a select few of the third party publishers have instead decided to come out with their own systems that are not beholden to WotC's whims. A couple of examples include ''Draw Steel'' and ''Daggerheart''. An earlier conflict prompted Paizo to release their own version of the classic D20-based tabletop RPG, ''Pathfinder'', when WotC started releasing the fourth edition of it's rule-set.
|
|-
|Foxconn
|Foxconn is an electronics manufacturer with various human rights violations on it's record. They've also convinced the government to use eminent domain to take people's property to build factories, that never end up using the factories.
|
|-
|ASUS (ROG)
|Releases bios updates via windows executable, meaning that you can't update your bios to the latest version to amend a security vulnerability or fix an issue unless you're running microsoft windows. The windows executable simply extracts a binary file, that you can drop on a thumb drive. This could be easily done via direct download to support other operating systems.
|
|-
|Symantec
|Product: Norton Internet Security.
This one might be tough to document, because it's been slowly going on for the past 15 years. Norton used to offer a great internet security package with a ton of good and useful services for a decent price. Unfortunately, slowly over the years, they've gone further and further down the rabbit hole of charging more money for fewer and fewer features, and then locking some of those features behind even more paywalls and micro-transactions.
|
|-
|8Player
|In early March, 2026, the Apple TV application called 8Player began displaying a notice informing users who had already paid for the app, that the app would not continue to function unless they agreed to an ongoing subscription.
The text of the notice says the following:
----Thank you for being a valued 8player user.

To keep improving the app and delivering new features, 8player is moving to a subscription model.

You can continue using the full version at no cost until April 15, 2026.

After that, activate the subscription in the app to keep full access. Your existing features will remain available, and no action is needed today.

Thank you for supporting 8player over the years.

[[:File:8player-subscription-model-notice.png]]
|
|-
|[[ABC Financial Services]]
|Manages memberships and recurring service subscriptions for other companies. Prevents customers from being able to cancel a service by locking them into a never-ending cycle of auto renewals, and not allowing the customer to opt out of auto renewal.
|-
|Affinity / [[Canva]] page created needs editors to help
|Canva purchases [[Serif]]; the owner of perpetual license design software Affinity Publisher, Designer, and Photo on March 26th 2024. Provides a pledge to assure users that Canva will not "ruin" the suite. In October 2025, Affinity users are locked out of the community forum for a new "Creative Freedom" announcement on October 30th 2025. Complete radio silence for a whole month while they tease long term users on Twitter and Discord. Finally on October 30th 2025, the new Affinity software is announced as "free". Instead, all creative professionals that used the original software are forced to create a new Canva account to access the new Affinity and thus agree to Canva's ToS<ref name=":1">{{Cite web |date=2025-10-30 |title=Canva Terms of Use |url=https://www.canva.com/policies/terms-of-use/ |url-status=live |archive-url=http://web.archive.org/web/20260128105545/https://www.canva.com/policies/terms-of-use/ |archive-date=28 Jan 2026|website=Canva Legal Trust Center}}</ref>. Affinity redirects the pledge page to an announcement for the new software, effectively burying the original pledge<ref name=":4">{{Cite web |date=2024-03-27 |title=The Affinity and Canva Pledge |url=https://affinity.serif.com/en-us/press/newsroom/affinity-and-canva-pledge |url-status=dead |archive-url=https://web.archive.org/web/20251002083749/https://affinity.serif.com/en-us/press/newsroom/affinity-and-canva-pledge/ |archive-date=2025-10-02 |website=web.archive.org}}</ref>. Questions about Canva now being able to monetize the work of professionals to train their own AI models sold to Canva users are left unanswered. Free, but at what cost?
EDIT: Initial article has been written but needs more work, citation, and verification. [[Canva adds arbitration clause for future Affinity Studio users|See this article here]].
|<ref name=":1" /><ref name=":4" />
|-
|[[Alibaba]]
|[[wikipedia:Alibaba_Group|WP]]
|
|-
|[[Amazon]]
|Amazon renders Fire TV Blaster unusable, offers Amazon gift card to affected customers
EDIT: Incident has been added to the Amazon page but needs more work.

---

Sometime in 2025 Amazon added an upgrade nag widget to Alexa for "Alexa+" that is impossible to turn off. In some cases the upgrade was automatic, and users had to opt-out
|<ref>{{Cite web |last=Herbig |first=Daniel |date=19 Jan 2026 |title=Amazon makes Fire TV Blaster unusable |url=https://www.heise.de/en/news/Amazon-makes-Fire-TV-Blaster-unusable-11145570.html |url-status=live |archive-url=http://web.archive.org/web/20260120070820/https://www.heise.de/en/news/Amazon-makes-Fire-TV-Blaster-unusable-11145570.html |archive-date=20 Jan 2026}}</ref>
---
<ref>{{Cite web |title=Amazon is automatically upgrading Prime members to Alexa+. Here's how to opt out |url=https://www.12news.com/article/news/nation-world/amazon-automatic-upgrade-alexa-plus-how-to-opt-out/507-3105c319-0f52-421a-b741-9ad6919f22e5}}</ref>
|-
|[[Anker]]
|In Anker's Terms of Service for Solix solar generator product, under 19.3 Mandatory Updates:
In critical situations—such as addressing severe security vulnerabilities, complying with legal requirements, or ensuring compatibility with our service architecture—we reserve the right to issue mandatory Updates for both the firmware and the App. These essential updates may install automatically, or require immediate installation before further use, and you will not be permitted to opt out. If you fail to install such an update, certain device functionalities or access to the App may be limited or suspended to maintain the security and integrity of our service.
https://www.anker.com/ca/policies/terms-of-service
|
|-
|Apotheka
|Personal ID codes, purchase information and contact details of almost half of Estonian citizens and residents have been compromised in a mass data breach of the IT system operated by Allium UPI, a firm dealing with pharmacy and hospital products.
|[https://news.err.ee/1609302096/cybercriminals-steal-data-of-around-700-000-apotheka-pharmacy-customers]
|-
|[[Apple]]
|Apple changes Logic Pro and the Apple office suite into a subscription when it was either a one time purchase or free with the mac.
|
|-
|[[Apple]]
|$17 000 Apple Watch 18 karat gold edition out of support only 8 years after its introduction (not end of sale!). This means no software support, and, crucially, no repair or replacement parts. If the battery dies, the watch is but a paperweight.
|<ref>{{Cite web |title=Apple will no longer fix the $17,000 gold Apple Watch |url=https://www.theverge.com/2023/10/2/23900158/apple-watch-edition-gold-2015-obsolete-unsupported-beyonce |url-status=live |archive-url=https://web.archive.org/web/20260222211749/https://www.theverge.com/2023/10/2/23900158/apple-watch-edition-gold-2015-obsolete-unsupported-beyonce |archive-date=22 Feb 2026|website=The Verge}}</ref>
|-
|[[Apple]], [[Beats]]
|No support for Powerbeats (4th generation) despite the headphones being under 5 years from when Apple last distributed the product for sale. The product is not listed as discontinued or vintage, and by Apple's own guidelines, should be eligible for replacement parts and repair. OEM replacement eartips cannot be purchased for any Beats earphones.
|<ref>{{Cite web |title=Obtaining service for your Apple product after an expired warranty |url=https://support.apple.com/en-us/102772 |url-status=live |archive-url=http://web.archive.org/web/20260207094149/https://support.apple.com/en-us/102772 |archive-date=7 Feb 2026|access-date=2025-10-18}}</ref><ref>{{Cite web |title=Beats Repair and Service |url=https://support.apple.com/beats/repair |url-status=live |archive-url=http://web.archive.org/web/20260104000857/https://support.apple.com/beats/repair |archive-date=4 Jan 2026|access-date=2025-10-18}}</ref><ref>{{Cite web |title=Apple store search for eartips |url=https://www.apple.com/us/search/eartips?src=alp |url-status=live |archive-url=http://web.archive.org/web/20251028001314/https://www.apple.com/us/search/eartips?src=alp |archive-date=28 Oct 2025|access-date=2025-10-18}}</ref>
|-
|[[Apple]] iWork/Creator Studio
|The update that makes the iWork apps part of the new Apple Creator Studio subscription now adds tracking that is enabled by default and implemented as opt-out. The information about it is displayed in a first launch screen without any immediate way opt out, which qualifies as a dark pattern. Instead, the user has to go through a slightly convoluted path via the iPhone/iPad system settings app, and under the submenu "Apps" find each of the iWork apps and disable analytics there individually for each app. On Desktop, it is under a dedicated menu item under the "Pages"/"Numbers"/"Keynote" menu.
|<ref>{{Cite web |title=New versions of Keynote, Numbers, and Pages collect telemetry by default on iOS, iPadOS, and macOS |url=https://www.reddit.com/r/ios/comments/1qq7q9m/new_versions_of_keynote_numbers_and_pages_collect/ |archive-url=https://web.archive.org/web/20260223032029/https://old.reddit.com/r/ios/comments/1qq7q9m/new_versions_of_keynote_numbers_and_pages_collect/ |archive-date=23 Feb 2026}}</ref>
|-
|[[archive.today]] / archive.ph (Web Archival Service)
|The website used [[JavaScript]] embedded into the website code to conduct a DDOS attack from users' devices against a blogger who has voiced criticism of the service in the past. This may make also cause legal issues for users.
NOTE: A similar technique has previously been used by Chinese search giant [[Baidu]], so we might want to create a category or tag for this type of thing

ADDENDUM: This page was reported to have been changing the information displayed in some archived screenshots, such as the author who published particular articles.
|<ref>{{Cite web |last=Kirchner |first=Malte |last2=Kunz |first2=Dr. Christopher |date=10 Feb 2026 |title=Archive.today: Operator uses users for DDoS attack |url=https://www.heise.de/en/news/Archive-today-Operator-uses-users-for-DDoS-attack-11171455.html |url-status=live |archive-url=http://web.archive.org/web/20260212060655/https://www.heise.de/en/news/Archive-today-Operator-uses-users-for-DDoS-attack-11171455.html |archive-date=12 Feb 2026 |website=heise}}</ref><ref>{{Cite web |last=LMG Clips |title=Wikipedia Banned 690,000 Archive Links - LMG Clips |url=https://youtu.be/rrnFUvFGf5A?si=32JRogu2ID9xykHd |access-date=2026-03-03 |website=LMG Clips on YouTube - Wikipedia Banned 690,000 Archive Links}}</ref>
|-
|'''[[Arduino]]''' (/ɑːrˈdwiːnoʊ/) is an Italian open-source hardware and software company owned by Qualcomm
|Arduino’s new terms of service worries hobbyists ahead of Qualcomm acquisition.
User shall not:

*translate, decompile or reverse-engineer the Platform, or engage in any other activity designed to identify the algorithms and logic of the Platform’s operation, unless expressly allowed by Arduino or by applicable license agreements …
|<ref>{{Cite web |last=Harding |first=Scharon |date=2025-11-24 |title=Arduino’s new terms of service worries hobbyists ahead of Qualcomm acquisition |url=https://arstechnica.com/gadgets/2025/11/arduinos-new-terms-of-service-worries-hobbyists-ahead-of-qualcomm-acquisition/ |url-status=live |access-date=2026-03-14 |website=Ars Technica}}</ref>
|-
|Atlassian
|Users forced from on-premise to cloud only subscriptions
Edit: Page has been started [[Atlassian on premise to subscription|here]], more work, citation, and verification needs to be done.
|<ref>{{Cite web |title=Ascend to the cloud: The next chapter for Atlassian and our customers |url=https://www.atlassian.com/blog/announcements/atlassian-ascend |url-status=live |archive-url=http://web.archive.org/web/20251018171903/https://www.atlassian.com/blog/announcements/atlassian-ascend |archive-date=18 Oct 2025}}</ref>
|-
|[[AutoAuth]]
|'''AutoAuth''' represents a significant shift toward "repair-by-subscription," where owning a vehicle no longer guarantees the right to maintain it. By placing a digital firewall between the owner and the car’s computer, AutoAuth forces independent shops and DIY enthusiasts to pay recurring access fees and register their personal data with a third-party gatekeeper just to perform basic maintenance, such as electronic parking brake retractions or oil life resets.
|
|-
|[[Axon]]
|Tazers sold with lease agreement that makes purchase effectively a subscription.
|[https://norwoodrecord.weebly.com/uploads/1/1/4/8/114832579/norwood_record_pages_1_to_12__4sep2025.pdf <nowiki>[69]</nowiki>]
|-
|[[Bayer]]
|[[wikipedia:Bayer|Wikipedia]]. See [[Monsanto]]
|
|-
|Benjamin
|Offerwall phone app that pays users money for various tasks- such as watching ads, or downloading and using software. After years of user satisfaction, in late 2025, the company first put a 2 month moratorium on users' ability to withdraw their earned money, then rolled out a massive wave of enshittification features, the most egregious of which, is a "withdrawl queue", where withdrawing your earnings is placed into a queue with no visible progress. No days, no queue tracker, many members have been waiting over 3 months for their withdrawls to be processed, on a feature listed as "instant withdrawl". Various policies also implemented that would completely void a user's earned money, mainly inactivity but also many baseless random user bans (many of which were reversed). There are hundreds of frustrated user testimonials on reddit (https://www.reddit.com/r/benjaminone/).
|
|-
|[[Best Buy]]
|In late 2025, BestBuy added [https://www.bestbuy.com/site/help-topics/pricing-message/pcmcat748302046647.c?id=pcmcat748302046647#:~:text=Our%20%E2%80%9CComparable%20Value%E2%80%9D%20(Comp,retailers%20or%20e%2Dcommerce%20companies. "Comparable Value"] as means of comparing values of products that is of equivalent value to other products sold by manufacturers, 1st party, or 3rd party vendors. Changes to their pricing model has made it to where it is more difficult to determine overall value of a product compared to MSRP.
|<ref>{{Cite web |last=Support |first=Best Buy |date=2025-01-24 |title=Pricing: Promotions |url=https://www.bestbuy.com/site/help-topics/pricing-message/pcmcat748302046647.c?id=pcmcat748302046647#:~:text=Our%20%E2%80%9CComparable%20Value%E2%80%9D%20(Comp,retailers%20or%20e%2Dcommerce%20companies. |url-status=live |access-date=2026-02-24 |website=Best Buy}}</ref>
|-
|[[Bluesky]]
|Introduced ID check for Direct Messaging to comply with laws in certain states and abroad, despite both the company and community being against it.
|
|-
|[[Bosch]] and [[Shimano]]
|Electric bike companies including Bosch and Shimano limit consumer's abilities to access their e-bike electrical system such as when installing a new light or a phone charger. Special software only accessible to qualified bike shops is required to activate ports or accept new devices. Additional connectivity barriers exist such as difficult to acquire Bosch specific cables.
|<ref>{{Cite web |last=RunBikeMike |first= |date=2024-01-01 |title=Installing an EBike Light To Run Off Your Battery / MagicShine ME2000 |url=https://www.youtube.com/watch?v=AvG7Fpb1tzI&t=50s |access-date=2026-03-06 |website=YouTube}}</ref><ref>{{Cite web |last=Rossmann |first=Louis |date=15 Mar 2022 |title=Bosch takes the L on right to repair for ebikes |url=https://www.youtube.com/watch?v=j7e9hO5yMtk |access-date=6 Mar 2026 |website=YouTube}}</ref>
|-
|[[Carvana]]
|Saying cars that have been in accidents have not; Lies about inspection and does not replace brake pads even when worn down. Non-refundable $1,500 shipping fee. See [https://www.youtube.com/watch?v=r9yhOeTUEo4 Louis Rossmann's Video]
|
|-
|Chuwi
|Misleading consumers by falsifying the specsheet of one of their latest laptops, and repeatedly threatened one of the online publications that wrote an article of their alleged misdeeds.
|<ref>{{Cite web |last=Leitner |first=Simon |date=2026-03-12 |title=CPU fraud, next round: Chuwi CoreBook Plus with supposed AMD Ryzen 5 7430U also affected |url=https://www.notebookcheck.net/CPU-fraud-next-round-Chuwi-CoreBook-Plus-with-supposed-AMD-Ryzen-5-7430U-also-affected.1248660.0.html |url-status=live |archive-url=https://archive.today/N7UmU |archive-date=2026-03-12 |access-date=2026-03-12 |website=Notebookcheck}}</ref>
|-
|[[Cloud-first]]
|The antithesis of [https://www.inkandswitch.com/essay/local-first local-first]. See "[https://karl-voit.at/cloud You Can't Control Your Data in the Cloud]"
|
|-
|[[Cloudary Holdings Limited / Webnovel]]
|Terms of service with binding Arbitration.
|<ref>{{Cite web |title=Webnovel ToS |url=https://www.webnovel.com/terms_of_service |url-status=live |archive-url=http://web.archive.org/web/20260101204816/https://www.webnovel.com/terms_of_service |archive-date=1 Jan 2026}}</ref>
|-
|[[Devolo]]
|Devolo switches off servers and removes their app from stores for their "Home Control" system, thus severely reducing the functionality of their devices (apparently Z-Wave-based).
|<ref>{{Cite web |title=IT-News für Profis |url=https://www.golem.de/news/weiterbetrieb-verursacht-weitere-kosten-devolo-macht-smart-home-system-zum-grossteil-unbrauchbar-2508-199409.html |url-status=live |archive-url=http://web.archive.org/web/20251210052941/https://www.golem.de/news/weiterbetrieb-verursacht-weitere-kosten-devolo-macht-smart-home-system-zum-grossteil-unbrauchbar-2508-199409.html |archive-date=10 Dec 2025|website=Golem |language=de}}</ref>
|-
|DeviantArt
|DeviantArt launched in 2000 and quickly became a household name among digital artists. [https://www.wix.com/press-room/home/post/wix-acquires-deviantart-pairing-wix-capabilities-with-global-creative-community But in 2017 WiX] bought the website and in 2022 had made all art on it's site liable to be training data by default. They then back peddled and then set all art to noai by default. Now they are moving basic functions to be behind their paywall. [https://www.deviantart.com/razorstargazer/journal/Deviantart-is-the-worst-website-ever-created-1309667089 Ones that were free.]
|[https://expertbeacon.com/the-ai-controversy-on-deviantart-how-a-creative-paradise-became-a-battleground/][https://www.wix.com/press-room/home/post/wix-acquires-deviantart-pairing-wix-capabilities-with-global-creative-community]
|-
|[[Dell]] and [[HP]]
|HP and Dell have disabled HEVC (H.264/H.265) hardware encoding and decoding support built into their laptops’ CPUs using both Intel and AMD processors.
|<ref>{{Cite web |last=Harding |first=Scharon |date=2025-11-21 |title=HP and Dell disable HEVC support built into their laptops’ CPUs |url=https://arstechnica.com/gadgets/2025/11/hp-and-dell-disable-hevc-support-built-into-their-laptops-cpus/ |url-status=live |archive-url=https://web.archive.org/web/20251121083438/https://arstechnica.com/gadgets/2025/11/hp-and-dell-disable-hevc-support-built-into-their-laptops-cpus/ |archive-date=2025-11-21 |access-date=2025-11-21 |website=Ars Technica}}</ref>
|-
|DotPe cyber-sec negligence
|In 2024, an Indian company that provides digital services to food-chains got trivially hacked/cracked, allowing anyone to get customer data and company revenue-stats across many countries
|<ref>https://web.archive.org/web/20240923081639/https://peabee.substack.com/p/whats-inside-the-qr-code-menu-at</ref>
|-
|E621
|Terms of service that require agreement to forced arbitration to use the website.
|<ref>{{Cite web |date=2025-10-02 |title=E621 |url=https://e621.net/ |url-status=live |archive-url=http://web.archive.org/web/20260128164339/https://e621.net/ |archive-date=28 Jan 2026|website=E621}}</ref>
|-
|[[EcoVac]]
|Vacuum cleaner robots produced by company 'EcoVac' were found vulnerable to hacking over bluetooth allowing for remote control and access to camera feed. Security researcher Dennis Giese notified the company in December of 2023. In August of 2024, the issue was described by the company as "extremely rare in typical user environments and require specialized hacking tools and physical access to the device."
|<ref>{{Cite web |last=Fell |first=Julian |date=2024-10-04 |title=We hacked a robot vacuum — and could watch live through its camera - ABC News |url=https://www.abc.net.au/news/2024-10-04/robot-vacuum-hacked-photos-camera-audio/104414020 |url-status=live |archive-url=http://web.archive.org/web/20251128025250/https://www.abc.net.au/news/2024-10-04/robot-vacuum-hacked-photos-camera-audio/104414020 |archive-date=28 Nov 2025|access-date=2025-09-10 |website=ABC News}}</ref><ref>{{Cite web |last=Franceschi-Bicchierai |first=Lorenzo |date=2024-08-09 |title=Ecovacs home robots can be hacked to spy on their owners, researchers say {{!}} TechCrunch |url=https://techcrunch.com/2024/08/09/ecovacs-home-robots-can-be-hacked-to-spy-on-their-owners-researchers-say/ |url-status=live |archive-url=https://web.archive.org/web/20260222212044/https://techcrunch.com/2024/08/09/ecovacs-home-robots-can-be-hacked-to-spy-on-their-owners-researchers-say/ |archive-date=2026-02-22 |access-date=10 Aug 2024}}</ref><ref>{{Cite web |last=Franceschi-Bicchierai |first=Lorenzo |date=2024-08-15 |title=Lorenzo Franceschi-Bicchierai on X: "Finally, Ecovacs responds to the researchers' findings, saying it won't fix the bugs. |url=https://x.com/lorenzofb/status/1823774980460388675 |url-status=live |archive-url=http://web.archive.org/web/20241108194816/https://x.com/lorenzofb/status/1823774980460388675 |archive-date=8 Nov 2024}}</ref>
|-
|[[Elegoo Centauri Carbon|Elegoo]]
|The Elegoo Centauri Carbon 3d printer has been proven to use open source Klipper software which requires them to publish their changes to the code.
|<ref>{{Cite web |date=2025-08-28 |title=PSA: Elegoo Centauri Carbon & GPL Compliance |url=https://freethecode.lol/ |url-status=live |archive-url=http://web.archive.org/web/20251206142736/https://freethecode.lol/ |archive-date=6 Dec 2025|access-date=2025-08-28 |website=PSA: Elegoo Centauri Carbon & GPL Compliance}}</ref>
|-
|Foxit Reader
|Updater uses dark pattern to trick unsuspecting users into installing a trial version of their paid product. The checkbox is enabled again by default with each update in the hope that the user misses it by accident at some point.
|
|-
|[[Gaggia]]
|Between 2015 to 2019, the redesigned Gaggia Classic removed the traditional three-way solenoid valve. The valve was restored in the 2019 Gaggia Classic Pro after criticism and backlash from the espresso enthusiast community.
|<ref>{{Cite web |last=Waddell |first=Kelsey |date=2023-03-23 |title=Gaggia Classic vs Pro: A Closer Look at the Differences |url=https://www.roastycoffee.com/gaggia-classic-vs-pro/ |website=Roasty Coffee}}</ref>
|-
|[[Google Chromecast]]
|Chromecast has transitioned from a standalone product to one that [[Forced_app_download|requires the Google Home app]] for setup and control. This change prevents customers who either don't own a smartphone or prefer not to use the app from accessing their Chromecast devices. As a result, certain televisions—such as the Caixon EC43S1UA, which relied on built-in Chromecast functionality—can no longer be used as intended. This effectively removes a key feature from a product that was already purchased, diminishing its value or rendering it unusable altogether.
|
|-
|Google TLS Changes
|Google's new requirements to certificate authorities require separate authority/signing chains to be used to issue Server Authentication and Client Authentication certificates. Therefore, starting 11 February 2026, Let's Encrypt will no longer include the Client Authentication EKU on default certificates
|
|-
|[[Google]]
|Google apparently plans to reduce the interval of publishing source code of security patches they consider non-critical. This is another blow to the custom ROM community.
Right now we don't have these incidents organised chronologically, maybe we should have a table with a timeline of measures Google takes to enshittify and close down Android (more APIs moved to Play Services, Developer verification, withholding AOSP device trees for Pixel devices to mess with Graphene OS, now delayed source code disclosure). What's worst, they always cite safety as a reason.
|<ref>{{Cite web |title=Exclusive: Google wants to make Android phones safer by switching to ‘risk-based’ security updates |url=https://www.androidauthority.com/android-risk-based-security-updates-3597466/ |archive-url=http://web.archive.org/web/20260107025310/https://www.androidauthority.com/android-risk-based-security-updates-3597466/ |archive-date=7 Jan 2026 |website=Android Authority}}</ref>
|-
|Google Maps
|Google restricts data visible in Google Maps for users who are not signed in with an account (see [[Forced account]]). Reviews and photos are no longer visible without login. This also forces users to agree to Google's TOS and logs them into all other Google services, such as YouTube or Google Search so that now all their data in those other services is associated with their accounts. This also raises concerns that other services such as YouTube might follow.
|<ref>{{Cite web |date=14 Feb 2026 |title=Google Maps now forces you to sign-in |url=https://www.reddit.com/r/GoogleMaps/comments/1r4iauf/google_maps_now_forces_you_to_signin/ |archive-url=https://web.archive.org/web/20260223032117/https://old.reddit.com/r/GoogleMaps/comments/1r4iauf/google_maps_now_forces_you_to_signin/ |archive-date=23 Feb 2026 |website=Reddit}}</ref><ref>{{Cite web |date=17 Feb 2026 |title=Can't view images without logging in? |url=https://www.reddit.com/r/GoogleMaps/comments/1r74v0f/cant_view_images_without_logging_in/ |archive-url=https://web.archive.org/web/20260223032213/https://old.reddit.com/r/GoogleMaps/comments/1r74v0f/cant_view_images_without_logging_in/ |archive-date=23 Feb 2026 |website=Reddit}}</ref>
|-
|[[Google]], [[Mozilla]], [[Apple]], [[Microsoft]], but largely Google-led
|Google Chrome, Mozilla Firefox, and Safari are removing XSLT 1.0 support, which could break critical parts of government's websites worldwide<ref>{{Cite web |last=Dimant |first=Dimitrii "Mamut" |date=2025-08-10 |title=XSLT removal will break multiple government and regulatory sites across the world #11582 |url=https://github.com/whatwg/html/issues/11582 |url-status=live |archive-url=http://web.archive.org/web/20260211221059/https://github.com/whatwg/html/issues/11582 |archive-date=11 Feb 2026|access-date=2025-10-25 |website=Github (specifically the Web Hypertext Application Technology Working Group's HTML standards repo, controlled by Mozilla, Google, Microsoft and Apple)}}</ref>. There are valid security reasons for them to want to stop supporting this 1999-era standard, however they have had 26+ years to update to a newer standard (such as the 2017-era 3.1 standard, which is backwards compatible and would allow these sites to continue to work<ref>{{Cite web |date=2017-03-21 |title="XML Path Language (XPath) 3.1: W3C Recommendation 21 March 2017" |url=https://www.w3.org/TR/xpath-31/ |url-status=live |archive-url=http://web.archive.org/web/20260116015839/https://www.w3.org/TR/xpath-31/ |archive-date=16 Jan 2026|website=W3C}}</ref>). The single unpaid developer maintaining these libraries has more or less retired after getting flooded with impossible to satisfy security requests from these companies<ref>{{Cite web |last=Wellnhoffer |first=Nick |date=2025-05-08 |title=Triaging security issues reported by third parties |url=https://gitlab.gnome.org/GNOME/libxml2/-/issues/913 |url-status=live |archive-url=http://web.archive.org/web/20260131231248/https://gitlab.gnome.org/GNOME/libxml2/-/issues/913 |archive-date=31 Jan 2026|access-date=2025-10-25 |website=gitlab.gnome.org}}</ref>. There is an existing project called XRUST to implement the 3.1 standard<ref>{{Cite web |date=2025-05-09 |title=XRust: XPath, XQuery, and XSLT for Rust |url=https://gitlab.gnome.org/World/Rust/markup-rs/xrust |url-status=live |archive-url=http://web.archive.org/web/20260204085435/https://gitlab.gnome.org/World/Rust/markup-rs/xrust |archive-date=4 Feb 2026|access-date=2025-10-14 |website=gitlab.gnome.org}}</ref>, which is 2/3rds of the way through supporting all the features of 1.0 - the XSLT part fully supports all the 1.0 features at this point. XSLT is part of the W3C Consortium's open web standards for formatting and presenting XML, and is also how RSS works, so RSS feeds would stop working as well, disrupting the livelihoods of podcasters<ref>{{Cite web |last=Rijo |first=Luis |date=2025-08-20 |title=Google targets RSS feeds in new XSLT removal proposal |url=https://ppc.land/google-targets-rss-feeds-in-new-xslt-removal-proposal/ |url-status=live |archive-url=https://web.archive.org/web/20260222212228/https://ppc.land/google-targets-rss-feeds-in-new-xslt-removal-proposal/ |archive-date=22 Feb 2026|access-date=2025-10-14 |website=PPC-Land}}</ref>. This has led to questions of who owns the web - the public (including the government) who paid for and laid down the highways / web infrastructure - or a handful of large corporations? <ref>{{Cite web |last=Branscombe |first=Mary |date=2025-09-01 |title=XSLT Debate Leads to Bigger Questions of Web Governance |url=https://thenewstack.io/xslt-debate-leads-to-bigger-questions-of-web-governance/ |url-status=live |archive-url=http://web.archive.org/web/20260131231310/https://thenewstack.io/xslt-debate-leads-to-bigger-questions-of-web-governance/ |archive-date=31 Jan 2026|access-date=2025-10-14 |website=The New Stack}}</ref>
|
|-
|[[GoPro]] Hero 12
|GoPro Hero 12 requires the GoPro app to be installed before you can use the camera. Many currently used devices are not compatible with the app, therefore making use of the camera difficult to impossible for new owners or upon camera factory reset. There's also the question of what data the app collects and whether it requires login and or camera activation.
|
|-
|[[Hikvision]]
|Chinese surveillance camera manufacturer complicit in Uighur genocide which used to advertise recognition of praying and ramadan fasting among its selling points. Similarly to [[Flock license plate readers|Flock]], they are in use world wide and likely feed directly into the Chinese government's surveillance infrastructure and could conceivably be used to find dissidents world-wide. Recently, [https://netzpolitik.org/2025/hikvision-hersteller-der-hamburger-ki-ueberwachungskameras-ist-fuer-menschenrechtsverletzungen-bekannt/ the city of Hamburg has installed them] ([https://netzpolitik-org.translate.goog/2025/hikvision-hersteller-der-hamburger-ki-ueberwachungskameras-ist-fuer-menschenrechtsverletzungen-bekannt/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de&_x_tr_pto=wapp Google Translate Version in English]).
|
|-
|[[Internet radios]]
|I'd like a page where I can share information about internet radios "openness." Few allow you to enter a radio station's URL (which I would consider the least intrusive option). Most depend on third-party websites or apps; [https://www.sangean.com/uk/blog/149 some of which have already bricked devices].
|
|-
|[[IPVideo Corporation]] (owned by [[Motorola]])
|Manufacturer of surveillance hardware. The notable example that brought them to my attention is the Halo 3C/3C-PC Smart Sensor, which is deployed in places such as school bathrooms and subsidized/social housing. This system has a variety of sensors on it, from air quality ones (for detecting smoking/vape usage) all the way to microphones (ostensibly for audio analysis to identify aggression and gunshots, without the capability to stream the audio elsewhere, but this not a limitation built into the hardware and could be changed by a firmware update).
|<ref>{{Cite_web |last=Reynaldo |last2=nyx |name-list-style=amp |date=2025-10-10 |title=DEF CON 33 - Unmasking the Snitch Puck: IoT surveillance tech in the school bathroom |url=https://youtu.be/WCnojaEpF2I |publisher=DEF CON |url-status=live |archive-url=https://preservetube.com/watch?v=WCnojaEpF2I |archive-date=16 Feb 2026}}</ref><ref>{{Cite_web |access-date=2025-10-26 |url=https://www.pelco.com/sensors |url-status=live |archive-url=https://web.archive.org/web/20250922000017/https://www.pelco.com/sensors |archive-date=2025-09-22 |title=HALO Smart Sensor Suite |website=PELCO}}</ref>
|-
|[[iRacing]]
|iRacing is a racing game that's subscription-based, requiring payment just to play the actual game in either online or offline mode.
|
|-
|[[itch.io]], [[Night School Studios]], [[Netflix]]
|In September 2024, users who purchased the game Oxenfree on itch.io were warned that the game was going to be pulled from the platform on October 1st. Consumers would not be able to download the installers after this date, so they would lose access unless they had them backed up. Users speculated that Netflix, the parent company of the development studio, had ordered the move; however, no response from Netflix or the developers was ever published. This is particularly notable because it is against itch.io's terms of service: "Users shall retain a license to this content even after the content is removed from the Service."
|<ref>{{Cite web |last=itch corp |date=15 Apr 2023 |title=itch.io Terms of Service |url=https://itch.io/docs/legal/terms |url-status=live |archive-url=https://web.archive.org/web/20240907004719/https://itch.io/docs/legal/terms |archive-date=7 Sep 2024 |access-date=27 Jun 2025 |website=itch.io}}</ref> <ref>{{Cite web |last=ShawnS |date=31 Jan 2025 |title=OXENFREE |url=https://delistedgames.com/oxenfree/ |url-status=live |archive-url=https://web.archive.org/web/20250321070400/https://delistedgames.com/oxenfree/ |archive-date=21 Mar 2025 |access-date=27 Jun 2025 |website=Delisted Games}}</ref> <ref>{{Cite web |last=Colp |first=Tyler |date=9 Sep 2024 |title=Another reminder that your digital library isn't forever: Oxenfree will be completely removed from Itch.io next month |url=https://www.pcgamer.com/games/adventure/another-reminder-that-your-digital-library-isn-t-forever-oxenfree-will-be-completely-removed-from-itch-io-next-month/ |url-status=live |archive-url=https://web.archive.org/web/20250523111125/https://www.pcgamer.com/games/adventure/another-reminder-that-your-digital-library-isn-t-forever-oxenfree-will-be-completely-removed-from-itch-io-next-month/ |archive-date=23 May 2025 |access-date=27 Jun 2025 |website=PC Gamer}}</ref>
|-
|[[The Japan Times|Japan Times, The]]
|The Japan Times uses the DMCA to take down an open source study resource for the Genki and Quartet workbooks.
|<ref>{{Cite web |last=Clydesdale |first=Seth |date=2025-09-11 |title=Important Information Regarding Genki and Quartet Study Resources |url=https://ko-fi.com/post/Important-Information-Regarding-Genki-and-Quartet-D1D21L4B1S |url-status=live |archive-url=http://web.archive.org/web/20251116072121/https://ko-fi.com/post/Important-Information-Regarding-Genki-and-Quartet-D1D21L4B1S |archive-date=16 Nov 2025}}</ref><ref>{{Cite web |title=Update Regarding Genki and Quartet Study Resources DMCA Situation |url=https://ko-fi.com/post/Update-Regarding-Genki-and-Quartet-Study-Resources-Y8Y21M1F5E |url-status=live |archive-url=http://web.archive.org/web/20251115073152/https://ko-fi.com/post/Update-Regarding-Genki-and-Quartet-Study-Resources-Y8Y21M1F5E |archive-date=15 Nov 2025}}</ref><ref>{{Cite web |date=2025-10-03 |title=All Exercises for Genki/Quartet Study Resources Have Been Removed |url=https://ko-fi.com/post/All-Exercises-for-GenkiQuartet-Study-Resources-Wi-R6R81M8LLN |archive-url=http://web.archive.org/web/20251113045244/https://ko-fi.com/post/All-Exercises-for-GenkiQuartet-Study-Resources-Wi-R6R81M8LLN |archive-date=13 Nov 2025}}</ref>
|-
|[[KOSA]]
|KOSA claims to make kids safer, but it’s really a dangerous censorship bill that would give the U.S. government unprecedented control over the internet. This would put youth in danger by preventing them from accessing potentially life-saving resources.
|<ref>{{Cite web |last=Fight for the Future |first= |date=2026-01-24 |title=Reject online censorship. Tell lawmakers to oppose KOSA! |url=https://www.stopkosa.com/ |url-status=live |archive-url= |archive-date= |access-date=2026-01-24 |website=Stop KOSA}}</ref><ref>https://web.archive.org/web/20250228145348/https://www.houstonchronicle.com/news/houston-texas/education/article/Katy-ISD-blocks-LGBTQ-resources-suicide-16647274.php</ref>
|-
|[[LBRY]] Foundation, [[Odysee]]
|Community first decentralization & Odysee's plan to enable censorship by switching away from the opensource LBRY network.
|<ref>{{Cite web |title=The LBRY Foundation |url=https://lbry.org/ |url-status=live |archive-url=http://web.archive.org/web/20260211161516/https://lbry.org/ |archive-date=11 Feb 2026|access-date=2025-08-08 |quote=The LBRY community invites everyone to join us in building a more free and open way to share content and information online.}}</ref><ref name=":2">{{Cite news |last=Watson |first=RT |date=6 Jun 2024 |title=Decentralized YouTube alternative Odysee acquired by Forward Research despite content concerns |url=https://www.theblock.co/post/298888/decentralized-youtube-alternative-odysee-acquired-by-forward-research-despite-content-concerns |url-status=live |archive-url=http://web.archive.org/web/20251127094918/https://www.theblock.co/post/298888/decentralized-youtube-alternative-odysee-acquired-by-forward-research-despite-content-concerns |archive-date=27 Nov 2025|access-date=16 Aug 2025 |work=The Block}}</ref><ref>{{Cite journal |last=Li |first=Jun |last2=Grintsvayg |first2=Alex |last3=Kauffman |first3=Jeremy |last4=Fleming |first4=Charles |date=2020 |title=LBRY: A Blockchain-Based Decentralized Digital Content Marketplace |url=https://ieeexplore.ieee.org/document/9126007 |journal=2020 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS) |location=Oxford, UK |publisher=IEEE |doi=10.1109/DAPPS49028.2020.00005 |isbn=978-1-7281-6978-1 |via=IEEE Xplore |url-status=live |archive-url=http://web.archive.org/web/20250825221749/https://ieeexplore.ieee.org/document/9126007/ |archive-date=25 Aug 2025}}</ref>
|-
|[[LG]]
|LG discontinued its LG Bluetooth Remote app (including plugins such as "btc4") making it non-public on the Play Store and making Bluetooth controllable devices (like for example the CM2630B) half as useful, without even publishing neither the protocol used to control such devices nor the source code of the app.
|
|-
|[[Lowe's]]
|Lowe's uses flock cameras and other AI powered cameras to collect data and build a profile on "prospective, current, or former Lowe's customers". Their cameras point away from their stores.
|<ref>{{Cite web |last=Koebler |first=Jason |date=6 Aug 2025 |title=Home Depot and Lowe's Share Data From Hundreds of AI Cameras With Cops |url=https://www.404media.co/home-depot-and-lowes-share-data-from-hundreds-of-ai-cameras-with-cops/ |url-status=live |archive-url=http://web.archive.org/web/20260216173226/https://www.404media.co/home-depot-and-lowes-share-data-from-hundreds-of-ai-cameras-with-cops/ |archive-date=16 Feb 2026|access-date=15 Sep 2025 |website=404 Media}}</ref><ref>{{Cite web |date=26 Aug 2025 |title=Lowe’s U.S. Privacy Statement |url=https://www.lowes.com/l/about/privacy-and-security-statement |url-status=live |archive-url=http://web.archive.org/web/20251228013530/https://www.lowes.com/l/about/privacy-and-security-statement |archive-date=28 Dec 2025|access-date=15 Sep 2025 |website=Lowe's}}</ref>
|-
|[[McDonald's]]/Taylor
|McDonald's US mandates which ice cream machine has to be used by franchise licensees. The company that makes these machines uses deliberately obfuscated error codes to force restaurant owners to use their expensive tech service to fix them and reset the machines. The company makes more money from these "repairs" support than with actual sales. Not strictly end consumer, but the pattern warrants documenting imo.
A similar problem exists with Doremi (Dolby) cinema projectors where their DRM leads to a ridiculous number of actions breaking the so-called "marriage" (projector-media block unity), requiring a costly technician to reset it. This one needs sources researched, though, as I don't have one on hand.
|<ref>{{Cite web |title=Why McDonald's Ice Cream Machines Are Always Broken and How To Fix Them |url=https://www.youtube.com/watch?v=2uCpY3tFTIA |url-status=live |archive-url=https://preservetube.com/watch?v=2uCpY3tFTIA |archive-date=22 Feb 2026}}</ref>
|-
|Microsoft
|Microsoft's Android keyboard app SwiftKey set to make it impossible to backup user data without a Microsoft Account, backups must be stored in Microsoft cloud
|<ref>{{Cite web |last=Roth |first=Emma |date=18 Mar 2026 |title=SwiftKey will soon require a Microsoft account to save your typing info. |url=https://www.theverge.com/tech/896859/swiftkey-will-soon-require-a-microsoft-account-to-save-your-typing-info}}</ref>
|-
|[[Minut]]
|Minute sells sensors and alarms. They released an alarm (Point) on kickstarter that long after release got a firmware update adding forced subscription if more than one person wanted to use the alarm.
|<ref>https://www.kickstarter.com/projects/minut/pointthe-friendly-home-alarm</ref>
<ref>https://www.minut.com/</ref>
|-
|[[Mitsubishi Motors]]
|Mitsubishi Motors has a rich history of consumer protection, compliance issues and privacy breaches. These include concealing safety defects, falsifying fuel economy data, and being fined for false advertising. Following the trend of subscription services for the automotive industry, Mitsubishi paywalls built-in features including remote start, SOS, collision detection, and car tracking through its app Mitsubishi Connect subscription service.
|[https://www.autoevolution.com/news/mitsubishi-fined-42-million-by-japans-consumer-affairs-agency-115026.html?utm_source=chatgpt.com] [https://leakd.com/leaks/mitsubishi-motors-vietnam-customer-data-breached/?utm_source=chatgpt.com] [https://en.wikipedia.org/wiki/Mitsubishi_Motors?utm_source=chatgpt.com] [https://violationtracker.goodjobsfirst.org/?order=pen_year&parent=mitsubishi-motors&sort=&utm_source=chatgpt.com][https://www.mitsubishi-motors.com/en/newsroom/newsrelease/2017/20171129_3.html?utm_source=chatgpt.com]
|-
|Multiple
|Several legal cases involving forced arbitration in some manner; many of these relate to other anticonsumer practices, such as when Wells Fargo illegally opened up ~3.5M fake checking and credit accounts in customers' names. Highly advised to deeply scrub for supplementary sources.
|<ref>{{Cite web |date=Apr 16, 2019 |title=Fact Sheet: Cases Tossed Out of Court Because of Forced Arbitration Causes and Class Action Bans |url=https://www.centerjd.org/content/fact-sheet-cases-tossed-out-court-because-forced-arbitration-causes-and-class-action-bans#_ftn1 |access-date=Feb 12, 2026 |website=Center for Justice & Democracy at New York Law School |url-status=live |archive-url=http://web.archive.org/web/20251013145327/https://centerjd.org/content/fact-sheet-cases-tossed-out-court-because-forced-arbitration-causes-and-class-action-bans |archive-date=13 Oct 2025}}</ref>
|-
|MuseGroup (MuseSounds)
|Releasing more and more subscription sound packs while previously released one-time purchase sound packs are full of bugs/issues and have gone without updates for sometimes over a year. They have also increased the price of one-time purchase packs by about 500% while still providing no additional or improved functionality.
They also added unsolicited popups advertising their paid sound packs at startup of the open source MuseScore application, as well as buttons and commands for their cloud service to the home screen, which cannot be disabled. They previously ran into controversy when changing the privacy policy of Audacity and tried to add tracking. The closed-source MuseHub application (which is required to download the free sound packs) connects to tracking services with neither a real opt-in nor an opt-out option. Newer versions of MuseHub now seem to [[Forced account|require an account]] to download free sound packs and sound effects, which previously was not the case. Muse Hub starts at every system launch by default and stays active in the background despite this not being required for its functionality. They also added proprietary parts to MuseScore (like the MuseSample), which is kept closed source. They also bought StaffPad and seem to have quietly ceased its development without publishing any statements.
|
|-
|[[Navdy]], [[Harman International]]
|Device discontinued and no updates, device can be used offline for 1 year until it stops working.
https://www.reddit.com/r/navdy/
|
|-
|[[Netgear]] (internet networking equipment)
|Almost every Netgear internet router requires the creation of a new account to function as a router (see [[Forced account]]), where the TOS includes an agreement to binding arbitration. Most if not all devices are locked into proprietary firmware with no option to change. Some automatic updates have reportedly cause loss of performance with option to revert to a previous version, "bricking" the device in some cases.
Engages in anti-consumer practices, requiring a subscription for basic WiFi-router features such as parental controls. According to a blogpost by a senior employee, grew from "45% in 2016 to over 60% in 2019" of the US consumer router market. In 2025, Netgear is "being sued by TP-Link for a 'Smear Campaign' to Advance US Router Ban [of it's competitor TP-Link].
|[https://www.netgear.com/about/terms-and-conditions/ <nowiki>[62]</nowiki>]
[https://kb.netgear.com/000062104/What-subscription-plans-are-available-for-NETGEAR-Smart-Parental-Controls <nowiki>[63]</nowiki>]
[https://www.netgear.com/hub/author/abhorkar/ <nowiki>[64]</nowiki>]
[https://www.pcmag.com/news/tp-link-accuses-netgear-of-smear-campaign-to-advance-us-router-ban?test_uuid=04IpBmWGZleS0I0J3epvMrC&test_variant=B <nowiki>[65]</nowiki>]
|-
|[https://www.nexigroup.com/ Nexi S.p.A.]
|Nexi is a payment services provider based in Italy, which has been used by the [https://fsfe.org/ Free Software Foundation Europe] (FSFE) for ~ 15 years. They have allegedly been asking FSFE for personal information of FSFE executives and supporters and have recently cancelled their contract with FSFE.
|<ref>{{Cite web |date=2026-03-16 |title=450 FSFE supporters affected: Payment provider Nexi cancelled us |url=https://fsfe.org/news/2026/news-20260316-01.en.html |url-status=live |archive-url=https://web.archive.org/web/20260317162959/https://fsfe.org/news/2026/news-20260316-01.en.html |archive-date=2026-03-17 |access-date=2026-03-17 |website=FSFE - Free Software Foundation Europe}}</ref>
|-
|[[Nothing]]
|Nothing brings home-screen ads (can be disabled manually) and [[bloatware]] to its lower end models despite previously boasting about being bloatware free
|<ref>{{Cite web |last=Floemer |first=Andreas |date=2025-10-27 |title=Phone 3a: NothingOS 4.0 brings optional ads to the lock screen |url=https://www.heise.de/en/news/Phone-3a-NothingOS-4-0-brings-optional-ads-to-the-lock-screen-10904033.html |url-status=live |archive-url=https://web.archive.org/web/20260222212507/https://www.heise.de/en/news/Phone-3a-NothingOS-4-0-brings-optional-ads-to-the-lock-screen-10904033.html |archive-date=22 Feb 2026|access-date=2025-10-27 |website=Heise Online}}</ref>
|-
|Odido Netherlands B.V.
|Odido is an internet service provider in the Netherlands with a 10-15% market share [[https://www.acm.nl/nl/publicaties/acm-telecommonitor-derde-kwartaal-2025 79]]. On the 3rd of March 2026 a user reported that his Odido Zyxel EX5601-T1 router was (illegally) sending analytics data to a Turkish AI-company [[https://www.linkedin.com/pulse/odido-router-verzamelt-analytics-van-je-huishouden-sipke-mellema-0uoie/ 80]]. The user reported on the 8th of March 2026 that the router silently stopped sending this data with no formal mention/patch from Odido. The user reported on the poor security of the router and that the analytics data contained the unencrypted names of local networks, the names of devices connected to these networks, and MAC-addresses. The poor security of Odido's routers follows a massive data leak of 6.2 million customers' full legal names, phone numbers, emails, bank account numbers, passport numbers and more [[https://tweakers.net/nieuws/244656/odido-waarschuwt-voor-datalek-miljoenen-klantgegevens-gestolen-bij-cyberaanval.html 81]].
|[[https://www.acm.nl/nl/publicaties/acm-telecommonitor-derde-kwartaal-2025 79]] [[https://www.linkedin.com/pulse/odido-router-verzamelt-analytics-van-je-huishouden-sipke-mellema-0uoie/ 80]] [[https://tweakers.net/nieuws/244656/odido-waarschuwt-voor-datalek-miljoenen-klantgegevens-gestolen-bij-cyberaanval.html 81]]
(I do not know how to add these to the list)
|-
|[[OICA]] (European automotive lobby organisation)
|The OICA recently pushed for the right to emit sounds from quiet electric cars to make them as loud as conventional cars with combustion engine and against stricter noise regulation in cities. The fake engine noises in question are specifically not for safety purposes, but for emotional effect for the driver. However, instead of playing the noises only inside for just the driver to hear, the noise is to be played on speakers on the exterior, thus affecting the general public. Noise pollution has long been known to have adverse health effects. ''[NOTE: Similar to environmental aspects, greenwashing etc., we will have to find a good angle for how this fits the wiki. I would say it does match the general theme of manufacturers deliberately making their products worse for minor financial gain and lobbies pushing against things that are in public interest.]''
|<ref>{{Cite web |last=Krempl |first=Stefan |date=2026-01-07 |title=Sound Dictatorship vs. Quiet: The Battle for E-Car Roar |url=https://www.heise.de/en/news/Sound-Dictatorship-vs-Quiet-The-Battle-for-E-Car-Roar-11133630.html |url-status=live |archive-url=http://web.archive.org/web/20260108165124/https://www.heise.de/en/news/Sound-Dictatorship-vs-Quiet-The-Battle-for-E-Car-Roar-11133630.html |archive-date=8 Jan 2026|access-date=2026-01-08 |website=Heise Online}}</ref>
|-
|[[Oracle]]
|Similarly to [[Tencent]], this corp is behind many other companies, so it has a lot of power over users. Also, their CEO is very petty about letting go the [[JavaScript]] trademark<ref>https://deno.com/blog/javascript-tm-gofundme</ref>
|
|-
|[[Persona]] (Age verification service)
|Used by Discord to do age verification using facial 3d scans, which are transmitted to Persona servers. It has been revealed that the company has ties to Palantir and Peter Thiel.
|<ref>{{Cite web |last=Carpenter |first=Lincoln |date=13 Feb 2026 |title=Oh, good: Discord's age verification rollout has ties to Palantir co-founder and panopticon architect Peter Thiel |url=https://www.pcgamer.com/software/platforms/oh-good-discords-age-verification-rollout-has-ties-to-palantir-co-founder-and-panopticon-architect-peter-thiel/ |archive-url=http://web.archive.org/web/20260221224755/https://www.pcgamer.com/software/platforms/oh-good-discords-age-verification-rollout-has-ties-to-palantir-co-founder-and-panopticon-architect-peter-thiel/ |archive-date=21 Feb 2026 |website=PCGamer}}</ref>
|-
|[[Proton]]
|Proton helped FBI unmask anonymous "Stop Cop City" protestor
|<ref>https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/</ref>
|-
|[https://www.skystone.games/ Skystone Games]
|Boundary, a multiplayer online-only first-person shooter, got shut down just a year after its release by Skystone games, and its publishing rights relinquished, citing "ongoing delays and a lack of updates from the developer". Studio Surgical Scalpels (the developer) stated that the publisher decissions were "extremely sudden and unreasonable", and attempted to "regain the rights to boundary". The game has been offline for more than a year at the time of writing, and no refunds or communications to the userbase has been made by Skystone Games.
|<ref>{{Cite web |date=2024-06-19 |title=Boundary - End of service notice |url=https://store.steampowered.com/news/app/1364020/view/4209257868262605607?l=english |url-status=live |access-date=2025-07-07 |website=Steam |archive-url=http://web.archive.org/web/20251021143111/https://store.steampowered.com/news/app/1364020/view/4209257868262605607?l=english |archive-date=21 Oct 2025}}</ref><ref>{{Cite web |date=2024-06-30 |title=Boundary Shut Down: Who's to Blame? |url=https://www.youtube.com/watch?v=Kr8IhV1fovE |url-status=live |archive-url=https://preservetube.com/watch?v=Kr8IhV1fovE |archive-date=16 Feb 2026}}</ref>
|-
|[[Sony]], Sony Online Entertainment/[[Daybreak Game Company]]
|Selling off SOE to the investment firm Columbus Nova, all games published by SOE were delisted without prior notice to consumers or developers, and licenses were revoked as well.
|<ref>{{Cite web |last=S |first=Shawn |date=Jun 10, 2016 |title=Akimi Village |url=https://delistedgames.com/akimi-village/ |url-status=live |archive-url=http://web.archive.org/web/20251127030103/https://delistedgames.com/akimi-village/ |archive-date=27 Nov 2025|website=Delisted Games}}</ref><ref>{{Cite news |last=Weber |first=Rachel |date=Feb 2, 2015 |title=SOE acquired, becomes Daybreak Game Company |url=https://www.gamesindustry.biz/soe-acquired-becomes-daybreak-game-company |work=GamesIndustry.biz |url-status=live |archive-url=http://web.archive.org/web/20260204235742/https://www.gamesindustry.biz/soe-acquired-becomes-daybreak-game-company |archive-date=4 Feb 2026}}</ref>
|-
|[[Superbox]]
|Android TV box manufacturer Superbox remotely locks consumers' devices if they were sold below the manufacturer's minimum specified prices and asks consumers to contact the retailer when they complain.
They are not the first to do something like this. [[Deye]] locked down inverters in the US that they suspected might be gray imports.
|<ref>{{Cite web |title=You'll Own Nothing and Be Happy |url=https://www.youtube.com/watch?v=5I5-rAyFQrk |website=YouTube |type=Video |url-status=live |archive-url=https://preservetube.com/watch?v=5I5-rAyFQrk |archive-date=16 Feb 2026}}</ref>
|-
|[[Superhive]]
|Customers, when purchasing executable code ("add-ons") were promised lifetime updates. Creators are getting announcements that updates are now limited to one year, even on products previously purchased with lifetime updates.
|https://youtu.be/042ltF-6a-w
|-
|[[TCL]]
|[[wikipedia:TCL_Technology|WP]]. Misleading advertising. Software and firmware full of bugs (such as screens "randomly" turning off)<ref>https://reddit.com/r/nxtpaper/comments/1nckzv5/comment/obv34b6/</ref>. Taking years to upgrade Android phones, and lying about the expected dates. Refusing to comply with Google policies and some gov regulations
|<ref>https://www.notebookcheck.net/TCL-can-t-advertise-TVs-as-QLED-since-they-lack-in-quantum-dots-and-color-accuracy.1243552.0.html</ref><ref>https://reddit.com/r/nxtpaper/comments/1nckzv5/tcl_update_policy/</ref><ref>https://reddit.com/r/Android/comments/vvnuq6/tcl_has_been_actively_ignoring_my_firmware/</ref>
|-
|[[Twitch]]
|Twitch has recently partnered with Persona to verify the ages of new affiliates before first payouts.
|
|-
|[[UP3]] By [[Jawbone]]
|Approximately 2011, Pioneering startup company from San Francisco, had revolutionary fitness trackers. In 2017 with no notice to customers they stole personal data and shut down app which in turn, bricked devices. Highly likely went bankrupt and sold to sister company to manipulate customer services and rights. Now owned by Aliph brands.
|
|-
|[[Vive]]
|In 2022, Vive discontinued the original Vive Facial Tracker module a year after the original release, then released an updated model with proprietary firmware that blocked use on other 3rd party VR headset, while only allowing the new model to work with their new locked-down headset. The 2021 version of the face tracker's long term support was seemingly cut overnight without any software updates since 2021.
|<ref>{{Cite web |last=Vive Team |date=2022-08-07 |title=VIVE Focus 3 gets Facial Tracker, and Eye Tracker |url=https://blog.vive.com/us/vive-focus-3-gets-facial-tracker-and-eye-tracker/ |url-status=live |archive-url=https://web.archive.org/web/20250619155201/https://blog.vive.com/us/vive-focus-3-gets-facial-tracker-and-eye-tracker/ |archive-date=2025-06-19 |access-date=2025-09-21 |website=Vive Blog}}</ref><ref>{{Cite web |last=StateKi |date=2023-10-10 |title=Post by StatekTi on X |url=https://x.com/StatekTi/status/1733954156379963393 |url-status=live |archive-url=https://archive.ph/DiYbF |archive-date=9 Jan 2026 |access-date=2025-11-21 |website=X (Formerly Twitter)}}</ref>
|-
|[[WHMCS]]
|Discontinuation of support and updates for WHMCS legacy “Owned” licenses, forcing users who want ongoing updates or technical support to switch to subscription licensing and pay recurring fees rather than continue with the original owned model. This change affects all holders of legacy owned licenses and alters the long-term terms under which those licenses were originally sold
|<ref>{{Cite web |title=WHMCS Knowledgebase |url=https://www.whmcs.com/members/index.php/knowledgebase/70/Support-and-Updates-Expiration.html |url-status=live |archive-url=http://web.archive.org/web/20251211021038/https://www.whmcs.com/members/index.php/knowledgebase/70/Support-and-Updates-Expiration.html |archive-date=11 Dec 2025}}</ref><ref>{{Cite web |title=Important pricing changes to your WHMCS owned license Mailer |url=https://www.whmcs.com/members/mailings/?k=price21-emailo |url-status=live |archive-url=https://web.archive.org/web/20260215233549/https://www.whmcs.com/members/mailings/?k=price21-emailo |archive-date=15 Feb 2026}}</ref>
|-
|Wheatstone Corporation
|Wheatstone Corporation are a manufacturer of professional broadcast equipment, mainly audio consoles and interfaces that utilise their proprietary Wheatnet audio over IP protocol.
Wheatstone restricts access to firmware updates, software configuration tools and software. You must open a support ticked in order for them to send you a download link to these software tools, they make it very difficult to access software required to make their hardware audio interfaces work, even stating they want proof of purchase (not just a licence key) before they will even give you the download link. Managing licences is also non-existent and you will need to contact support, and as such a fee is imposed.
|
|-
|[[Wireless Power Consortium]]
|After monopolizing wireless charging market Qi turned from an open standard into a proprietary.
Version 1.3 introduced "secure authentication between the transmitter and the receiver", i.e. in order to operate every charger must include an expensive proprietary chip licensed only to certified members. This results in increased development and manufacturing costs directly passed onto consumer. Version 2.2, unlike previous versions, "is available for WPC Members only".
|<ref>{{Cite web |title=Qi Certification Is Changing and We've Got You Covered |url=https://www.nxp.com/company/about-nxp/smarter-world-blog/BL-QI-CERTIFICATION-IS-CHANGING |url-status=live |archive-url=http://web.archive.org/web/20251104012700/https://www.nxp.com/company/about-nxp/smarter-world-blog/BL-QI-CERTIFICATION-IS-CHANGING |archive-date=4 Nov 2025|website=NXP Semiconductors}}</ref>
<ref>{{Cite web |title=Download the Qi Specifications |url=https://www.wirelesspowerconsortium.com/knowledge-base/specifications/download-the-qi-specifications/ |url-status=live |archive-url=http://web.archive.org/web/20251104094044/https://www.wirelesspowerconsortium.com/knowledge-base/specifications/download-the-qi-specifications/ |archive-date=4 Nov 2025|website=Wireless Power Consortium}}</ref>
|-
|Wolfgang Puck Bread Makers
|Some of the bread makers have anti repair screws in them to prevent people from repairing them themselves. Needs more citations.
|
|-
|[[World Orb]]
|World Network (Sam Altman/Open AI) scheme to collect biometric data on all people. Tied to cryptocurrency, AI schemes. Supposedly way for people to show they are human (run by the people who are trying to make a profit from AI).
|
|-
|[[Xcode]] support dropped for older MacBooks
|Apple has discontinued support for up to date versions of Xcode iOS development on older MacBook devices (discovered on my MacBook Pro 2017, but I’m sure it applies to other old devices as well), resulting in not being able to use a perfectly capable machine for iOS app development without having to go through countless loopholes. 1) you cannot commit new updates without utilizing a third-party medium, 2) the warning and error compiler is out of date due to not being able to update to the latest version, which of course supports the latest iOS release, so you have to figure it out on your own like it’s the 80’s 3) you must commit and release a new TestFlight build (through [1] loophole) to do any testing instead of being able to simulate on your Mac or even a connected device 4) this all really stems from the fact that the new Xcode updates require the new MacOS version which is also discontinued for older MacBooks. This means 8 year old device is basically just useless for such applications.
|[[Category:Sources]]
|-
|[[Zhiyun]]
|Like competing products from [[DJI]], Zhiyun video gimbals require a Chinese smartphone app, internet access and an [[Forced account|account]] to activate on first use.
|<ref>{{Cite web |last=ZHIYUN Tutorials |date=25 Jul 2023 |title=ZHIYUN CRANE 2S Activation Tutorial |url=https://www.youtube.com/watch?v=_CjNp6pWNoQ |archive-url=https://preservetube.com/watch?v=_CjNp6pWNoQ |archive-date=23 Feb 2026 |website=YouTube}}</ref>
|-
|Kohls
|There is no option to delete your account on their website
|
|-
|Microsoft Rewards
|Used to be a good program, but over the last few years they've implemented a number of anti-user policies including extensive cool-downs for earning points on Bing, and making it more difficult to redeem points. There are multiple reports on r/microsoftrewards of people getting banned or restricted when they have over $100 worth of points that they are trying to redeem. They've also removed points opportunities that used to be interesting and engaging.
|
|-
|
|City of Berlin installs security cameras that alerts authorities about people who are "loitering without reason".
|<ref>{{Cite web |last=Krempl |first=Stefan |date=10 Mar 2026 |title=Surveillance in Berlin: When AI reports "loitering without reason" |url=https://www.heise.de/en/news/Surveillance-in-Berlin-When-AI-reports-loitering-without-reason-11206420.html |website=heise}}</ref>
|}

==List of themes not yet covered==
Consumer Rights Wiki is not an encyclopedia.

*Before proposing or making a theme article, see if you can find an article that covers the topic on wikipedia, or some other reference. If you can, just use a reference to that.
*Check the list of theme articles [[:Category:common terms]], to be sure there isn't already an article on the topic, or one closely related. Sometimes a theme may be covered by generalizing an existing article.

{| class="wikitable"
|+
!Theme
!Summary of Theme
!Refs
|-
|Anti-rollback or ARB for device firmware
|most recent example being [[Oneplus phone update introduces hardware anti-rollback]] but ain't exclusive to it. Also implemented by [[Oneplus phone update introduces hardware anti-rollback#Comparison with other manufacturers|Samsung]], [https://mavicpilots.com/threads/not-be-able-to-degrade-firmfare-of-dji-mini2-from-01-06-0200.134806/#post-1518967 DJI] (link found from [[DJI]]) and likely many more.
|
|-
|Car manufacturers replacing physical controls by touch-screens
|This is increasingly common, and puts drivers at risk. Some corps pretend touchscreens are a "premium" or "modern" feature, but are typically cheaper for them
|
|}

==List of companies doing the right thing==
It would be helpful to include examples of companies doing the right thing, even if they aren't, strictly speaking, consumer products.
{| class="wikitable"
|+
!Company
!Good deed
!Refs
|-
|APSystems
|After requests from users, the company released a firmware update that adds a local API to their EZ-1M solar micro inverter, allowing it to remain fully usable if the company ends support for the device
|<ref>{{Cite web |title=APsystems EZHI Local API User Manual |url=https://global.apsystems.com/document/apsystems-ezhi-local-api-user-manual/ |url-status=live |archive-url=http://web.archive.org/web/20251107061040/https://global.apsystems.com/document/apsystems-ezhi-local-api-user-manual/ |archive-date=7 Nov 2025|website=global.apsystems.com}}</ref>
|-
|Concept2
|Readily provides parts and diagrams. Exists under a [https://www.concept2.com/about/perpetual-purpose-trust Perpetual Purpose Trust].
|
|-
|Core Devices (from creator of Pebble Smartwatches)
|Not strictly Core Devices, but when Pebble was sold to Fitbit, the servers remained online for some time, and the Pebble app was updated to allow the Rebble community project to take over some of the Pebble server-side functionality. All backers of the upcoming Pebble 2 series of watches were refunded in full, despite it being a crowd-funding campaign.
Following Google's acquisition of Fitbit and after many years, Google released much of the Pebble Smart Watch source code on github (excluding proprietary libraries). Core Devices and Rebble replaced the usage of the proprietary libraries with open source alternatives, and released new Android and iOS apps, not only supporting the new core devices, but bringing updated support to legacy Pebble devices.
|
|-
|Fairphone
|The new Fairphones (5th and 6th generation) are availible with stock android as well as e/os, which is a fork of lineage os and a european alternative cloud provider (murena) instead of google. This has many privacy features (app tracker blocker, tor network usage, and gps spoofing) availible in a few clicks. Also degoogle apps (microg, safetynet, ...) are preinstalled therefore it is w´possible to install everything also from playstore with an anonymous account. As e/os is a fork of lineage os and there is an official guide to flash the fairphone with e/os and is officially supported, flashing lineage os is very easy.
|<ref>{{Cite web |date=2026-02-24 |title=How to manually install Android on your Fairphone |url=https://support.fairphone.com/hc/en-us/articles/18896094650513-How-to-manually-install-Android-on-your-Fairphone |url-status=live}}</ref><ref>{{Cite web |title=The Fairphone (Gen. 6) with privacy first /e/OS |url=https://shop.fairphone.com/the-fairphone-gen-6-e-operating-system |url-status=live}}</ref>
|-
|Home Assistant
|Open-source smart home platform that provides local control, automation, and interoperability for a wide range of smart home devices. Provides support for many cloud devices after they're subject to [[discontinuation bricking]].
|<ref>{{Cite web |title=Home Assistant |url=https://www.home-assistant.io/ |url-status=live |archive-url=https://web.archive.org/web/20260129222300/https://www.home-assistant.io/ |archive-date=2026-01-29 |access-date=2026-02-05}}</ref>
|-
|Noctua
|Extremely long support for old products and availability of upgrade kits
|<ref>{{Cite web |last=LMG Clips |date=19 Feb 2026 |title=The Last CPU Cooler You Will Ever Buy |url=https://www.youtube.com/watch?v=D3g4-fb6u90 |archive-url=https://preservetube.com/watch?v=D3g4-fb6u90 |archive-date=23 Feb 2026}}</ref>
|-
|Numatic International
|A UK based manufacture of commercial and consumer wet/dry floor cleaning products (vacuums, scrubbers, floor buffers) that provides a robust library of technical documents, parts breakdowns, data sheets and training for free on both new and existing products without the need to login, pay additional fees or be an approved repair facility.
|
|-
|Oral-B
|When installing the Android App, there is no login, and the user is asked for analytics tracking consent.
|
|-
|Philips
|Added files for replacement parts to Printables so you can 3D print parts for your Philips products
|
|-
|ratgdo
|A garage door opener controller developed by Paul Wieland, allowing you to locally control it (namely Chamberlain openers that would otherwise require the MyQ app for smart home features).
|<ref>{{Cite web |last=Wieland |first=Paul |title=About - ratgdo |url=https://ratcloud.llc/pages/about |url-status=live |archive-url=https://web.archive.org/web/20251213022055/https://ratcloud.llc/pages/about |archive-date=2025-12-13 |access-date=2026-02-05}}</ref>
|-
|Reticulum
|Reticulum is an open-source, decentralized networking stack designed to communicate between practically any wireless device, even without internet. Its purpose is to provide fully anonymous end-to-end encrypted communication by default, especially in the age of government surveillance. The Reticulum network, protocol, and hardware are not tied any company in particular but were initially created by Github user 'markqvist'. Honorable mention to NomadNet, which is a network of nodes that serve webpages, similar to the internet, that communicate via Reticulum.
|<ref>{{Cite web |last=markqvist |title=Reticulum Network |url=https://reticulum.network/ |access-date=2026-02-15 |website=Reticulum |archive-url=http://web.archive.org/web/20260222180553/https://reticulum.network/ |archive-date=22 Feb 2026}}</ref>
|-
|stevesgames.co.uk
|Will never put ads or in-app purchases in their computer games and will make gamees available for free after securing the companys future.
|
|-
|Tektronix
|Provided extensive product data on unsupported products to a museum, vintageTEK, and thus to tekwiki and the rest of the community.
|<ref>{{Cite web |last=Lenihan |first=Thomas F. |date=2012-02-28 |title=Copyright Notice |url=https://vintagetek.org/copyright-notice/ |url-status=live |archive-url=https://web.archive.org/web/20250828004431/https://vintagetek.org/copyright-notice/ |archive-date=2025-08-28 |access-date=2025-10-18 |website=vintageTEK museum}}</ref>
|-
|Ulanzi
|The company offers a tutorial on how users can mix their own fog juice to use with Ulanzi mini fog machines from readily available low-cost ingredients, whereas competitors sell proprietary fog juice at extortionate prices, refuse to release the formula and refuse to honour the warranty if users use anything but the OEM brand with their machines.
|<ref>{{Cite web |title=Tutorial {{!}} How to DIY Ulanzi FM01 Fog Machine Juice? |url=https://www.youtube.com/watch?v=qiq1B6-dcEM |type=Video}} ([https://preservetube.com/watch?v=qiq1B6-dcEM Archived])</ref>
|}

==See Also==

*[[Louis Rossmann - Video Directory]]
*[[Other Channels - Video Directory|Other Channels - Video Directory]]

==Reference List==
<references />

Article suggestions

2026-03-22T16:25:08Z

Rudxain: TCL incidents

This page is dedicated towards providing a communal list for users to submit potential articles to feature on the wiki, and to give editors inspiration on what pages they might want to add to the wiki. If you create an article based on an entry from this list, or see that someone else has done so, please make sure to delete the row from this page in order to prevent confusion.

Sources should be inserted within the 'refs' section of the table. If using the visual editor, take advantage of '<nowiki/>'''insert reference'''<nowiki/>' via ''''ctrl + shift + k'''<nowiki/>' so that the sources are quick to add to future articles. If you are using the source editor, feel free to copy and paste the formatting from other correctly formatted references on the page. The more sources you include with an article idea, the more likely it is that others will pick the article idea up and run with it, so please attempt to include a good variety of descriptive sources!

Please take note of the wiki's [[Consumer Rights Wiki:Inclusion guidelines|Inclusion criteria]] when submitting article suggestions. If you see article suggestions here which do not fit the Wiki, feel free to remove them, leaving your reasoning in an edit note.

If you are an editor looking for further inspiration to write an article, you can also check out the [[Louis Rossmann - Video Directory|Louis Rossmann video directory]] for a good collection of potential articles.

==Example==
Below is an example of what an entry should appear as:
{| class="wikitable"
|+
!Company
!Summary of Incident
!Refs
|-
|[[Nintendo]]
|In 2025, the company Nintendo stripped Switch 2 consoles that used the MIG switch cartridge of all online functionality
|<ref name=":3">{{Cite web |last=Scattered Brain |date=Jun 16, 2025 |title=Soo... Nintendo banned my Switch 2 (Don't try the MIG Switch!) |url=https://www.youtube.com/watch?v=ExgYTA18_vo&t=656s |url-status=live |archive-url=https://preservetube.com/watch?v=ExgYTA18_vo |archive-date=22 Feb 2026|access-date=Jun 18, 2025 |website=[[YouTube]]}}</ref><ref name=":0">{{Cite news |last=Orland |first=Kyle |date=Jun 17, 2025 |title=Switch 2 users report online console bans after running personal game “backups” |url=https://arstechnica.com/gaming/2025/06/playing-personal-game-backups-could-get-your-switch-2-banned-by-nintendo/ |url-status=live |archive-url=http://web.archive.org/web/20251222013641/https://arstechnica.com/gaming/2025/06/playing-personal-game-backups-could-get-your-switch-2-banned-by-nintendo/ |archive-date=22 Dec 2025|access-date=Jun 19, 2025 |work=Ars Technica}}</ref>
|}

==List of incidents not yet covered==
{| class="wikitable sortable"
!Company
!Summary of Incident
!Refs
|-
|Regus
|A flexible office / workplace provider for freelancers, contractors, small businesses, etc.
This is specifically for their Virtual Office service. I am sure they apply these same predatory and deceptive tactics with the rest of their services as well.
Locks you into a contract for virtual services that they may terminate at any time. You can too only if you follow very specific and exaggerated terms. They will bill you for the entire agreement even with it terminated. You lose access to the services immediately upon termination but are forced to pay for the rest of the agreement. They are predatory with agreements and will not allow you to break them and will charge you for the entire thing regardless of what happens.
Forced arbitration. Force you to waive any right to class action lawsuits.
Contract comes with terms hidden in their "house rules" document, automatically opting the user into services they did not knowingly agree to, by default. These services are NOT included in the original contract in any way except through the referencing to other documents like the "Terms of Service" and "House Rules", not disclosed ahead of time. They clearly show a lower price and do not clearly show any of the additional services you unknowingly opt into.
They lead you into a low price to get the agreement signed. Once signed, you cannot escape or get out with their terms. You find out later that they've made you agree to additional services by default. They require YOU to jump through hoops to opt out of those services, and they bury the information to do it.
They have predatory auto-renewals for the contracts that are typically months to years long, with many being sold into higher 1 year+ contracts for "savings" and "discounts". These auto-renewals cannot be canceled without 3 MONTHS notice! If it renews, you are locked into another term which you will be forced to pay in full even if you terminate.
This is all for VIRTUAL office services that cost nothing to provide or remove.
A lot of deceptive patterns including, but not limited to: Comparison prevention, hidden costs, hidden subscription, obstruction.
|[https://serviceagreement.regus.com/TermsPDF/VirtualOffice/Global20250301.pdf Terms of Service]
[https://serviceagreement.regus.com/PreviewHouseRule.aspx?guidId=840179ed-c894-4e91-8ccc-3b882bcf4b38 House Rules]
[https://www.myregus.com/help#:~:text=you%20can%20give%20notice%20to%20terminate%20your%20agreement%20at%20anytime%20in%20your%20online%20account%20%2D%20but%20you%20will%20be%20charged%20until%20the%20end%20of%20your%20agreement%20term. Help Page - terminate anytime but pay everything]
|-
|GM
|GM originally released the EV1 in 1996 on a lease program, and then instead of selling the much loved used/leased vehicles to consumers, they decided to crush the grand majority of them. Very few surviving examples can be found today, with most in private collections or at universities.
Because it was seen as a failure to major auto manufacturers, It would take over a decade before another EV was produced in the United States.
|
|-
|Wizards of the Coast
|Wizards of the Coast (WotC) seems to be positioning itself to move away from publishing physical books that last forever in favor of pushing digital-only sales and micro-transactions of content and subscriptions. They attempted to amend the OGL (Open Game License) to include language that would require third party authors of D&D content to give up rights to their own content, so WotC can sell it to consumers without crediting the original authors.
Notably, as a direct response to these anti-consumer activities and policies, a select few of the third party publishers have instead decided to come out with their own systems that are not beholden to WotC's whims. A couple of examples include ''Draw Steel'' and ''Daggerheart''. An earlier conflict prompted Paizo to release their own version of the classic D20-based tabletop RPG, ''Pathfinder'', when WotC started releasing the fourth edition of it's rule-set.
|
|-
|Foxconn
|Foxconn is an electronics manufacturer with various human rights violations on it's record. They've also convinced the government to use eminent domain to take people's property to build factories, that never end up using the factories.
|
|-
|ASUS (ROG)
|Releases bios updates via windows executable, meaning that you can't update your bios to the latest version to amend a security vulnerability or fix an issue unless you're running microsoft windows. The windows executable simply extracts a binary file, that you can drop on a thumb drive. This could be easily done via direct download to support other operating systems.
|
|-
|Symantec
|Product: Norton Internet Security.
This one might be tough to document, because it's been slowly going on for the past 15 years. Norton used to offer a great internet security package with a ton of good and useful services for a decent price. Unfortunately, slowly over the years, they've gone further and further down the rabbit hole of charging more money for fewer and fewer features, and then locking some of those features behind even more paywalls and micro-transactions.
|
|-
|8Player
|In early March, 2026, the Apple TV application called 8Player began displaying a notice informing users who had already paid for the app, that the app would not continue to function unless they agreed to an ongoing subscription.
The text of the notice says the following:
----Thank you for being a valued 8player user.

To keep improving the app and delivering new features, 8player is moving to a subscription model.

You can continue using the full version at no cost until April 15, 2026.

After that, activate the subscription in the app to keep full access. Your existing features will remain available, and no action is needed today.

Thank you for supporting 8player over the years.

[[:File:8player-subscription-model-notice.png]]
|
|-
|[[ABC Financial Services]]
|Manages memberships and recurring service subscriptions for other companies. Prevents customers from being able to cancel a service by locking them into a never-ending cycle of auto renewals, and not allowing the customer to opt out of auto renewal.
|-
|Affinity / [[Canva]] page created needs editors to help
|Canva purchases [[Serif]]; the owner of perpetual license design software Affinity Publisher, Designer, and Photo on March 26th 2024. Provides a pledge to assure users that Canva will not "ruin" the suite. In October 2025, Affinity users are locked out of the community forum for a new "Creative Freedom" announcement on October 30th 2025. Complete radio silence for a whole month while they tease long term users on Twitter and Discord. Finally on October 30th 2025, the new Affinity software is announced as "free". Instead, all creative professionals that used the original software are forced to create a new Canva account to access the new Affinity and thus agree to Canva's ToS<ref name=":1">{{Cite web |date=2025-10-30 |title=Canva Terms of Use |url=https://www.canva.com/policies/terms-of-use/ |url-status=live |archive-url=http://web.archive.org/web/20260128105545/https://www.canva.com/policies/terms-of-use/ |archive-date=28 Jan 2026|website=Canva Legal Trust Center}}</ref>. Affinity redirects the pledge page to an announcement for the new software, effectively burying the original pledge<ref name=":4">{{Cite web |date=2024-03-27 |title=The Affinity and Canva Pledge |url=https://affinity.serif.com/en-us/press/newsroom/affinity-and-canva-pledge |url-status=dead |archive-url=https://web.archive.org/web/20251002083749/https://affinity.serif.com/en-us/press/newsroom/affinity-and-canva-pledge/ |archive-date=2025-10-02 |website=web.archive.org}}</ref>. Questions about Canva now being able to monetize the work of professionals to train their own AI models sold to Canva users are left unanswered. Free, but at what cost?
EDIT: Initial article has been written but needs more work, citation, and verification. [[Canva adds arbitration clause for future Affinity Studio users|See this article here]].
|<ref name=":1" /><ref name=":4" />
|-
|[[Alibaba]]
|[[wikipedia:Alibaba_Group|WP]]
|
|-
|[[Amazon]]
|Amazon renders Fire TV Blaster unusable, offers Amazon gift card to affected customers
EDIT: Incident has been added to the Amazon page but needs more work.

---

Sometime in 2025 Amazon added an upgrade nag widget to Alexa for "Alexa+" that is impossible to turn off. In some cases the upgrade was automatic, and users had to opt-out
|<ref>{{Cite web |last=Herbig |first=Daniel |date=19 Jan 2026 |title=Amazon makes Fire TV Blaster unusable |url=https://www.heise.de/en/news/Amazon-makes-Fire-TV-Blaster-unusable-11145570.html |url-status=live |archive-url=http://web.archive.org/web/20260120070820/https://www.heise.de/en/news/Amazon-makes-Fire-TV-Blaster-unusable-11145570.html |archive-date=20 Jan 2026}}</ref>
---
<ref>{{Cite web |title=Amazon is automatically upgrading Prime members to Alexa+. Here's how to opt out |url=https://www.12news.com/article/news/nation-world/amazon-automatic-upgrade-alexa-plus-how-to-opt-out/507-3105c319-0f52-421a-b741-9ad6919f22e5}}</ref>
|-
|[[Anker]]
|In Anker's Terms of Service for Solix solar generator product, under 19.3 Mandatory Updates:
In critical situations—such as addressing severe security vulnerabilities, complying with legal requirements, or ensuring compatibility with our service architecture—we reserve the right to issue mandatory Updates for both the firmware and the App. These essential updates may install automatically, or require immediate installation before further use, and you will not be permitted to opt out. If you fail to install such an update, certain device functionalities or access to the App may be limited or suspended to maintain the security and integrity of our service.
https://www.anker.com/ca/policies/terms-of-service
|
|-
|Apotheka
|Personal ID codes, purchase information and contact details of almost half of Estonian citizens and residents have been compromised in a mass data breach of the IT system operated by Allium UPI, a firm dealing with pharmacy and hospital products.
|[https://news.err.ee/1609302096/cybercriminals-steal-data-of-around-700-000-apotheka-pharmacy-customers]
|-
|[[Apple]]
|Apple changes Logic Pro and the Apple office suite into a subscription when it was either a one time purchase or free with the mac.
|
|-
|[[Apple]]
|$17 000 Apple Watch 18 karat gold edition out of support only 8 years after its introduction (not end of sale!). This means no software support, and, crucially, no repair or replacement parts. If the battery dies, the watch is but a paperweight.
|<ref>{{Cite web |title=Apple will no longer fix the $17,000 gold Apple Watch |url=https://www.theverge.com/2023/10/2/23900158/apple-watch-edition-gold-2015-obsolete-unsupported-beyonce |url-status=live |archive-url=https://web.archive.org/web/20260222211749/https://www.theverge.com/2023/10/2/23900158/apple-watch-edition-gold-2015-obsolete-unsupported-beyonce |archive-date=22 Feb 2026|website=The Verge}}</ref>
|-
|[[Apple]], [[Beats]]
|No support for Powerbeats (4th generation) despite the headphones being under 5 years from when Apple last distributed the product for sale. The product is not listed as discontinued or vintage, and by Apple's own guidelines, should be eligible for replacement parts and repair. OEM replacement eartips cannot be purchased for any Beats earphones.
|<ref>{{Cite web |title=Obtaining service for your Apple product after an expired warranty |url=https://support.apple.com/en-us/102772 |url-status=live |archive-url=http://web.archive.org/web/20260207094149/https://support.apple.com/en-us/102772 |archive-date=7 Feb 2026|access-date=2025-10-18}}</ref><ref>{{Cite web |title=Beats Repair and Service |url=https://support.apple.com/beats/repair |url-status=live |archive-url=http://web.archive.org/web/20260104000857/https://support.apple.com/beats/repair |archive-date=4 Jan 2026|access-date=2025-10-18}}</ref><ref>{{Cite web |title=Apple store search for eartips |url=https://www.apple.com/us/search/eartips?src=alp |url-status=live |archive-url=http://web.archive.org/web/20251028001314/https://www.apple.com/us/search/eartips?src=alp |archive-date=28 Oct 2025|access-date=2025-10-18}}</ref>
|-
|[[Apple]] iWork/Creator Studio
|The update that makes the iWork apps part of the new Apple Creator Studio subscription now adds tracking that is enabled by default and implemented as opt-out. The information about it is displayed in a first launch screen without any immediate way opt out, which qualifies as a dark pattern. Instead, the user has to go through a slightly convoluted path via the iPhone/iPad system settings app, and under the submenu "Apps" find each of the iWork apps and disable analytics there individually for each app. On Desktop, it is under a dedicated menu item under the "Pages"/"Numbers"/"Keynote" menu.
|<ref>{{Cite web |title=New versions of Keynote, Numbers, and Pages collect telemetry by default on iOS, iPadOS, and macOS |url=https://www.reddit.com/r/ios/comments/1qq7q9m/new_versions_of_keynote_numbers_and_pages_collect/ |archive-url=https://web.archive.org/web/20260223032029/https://old.reddit.com/r/ios/comments/1qq7q9m/new_versions_of_keynote_numbers_and_pages_collect/ |archive-date=23 Feb 2026}}</ref>
|-
|[[archive.today]] / archive.ph (Web Archival Service)
|The website used [[JavaScript]] embedded into the website code to conduct a DDOS attack from users' devices against a blogger who has voiced criticism of the service in the past. This may make also cause legal issues for users.
NOTE: A similar technique has previously been used by Chinese search giant [[Baidu]], so we might want to create a category or tag for this type of thing

ADDENDUM: This page was reported to have been changing the information displayed in some archived screenshots, such as the author who published particular articles.
|<ref>{{Cite web |last=Kirchner |first=Malte |last2=Kunz |first2=Dr. Christopher |date=10 Feb 2026 |title=Archive.today: Operator uses users for DDoS attack |url=https://www.heise.de/en/news/Archive-today-Operator-uses-users-for-DDoS-attack-11171455.html |url-status=live |archive-url=http://web.archive.org/web/20260212060655/https://www.heise.de/en/news/Archive-today-Operator-uses-users-for-DDoS-attack-11171455.html |archive-date=12 Feb 2026 |website=heise}}</ref><ref>{{Cite web |last=LMG Clips |title=Wikipedia Banned 690,000 Archive Links - LMG Clips |url=https://youtu.be/rrnFUvFGf5A?si=32JRogu2ID9xykHd |access-date=2026-03-03 |website=LMG Clips on YouTube - Wikipedia Banned 690,000 Archive Links}}</ref>
|-
|'''[[Arduino]]''' (/ɑːrˈdwiːnoʊ/) is an Italian open-source hardware and software company owned by Qualcomm
|Arduino’s new terms of service worries hobbyists ahead of Qualcomm acquisition.
User shall not:

*translate, decompile or reverse-engineer the Platform, or engage in any other activity designed to identify the algorithms and logic of the Platform’s operation, unless expressly allowed by Arduino or by applicable license agreements …
|<ref>{{Cite web |last=Harding |first=Scharon |date=2025-11-24 |title=Arduino’s new terms of service worries hobbyists ahead of Qualcomm acquisition |url=https://arstechnica.com/gadgets/2025/11/arduinos-new-terms-of-service-worries-hobbyists-ahead-of-qualcomm-acquisition/ |url-status=live |access-date=2026-03-14 |website=Ars Technica}}</ref>
|-
|Atlassian
|Users forced from on-premise to cloud only subscriptions
Edit: Page has been started [[Atlassian on premise to subscription|here]], more work, citation, and verification needs to be done.
|<ref>{{Cite web |title=Ascend to the cloud: The next chapter for Atlassian and our customers |url=https://www.atlassian.com/blog/announcements/atlassian-ascend |url-status=live |archive-url=http://web.archive.org/web/20251018171903/https://www.atlassian.com/blog/announcements/atlassian-ascend |archive-date=18 Oct 2025}}</ref>
|-
|[[AutoAuth]]
|'''AutoAuth''' represents a significant shift toward "repair-by-subscription," where owning a vehicle no longer guarantees the right to maintain it. By placing a digital firewall between the owner and the car’s computer, AutoAuth forces independent shops and DIY enthusiasts to pay recurring access fees and register their personal data with a third-party gatekeeper just to perform basic maintenance, such as electronic parking brake retractions or oil life resets.
|
|-
|[[Axon]]
|Tazers sold with lease agreement that makes purchase effectively a subscription.
|[https://norwoodrecord.weebly.com/uploads/1/1/4/8/114832579/norwood_record_pages_1_to_12__4sep2025.pdf <nowiki>[69]</nowiki>]
|-
|[[Bayer]]
|[[wikipedia:Bayer|Wikipedia]]. See [[Monsanto]]
|
|-
|Benjamin
|Offerwall phone app that pays users money for various tasks- such as watching ads, or downloading and using software. After years of user satisfaction, in late 2025, the company first put a 2 month moratorium on users' ability to withdraw their earned money, then rolled out a massive wave of enshittification features, the most egregious of which, is a "withdrawl queue", where withdrawing your earnings is placed into a queue with no visible progress. No days, no queue tracker, many members have been waiting over 3 months for their withdrawls to be processed, on a feature listed as "instant withdrawl". Various policies also implemented that would completely void a user's earned money, mainly inactivity but also many baseless random user bans (many of which were reversed). There are hundreds of frustrated user testimonials on reddit (https://www.reddit.com/r/benjaminone/).
|
|-
|[[Best Buy]]
|In late 2025, BestBuy added [https://www.bestbuy.com/site/help-topics/pricing-message/pcmcat748302046647.c?id=pcmcat748302046647#:~:text=Our%20%E2%80%9CComparable%20Value%E2%80%9D%20(Comp,retailers%20or%20e%2Dcommerce%20companies. "Comparable Value"] as means of comparing values of products that is of equivalent value to other products sold by manufacturers, 1st party, or 3rd party vendors. Changes to their pricing model has made it to where it is more difficult to determine overall value of a product compared to MSRP.
|<ref>{{Cite web |last=Support |first=Best Buy |date=2025-01-24 |title=Pricing: Promotions |url=https://www.bestbuy.com/site/help-topics/pricing-message/pcmcat748302046647.c?id=pcmcat748302046647#:~:text=Our%20%E2%80%9CComparable%20Value%E2%80%9D%20(Comp,retailers%20or%20e%2Dcommerce%20companies. |url-status=live |access-date=2026-02-24 |website=Best Buy}}</ref>
|-
|[[Bluesky]]
|Introduced ID check for Direct Messaging to comply with laws in certain states and abroad, despite both the company and community being against it.
|
|-
|[[Bosch]] and [[Shimano]]
|Electric bike companies including Bosch and Shimano limit consumer's abilities to access their e-bike electrical system such as when installing a new light or a phone charger. Special software only accessible to qualified bike shops is required to activate ports or accept new devices. Additional connectivity barriers exist such as difficult to acquire Bosch specific cables.
|<ref>{{Cite web |last=RunBikeMike |first= |date=2024-01-01 |title=Installing an EBike Light To Run Off Your Battery / MagicShine ME2000 |url=https://www.youtube.com/watch?v=AvG7Fpb1tzI&t=50s |access-date=2026-03-06 |website=YouTube}}</ref><ref>{{Cite web |last=Rossmann |first=Louis |date=15 Mar 2022 |title=Bosch takes the L on right to repair for ebikes |url=https://www.youtube.com/watch?v=j7e9hO5yMtk |access-date=6 Mar 2026 |website=YouTube}}</ref>
|-
|[[Carvana]]
|Saying cars that have been in accidents have not; Lies about inspection and does not replace brake pads even when worn down. Non-refundable $1,500 shipping fee. See [https://www.youtube.com/watch?v=r9yhOeTUEo4 Louis Rossmann's Video]
|
|-
|Chuwi
|Misleading consumers by falsifying the specsheet of one of their latest laptops, and repeatedly threatened one of the online publications that wrote an article of their alleged misdeeds.
|<ref>{{Cite web |last=Leitner |first=Simon |date=2026-03-12 |title=CPU fraud, next round: Chuwi CoreBook Plus with supposed AMD Ryzen 5 7430U also affected |url=https://www.notebookcheck.net/CPU-fraud-next-round-Chuwi-CoreBook-Plus-with-supposed-AMD-Ryzen-5-7430U-also-affected.1248660.0.html |url-status=live |archive-url=https://archive.today/N7UmU |archive-date=2026-03-12 |access-date=2026-03-12 |website=Notebookcheck}}</ref>
|-
|[[Cloud-first]]
|The antithesis of [https://www.inkandswitch.com/essay/local-first local-first]. See "[https://karl-voit.at/cloud You Can't Control Your Data in the Cloud]"
|
|-
|[[Cloudary Holdings Limited / Webnovel]]
|Terms of service with binding Arbitration.
|<ref>{{Cite web |title=Webnovel ToS |url=https://www.webnovel.com/terms_of_service |url-status=live |archive-url=http://web.archive.org/web/20260101204816/https://www.webnovel.com/terms_of_service |archive-date=1 Jan 2026}}</ref>
|-
|[[Devolo]]
|Devolo switches off servers and removes their app from stores for their "Home Control" system, thus severely reducing the functionality of their devices (apparently Z-Wave-based).
|<ref>{{Cite web |title=IT-News für Profis |url=https://www.golem.de/news/weiterbetrieb-verursacht-weitere-kosten-devolo-macht-smart-home-system-zum-grossteil-unbrauchbar-2508-199409.html |url-status=live |archive-url=http://web.archive.org/web/20251210052941/https://www.golem.de/news/weiterbetrieb-verursacht-weitere-kosten-devolo-macht-smart-home-system-zum-grossteil-unbrauchbar-2508-199409.html |archive-date=10 Dec 2025|website=Golem |language=de}}</ref>
|-
|DeviantArt
|DeviantArt launched in 2000 and quickly became a household name among digital artists. [https://www.wix.com/press-room/home/post/wix-acquires-deviantart-pairing-wix-capabilities-with-global-creative-community But in 2017 WiX] bought the website and in 2022 had made all art on it's site liable to be training data by default. They then back peddled and then set all art to noai by default. Now they are moving basic functions to be behind their paywall. [https://www.deviantart.com/razorstargazer/journal/Deviantart-is-the-worst-website-ever-created-1309667089 Ones that were free.]
|[https://expertbeacon.com/the-ai-controversy-on-deviantart-how-a-creative-paradise-became-a-battleground/][https://www.wix.com/press-room/home/post/wix-acquires-deviantart-pairing-wix-capabilities-with-global-creative-community]
|-
|[[Dell]] and [[HP]]
|HP and Dell have disabled HEVC (H.264/H.265) hardware encoding and decoding support built into their laptops’ CPUs using both Intel and AMD processors.
|<ref>{{Cite web |last=Harding |first=Scharon |date=2025-11-21 |title=HP and Dell disable HEVC support built into their laptops’ CPUs |url=https://arstechnica.com/gadgets/2025/11/hp-and-dell-disable-hevc-support-built-into-their-laptops-cpus/ |url-status=live |archive-url=https://web.archive.org/web/20251121083438/https://arstechnica.com/gadgets/2025/11/hp-and-dell-disable-hevc-support-built-into-their-laptops-cpus/ |archive-date=2025-11-21 |access-date=2025-11-21 |website=Ars Technica}}</ref>
|-
|DotPe cyber-sec negligence
|In 2024, an Indian company that provides digital services to food-chains got trivially hacked/cracked, allowing anyone to get customer data and company revenue-stats across many countries
|<ref>https://web.archive.org/web/20240923081639/https://peabee.substack.com/p/whats-inside-the-qr-code-menu-at</ref>
|-
|E621
|Terms of service that require agreement to forced arbitration to use the website.
|<ref>{{Cite web |date=2025-10-02 |title=E621 |url=https://e621.net/ |url-status=live |archive-url=http://web.archive.org/web/20260128164339/https://e621.net/ |archive-date=28 Jan 2026|website=E621}}</ref>
|-
|[[EcoVac]]
|Vacuum cleaner robots produced by company 'EcoVac' were found vulnerable to hacking over bluetooth allowing for remote control and access to camera feed. Security researcher Dennis Giese notified the company in December of 2023. In August of 2024, the issue was described by the company as "extremely rare in typical user environments and require specialized hacking tools and physical access to the device."
|<ref>{{Cite web |last=Fell |first=Julian |date=2024-10-04 |title=We hacked a robot vacuum — and could watch live through its camera - ABC News |url=https://www.abc.net.au/news/2024-10-04/robot-vacuum-hacked-photos-camera-audio/104414020 |url-status=live |archive-url=http://web.archive.org/web/20251128025250/https://www.abc.net.au/news/2024-10-04/robot-vacuum-hacked-photos-camera-audio/104414020 |archive-date=28 Nov 2025|access-date=2025-09-10 |website=ABC News}}</ref><ref>{{Cite web |last=Franceschi-Bicchierai |first=Lorenzo |date=2024-08-09 |title=Ecovacs home robots can be hacked to spy on their owners, researchers say {{!}} TechCrunch |url=https://techcrunch.com/2024/08/09/ecovacs-home-robots-can-be-hacked-to-spy-on-their-owners-researchers-say/ |url-status=live |archive-url=https://web.archive.org/web/20260222212044/https://techcrunch.com/2024/08/09/ecovacs-home-robots-can-be-hacked-to-spy-on-their-owners-researchers-say/ |archive-date=2026-02-22 |access-date=10 Aug 2024}}</ref><ref>{{Cite web |last=Franceschi-Bicchierai |first=Lorenzo |date=2024-08-15 |title=Lorenzo Franceschi-Bicchierai on X: "Finally, Ecovacs responds to the researchers' findings, saying it won't fix the bugs. |url=https://x.com/lorenzofb/status/1823774980460388675 |url-status=live |archive-url=http://web.archive.org/web/20241108194816/https://x.com/lorenzofb/status/1823774980460388675 |archive-date=8 Nov 2024}}</ref>
|-
|[[Elegoo Centauri Carbon|Elegoo]]
|The Elegoo Centauri Carbon 3d printer has been proven to use open source Klipper software which requires them to publish their changes to the code.
|<ref>{{Cite web |date=2025-08-28 |title=PSA: Elegoo Centauri Carbon & GPL Compliance |url=https://freethecode.lol/ |url-status=live |archive-url=http://web.archive.org/web/20251206142736/https://freethecode.lol/ |archive-date=6 Dec 2025|access-date=2025-08-28 |website=PSA: Elegoo Centauri Carbon & GPL Compliance}}</ref>
|-
|Foxit Reader
|Updater uses dark pattern to trick unsuspecting users into installing a trial version of their paid product. The checkbox is enabled again by default with each update in the hope that the user misses it by accident at some point.
|
|-
|[[Gaggia]]
|Between 2015 to 2019, the redesigned Gaggia Classic removed the traditional three-way solenoid valve. The valve was restored in the 2019 Gaggia Classic Pro after criticism and backlash from the espresso enthusiast community.
|<ref>{{Cite web |last=Waddell |first=Kelsey |date=2023-03-23 |title=Gaggia Classic vs Pro: A Closer Look at the Differences |url=https://www.roastycoffee.com/gaggia-classic-vs-pro/ |website=Roasty Coffee}}</ref>
|-
|[[Google Chromecast]]
|Chromecast has transitioned from a standalone product to one that [[Forced_app_download|requires the Google Home app]] for setup and control. This change prevents customers who either don't own a smartphone or prefer not to use the app from accessing their Chromecast devices. As a result, certain televisions—such as the Caixon EC43S1UA, which relied on built-in Chromecast functionality—can no longer be used as intended. This effectively removes a key feature from a product that was already purchased, diminishing its value or rendering it unusable altogether.
|
|-
|Google TLS Changes
|Google's new requirements to certificate authorities require separate authority/signing chains to be used to issue Server Authentication and Client Authentication certificates. Therefore, starting 11 February 2026, Let's Encrypt will no longer include the Client Authentication EKU on default certificates
|
|-
|[[Google]]
|Google apparently plans to reduce the interval of publishing source code of security patches they consider non-critical. This is another blow to the custom ROM community.
Right now we don't have these incidents organised chronologically, maybe we should have a table with a timeline of measures Google takes to enshittify and close down Android (more APIs moved to Play Services, Developer verification, withholding AOSP device trees for Pixel devices to mess with Graphene OS, now delayed source code disclosure). What's worst, they always cite safety as a reason.
|<ref>{{Cite web |title=Exclusive: Google wants to make Android phones safer by switching to ‘risk-based’ security updates |url=https://www.androidauthority.com/android-risk-based-security-updates-3597466/ |archive-url=http://web.archive.org/web/20260107025310/https://www.androidauthority.com/android-risk-based-security-updates-3597466/ |archive-date=7 Jan 2026 |website=Android Authority}}</ref>
|-
|Google Maps
|Google restricts data visible in Google Maps for users who are not signed in with an account (see [[Forced account]]). Reviews and photos are no longer visible without login. This also forces users to agree to Google's TOS and logs them into all other Google services, such as YouTube or Google Search so that now all their data in those other services is associated with their accounts. This also raises concerns that other services such as YouTube might follow.
|<ref>{{Cite web |date=14 Feb 2026 |title=Google Maps now forces you to sign-in |url=https://www.reddit.com/r/GoogleMaps/comments/1r4iauf/google_maps_now_forces_you_to_signin/ |archive-url=https://web.archive.org/web/20260223032117/https://old.reddit.com/r/GoogleMaps/comments/1r4iauf/google_maps_now_forces_you_to_signin/ |archive-date=23 Feb 2026 |website=Reddit}}</ref><ref>{{Cite web |date=17 Feb 2026 |title=Can't view images without logging in? |url=https://www.reddit.com/r/GoogleMaps/comments/1r74v0f/cant_view_images_without_logging_in/ |archive-url=https://web.archive.org/web/20260223032213/https://old.reddit.com/r/GoogleMaps/comments/1r74v0f/cant_view_images_without_logging_in/ |archive-date=23 Feb 2026 |website=Reddit}}</ref>
|-
|[[Google]], [[Mozilla]], [[Apple]], [[Microsoft]], but largely Google-led
|Google Chrome, Mozilla Firefox, and Safari are removing XSLT 1.0 support, which could break critical parts of government's websites worldwide<ref>{{Cite web |last=Dimant |first=Dimitrii "Mamut" |date=2025-08-10 |title=XSLT removal will break multiple government and regulatory sites across the world #11582 |url=https://github.com/whatwg/html/issues/11582 |url-status=live |archive-url=http://web.archive.org/web/20260211221059/https://github.com/whatwg/html/issues/11582 |archive-date=11 Feb 2026|access-date=2025-10-25 |website=Github (specifically the Web Hypertext Application Technology Working Group's HTML standards repo, controlled by Mozilla, Google, Microsoft and Apple)}}</ref>. There are valid security reasons for them to want to stop supporting this 1999-era standard, however they have had 26+ years to update to a newer standard (such as the 2017-era 3.1 standard, which is backwards compatible and would allow these sites to continue to work<ref>{{Cite web |date=2017-03-21 |title="XML Path Language (XPath) 3.1: W3C Recommendation 21 March 2017" |url=https://www.w3.org/TR/xpath-31/ |url-status=live |archive-url=http://web.archive.org/web/20260116015839/https://www.w3.org/TR/xpath-31/ |archive-date=16 Jan 2026|website=W3C}}</ref>). The single unpaid developer maintaining these libraries has more or less retired after getting flooded with impossible to satisfy security requests from these companies<ref>{{Cite web |last=Wellnhoffer |first=Nick |date=2025-05-08 |title=Triaging security issues reported by third parties |url=https://gitlab.gnome.org/GNOME/libxml2/-/issues/913 |url-status=live |archive-url=http://web.archive.org/web/20260131231248/https://gitlab.gnome.org/GNOME/libxml2/-/issues/913 |archive-date=31 Jan 2026|access-date=2025-10-25 |website=gitlab.gnome.org}}</ref>. There is an existing project called XRUST to implement the 3.1 standard<ref>{{Cite web |date=2025-05-09 |title=XRust: XPath, XQuery, and XSLT for Rust |url=https://gitlab.gnome.org/World/Rust/markup-rs/xrust |url-status=live |archive-url=http://web.archive.org/web/20260204085435/https://gitlab.gnome.org/World/Rust/markup-rs/xrust |archive-date=4 Feb 2026|access-date=2025-10-14 |website=gitlab.gnome.org}}</ref>, which is 2/3rds of the way through supporting all the features of 1.0 - the XSLT part fully supports all the 1.0 features at this point. XSLT is part of the W3C Consortium's open web standards for formatting and presenting XML, and is also how RSS works, so RSS feeds would stop working as well, disrupting the livelihoods of podcasters<ref>{{Cite web |last=Rijo |first=Luis |date=2025-08-20 |title=Google targets RSS feeds in new XSLT removal proposal |url=https://ppc.land/google-targets-rss-feeds-in-new-xslt-removal-proposal/ |url-status=live |archive-url=https://web.archive.org/web/20260222212228/https://ppc.land/google-targets-rss-feeds-in-new-xslt-removal-proposal/ |archive-date=22 Feb 2026|access-date=2025-10-14 |website=PPC-Land}}</ref>. This has led to questions of who owns the web - the public (including the government) who paid for and laid down the highways / web infrastructure - or a handful of large corporations? <ref>{{Cite web |last=Branscombe |first=Mary |date=2025-09-01 |title=XSLT Debate Leads to Bigger Questions of Web Governance |url=https://thenewstack.io/xslt-debate-leads-to-bigger-questions-of-web-governance/ |url-status=live |archive-url=http://web.archive.org/web/20260131231310/https://thenewstack.io/xslt-debate-leads-to-bigger-questions-of-web-governance/ |archive-date=31 Jan 2026|access-date=2025-10-14 |website=The New Stack}}</ref>
|
|-
|[[GoPro]] Hero 12
|GoPro Hero 12 requires the GoPro app to be installed before you can use the camera. Many currently used devices are not compatible with the app, therefore making use of the camera difficult to impossible for new owners or upon camera factory reset. There's also the question of what data the app collects and whether it requires login and or camera activation.
|
|-
|[[Hikvision]]
|Chinese surveillance camera manufacturer complicit in Uighur genocide which used to advertise recognition of praying and ramadan fasting among its selling points. Similarly to [[Flock license plate readers|Flock]], they are in use world wide and likely feed directly into the Chinese government's surveillance infrastructure and could conceivably be used to find dissidents world-wide. Recently, [https://netzpolitik.org/2025/hikvision-hersteller-der-hamburger-ki-ueberwachungskameras-ist-fuer-menschenrechtsverletzungen-bekannt/ the city of Hamburg has installed them] ([https://netzpolitik-org.translate.goog/2025/hikvision-hersteller-der-hamburger-ki-ueberwachungskameras-ist-fuer-menschenrechtsverletzungen-bekannt/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de&_x_tr_pto=wapp Google Translate Version in English]).
|
|-
|[[Internet radios]]
|I'd like a page where I can share information about internet radios "openness." Few allow you to enter a radio station's URL (which I would consider the least intrusive option). Most depend on third-party websites or apps; [https://www.sangean.com/uk/blog/149 some of which have already bricked devices].
|
|-
|[[IPVideo Corporation]] (owned by [[Motorola]])
|Manufacturer of surveillance hardware. The notable example that brought them to my attention is the Halo 3C/3C-PC Smart Sensor, which is deployed in places such as school bathrooms and subsidized/social housing. This system has a variety of sensors on it, from air quality ones (for detecting smoking/vape usage) all the way to microphones (ostensibly for audio analysis to identify aggression and gunshots, without the capability to stream the audio elsewhere, but this not a limitation built into the hardware and could be changed by a firmware update).
|<ref>{{Cite_web |last=Reynaldo |last2=nyx |name-list-style=amp |date=2025-10-10 |title=DEF CON 33 - Unmasking the Snitch Puck: IoT surveillance tech in the school bathroom |url=https://youtu.be/WCnojaEpF2I |publisher=DEF CON |url-status=live |archive-url=https://preservetube.com/watch?v=WCnojaEpF2I |archive-date=16 Feb 2026}}</ref><ref>{{Cite_web |access-date=2025-10-26 |url=https://www.pelco.com/sensors |url-status=live |archive-url=https://web.archive.org/web/20250922000017/https://www.pelco.com/sensors |archive-date=2025-09-22 |title=HALO Smart Sensor Suite |website=PELCO}}</ref>
|-
|[[iRacing]]
|iRacing is a racing game that's subscription-based, requiring payment just to play the actual game in either online or offline mode.
|
|-
|[[itch.io]], [[Night School Studios]], [[Netflix]]
|In September 2024, users who purchased the game Oxenfree on itch.io were warned that the game was going to be pulled from the platform on October 1st. Consumers would not be able to download the installers after this date, so they would lose access unless they had them backed up. Users speculated that Netflix, the parent company of the development studio, had ordered the move; however, no response from Netflix or the developers was ever published. This is particularly notable because it is against itch.io's terms of service: "Users shall retain a license to this content even after the content is removed from the Service."
|<ref>{{Cite web |last=itch corp |date=15 Apr 2023 |title=itch.io Terms of Service |url=https://itch.io/docs/legal/terms |url-status=live |archive-url=https://web.archive.org/web/20240907004719/https://itch.io/docs/legal/terms |archive-date=7 Sep 2024 |access-date=27 Jun 2025 |website=itch.io}}</ref> <ref>{{Cite web |last=ShawnS |date=31 Jan 2025 |title=OXENFREE |url=https://delistedgames.com/oxenfree/ |url-status=live |archive-url=https://web.archive.org/web/20250321070400/https://delistedgames.com/oxenfree/ |archive-date=21 Mar 2025 |access-date=27 Jun 2025 |website=Delisted Games}}</ref> <ref>{{Cite web |last=Colp |first=Tyler |date=9 Sep 2024 |title=Another reminder that your digital library isn't forever: Oxenfree will be completely removed from Itch.io next month |url=https://www.pcgamer.com/games/adventure/another-reminder-that-your-digital-library-isn-t-forever-oxenfree-will-be-completely-removed-from-itch-io-next-month/ |url-status=live |archive-url=https://web.archive.org/web/20250523111125/https://www.pcgamer.com/games/adventure/another-reminder-that-your-digital-library-isn-t-forever-oxenfree-will-be-completely-removed-from-itch-io-next-month/ |archive-date=23 May 2025 |access-date=27 Jun 2025 |website=PC Gamer}}</ref>
|-
|[[The Japan Times|Japan Times, The]]
|The Japan Times uses the DMCA to take down an open source study resource for the Genki and Quartet workbooks.
|<ref>{{Cite web |last=Clydesdale |first=Seth |date=2025-09-11 |title=Important Information Regarding Genki and Quartet Study Resources |url=https://ko-fi.com/post/Important-Information-Regarding-Genki-and-Quartet-D1D21L4B1S |url-status=live |archive-url=http://web.archive.org/web/20251116072121/https://ko-fi.com/post/Important-Information-Regarding-Genki-and-Quartet-D1D21L4B1S |archive-date=16 Nov 2025}}</ref><ref>{{Cite web |title=Update Regarding Genki and Quartet Study Resources DMCA Situation |url=https://ko-fi.com/post/Update-Regarding-Genki-and-Quartet-Study-Resources-Y8Y21M1F5E |url-status=live |archive-url=http://web.archive.org/web/20251115073152/https://ko-fi.com/post/Update-Regarding-Genki-and-Quartet-Study-Resources-Y8Y21M1F5E |archive-date=15 Nov 2025}}</ref><ref>{{Cite web |date=2025-10-03 |title=All Exercises for Genki/Quartet Study Resources Have Been Removed |url=https://ko-fi.com/post/All-Exercises-for-GenkiQuartet-Study-Resources-Wi-R6R81M8LLN |archive-url=http://web.archive.org/web/20251113045244/https://ko-fi.com/post/All-Exercises-for-GenkiQuartet-Study-Resources-Wi-R6R81M8LLN |archive-date=13 Nov 2025}}</ref>
|-
|[[KOSA]]
|KOSA claims to make kids safer, but it’s really a dangerous censorship bill that would give the U.S. government unprecedented control over the internet. This would put youth in danger by preventing them from accessing potentially life-saving resources.
|<ref>{{Cite web |last=Fight for the Future |first= |date=2026-01-24 |title=Reject online censorship. Tell lawmakers to oppose KOSA! |url=https://www.stopkosa.com/ |url-status=live |archive-url= |archive-date= |access-date=2026-01-24 |website=Stop KOSA}}</ref><ref>https://web.archive.org/web/20250228145348/https://www.houstonchronicle.com/news/houston-texas/education/article/Katy-ISD-blocks-LGBTQ-resources-suicide-16647274.php</ref>
|-
|[[LBRY]] Foundation, [[Odysee]]
|Community first decentralization & Odysee's plan to enable censorship by switching away from the opensource LBRY network.
|<ref>{{Cite web |title=The LBRY Foundation |url=https://lbry.org/ |url-status=live |archive-url=http://web.archive.org/web/20260211161516/https://lbry.org/ |archive-date=11 Feb 2026|access-date=2025-08-08 |quote=The LBRY community invites everyone to join us in building a more free and open way to share content and information online.}}</ref><ref name=":2">{{Cite news |last=Watson |first=RT |date=6 Jun 2024 |title=Decentralized YouTube alternative Odysee acquired by Forward Research despite content concerns |url=https://www.theblock.co/post/298888/decentralized-youtube-alternative-odysee-acquired-by-forward-research-despite-content-concerns |url-status=live |archive-url=http://web.archive.org/web/20251127094918/https://www.theblock.co/post/298888/decentralized-youtube-alternative-odysee-acquired-by-forward-research-despite-content-concerns |archive-date=27 Nov 2025|access-date=16 Aug 2025 |work=The Block}}</ref><ref>{{Cite journal |last=Li |first=Jun |last2=Grintsvayg |first2=Alex |last3=Kauffman |first3=Jeremy |last4=Fleming |first4=Charles |date=2020 |title=LBRY: A Blockchain-Based Decentralized Digital Content Marketplace |url=https://ieeexplore.ieee.org/document/9126007 |journal=2020 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS) |location=Oxford, UK |publisher=IEEE |doi=10.1109/DAPPS49028.2020.00005 |isbn=978-1-7281-6978-1 |via=IEEE Xplore |url-status=live |archive-url=http://web.archive.org/web/20250825221749/https://ieeexplore.ieee.org/document/9126007/ |archive-date=25 Aug 2025}}</ref>
|-
|[[LG]]
|LG discontinued its LG Bluetooth Remote app (including plugins such as "btc4") making it non-public on the Play Store and making Bluetooth controllable devices (like for example the CM2630B) half as useful, without even publishing neither the protocol used to control such devices nor the source code of the app.
|
|-
|[[Lowe's]]
|Lowe's uses flock cameras and other AI powered cameras to collect data and build a profile on "prospective, current, or former Lowe's customers". Their cameras point away from their stores.
|<ref>{{Cite web |last=Koebler |first=Jason |date=6 Aug 2025 |title=Home Depot and Lowe's Share Data From Hundreds of AI Cameras With Cops |url=https://www.404media.co/home-depot-and-lowes-share-data-from-hundreds-of-ai-cameras-with-cops/ |url-status=live |archive-url=http://web.archive.org/web/20260216173226/https://www.404media.co/home-depot-and-lowes-share-data-from-hundreds-of-ai-cameras-with-cops/ |archive-date=16 Feb 2026|access-date=15 Sep 2025 |website=404 Media}}</ref><ref>{{Cite web |date=26 Aug 2025 |title=Lowe’s U.S. Privacy Statement |url=https://www.lowes.com/l/about/privacy-and-security-statement |url-status=live |archive-url=http://web.archive.org/web/20251228013530/https://www.lowes.com/l/about/privacy-and-security-statement |archive-date=28 Dec 2025|access-date=15 Sep 2025 |website=Lowe's}}</ref>
|-
|[[McDonald's]]/Taylor
|McDonald's US mandates which ice cream machine has to be used by franchise licensees. The company that makes these machines uses deliberately obfuscated error codes to force restaurant owners to use their expensive tech service to fix them and reset the machines. The company makes more money from these "repairs" support than with actual sales. Not strictly end consumer, but the pattern warrants documenting imo.
A similar problem exists with Doremi (Dolby) cinema projectors where their DRM leads to a ridiculous number of actions breaking the so-called "marriage" (projector-media block unity), requiring a costly technician to reset it. This one needs sources researched, though, as I don't have one on hand.
|<ref>{{Cite web |title=Why McDonald's Ice Cream Machines Are Always Broken and How To Fix Them |url=https://www.youtube.com/watch?v=2uCpY3tFTIA |url-status=live |archive-url=https://preservetube.com/watch?v=2uCpY3tFTIA |archive-date=22 Feb 2026}}</ref>
|-
|Microsoft
|Microsoft's Android keyboard app SwiftKey set to make it impossible to backup user data without a Microsoft Account, backups must be stored in Microsoft cloud
|<ref>{{Cite web |last=Roth |first=Emma |date=18 Mar 2026 |title=SwiftKey will soon require a Microsoft account to save your typing info. |url=https://www.theverge.com/tech/896859/swiftkey-will-soon-require-a-microsoft-account-to-save-your-typing-info}}</ref>
|-
|[[Minut]]
|Minute sells sensors and alarms. They released an alarm (Point) on kickstarter that long after release got a firmware update adding forced subscription if more than one person wanted to use the alarm.
|<ref>https://www.kickstarter.com/projects/minut/pointthe-friendly-home-alarm</ref>
<ref>https://www.minut.com/</ref>
|-
|[[Mitsubishi Motors]]
|Mitsubishi Motors has a rich history of consumer protection, compliance issues and privacy breaches. These include concealing safety defects, falsifying fuel economy data, and being fined for false advertising. Following the trend of subscription services for the automotive industry, Mitsubishi paywalls built-in features including remote start, SOS, collision detection, and car tracking through its app Mitsubishi Connect subscription service.
|[https://www.autoevolution.com/news/mitsubishi-fined-42-million-by-japans-consumer-affairs-agency-115026.html?utm_source=chatgpt.com] [https://leakd.com/leaks/mitsubishi-motors-vietnam-customer-data-breached/?utm_source=chatgpt.com] [https://en.wikipedia.org/wiki/Mitsubishi_Motors?utm_source=chatgpt.com] [https://violationtracker.goodjobsfirst.org/?order=pen_year&parent=mitsubishi-motors&sort=&utm_source=chatgpt.com][https://www.mitsubishi-motors.com/en/newsroom/newsrelease/2017/20171129_3.html?utm_source=chatgpt.com]
|-
|Multiple
|Several legal cases involving forced arbitration in some manner; many of these relate to other anticonsumer practices, such as when Wells Fargo illegally opened up ~3.5M fake checking and credit accounts in customers' names. Highly advised to deeply scrub for supplementary sources.
|<ref>{{Cite web |date=Apr 16, 2019 |title=Fact Sheet: Cases Tossed Out of Court Because of Forced Arbitration Causes and Class Action Bans |url=https://www.centerjd.org/content/fact-sheet-cases-tossed-out-court-because-forced-arbitration-causes-and-class-action-bans#_ftn1 |access-date=Feb 12, 2026 |website=Center for Justice & Democracy at New York Law School |url-status=live |archive-url=http://web.archive.org/web/20251013145327/https://centerjd.org/content/fact-sheet-cases-tossed-out-court-because-forced-arbitration-causes-and-class-action-bans |archive-date=13 Oct 2025}}</ref>
|-
|MuseGroup (MuseSounds)
|Releasing more and more subscription sound packs while previously released one-time purchase sound packs are full of bugs/issues and have gone without updates for sometimes over a year. They have also increased the price of one-time purchase packs by about 500% while still providing no additional or improved functionality.
They also added unsolicited popups advertising their paid sound packs at startup of the open source MuseScore application, as well as buttons and commands for their cloud service to the home screen, which cannot be disabled. They previously ran into controversy when changing the privacy policy of Audacity and tried to add tracking. The closed-source MuseHub application (which is required to download the free sound packs) connects to tracking services with neither a real opt-in nor an opt-out option. Newer versions of MuseHub now seem to [[Forced account|require an account]] to download free sound packs and sound effects, which previously was not the case. Muse Hub starts at every system launch by default and stays active in the background despite this not being required for its functionality. They also added proprietary parts to MuseScore (like the MuseSample), which is kept closed source. They also bought StaffPad and seem to have quietly ceased its development without publishing any statements.
|
|-
|[[Navdy]], [[Harman International]]
|Device discontinued and no updates, device can be used offline for 1 year until it stops working.
https://www.reddit.com/r/navdy/
|
|-
|[[Netgear]] (internet networking equipment)
|Almost every Netgear internet router requires the creation of a new account to function as a router (see [[Forced account]]), where the TOS includes an agreement to binding arbitration. Most if not all devices are locked into proprietary firmware with no option to change. Some automatic updates have reportedly cause loss of performance with option to revert to a previous version, "bricking" the device in some cases.
Engages in anti-consumer practices, requiring a subscription for basic WiFi-router features such as parental controls. According to a blogpost by a senior employee, grew from "45% in 2016 to over 60% in 2019" of the US consumer router market. In 2025, Netgear is "being sued by TP-Link for a 'Smear Campaign' to Advance US Router Ban [of it's competitor TP-Link].
|[https://www.netgear.com/about/terms-and-conditions/ <nowiki>[62]</nowiki>]
[https://kb.netgear.com/000062104/What-subscription-plans-are-available-for-NETGEAR-Smart-Parental-Controls <nowiki>[63]</nowiki>]
[https://www.netgear.com/hub/author/abhorkar/ <nowiki>[64]</nowiki>]
[https://www.pcmag.com/news/tp-link-accuses-netgear-of-smear-campaign-to-advance-us-router-ban?test_uuid=04IpBmWGZleS0I0J3epvMrC&test_variant=B <nowiki>[65]</nowiki>]
|-
|[https://www.nexigroup.com/ Nexi S.p.A.]
|Nexi is a payment services provider based in Italy, which has been used by the [https://fsfe.org/ Free Software Foundation Europe] (FSFE) for ~ 15 years. They have allegedly been asking FSFE for personal information of FSFE executives and supporters and have recently cancelled their contract with FSFE.
|<ref>{{Cite web |date=2026-03-16 |title=450 FSFE supporters affected: Payment provider Nexi cancelled us |url=https://fsfe.org/news/2026/news-20260316-01.en.html |url-status=live |archive-url=https://web.archive.org/web/20260317162959/https://fsfe.org/news/2026/news-20260316-01.en.html |archive-date=2026-03-17 |access-date=2026-03-17 |website=FSFE - Free Software Foundation Europe}}</ref>
|-
|[[Nothing]]
|Nothing brings home-screen ads (can be disabled manually) and [[bloatware]] to its lower end models despite previously boasting about being bloatware free
|<ref>{{Cite web |last=Floemer |first=Andreas |date=2025-10-27 |title=Phone 3a: NothingOS 4.0 brings optional ads to the lock screen |url=https://www.heise.de/en/news/Phone-3a-NothingOS-4-0-brings-optional-ads-to-the-lock-screen-10904033.html |url-status=live |archive-url=https://web.archive.org/web/20260222212507/https://www.heise.de/en/news/Phone-3a-NothingOS-4-0-brings-optional-ads-to-the-lock-screen-10904033.html |archive-date=22 Feb 2026|access-date=2025-10-27 |website=Heise Online}}</ref>
|-
|Odido Netherlands B.V.
|Odido is an internet service provider in the Netherlands with a 10-15% market share [[https://www.acm.nl/nl/publicaties/acm-telecommonitor-derde-kwartaal-2025 79]]. On the 3rd of March 2026 a user reported that his Odido Zyxel EX5601-T1 router was (illegally) sending analytics data to a Turkish AI-company [[https://www.linkedin.com/pulse/odido-router-verzamelt-analytics-van-je-huishouden-sipke-mellema-0uoie/ 80]]. The user reported on the 8th of March 2026 that the router silently stopped sending this data with no formal mention/patch from Odido. The user reported on the poor security of the router and that the analytics data contained the unencrypted names of local networks, the names of devices connected to these networks, and MAC-addresses. The poor security of Odido's routers follows a massive data leak of 6.2 million customers' full legal names, phone numbers, emails, bank account numbers, passport numbers and more [[https://tweakers.net/nieuws/244656/odido-waarschuwt-voor-datalek-miljoenen-klantgegevens-gestolen-bij-cyberaanval.html 81]].
|[[https://www.acm.nl/nl/publicaties/acm-telecommonitor-derde-kwartaal-2025 79]] [[https://www.linkedin.com/pulse/odido-router-verzamelt-analytics-van-je-huishouden-sipke-mellema-0uoie/ 80]] [[https://tweakers.net/nieuws/244656/odido-waarschuwt-voor-datalek-miljoenen-klantgegevens-gestolen-bij-cyberaanval.html 81]]
(I do not know how to add these to the list)
|-
|[[OICA]] (European automotive lobby organisation)
|The OICA recently pushed for the right to emit sounds from quiet electric cars to make them as loud as conventional cars with combustion engine and against stricter noise regulation in cities. The fake engine noises in question are specifically not for safety purposes, but for emotional effect for the driver. However, instead of playing the noises only inside for just the driver to hear, the noise is to be played on speakers on the exterior, thus affecting the general public. Noise pollution has long been known to have adverse health effects. ''[NOTE: Similar to environmental aspects, greenwashing etc., we will have to find a good angle for how this fits the wiki. I would say it does match the general theme of manufacturers deliberately making their products worse for minor financial gain and lobbies pushing against things that are in public interest.]''
|<ref>{{Cite web |last=Krempl |first=Stefan |date=2026-01-07 |title=Sound Dictatorship vs. Quiet: The Battle for E-Car Roar |url=https://www.heise.de/en/news/Sound-Dictatorship-vs-Quiet-The-Battle-for-E-Car-Roar-11133630.html |url-status=live |archive-url=http://web.archive.org/web/20260108165124/https://www.heise.de/en/news/Sound-Dictatorship-vs-Quiet-The-Battle-for-E-Car-Roar-11133630.html |archive-date=8 Jan 2026|access-date=2026-01-08 |website=Heise Online}}</ref>
|-
|[[Oracle]]
|Similarly to [[Tencent]], this corp is behind many other companies, so it has a lot of power over users. Also, their CEO is very petty about letting go the [[JavaScript]] trademark<ref>https://deno.com/blog/javascript-tm-gofundme</ref>
|
|-
|[[Persona]] (Age verification service)
|Used by Discord to do age verification using facial 3d scans, which are transmitted to Persona servers. It has been revealed that the company has ties to Palantir and Peter Thiel.
|<ref>{{Cite web |last=Carpenter |first=Lincoln |date=13 Feb 2026 |title=Oh, good: Discord's age verification rollout has ties to Palantir co-founder and panopticon architect Peter Thiel |url=https://www.pcgamer.com/software/platforms/oh-good-discords-age-verification-rollout-has-ties-to-palantir-co-founder-and-panopticon-architect-peter-thiel/ |archive-url=http://web.archive.org/web/20260221224755/https://www.pcgamer.com/software/platforms/oh-good-discords-age-verification-rollout-has-ties-to-palantir-co-founder-and-panopticon-architect-peter-thiel/ |archive-date=21 Feb 2026 |website=PCGamer}}</ref>
|-
|[[Proton]]
|Proton helped FBI unmask anonymous "Stop Cop City" protestor
|<ref>https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/</ref>
|-
|[https://www.skystone.games/ Skystone Games]
|Boundary, a multiplayer online-only first-person shooter, got shut down just a year after its release by Skystone games, and its publishing rights relinquished, citing "ongoing delays and a lack of updates from the developer". Studio Surgical Scalpels (the developer) stated that the publisher decissions were "extremely sudden and unreasonable", and attempted to "regain the rights to boundary". The game has been offline for more than a year at the time of writing, and no refunds or communications to the userbase has been made by Skystone Games.
|<ref>{{Cite web |date=2024-06-19 |title=Boundary - End of service notice |url=https://store.steampowered.com/news/app/1364020/view/4209257868262605607?l=english |url-status=live |access-date=2025-07-07 |website=Steam |archive-url=http://web.archive.org/web/20251021143111/https://store.steampowered.com/news/app/1364020/view/4209257868262605607?l=english |archive-date=21 Oct 2025}}</ref><ref>{{Cite web |date=2024-06-30 |title=Boundary Shut Down: Who's to Blame? |url=https://www.youtube.com/watch?v=Kr8IhV1fovE |url-status=live |archive-url=https://preservetube.com/watch?v=Kr8IhV1fovE |archive-date=16 Feb 2026}}</ref>
|-
|[[Sony]], Sony Online Entertainment/[[Daybreak Game Company]]
|Selling off SOE to the investment firm Columbus Nova, all games published by SOE were delisted without prior notice to consumers or developers, and licenses were revoked as well.
|<ref>{{Cite web |last=S |first=Shawn |date=Jun 10, 2016 |title=Akimi Village |url=https://delistedgames.com/akimi-village/ |url-status=live |archive-url=http://web.archive.org/web/20251127030103/https://delistedgames.com/akimi-village/ |archive-date=27 Nov 2025|website=Delisted Games}}</ref><ref>{{Cite news |last=Weber |first=Rachel |date=Feb 2, 2015 |title=SOE acquired, becomes Daybreak Game Company |url=https://www.gamesindustry.biz/soe-acquired-becomes-daybreak-game-company |work=GamesIndustry.biz |url-status=live |archive-url=http://web.archive.org/web/20260204235742/https://www.gamesindustry.biz/soe-acquired-becomes-daybreak-game-company |archive-date=4 Feb 2026}}</ref>
|-
|[[Superbox]]
|Android TV box manufacturer Superbox remotely locks consumers' devices if they were sold below the manufacturer's minimum specified prices and asks consumers to contact the retailer when they complain.
They are not the first to do something like this. [[Deye]] locked down inverters in the US that they suspected might be gray imports.
|<ref>{{Cite web |title=You'll Own Nothing and Be Happy |url=https://www.youtube.com/watch?v=5I5-rAyFQrk |website=YouTube |type=Video |url-status=live |archive-url=https://preservetube.com/watch?v=5I5-rAyFQrk |archive-date=16 Feb 2026}}</ref>
|-
|[[Superhive]]
|Customers, when purchasing executable code ("add-ons") were promised lifetime updates. Creators are getting announcements that updates are now limited to one year, even on products previously purchased with lifetime updates.
|https://youtu.be/042ltF-6a-w
|-
|[[TCL]]
|[[wikipedia:TCL_Technology|WP]]. Misleading advertising. Software and firmware full of bugs. Taking years to upgrade Android phones, and lying about the expected dates. Refusing to comply with Google policies and some gov regulations
|<ref>https://www.notebookcheck.net/TCL-can-t-advertise-TVs-as-QLED-since-they-lack-in-quantum-dots-and-color-accuracy.1243552.0.html</ref><ref>https://reddit.com/r/nxtpaper/comments/1nckzv5/tcl_update_policy/</ref><ref>https://reddit.com/r/Android/comments/vvnuq6/tcl_has_been_actively_ignoring_my_firmware/</ref>
|-
|[[Twitch]]
|Twitch has recently partnered with Persona to verify the ages of new affiliates before first payouts.
|
|-
|[[UP3]] By [[Jawbone]]
|Approximately 2011, Pioneering startup company from San Francisco, had revolutionary fitness trackers. In 2017 with no notice to customers they stole personal data and shut down app which in turn, bricked devices. Highly likely went bankrupt and sold to sister company to manipulate customer services and rights. Now owned by Aliph brands.
|
|-
|[[Vive]]
|In 2022, Vive discontinued the original Vive Facial Tracker module a year after the original release, then released an updated model with proprietary firmware that blocked use on other 3rd party VR headset, while only allowing the new model to work with their new locked-down headset. The 2021 version of the face tracker's long term support was seemingly cut overnight without any software updates since 2021.
|<ref>{{Cite web |last=Vive Team |date=2022-08-07 |title=VIVE Focus 3 gets Facial Tracker, and Eye Tracker |url=https://blog.vive.com/us/vive-focus-3-gets-facial-tracker-and-eye-tracker/ |url-status=live |archive-url=https://web.archive.org/web/20250619155201/https://blog.vive.com/us/vive-focus-3-gets-facial-tracker-and-eye-tracker/ |archive-date=2025-06-19 |access-date=2025-09-21 |website=Vive Blog}}</ref><ref>{{Cite web |last=StateKi |date=2023-10-10 |title=Post by StatekTi on X |url=https://x.com/StatekTi/status/1733954156379963393 |url-status=live |archive-url=https://archive.ph/DiYbF |archive-date=9 Jan 2026 |access-date=2025-11-21 |website=X (Formerly Twitter)}}</ref>
|-
|[[WHMCS]]
|Discontinuation of support and updates for WHMCS legacy “Owned” licenses, forcing users who want ongoing updates or technical support to switch to subscription licensing and pay recurring fees rather than continue with the original owned model. This change affects all holders of legacy owned licenses and alters the long-term terms under which those licenses were originally sold
|<ref>{{Cite web |title=WHMCS Knowledgebase |url=https://www.whmcs.com/members/index.php/knowledgebase/70/Support-and-Updates-Expiration.html |url-status=live |archive-url=http://web.archive.org/web/20251211021038/https://www.whmcs.com/members/index.php/knowledgebase/70/Support-and-Updates-Expiration.html |archive-date=11 Dec 2025}}</ref><ref>{{Cite web |title=Important pricing changes to your WHMCS owned license Mailer |url=https://www.whmcs.com/members/mailings/?k=price21-emailo |url-status=live |archive-url=https://web.archive.org/web/20260215233549/https://www.whmcs.com/members/mailings/?k=price21-emailo |archive-date=15 Feb 2026}}</ref>
|-
|Wheatstone Corporation
|Wheatstone Corporation are a manufacturer of professional broadcast equipment, mainly audio consoles and interfaces that utilise their proprietary Wheatnet audio over IP protocol.
Wheatstone restricts access to firmware updates, software configuration tools and software. You must open a support ticked in order for them to send you a download link to these software tools, they make it very difficult to access software required to make their hardware audio interfaces work, even stating they want proof of purchase (not just a licence key) before they will even give you the download link. Managing licences is also non-existent and you will need to contact support, and as such a fee is imposed.
|
|-
|[[Wireless Power Consortium]]
|After monopolizing wireless charging market Qi turned from an open standard into a proprietary.
Version 1.3 introduced "secure authentication between the transmitter and the receiver", i.e. in order to operate every charger must include an expensive proprietary chip licensed only to certified members. This results in increased development and manufacturing costs directly passed onto consumer. Version 2.2, unlike previous versions, "is available for WPC Members only".
|<ref>{{Cite web |title=Qi Certification Is Changing and We've Got You Covered |url=https://www.nxp.com/company/about-nxp/smarter-world-blog/BL-QI-CERTIFICATION-IS-CHANGING |url-status=live |archive-url=http://web.archive.org/web/20251104012700/https://www.nxp.com/company/about-nxp/smarter-world-blog/BL-QI-CERTIFICATION-IS-CHANGING |archive-date=4 Nov 2025|website=NXP Semiconductors}}</ref>
<ref>{{Cite web |title=Download the Qi Specifications |url=https://www.wirelesspowerconsortium.com/knowledge-base/specifications/download-the-qi-specifications/ |url-status=live |archive-url=http://web.archive.org/web/20251104094044/https://www.wirelesspowerconsortium.com/knowledge-base/specifications/download-the-qi-specifications/ |archive-date=4 Nov 2025|website=Wireless Power Consortium}}</ref>
|-
|Wolfgang Puck Bread Makers
|Some of the bread makers have anti repair screws in them to prevent people from repairing them themselves. Needs more citations.
|
|-
|[[World Orb]]
|World Network (Sam Altman/Open AI) scheme to collect biometric data on all people. Tied to cryptocurrency, AI schemes. Supposedly way for people to show they are human (run by the people who are trying to make a profit from AI).
|
|-
|[[Xcode]] support dropped for older MacBooks
|Apple has discontinued support for up to date versions of Xcode iOS development on older MacBook devices (discovered on my MacBook Pro 2017, but I’m sure it applies to other old devices as well), resulting in not being able to use a perfectly capable machine for iOS app development without having to go through countless loopholes. 1) you cannot commit new updates without utilizing a third-party medium, 2) the warning and error compiler is out of date due to not being able to update to the latest version, which of course supports the latest iOS release, so you have to figure it out on your own like it’s the 80’s 3) you must commit and release a new TestFlight build (through [1] loophole) to do any testing instead of being able to simulate on your Mac or even a connected device 4) this all really stems from the fact that the new Xcode updates require the new MacOS version which is also discontinued for older MacBooks. This means 8 year old device is basically just useless for such applications.
|[[Category:Sources]]
|-
|[[Zhiyun]]
|Like competing products from [[DJI]], Zhiyun video gimbals require a Chinese smartphone app, internet access and an [[Forced account|account]] to activate on first use.
|<ref>{{Cite web |last=ZHIYUN Tutorials |date=25 Jul 2023 |title=ZHIYUN CRANE 2S Activation Tutorial |url=https://www.youtube.com/watch?v=_CjNp6pWNoQ |archive-url=https://preservetube.com/watch?v=_CjNp6pWNoQ |archive-date=23 Feb 2026 |website=YouTube}}</ref>
|-
|Kohls
|There is no option to delete your account on their website
|
|-
|Microsoft Rewards
|Used to be a good program, but over the last few years they've implemented a number of anti-user policies including extensive cool-downs for earning points on Bing, and making it more difficult to redeem points. There are multiple reports on r/microsoftrewards of people getting banned or restricted when they have over $100 worth of points that they are trying to redeem. They've also removed points opportunities that used to be interesting and engaging.
|
|-
|
|City of Berlin installs security cameras that alerts authorities about people who are "loitering without reason".
|<ref>{{Cite web |last=Krempl |first=Stefan |date=10 Mar 2026 |title=Surveillance in Berlin: When AI reports "loitering without reason" |url=https://www.heise.de/en/news/Surveillance-in-Berlin-When-AI-reports-loitering-without-reason-11206420.html |website=heise}}</ref>
|}

==List of themes not yet covered==
Consumer Rights Wiki is not an encyclopedia.

*Before proposing or making a theme article, see if you can find an article that covers the topic on wikipedia, or some other reference. If you can, just use a reference to that.
*Check the list of theme articles [[:Category:common terms]], to be sure there isn't already an article on the topic, or one closely related. Sometimes a theme may be covered by generalizing an existing article.

{| class="wikitable"
|+
!Theme
!Summary of Theme
!Refs
|-
|Anti-rollback or ARB for device firmware
|most recent example being [[Oneplus phone update introduces hardware anti-rollback]] but ain't exclusive to it. Also implemented by [[Oneplus phone update introduces hardware anti-rollback#Comparison with other manufacturers|Samsung]], [https://mavicpilots.com/threads/not-be-able-to-degrade-firmfare-of-dji-mini2-from-01-06-0200.134806/#post-1518967 DJI] (link found from [[DJI]]) and likely many more.
|
|-
|Car manufacturers replacing physical controls by touch-screens
|This is increasingly common, and puts drivers at risk. Some corps pretend touchscreens are a "premium" or "modern" feature, but are typically cheaper for them
|
|}

==List of companies doing the right thing==
It would be helpful to include examples of companies doing the right thing, even if they aren't, strictly speaking, consumer products.
{| class="wikitable"
|+
!Company
!Good deed
!Refs
|-
|APSystems
|After requests from users, the company released a firmware update that adds a local API to their EZ-1M solar micro inverter, allowing it to remain fully usable if the company ends support for the device
|<ref>{{Cite web |title=APsystems EZHI Local API User Manual |url=https://global.apsystems.com/document/apsystems-ezhi-local-api-user-manual/ |url-status=live |archive-url=http://web.archive.org/web/20251107061040/https://global.apsystems.com/document/apsystems-ezhi-local-api-user-manual/ |archive-date=7 Nov 2025|website=global.apsystems.com}}</ref>
|-
|Concept2
|Readily provides parts and diagrams. Exists under a [https://www.concept2.com/about/perpetual-purpose-trust Perpetual Purpose Trust].
|
|-
|Core Devices (from creator of Pebble Smartwatches)
|Not strictly Core Devices, but when Pebble was sold to Fitbit, the servers remained online for some time, and the Pebble app was updated to allow the Rebble community project to take over some of the Pebble server-side functionality. All backers of the upcoming Pebble 2 series of watches were refunded in full, despite it being a crowd-funding campaign.
Following Google's acquisition of Fitbit and after many years, Google released much of the Pebble Smart Watch source code on github (excluding proprietary libraries). Core Devices and Rebble replaced the usage of the proprietary libraries with open source alternatives, and released new Android and iOS apps, not only supporting the new core devices, but bringing updated support to legacy Pebble devices.
|
|-
|Fairphone
|The new Fairphones (5th and 6th generation) are availible with stock android as well as e/os, which is a fork of lineage os and a european alternative cloud provider (murena) instead of google. This has many privacy features (app tracker blocker, tor network usage, and gps spoofing) availible in a few clicks. Also degoogle apps (microg, safetynet, ...) are preinstalled therefore it is w´possible to install everything also from playstore with an anonymous account. As e/os is a fork of lineage os and there is an official guide to flash the fairphone with e/os and is officially supported, flashing lineage os is very easy.
|<ref>{{Cite web |date=2026-02-24 |title=How to manually install Android on your Fairphone |url=https://support.fairphone.com/hc/en-us/articles/18896094650513-How-to-manually-install-Android-on-your-Fairphone |url-status=live}}</ref><ref>{{Cite web |title=The Fairphone (Gen. 6) with privacy first /e/OS |url=https://shop.fairphone.com/the-fairphone-gen-6-e-operating-system |url-status=live}}</ref>
|-
|Home Assistant
|Open-source smart home platform that provides local control, automation, and interoperability for a wide range of smart home devices. Provides support for many cloud devices after they're subject to [[discontinuation bricking]].
|<ref>{{Cite web |title=Home Assistant |url=https://www.home-assistant.io/ |url-status=live |archive-url=https://web.archive.org/web/20260129222300/https://www.home-assistant.io/ |archive-date=2026-01-29 |access-date=2026-02-05}}</ref>
|-
|Noctua
|Extremely long support for old products and availability of upgrade kits
|<ref>{{Cite web |last=LMG Clips |date=19 Feb 2026 |title=The Last CPU Cooler You Will Ever Buy |url=https://www.youtube.com/watch?v=D3g4-fb6u90 |archive-url=https://preservetube.com/watch?v=D3g4-fb6u90 |archive-date=23 Feb 2026}}</ref>
|-
|Numatic International
|A UK based manufacture of commercial and consumer wet/dry floor cleaning products (vacuums, scrubbers, floor buffers) that provides a robust library of technical documents, parts breakdowns, data sheets and training for free on both new and existing products without the need to login, pay additional fees or be an approved repair facility.
|
|-
|Oral-B
|When installing the Android App, there is no login, and the user is asked for analytics tracking consent.
|
|-
|Philips
|Added files for replacement parts to Printables so you can 3D print parts for your Philips products
|
|-
|ratgdo
|A garage door opener controller developed by Paul Wieland, allowing you to locally control it (namely Chamberlain openers that would otherwise require the MyQ app for smart home features).
|<ref>{{Cite web |last=Wieland |first=Paul |title=About - ratgdo |url=https://ratcloud.llc/pages/about |url-status=live |archive-url=https://web.archive.org/web/20251213022055/https://ratcloud.llc/pages/about |archive-date=2025-12-13 |access-date=2026-02-05}}</ref>
|-
|Reticulum
|Reticulum is an open-source, decentralized networking stack designed to communicate between practically any wireless device, even without internet. Its purpose is to provide fully anonymous end-to-end encrypted communication by default, especially in the age of government surveillance. The Reticulum network, protocol, and hardware are not tied any company in particular but were initially created by Github user 'markqvist'. Honorable mention to NomadNet, which is a network of nodes that serve webpages, similar to the internet, that communicate via Reticulum.
|<ref>{{Cite web |last=markqvist |title=Reticulum Network |url=https://reticulum.network/ |access-date=2026-02-15 |website=Reticulum |archive-url=http://web.archive.org/web/20260222180553/https://reticulum.network/ |archive-date=22 Feb 2026}}</ref>
|-
|stevesgames.co.uk
|Will never put ads or in-app purchases in their computer games and will make gamees available for free after securing the companys future.
|
|-
|Tektronix
|Provided extensive product data on unsupported products to a museum, vintageTEK, and thus to tekwiki and the rest of the community.
|<ref>{{Cite web |last=Lenihan |first=Thomas F. |date=2012-02-28 |title=Copyright Notice |url=https://vintagetek.org/copyright-notice/ |url-status=live |archive-url=https://web.archive.org/web/20250828004431/https://vintagetek.org/copyright-notice/ |archive-date=2025-08-28 |access-date=2025-10-18 |website=vintageTEK museum}}</ref>
|-
|Ulanzi
|The company offers a tutorial on how users can mix their own fog juice to use with Ulanzi mini fog machines from readily available low-cost ingredients, whereas competitors sell proprietary fog juice at extortionate prices, refuse to release the formula and refuse to honour the warranty if users use anything but the OEM brand with their machines.
|<ref>{{Cite web |title=Tutorial {{!}} How to DIY Ulanzi FM01 Fog Machine Juice? |url=https://www.youtube.com/watch?v=qiq1B6-dcEM |type=Video}} ([https://preservetube.com/watch?v=qiq1B6-dcEM Archived])</ref>
|}

==See Also==

*[[Louis Rossmann - Video Directory]]
*[[Other Channels - Video Directory|Other Channels - Video Directory]]

==Reference List==
<references />

JavaScript

2026-03-22T15:52:39Z

Rudxain: bsky JS is just questionable. "at best" implies they're deliberately lying

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> John Gruber says that JS shouldn't be part of browsers;<ref>{{Cite web |last=Gruber |first=John |date=2017-06-22 |title=Gizmodo Investigation Exposes Websites Collecting Form Data Before You Hit 'Submit' |url=https://daringfireball.net/linked/2017/06/22/navistone-form-data |url-status=live |archive-url=https://web.archive.org/web/20260319180650/https://daringfireball.net/linked/2017/06/22/navistone-form-data |archive-date=2026-03-19 |access-date=2026-03-20 |website=Daring Fireball}}</ref><ref>{{Cite web |last=Gruber |first=John |date=2017-06-27 |title=Using Today's Web Without JavaScript |url=https://daringfireball.net/linked/2017/06/27/web-without-javascript |url-status=live |archive-url=https://web.archive.org/web/20260319180612/https://daringfireball.net/linked/2017/06/27/web-without-javascript |archive-date=2026-03-19 |access-date=2026-03-20 |website=Daring Fireball}}</ref> one way that would work is by turning JS into an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] that the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]), makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The main valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS
*[[wikipedia:Instant_messaging|Instant messaging]] (self-evident)

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of ES), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a [[Bloatware|bloated]] pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled, even when its use is "illegitimate":

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate
*[[Discord]]. While its instant-messaging functionality legitimately requires JS, they refuse to let the user change their account settings (including security and privacy ones) unless JS is enabled.

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*Google being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*Discord being extremely bloated to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-22T15:48:31Z

Rudxain: JS is still JS even if it weren't a Standard

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> John Gruber says that JS shouldn't be part of browsers;<ref>{{Cite web |last=Gruber |first=John |date=2017-06-22 |title=Gizmodo Investigation Exposes Websites Collecting Form Data Before You Hit 'Submit' |url=https://daringfireball.net/linked/2017/06/22/navistone-form-data |url-status=live |archive-url=https://web.archive.org/web/20260319180650/https://daringfireball.net/linked/2017/06/22/navistone-form-data |archive-date=2026-03-19 |access-date=2026-03-20 |website=Daring Fireball}}</ref><ref>{{Cite web |last=Gruber |first=John |date=2017-06-27 |title=Using Today's Web Without JavaScript |url=https://daringfireball.net/linked/2017/06/27/web-without-javascript |url-status=live |archive-url=https://web.archive.org/web/20260319180612/https://daringfireball.net/linked/2017/06/27/web-without-javascript |archive-date=2026-03-19 |access-date=2026-03-20 |website=Daring Fireball}}</ref> one way that would work is by turning JS into an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] that the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]), makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The main valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS
*[[wikipedia:Instant_messaging|Instant messaging]] (self-evident)

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of ES), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a [[Bloatware|bloated]] pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled, even when its use is "illegitimate":

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate
*[[Discord]]. While its instant-messaging functionality legitimately requires JS, they refuse to let the user change their account settings (including security and privacy ones) unless JS is enabled.

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*Google being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*Discord being extremely bloated to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-20T22:33:58Z

Rudxain:

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> John Gruber says that JS shouldn't exist;<ref>{{Cite web |last=Gruber |first=John |date=2017-06-22 |title=Gizmodo Investigation Exposes Websites Collecting Form Data Before You Hit 'Submit' |url=https://daringfireball.net/linked/2017/06/22/navistone-form-data |url-status=live |archive-url=https://web.archive.org/web/20260319180650/https://daringfireball.net/linked/2017/06/22/navistone-form-data |archive-date=2026-03-19 |access-date=2026-03-20 |website=Daring Fireball}}</ref><ref>{{Cite web |last=Gruber |first=John |date=2017-06-27 |title=Using Today's Web Without JavaScript |url=https://daringfireball.net/linked/2017/06/27/web-without-javascript |url-status=live |archive-url=https://web.archive.org/web/20260319180612/https://daringfireball.net/linked/2017/06/27/web-without-javascript |archive-date=2026-03-19 |access-date=2026-03-20 |website=Daring Fireball}}</ref> One way that would work is by turning JS into an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] that the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]), makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The main valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS
*[[wikipedia:Instant_messaging|Instant messaging]] (self-evident)

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of ES), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a [[Bloatware|bloated]] pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled, even when its use is "illegitimate":

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate
*[[Discord]]. While its instant-messaging functionality legitimately requires JS, they refuse to let the user change their account settings (including security and privacy ones) unless JS is enabled.

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*Google being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*Discord being extremely bloated to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-20T22:10:37Z

Rudxain: IG ext-link already is ref on "Forced account", and it makes more sense there, so remove from here

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> John Gruber says that JS shouldn't exist;<ref>{{Cite web |last=Gruber |first=John |date=2017-06-22 |title=Gizmodo Investigation Exposes Websites Collecting Form Data Before You Hit 'Submit' |url=https://daringfireball.net/linked/2017/06/22/navistone-form-data |url-status=live |archive-url=https://web.archive.org/web/20260319180650/https://daringfireball.net/linked/2017/06/22/navistone-form-data |archive-date=2026-03-19 |access-date=2026-03-20 |website=Daring Fireball}}</ref><ref>{{Cite web |last=Gruber |first=John |date=2017-06-27 |title=Using Today's Web Without JavaScript |url=https://daringfireball.net/linked/2017/06/27/web-without-javascript |url-status=live |archive-url=https://web.archive.org/web/20260319180612/https://daringfireball.net/linked/2017/06/27/web-without-javascript |archive-date=2026-03-19 |access-date=2026-03-20 |website=Daring Fireball}}</ref> One way that would work is by turning JS into an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] that the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]), makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The main valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS
*[[wikipedia:Instant_messaging|Instant messaging]] (self-evident)

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ES spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a [[Bloatware|bloated]] pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled, even when its use is "illegitimate":

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate
*[[Discord]]. While its instant-messaging functionality legitimately requires JS, they refuse to let the user change their account settings (including security and privacy ones) unless JS is enabled.

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*Google being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*Discord being extremely bloated to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-20T22:06:41Z

Rudxain: /* List of sites refusing to work without JS */

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> John Gruber says that JS shouldn't exist;<ref>{{Cite web |last=Gruber |first=John |date=2017-06-22 |title=Gizmodo Investigation Exposes Websites Collecting Form Data Before You Hit 'Submit' |url=https://daringfireball.net/linked/2017/06/22/navistone-form-data |url-status=live |archive-url=https://web.archive.org/web/20260319180650/https://daringfireball.net/linked/2017/06/22/navistone-form-data |archive-date=2026-03-19 |access-date=2026-03-20 |website=Daring Fireball}}</ref><ref>{{Cite web |last=Gruber |first=John |date=2017-06-27 |title=Using Today's Web Without JavaScript |url=https://daringfireball.net/linked/2017/06/27/web-without-javascript |url-status=live |archive-url=https://web.archive.org/web/20260319180612/https://daringfireball.net/linked/2017/06/27/web-without-javascript |archive-date=2026-03-19 |access-date=2026-03-20 |website=Daring Fireball}}</ref> One way that would work is by turning JS into an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] that the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]), makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The main valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS
*[[wikipedia:Instant_messaging|Instant messaging]] (self-evident)

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ES spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a [[Bloatware|bloated]] pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled, even when its use is "illegitimate":

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate
*[[Discord]]. While its instant-messaging functionality legitimately requires JS, they refuse to let the user change their account settings (including security and privacy ones) unless JS is enabled.

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*Google being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*Instagram refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*Discord being extremely bloated to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-20T21:58:01Z

Rudxain: improve John Gruber citation

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> John Gruber says that JS shouldn't exist;<ref>{{Cite web |last=Gruber |first=John |date=2017-06-22 |title=Gizmodo Investigation Exposes Websites Collecting Form Data Before You Hit 'Submit' |url=https://daringfireball.net/linked/2017/06/22/navistone-form-data |url-status=live |archive-url=https://web.archive.org/web/20260319180650/https://daringfireball.net/linked/2017/06/22/navistone-form-data |archive-date=2026-03-19 |access-date=2026-03-20 |website=Daring Fireball}}</ref><ref>{{Cite web |last=Gruber |first=John |date=2017-06-27 |title=Using Today's Web Without JavaScript |url=https://daringfireball.net/linked/2017/06/27/web-without-javascript |url-status=live |archive-url=https://web.archive.org/web/20260319180612/https://daringfireball.net/linked/2017/06/27/web-without-javascript |archive-date=2026-03-19 |access-date=2026-03-20 |website=Daring Fireball}}</ref> One way that would work is by turning JS into an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] that the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]), makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The main valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS
*[[wikipedia:Instant_messaging|Instant messaging]]. For self-evident reasons.

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ES spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a [[Bloatware|bloated]] pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate
*[[Discord]]. While its instant-messaging functionality does require JS, they refuse to let the user change their account settings (including security and privacy ones).

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*Google being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*Instagram refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*Discord being extremely bloated to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-20T21:24:26Z

Rudxain: comment on tc39 improving ES

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even exist,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]), makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The main valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS
*[[wikipedia:Instant_messaging|Instant messaging]]. For self-evident reasons.

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ES spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a [[Bloatware|bloated]] pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate
*[[Discord]]. While its instant-messaging functionality does require JS, they refuse to let the user change their account settings (including security and privacy ones).

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*Google being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*Instagram refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*Discord being extremely bloated to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-20T21:11:03Z

Rudxain: remove other duped links

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even exist,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]), makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The main valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS
*[[wikipedia:Instant_messaging|Instant messaging]]. For self-evident reasons.

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ES spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a [[Bloatware|bloated]] pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate
*[[Discord]]. While its instant-messaging functionality does require JS, they refuse to let the user change their account settings (including security and privacy ones).

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*Google being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*Instagram refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*Discord being extremely bloated to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-20T21:09:21Z

Rudxain: mention instant-messaging as another justification; criticize disbloat account-settings forced-JS

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even exist,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]), makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The main valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS
*[[wikipedia:Instant_messaging|Instant messaging]]. For self-evident reasons.

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ES spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a [[Bloatware|bloated]] pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate
*[[Discord]]. While its instant-messaging functionality does require JS, they refuse to let the user change their account settings (including security and privacy ones).

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*[[Google]] being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[[Instagram]] refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*[[Discord]] being extremely bloated to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-20T21:02:52Z

Rudxain: remove hyperbole

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even exist,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]), makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The only valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ES spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a [[Bloatware|bloated]] pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*[[Google]] being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[[Instagram]] refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*[[Discord]] being extremely bloated to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-20T21:00:39Z

Rudxain:

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even exist,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]) is a recipe for disaster, as it makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The only valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ES spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a [[Bloatware|bloated]] pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*[[Google]] being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[[Instagram]] refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*[[Discord]] being extremely bloated to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-20T16:03:12Z

Rudxain: move bloat link

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even exist,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]) is a recipe for disaster, as it makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The only valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ES spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are economically incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a [[Bloatware|bloated]] pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*[[Google]] being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[[Instagram]] refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*[[Discord]] being extremely bloated to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-20T15:42:17Z

Rudxain: ref Jake Archibald

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even exist,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]) is a recipe for disaster, as it makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The only valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ES spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are economically incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a bloated pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*[[Google]] being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[[Instagram]] refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*[[Discord]] being extremely [[Bloatware|bloated]] to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-20T13:39:14Z

Rudxain: fix typo in comment about "not typo", lol, sorry 😅

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even exist,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]) is a recipe for disaster, as it makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref> The only valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ES spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are economically incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a bloated pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*[[Google]] being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[[Instagram]] refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*[[Discord]] being extremely [[Bloatware|bloated]] to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-20T13:38:11Z

Rudxain: comment about ES being TC

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even exist,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]) is a recipe for disaster, as it makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref> The only valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ES spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are economically incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a bloated pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*[[Google]] being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[[Instagram]] refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*[[Discord]] being extremely [[Bloatware|bloated]] to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-20T13:36:42Z

Rudxain: unlink DOM in ext-links, as it's linked earlier

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even exist,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]) is a recipe for disaster, as it makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref> The only valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ES spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are economically incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a bloated pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*[[Google]] being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[[Instagram]] refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*[[Discord]] being extremely [[Bloatware|bloated]] to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated DOM-tree, but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-20T13:31:39Z

Rudxain: ES + WebAPI = JS

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior.<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS is built into almost every web-browser and [[wikipedia:User_agent|user-agent]] (UA), including "light-weight" ones (such as [[wikipedia:W3m|w3m]]), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even exist,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]) is a recipe for disaster, as it makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the [[wikipedia:Document_Object_Model|DOM]]-tree only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to [[wikipedia:WebAssembly|Wasm]], because of its first-class access to Web APIs.

==Why it is a problem==
Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref> The only valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ES spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are economically incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a bloated pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*[[Google]] being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[[Instagram]] refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*[[Discord]] being extremely [[Bloatware|bloated]] to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated [[wikipedia:Document_Object_Model|DOM-tree]], but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

Amazon Echo changes terms of voice usage

2026-03-20T12:40:59Z

Rudxain:

{{IncidentCargo
|Company=Amazon
|StartDate=2025-03
|EndDate=
|Status=
|ProductLine=Amazon Echo
|Product=
|ArticleType=
|Type=Privacy
|Description= Amazon removed an opt out option from amazon echo client device series for the amazon alexa, citing the need to collect data for generative AI training
}}
[[Amazon Echo]] is a series of client devices for the [[Amazon Alexa]] voice control platform for connected smart homes. Echo products have long offered the option to disable cloud voice analysis and perform processing on-device, in addition to a separate option that theoretically prevents the company from saving voice recordings. However, in March of 2025, the company sent an email to users with this option on that disables the first option and only leaves the second, citing the need to [[Artificial intelligence/training|train generative AI]].<ref name=":0">{{Cite web |last=Robledo |first=Anthony |date=2025-03-17 |title=Amazon is removing an Echo privacy setting that keeps Alexa recordings from the company |url=https://www.usatoday.com/story/tech/2025/03/17/amazon-echo-alexa-reporting-privacy/82503576007/ |url-status=live |archive-url=https://web.archive.org/web/20250319001811/https://www.usatoday.com/story/tech/2025/03/17/amazon-echo-alexa-reporting-privacy/82503576007/ |archive-date=2025-03-19 |access-date=2025-03-20 |website=USA Today}}</ref>

==Background==
Alexa as a service is based around an edge client + cloud service model where a physical device acts as a conduit between voice and the cloud. This raises substantial privacy concerns as it is, because the lack of open source means that no one actually knows whether privacy settings are respected. However, much like Apple, Amazon assured customers through its settings interface that enabling the "Do Not Send Voice Recordings" setting would utilize exclusively local processing, sending your data to the cloud only "for features that require the transmission of audio, such as when you make a call or send a message or announcement via Alexa."<ref name=":1">{{Cite web |title=Amazon is ending the option to not send Echo voice recordings to the cloud|url=https://www.theverge.com/news/630049/amazon-echo-discontinues-do-not-send-voice-recording-setting|url-status=live |first=Jennifer|last=Tuohy|date=2025-03-14|work=TheVerge|archive-url=https://web.archive.org/web/20250814102301/https://www.theverge.com/news/630049/amazon-echo-discontinues-do-not-send-voice-recording-setting |archive-date=2025-08-14}}</ref> Local processing was available as a server on the Echo (4th Gen), Echo Show 10, and Echo Show 15, and could be utilized by lower power or older devices as clients.<ref name=":1" />

From archival analysis of the [https://www.amazon.com/gp/help/customer/display.html?nodeId=201602230 Alexa FAQ] page, it can be estimated that this feature was introduced in early to mid 2022, given the first available archived copy of the page was in September 2022. As of writing, this page still includes this feature despite its imminent removal.<ref>{{Cite web |title=Alexa and Alexa Device FAQs |url=https://www.amazon.com/gp/help/customer/display.html?nodeId=201602230 |url-status=live |archive-url=https://web.archive.org/web/20220901001441/https://www.amazon.com/gp/help/customer/display.html?nodeId=201602230 |archive-date=2022-09-01 |access-date=2025-03-20 |website=Amazon Customer Support}}</ref> This likely means that the Echo (4th Gen) was not launched with this feature, as it was launched 10/22/2020<ref>{{Cite web |last=Gartenberg |first=Chaim |date=2020-09-24 |title=Amazon redesigns the Echo with a new spherical design and a custom machine learning processor |url=https://www.theverge.com/2020/9/24/21452347/amazon-echo-4th-generation-features-price-release-date-alexa |url-status=live |archive-url=https://web.archive.org/web/20241212183356/https://www.theverge.com/2020/9/24/21452347/amazon-echo-4th-generation-features-price-release-date-alexa |archive-date=2024-12-12 |access-date=2025-03-20 |website=The Verge}}</ref> with the Echo Show 10 following not long after on 2/25/2021.<ref>{{Cite web |last=Seifert |first=Dan |date=2021-02-24 |title=Amazon Echo Show 10 review: Alexa’s next move |url=https://www.theverge.com/22297810/amazon-echo-show-10-2021-review |url-status=live |archive-url=https://web.archive.org/web/20250317152944/https://www.theverge.com/22297810/amazon-echo-show-10-2021-review |archive-date=2025-03-17 |access-date=2025-03-20 |website=The Verge}}</ref> However, the Echo Show 15 (2023) and Echo Show 15 (2024) were both launched since, as implied by their names, and even the former was announced after this feature was unveiled.<ref>{{Cite web |last=Tuohy |first=Jennifer Pattison |date=2022-12-16 |title=Amazon Echo Show 15 review: Alexa’s on your wall |url=https://www.theverge.com/22839220/amazon-echo-show-15-review-wall-mounted-alexa-tablet-kitchen-tv |url-status=live |archive-url=https://web.archive.org/web/20250307173006/https://www.theverge.com/22839220/amazon-echo-show-15-review-wall-mounted-alexa-tablet-kitchen-tv |archive-date=2025-03-07 |access-date=2025-03-20 |website=The Verge}}</ref>

==Removal of the Do Not Send Voice feature==
[[File:Amazon Echo removal of Do Not Send Voice option.png|thumb|250px|alt=This image is a screenshot of the email sent by Amazon to customers using the Do Not Send Voice Recordings feature on Echo devices. It indicates that on March 28, 2025, this feature will be disabled and voice recordings will recorded as they "expand Alexa’s capabilities with generative AI features."|E-mail from Amazon, 2025-03-14]]
On March 14, 2025 (unknown if this notice rolled out over multiple days), Amazon sent an email with the subject "Upcoming change to your Alexa Settings" to customers which had enabled the Do Not Send Voice feature. The email cites coming improvements to Alexa, including the addition of generative AI features. No alternative is given other than the already-existing "Don't save recordings" feature, which merely prohibits Amazon from keeping copies of the recordings.

Amazon claims in the email that "[t]he Alexa experience is designed to protect your privacy and keep your data secure." However, they do not appear to elaborate on this further than redirecting customers to the Alexa Privacy Hub, which cites features like the microphone toggle button and the ability to go back through already saved recordings and delete them.<ref>{{Cite web |title=Alexa Privacy Hub |url=https://www.amazon.com/b/?node=19149155011 |url-status=live |archive-url=https://web.archive.org/web/20250220192838/https://www.amazon.com/Alexa-Privacy-Hub/b?ie=UTF8&node=19149155011 |archive-date=2025-02-20 |access-date=2025-03-20 |website=Amazon.com}}</ref>

It is worth noting that other companies like Apple that admit to sending some voice/speech data for processing at least claim to use confidential computing ([[wikipedia:Confidential_computing|read more on Wikipedia]]) techniques like Private Cloud Compute.<ref>{{Cite web |date=June 10, 2024 |title=Private Cloud Compute: A new frontier for AI privacy in the cloud |url=https://security.apple.com/blog/private-cloud-compute/ |archive-url=https://web.archive.org/web/20260222050834/https://security.apple.com/blog/private-cloud-compute/ |archive-date=February 22, 2026 |website=security.apple.com}}</ref> While these are not fully open-source solutions, these privacy-preserving technologies are audited externally and claim to be inaccessible to employees. Amazon has, in the past, admitted some recordings "undergo anonymized human review,<ref>{{Cite web |last=Scarcella |first=Mike |date=2024-10-31 |title=Amazon denies duping US consumers over Alexa’s recording practices |url=https://www.reuters.com/legal/transactional/amazon-denies-duping-us-consumers-over-alexas-recording-practices-2024-10-31/ |url-access=subscription |url-status=live |archive-url=https://ghostarchive.org/archive/yJb3o |archive-date=2026-02-24 |access-date=2025-03-20 |website=Reuters}}</ref>" so it is evident these recordings are not fully autonomously processed in such a way.

==Consumer response==

The response to this issue has been varied--some consumers, such as many in one Reddit thread,<ref>{{Cite web |date=2025-03-14 |title=PSA: Amazon Alexa discontinuing Do Not Send Voice Recordings |url=https://old.reddit.com/r/privacy/comments/1jb8qwx/psa_amazon_alexa_discontinuing_do_not_send_voice/ |archive-url=https://web.archive.org/web/20250526183848/https://old.reddit.com/r/privacy/comments/1jb8qwx/psa_amazon_alexa_discontinuing_do_not_send_voice/ |archive-date=2025-05-26 |website=Reddit - r/privacy}}</ref> were quite displeased with the removal of the feature, with comments like "Great opportunity to discontinue Amazon Alexa!" and "We will spy on you and you will like it." However, media outlets have circulated a claim by Amazon that only 0.03% of users used the feature,<ref name=":0" /><ref>{{Cite web |date=2025-03-19 |title=Amazon ends little-used privacy feature that let Echo users opt out of sending recordings to company |url=https://apnews.com/article/amazon-privacy-echo-7fb3c19fa7f664bde5c5be259f8b23ee |url-status=live |archive-url=http://web.archive.org/web/20251119023958/https://apnews.com/article/amazon-privacy-echo-7fb3c19fa7f664bde5c5be259f8b23ee |archive-date=19 Nov 2025|access-date=2025-03-20 |website=The Associated Press}}</ref> so it is likely that this will go broadly unnoticed whether it is positive or negative.

== See also ==

* [[Post-purchase EULA modification]]

==References==
{{Reflist}}

[[Category:Amazon Echo]]
[[Category:Amazon]]
[[Category:2025 incidents]]

AI training

2026-03-20T12:39:05Z

Rudxain: Redirected page to Artificial intelligence/training

#REDIRECT [[Artificial intelligence/training]]

Amazon Echo changes terms of voice usage

2026-03-20T12:38:19Z

Rudxain: link AI train

{{IncidentCargo
|Company=Amazon
|StartDate=2025-03
|EndDate=
|Status=
|ProductLine=Amazon Echo
|Product=
|ArticleType=
|Type=Privacy
|Description= Amazon removed an opt out option from amazon echo client device series for the amazon alexa, citing the need to collect data for generative AI training
}}
[[Amazon Echo]] is a series of client devices for the [[Amazon Alexa]] voice control platform for connected smart homes. Echo products have long offered the option to disable cloud voice analysis and perform processing on-device, in addition to a separate option that theoretically prevents the company from saving voice recordings. However, in March of 2025, the company sent an email to users with this option on that disables the first option and only leaves the second, citing the need to [[Artificial intelligence/training|train generative AI]].<ref name=":0">{{Cite web |last=Robledo |first=Anthony |date=2025-03-17 |title=Amazon is removing an Echo privacy setting that keeps Alexa recordings from the company |url=https://www.usatoday.com/story/tech/2025/03/17/amazon-echo-alexa-reporting-privacy/82503576007/ |url-status=live |archive-url=https://web.archive.org/web/20250319001811/https://www.usatoday.com/story/tech/2025/03/17/amazon-echo-alexa-reporting-privacy/82503576007/ |archive-date=2025-03-19 |access-date=2025-03-20 |website=USA Today}}</ref>

==Background==
Alexa as a service is based around an edge client + cloud service model where a physical device acts as a conduit between voice and the cloud. This raises substantial privacy concerns as it is, because the lack of open source means that no one actually knows whether privacy settings are respected. However, much like Apple, Amazon assured customers through its settings interface that enabling the "Do Not Send Voice Recordings" setting would utilize exclusively local processing, sending your data to the cloud only "for features that require the transmission of audio, such as when you make a call or send a message or announcement via Alexa."<ref name=":1">{{Cite web |title=Amazon is ending the option to not send Echo voice recordings to the cloud|url=https://www.theverge.com/news/630049/amazon-echo-discontinues-do-not-send-voice-recording-setting|url-status=live |first=Jennifer|last=Tuohy|date=2025-03-14|work=TheVerge|archive-url=https://web.archive.org/web/20250814102301/https://www.theverge.com/news/630049/amazon-echo-discontinues-do-not-send-voice-recording-setting |archive-date=2025-08-14}}</ref> Local processing was available as a server on the Echo (4th Gen), Echo Show 10, and Echo Show 15, and could be utilized by lower power or older devices as clients.<ref name=":1" />

From archival analysis of the [https://www.amazon.com/gp/help/customer/display.html?nodeId=201602230 Alexa FAQ] page, it can be estimated that this feature was introduced in early to mid 2022, given the first available archived copy of the page was in September 2022. As of writing, this page still includes this feature despite its imminent removal.<ref>{{Cite web |title=Alexa and Alexa Device FAQs |url=https://www.amazon.com/gp/help/customer/display.html?nodeId=201602230 |url-status=live |archive-url=https://web.archive.org/web/20220901001441/https://www.amazon.com/gp/help/customer/display.html?nodeId=201602230 |archive-date=2022-09-01 |access-date=2025-03-20 |website=Amazon Customer Support}}</ref> This likely means that the Echo (4th Gen) was not launched with this feature, as it was launched 10/22/2020<ref>{{Cite web |last=Gartenberg |first=Chaim |date=2020-09-24 |title=Amazon redesigns the Echo with a new spherical design and a custom machine learning processor |url=https://www.theverge.com/2020/9/24/21452347/amazon-echo-4th-generation-features-price-release-date-alexa |url-status=live |archive-url=https://web.archive.org/web/20241212183356/https://www.theverge.com/2020/9/24/21452347/amazon-echo-4th-generation-features-price-release-date-alexa |archive-date=2024-12-12 |access-date=2025-03-20 |website=The Verge}}</ref> with the Echo Show 10 following not long after on 2/25/2021.<ref>{{Cite web |last=Seifert |first=Dan |date=2021-02-24 |title=Amazon Echo Show 10 review: Alexa’s next move |url=https://www.theverge.com/22297810/amazon-echo-show-10-2021-review |url-status=live |archive-url=https://web.archive.org/web/20250317152944/https://www.theverge.com/22297810/amazon-echo-show-10-2021-review |archive-date=2025-03-17 |access-date=2025-03-20 |website=The Verge}}</ref> However, the Echo Show 15 (2023) and Echo Show 15 (2024) were both launched since, as implied by their names, and even the former was announced after this feature was unveiled.<ref>{{Cite web |last=Tuohy |first=Jennifer Pattison |date=2022-12-16 |title=Amazon Echo Show 15 review: Alexa’s on your wall |url=https://www.theverge.com/22839220/amazon-echo-show-15-review-wall-mounted-alexa-tablet-kitchen-tv |url-status=live |archive-url=https://web.archive.org/web/20250307173006/https://www.theverge.com/22839220/amazon-echo-show-15-review-wall-mounted-alexa-tablet-kitchen-tv |archive-date=2025-03-07 |access-date=2025-03-20 |website=The Verge}}</ref>

==Removal of the Do Not Send Voice feature==
[[File:Amazon Echo removal of Do Not Send Voice option.png|thumb|250px|alt=This image is a screenshot of the email sent by Amazon to customers using the Do Not Send Voice Recordings feature on Echo devices. It indicates that on March 28, 2025, this feature will be disabled and voice recordings will recorded as they "expand Alexa’s capabilities with generative AI features."|E-mail from Amazon, 2025-03-14]]
On March 14, 2025 (unknown if this notice rolled out over multiple days), Amazon sent an email with the subject "Upcoming change to your Alexa Settings" to customers which had enabled the Do Not Send Voice feature. The email cites coming improvements to Alexa, including the addition of generative AI features. No alternative is given other than the already-existing "Don't save recordings" feature, which merely prohibits Amazon from keeping copies of the recordings.

Amazon claims in the email that "[t]he Alexa experience is designed to protect your privacy and keep your data secure." However, they do not appear to elaborate on this further than redirecting customers to the Alexa Privacy Hub, which cites features like the microphone toggle button and the ability to go back through already saved recordings and delete them.<ref>{{Cite web |title=Alexa Privacy Hub |url=https://www.amazon.com/b/?node=19149155011 |url-status=live |archive-url=https://web.archive.org/web/20250220192838/https://www.amazon.com/Alexa-Privacy-Hub/b?ie=UTF8&node=19149155011 |archive-date=2025-02-20 |access-date=2025-03-20 |website=Amazon.com}}</ref>

It is worth noting that other companies like Apple that admit to sending some voice/speech data for processing at least claim to use confidential computing ([[wikipedia:Confidential_computing|read more on Wikipedia]]) techniques like Private Cloud Compute.<ref>{{Cite web |date=June 10, 2024 |title=Private Cloud Compute: A new frontier for AI privacy in the cloud |url=https://security.apple.com/blog/private-cloud-compute/ |archive-url=https://web.archive.org/web/20260222050834/https://security.apple.com/blog/private-cloud-compute/ |archive-date=February 22, 2026 |website=security.apple.com}}</ref> While these are not fully open-source solutions, these privacy-preserving technologies are audited externally and claim to be inaccessible to employees. Amazon has, in the past, admitted some recordings "undergo anonymized human review,<ref>{{Cite web |last=Scarcella |first=Mike |date=2024-10-31 |title=Amazon denies duping US consumers over Alexa’s recording practices |url=https://www.reuters.com/legal/transactional/amazon-denies-duping-us-consumers-over-alexas-recording-practices-2024-10-31/ |url-access=subscription |url-status=live |archive-url=https://ghostarchive.org/archive/yJb3o |archive-date=2026-02-24 |access-date=2025-03-20 |website=Reuters}}</ref>" so it is evident these recordings are not fully autonomously processed in such a way.

==Consumer response==

The response to this issue has been varied--some consumers, such as many in one Reddit thread,<ref>{{Cite web |date=2025-03-14 |title=PSA: Amazon Alexa discontinuing Do Not Send Voice Recordings |url=https://old.reddit.com/r/privacy/comments/1jb8qwx/psa_amazon_alexa_discontinuing_do_not_send_voice/ |archive-url=https://web.archive.org/web/20250526183848/https://old.reddit.com/r/privacy/comments/1jb8qwx/psa_amazon_alexa_discontinuing_do_not_send_voice/ |archive-date=2025-05-26 |website=Reddit - r/privacy}}</ref> were quite displeased with the removal of the feature, with comments like "Great opportunity to discontinue Amazon Alexa!" and "We will spy on you and you will like it." However, media outlets have circulated a claim by Amazon that only 0.03% of users used the feature,<ref name=":0" /><ref>{{Cite web |date=2025-03-19 |title=Amazon ends little-used privacy feature that let Echo users opt out of sending recordings to company |url=https://apnews.com/article/amazon-privacy-echo-7fb3c19fa7f664bde5c5be259f8b23ee |url-status=live |archive-url=http://web.archive.org/web/20251119023958/https://apnews.com/article/amazon-privacy-echo-7fb3c19fa7f664bde5c5be259f8b23ee |archive-date=19 Nov 2025|access-date=2025-03-20 |website=The Associated Press}}</ref> so it is likely that this will go broadly unnoticed whether it is positive or negative.

==References==
{{Reflist}}

[[Category:Amazon Echo]]
[[Category:Amazon]]
[[Category:2025 incidents]]

Changing contract after agreement

2026-03-20T12:33:03Z

Rudxain: Redirected page to Post-purchase EULA modification

#REDIRECT [[Post-purchase EULA modification]]

Changing terms after agreement

2026-03-20T12:32:06Z

Rudxain: Redirected page to Post-purchase EULA modification

#REDIRECT [[Post-purchase EULA modification]]

Artificial intelligence

2026-03-20T12:22:52Z

Rudxain: mention Prompt injection

{{Irrelevant}}{{ToneWarning}}

'''Artificial intelligence''' (AI) is a field of computer science that produces systems designed to solve problems that humans typically solve using intelligence. In the consumer and industry space, it is commonly referred to as chatbots or [[wikipedia:Large language model|large language models]] (LLMs), which have been a main focus of industry since the November 2022 launch of [[OpenAI]]'s [[ChatGPT]], with tens of billions of dollars in funding allocated to producing more popular LLMs. This is also a significant focus on [[wikipedia:Text-to-image model|text-to-image models]], which "draw" an image using a written prompt, and less commonly, [[wikipedia:Text-to-video model|text-to-video models]], which extend the text-to-image concept across several smooth video frames.

AI is not a new concept; it has been of interest since the 1950s. AI is a catch-all term, encompassing many areas and techniques.

[[wikipedia:Generative artificial intelligence|Generative artificial intelligence]] models are trained through vast amounts of existing human-generated content. LLMs gather statistics on word patterns, which allows the model to generate sequences of words that seem similar to what a person might have written. However, an LLM does not understand anything; they cannot reason. They generate randomly modulated pattern of tokens. In this way, they function similarly to autocomplete.

People reading sequences of tokens sometimes perceive things they think are true. Sequences that do not make sense to the reader, or that are false, are called [[wikipedia:Hallucination (artificial intelligence)|hallucinations]]. LLMs are typically trained to produce output that is pleasing to people, exhibiting [[dark patterns]]. For example, they produce output which seems confidently written, use patterns which praise the user (sycophancy), and employ emotionally manipulative language.

People are accustomed to interacting with others, and many overestimate the abilities of things that exhibit complex, person-like patterns. Promoters of “AI” systems take advantage of this tendency, using suggestive names (like “reasoning” and “learning”) and grand claims (“PhD level”), which make it harder for people to understand these systems.

From November 2022 to 2025, venture capitalists and companies invested hundreds of billions of dollars into AI but received minimal returns. When companies seek returns, consumers can expect that products may be orphaned, services may be reduced, customer data may be sold or repurposed, costs may rise, and companies may reduce staff or fail. Historically, AI has had brief periods of intense hype, followed by disillusionment, and “AI winters.”<sup>[<nowiki/>[[Consumer Rights Wiki:Verifiability|citation needed]]]</sup>

The current well-funded industry of artificial intelligence tools has led to the rampant and unethical use of content. Startups aiming to develop AI services have been rapidly scraping the internet for content to train future models, and members of the field are concerned that they are approaching the limit of publicly available content to train from.<ref>{{Cite web |last=Tremayne-Pengelly |first=Alexandra |date=16 Dec 2024 |title=Ilya Sutskever Warns A.I. Is Running Out of Data—Here’s What Will Happen Next |url=https://observer.com/2024/12/openai-cofounder-ilya-sutskever-ai-data-peak/ |website=Observer |url-status=live |archive-url=http://web.archive.org/web/20251126053705/https://observer.com/2024/12/openai-cofounder-ilya-sutskever-ai-data-peak/ |archive-date=26 Nov 2025}}</ref>

==Why is it a problem==
===Unethical training of data===
:Further reading: [[Artificial intelligence/training]]

Users' work is sometimes silently used in training without their explicit consent, as was the case for [[Adobe's AI policy]].

===Privacy concerns of AI===
AI can be and has been used to generate deepfakes of people with and without their consent. Deepfakes are media generated with the likeness of an individual. Deepfake media can range from harmless to harmful. The latter includes child pornography, revenge porn, blackmail, etc. Since the rampant rise of consumer AI, deepfakes have become even more prevalent, with some websites explicitly specializing in them.<sup>[<nowiki/>[[Consumer Rights Wiki:Verifiability|citation needed]]]</sup>

===Privacy concerns of online AI models===
There are several concerns with using online AI models like [[ChatGPT]], not only because they are proprietary, but also because there is no guarantee of where your data will be stored or used. Recent developments in local AI models offer an alternative to online AI models, which can be downloaded from platforms like [https://huggingface.co/ HuggingFace] and used offline. Common models to run include Llama ([[Meta]]), DeepSeek ([[DeepSeek]]), Phi ([[Microsoft]]), Mistral ([[Mistral AI]]), Gemma ([[Google]]).

In some cases, AI models can be hijacked for malicious purposes. Demonstrated with Comet ([[Perplexity]]), users can run arbitrary prompts to the browser's built-in AI assistant by hiding text in the HTML comments, non-visible webpage text, or simple comments on a webpage.<ref name=":0">{{Cite web |date=Aug 20, 2025 |title=Tweet from Brave |url=https://xcancel.com/brave/status/1958152314914508893#m |archive-url=http://web.archive.org/web/20260320084736/https://xcancel.com/brave/status/1958152314914508893#m |archive-date=20 Mar 2026 |access-date=Aug 24, 2025 |website=X (formerly [[Twitter]])}}</ref> These arbitrary prompts can then be exploited to obtain sensitive information or gain unauthorized access to high-value accounts, such as those for banking or gaming libraries.<ref>{{Cite web |date=Aug 23, 2025 |title=Tweet from zack (in SF) |url=https://xcancel.com/zack_overflow/status/1959308058200551721 |access-date=Aug 24, 2025 |website=X (formerly [[Twitter]]) |url-status=live |archive-url=http://web.archive.org/web/20250824201111/https://xcancel.com/zack_overflow/status/1959308058200551721 |archive-date=24 Aug 2025}}</ref> See [[wikipedia:Prompt_injection|Prompt injection]].

===Unethical maintenance of data centers===

Due to heavy investments into and increased use of generative AI and LLMs, many data centers have been constructed to host LLMs. These data centers consume large amounts of power and water, in order to power and cool the computer systems running the models. Residents that live in cities where AI data centers have been constructed have complained of an increase in their electricity bills despite no change in their personal usage.<sup>[<nowiki/>[[Consumer Rights Wiki:Verifiability|citation needed]]]</sup> According to a research video by Benn Jordan, these data centers (as well as fracking operations and natural occurrences) cause a high amount of sound pollution, which can cause various symptoms.<ref> https://www.youtube.com/watch?v=_bP80DEAbuo ([https://preservetube.com/watch?v=_bP80DEAbuo Archived])</ref>

==Further reading==
*[[Dark pattern]]
*[[Automatic content recognition]]

==External links==

*[https://aisafety.dance/ Nicky Case, ''“AI Safety for Fleshy Humans”'', Hack Club (2024)]

==References==
{{Reflist}}
[[Category:Artificial intelligence]]

Artificial intelligence

2026-03-20T12:20:07Z

Rudxain: add aisafety.dance to ext-links

{{Irrelevant}}{{ToneWarning}}

'''Artificial intelligence''' (AI) is a field of computer science that produces systems designed to solve problems that humans typically solve using intelligence. In the consumer and industry space, it is commonly referred to as chatbots or [[wikipedia:Large language model|large language models]] (LLMs), which have been a main focus of industry since the November 2022 launch of [[OpenAI]]'s [[ChatGPT]], with tens of billions of dollars in funding allocated to producing more popular LLMs. This is also a significant focus on [[wikipedia:Text-to-image model|text-to-image models]], which "draw" an image using a written prompt, and less commonly, [[wikipedia:Text-to-video model|text-to-video models]], which extend the text-to-image concept across several smooth video frames.

AI is not a new concept; it has been of interest since the 1950s. AI is a catch-all term, encompassing many areas and techniques.

[[wikipedia:Generative artificial intelligence|Generative artificial intelligence]] models are trained through vast amounts of existing human-generated content. LLMs gather statistics on word patterns, which allows the model to generate sequences of words that seem similar to what a person might have written. However, an LLM does not understand anything; they cannot reason. They generate randomly modulated pattern of tokens. In this way, they function similarly to autocomplete.

People reading sequences of tokens sometimes perceive things they think are true. Sequences that do not make sense to the reader, or that are false, are called [[wikipedia:Hallucination (artificial intelligence)|hallucinations]]. LLMs are typically trained to produce output that is pleasing to people, exhibiting [[dark patterns]]. For example, they produce output which seems confidently written, use patterns which praise the user (sycophancy), and employ emotionally manipulative language.

People are accustomed to interacting with others, and many overestimate the abilities of things that exhibit complex, person-like patterns. Promoters of “AI” systems take advantage of this tendency, using suggestive names (like “reasoning” and “learning”) and grand claims (“PhD level”), which make it harder for people to understand these systems.

From November 2022 to 2025, venture capitalists and companies invested hundreds of billions of dollars into AI but received minimal returns. When companies seek returns, consumers can expect that products may be orphaned, services may be reduced, customer data may be sold or repurposed, costs may rise, and companies may reduce staff or fail. Historically, AI has had brief periods of intense hype, followed by disillusionment, and “AI winters.”<sup>[<nowiki/>[[Consumer Rights Wiki:Verifiability|citation needed]]]</sup>

The current well-funded industry of artificial intelligence tools has led to the rampant and unethical use of content. Startups aiming to develop AI services have been rapidly scraping the internet for content to train future models, and members of the field are concerned that they are approaching the limit of publicly available content to train from.<ref>{{Cite web |last=Tremayne-Pengelly |first=Alexandra |date=16 Dec 2024 |title=Ilya Sutskever Warns A.I. Is Running Out of Data—Here’s What Will Happen Next |url=https://observer.com/2024/12/openai-cofounder-ilya-sutskever-ai-data-peak/ |website=Observer |url-status=live |archive-url=http://web.archive.org/web/20251126053705/https://observer.com/2024/12/openai-cofounder-ilya-sutskever-ai-data-peak/ |archive-date=26 Nov 2025}}</ref>

==Why is it a problem==
===Unethical training of data===
:Further reading: [[Artificial intelligence/training]]

Users' work is sometimes silently used in training without their explicit consent, as was the case for [[Adobe's AI policy]].

===Privacy concerns of AI===
AI can be and has been used to generate deepfakes of people with and without their consent. Deepfakes are media generated with the likeness of an individual. Deepfake media can range from harmless to harmful. The latter includes child pornography, revenge porn, blackmail, etc. Since the rampant rise of consumer AI, deepfakes have become even more prevalent, with some websites explicitly specializing in them.<sup>[<nowiki/>[[Consumer Rights Wiki:Verifiability|citation needed]]]</sup>

===Privacy concerns of online AI models===
There are several concerns with using online AI models like [[ChatGPT]], not only because they are proprietary, but also because there is no guarantee of where your data will be stored or used. Recent developments in local AI models offer an alternative to online AI models, which can be downloaded from platforms like [https://huggingface.co/ HuggingFace] and used offline. Common models to run include Llama ([[Meta]]), DeepSeek ([[DeepSeek]]), Phi ([[Microsoft]]), Mistral ([[Mistral AI]]), Gemma ([[Google]]).

In some cases, AI models can be hijacked for malicious purposes. Demonstrated with Comet ([[Perplexity]]), users can run arbitrary prompts to the browser's built-in AI assistant by hiding text in the HTML comments, non-visible webpage text, or simple comments on a webpage.<ref name=":0">{{Cite web |date=Aug 20, 2025 |title=Tweet from Brave |url=https://xcancel.com/brave/status/1958152314914508893#m |archive-url=http://web.archive.org/web/20260320084736/https://xcancel.com/brave/status/1958152314914508893#m |archive-date=20 Mar 2026 |access-date=Aug 24, 2025 |website=X (formerly [[Twitter]])}}</ref> These arbitrary prompts can then be exploited to obtain sensitive information or gain unauthorized access to high-value accounts, such as those for banking or gaming libraries.<ref>{{Cite web |date=Aug 23, 2025 |title=Tweet from zack (in SF) |url=https://xcancel.com/zack_overflow/status/1959308058200551721 |access-date=Aug 24, 2025 |website=X (formerly [[Twitter]]) |url-status=live |archive-url=http://web.archive.org/web/20250824201111/https://xcancel.com/zack_overflow/status/1959308058200551721 |archive-date=24 Aug 2025}}</ref>

===Unethical maintenance of data centers===

Due to heavy investments into and increased use of generative AI and LLMs, many data centers have been constructed to host LLMs. These data centers consume large amounts of power and water, in order to power and cool the computer systems running the models. Residents that live in cities where AI data centers have been constructed have complained of an increase in their electricity bills despite no change in their personal usage.<sup>[<nowiki/>[[Consumer Rights Wiki:Verifiability|citation needed]]]</sup> According to a research video by Benn Jordan, these data centers (as well as fracking operations and natural occurrences) cause a high amount of sound pollution, which can cause various symptoms.<ref> https://www.youtube.com/watch?v=_bP80DEAbuo ([https://preservetube.com/watch?v=_bP80DEAbuo Archived])</ref>

==Further reading==
*[[Dark pattern]]
*[[Automatic content recognition]]

== External links ==

* [https://aisafety.dance/ Nicky Case, ''“AI Safety for Fleshy Humans”'', Hack Club (2024)]

==References==
{{Reflist}}
[[Category:Artificial intelligence]]

Talk:Device fingerprint

2026-03-20T11:58:50Z

Rudxain: /* Petition to move */ new section

== Petition to move ==

I think we should rename the page to simply "fingerprinting", so that we can mention stuff like "metadata sniffing" (such as social-media mining EXIF data from photos) and Unicode watermarking (done via "Confusable Characters" and zero-width characters) [[User:Rudxain|Rudxain]] ([[User talk:Rudxain|talk]]) 11:58, 20 March 2026 (UTC)

Bloatware

2026-03-20T10:28:13Z

Rudxain: rm JS from "See also", as it's already linked

{{StubNotice}}

There are multiple definitions of bloatware within the context of software. They include:

*[[wikipedia:Software_bloat#Bloatware|Pre-installed software]] that is not required for a system functionality
*Redundant or duplicate features included on a device (physical or digital)
*[[wikipedia:Potentially_unwanted_program|Undesirable programs]] that were [https://www.deceptive.design/types/sneaking not requested by the user]
*Software that has [[wikipedia:Software_bloat|become bloated over time]]

While the term "bloatware" is commonly ascribed to software, ''hardware'' bloat also exists.<ref>{{Cite web |last=Ionescu |first=Bogdan |date=2025-09-13 |title=Hosting a WebSite on a Disposable Vape |url=https://bogdanthegeek.github.io/blog/projects/vapeserver/ |access-date=2026-01-15 |website=BogdanTheGeek's Blog |url-status=live |archive-url=http://web.archive.org/web/20260209021718/https://bogdanthegeek.github.io/blog/projects/vapeserver/ |archive-date=9 Feb 2026}}</ref> See [[Internet_of_things|IoT devices]] for examples.

Bloat can be a symptom of a decline in quality of devices and services, colloquially referred to as [[enshittification]].

==Why it is a problem==
Bloatware often arises as pre-installed software and applications because the device manufacturer (OEM) has a contract or partnership with another corporation. The terms and processes leading to these partnerships, however, lack transparency. One study determined that personal data collection and user tracking was prevalent in pre-installed apps, with the data collection including [[wikipedia:Personal_data|personally identifying info]] (PII) and geo-location data, personal email and phone call metadata, contacts, behavioral and usage statistics as well as isolated malware samples.<ref>''J. Gamba, M. Rashed, A. Razaghpanah, J. Tapiador and N. Vallina-Rodriguez, "An Analysis of Pre-installed Android Software," 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2020, pp. 1039-1055, doi: 10.1109/SP40000.2020.00013.'' https://ieeexplore.ieee.org/document/9152633 Accessed 2''6 Feb 2026.'' ([http://web.archive.org/web/20251130162318/https://www.researchgate.net/publication/332932516_An_Analysis_of_Pre-installed_Android_Software Archived])</ref>

Bloat, in any of its forms, raises privacy and security concerns<ref>{{Cite web |last=Hubert |first=Bert |date=2024-02-08 |title=Why Bloat Is Still Software’s Biggest Vulnerability |url=https://spectrum.ieee.org/lean-software-development |access-date=2025-11-21 |website=IEEE Spectrum |url-status=live |archive-url=http://web.archive.org/web/20260131190126/https://spectrum.ieee.org/lean-software-development |archive-date=31 Jan 2026}}</ref>. As a rule of thumb, every added branch of code can make a program exponentially harder to prove for correctness<ref>{{Cite web |last=Howard |first=Gavin |date=2024-03-26 |title=What Computers Cannot Do: The Consequences of Turing-Completeness |url=https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |url-status=dead |archive-url=http://web.archive.org/web/20251214082939/https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |archive-date=2025-12-14 |access-date=2026-01-06 |website=Gavin D. Howard}}</ref>, making it impractical or impossible to verify that a program is not malicious (such as [[spyware]]) or has an exploitable [[wikipedia:Software_vulnerabilities|vulnerability]]. The problem is exacerbated if the [[wikipedia:Source-available_software|source-code of the app is not available]], since [[wikipedia:Reverse_engineering|reverse engineering]] is difficult and (in some cases) illegal. This means that user is unable to control or ensure the safety of their devices.

Bloat is known for causing sub-par [[wikipedia:User_experience|user experience]] (UX):

*Increased latency, "slowness", when using programs and applications<ref>https://developer.mozilla.org/en-US/docs/Web/Performance ([http://web.archive.org/web/20260211103730/https://developer.mozilla.org/en-US/docs/Web/Performance Archived])</ref>
*High memory use prevents or impedes multitasking<ref>https://en.wikipedia.org/wiki/Thrashing_(computer_science) ([http://web.archive.org/web/20260207194502/https://en.wikipedia.org/wiki/Thrashing_(computer_science) Archived])</ref>
*High power usage increases energy bills and reduces battery lifespan
*Over reliance on network connections (e.g., internet) preventing data from being cached locally<ref>{{Cite web |year=2019 |title=Local-first software: You own your data, in spite of the cloud |url=https://www.inkandswitch.com/essay/local-first |url-status=live |website=Ink & Switch |archive-url=http://web.archive.org/web/20260130001648/https://www.inkandswitch.com/essay/local-first/ |archive-date=30 Jan 2026}}</ref>, which can both impede access as well as increase cellular-data billing
*Instability issues due to difficulty in testing and verifying big code-bases<ref>{{Cite web |last=Muratori |first=Casey |date=2018-05-12 |title=The Thirty Million Line Problem |url=https://youtu.be/kZRE7HIO3vk |url-status=live |access-date=2026-03-15 |website=Molly Rocket |via=YouTube}}</ref>

If non-sustainable energy sources are used to power these devices with bloatware, bloat can contribute to [[wikipedia:Climate_change|climate change]]. This is true for any excessive processing (CPU, GPU, etc.) and network abuse (such as [[Artificial_intelligence/training|AI training]]).

==Tools to deal with bloat==
This is a list of tools that can be used (or are primarily used) to reduce bloat. This is not a guide, just a list of suggestions.

*[[wikipedia:UBlock_Origin|uBlock Origin]] (uBO). A general-purpose content blocker for web-browsers. It's worth noting that its "Cosmetic Filtering" (element hiding) can, in rare cases (such as animated elements), improve performance.<ref>{{Cite web |date=2016-02-03 |title=html - Does hiding an animated GIF with CSS conserve browser resources? |url=https://stackoverflow.com/questions/33762652/does-hiding-an-animated-gif-with-css-conserve-browser-resources/35169688#35169688 |url-status=live |archive-url=https://web.archive.org/web/20251215062718/https://stackoverflow.com/questions/33762652/does-hiding-an-animated-gif-with-css-conserve-browser-resources/35169688#35169688 |archive-date=2025-12-15 |access-date=2026-03-15 |website=Stack Overflow}}</ref>
*[[wikipedia:Noscript|NoScript]]. Much more specialized than uBO, as it only deals with [[JavaScript]].
*[https://libredirect.github.io/ LibRedirect]. On-browser (client-side) redirector of popular websites to privacy-respecting alternatives (alts). Most of those alts are lightweight, so it can be used to ''avoid'' bloat rather than ''remove'' bloat.
*<code>[https://privacy.sexy/ privacy.sexy]</code>. A tool for improving security and privacy on popular operating-systems, it also serves as a "debloater".
*[[Android]] debloaters:
**[https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation Universal Android Debloater Next Generation] (UAD-NG). A [[wikipedia:Desktop_computer|desktop]] app that uses [[wikipedia:Android_Debug_Bridge|ADB]] to disable (or "freeze") and pseudo-uninstall almost (OEMs block some) any app (including system packages) without [[Jailbreak|root]]-access.
**[https://github.com/samolego/Canta Canta]. An Android app that uses UAD-NG's bloat-lists as its knowledge-base (KB), and [https://shizuku.rikka.app/ Shizuku] as ADB replacement.
**[https://github.com/MuntashirAkon/AppManager AppManager]. An "all-in-one"/general-purpose package manager that runs on Android. It uses a derivative of UAD's lists as its KB. It can show '''a lot''' of hidden info about apps, which can sometimes be used for reverse-engineering.
**[https://github.com/lavafroth/droidrunco Droidrunco], superseded by [https://github.com/lavafroth/zilch Zilch]
*[https://github.com/M66B/NetGuard NetGuard]. An app that uses [https://developer.android.com/develop/connectivity/vpn the local Android VPN API] to filter internet traffic (like a [[wikipedia:Firewall_(computing)|firewall]]). It can be used as an on-device [[Pi-hole]] to [[Ad block|block ads]] using [[wikipedia:Hosts_(file)|<code>hosts</code>-files]] as rules.<ref>{{Cite web |last=Bokhorst |first=Marcel |date=2016-03-20 |title=Ad Blocking with NetGuard |url=https://github.com/M66B/NetGuard/blob/7308869411ff87649bf3a46a9c7c08f1e5353801/ADBLOCKING.md |url-status=live |access-date=2026-03-15 |website=GitHub}}</ref>
*[https://github.com/celzero/rethink-app Rethink], [[wikipedia:Domain_Name_System|DNS]] + Firewall + [[wikipedia:Virtual_private_network|VPN]] for Android. Can use local and remote DNS.
*[[wikipedia:Youtube-dl|youtube-dl]] & [https://github.com/yt-dlp/yt-dlp YT-DLP]. Audio/Video downloaders or "[[wikipedia:Ripping|rippers]]". Similarly to LibRedirect, it can be used to avoid bloat, by simply downloading the main content of a page. There's also <code>--get-url</code>/<code>--print urls</code> options that can be used to open the URL of the media in a browser, effectively streaming it, without a customized player

==See also==

*[[Electron]]

==External links==

*[https://thatshubham.com/blog/news-audit "The 49MB Web Page"]; a study on popular news/journalism sites. They also talk about cognitive-load and silent automated bidding, criticizing the degraded UX and privacy violations
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ How web bloat impacts users with slow connections]
*[https://www.keycdn.com/support/the-growth-of-web-page-size The Growth of Web Page Size]
*[https://tonsky.me/blog/js-bloat Javascript bloat in 2024]
*[https://tonsky.me/blog/disenchantment "Software disenchantment"]
*[https://github.com/gorhill/uBlock/wiki/Who-cares-about-efficiency,-I-have-8-GB-RAM-and%7Cor-a-quad-core-CPU uBlock-wiki counterpoint to "Who cares about efficiency, I have 8 GB RAM and|or a quad core CPU"]
*[https://randomascii.wordpress.com/2022/09/29/why-modern-software-is-slow-windows-voice-recorder/ Why Modern Software is Slow–Windows Voice Recorder]

==References==
<references />

[[Category:Common terms]]

Age verification

2026-03-20T09:58:24Z

Rudxain: add "Ageless Linux — Distro Compliance Tracker" to ext-links

{{Incomplete}}
{{See also|Forced identification|De-anonymization}}

'''Age Verification''' (AV), also referred to as '''Age Affirmation''' (AA), is the process in where a business requires some form of identification to verify your age. This is usually done for more explicit or mature content. This practice has been widely spreading since the [[UK Online Safety Act|UK's Online Safety Act (OSA)]] has passed; requiring all individuals to verify themselves before accessing mature content. Ways of checking age include, but are not limited to: checking for a valid credit card, facial age estimation tools, government-issued ID, biometric data, account history behavior, and more.

As of December 2025, 25 US States require websites with mature content to verify age.<ref>{{Cite web |title=State Age Verification Laws - Action Center |url=https://action.freespeechcoalition.com/age-verification-resources/state-avs-laws/ |url-status=live |access-date=2025-12-22 |archive-url=https://web.archive.org/web/20251228121257/https://action.freespeechcoalition.com/age-verification-resources/state-avs-laws/ |archive-date=2025-12-28 }}</ref>

==How it works==
When accessing a platform or website that may contain content not suitable for all audiences may force you to register for the platform along with verifying your age by one of the methods mentioned previously. Sites that likely don't use any form of account system will probably have a popup instead requiring you to verify your age before even serving the content you were trying to access.

==Why it is a problem==

===Privacy===
Having companies easily able to identify you means they can track you more efficiently and sell that shared profile to other companies such as ad agencies that then start targeting you specifically.

Governments can also more easily track online movements and find out who you are. Saying something that may go against their own agenda may end up with a police raid, heavy interrogation, and prison time.<ref>{{Cite news |last=Liu |first=John |date=2025-06-20 |title=China tightens internet controls with new centralized form of virtual ID |url=https://edition.cnn.com/2025/06/20/tech/china-censorship-internet-id-hnk-intl#:~:text=%E2%80%9CThis%20is%20a%20state%2Dled,an%20infrastructure%20of%20digital%20totalitarianism.%E2%80%9D |access-date=2025-09-04 |work=CNN |archive-url=https://web.archive.org/web/20250620233250/https://edition.cnn.com/2025/06/20/tech/china-censorship-internet-id-hnk-intl |archive-date=2025-06-20 }}</ref>

===Censorship===
Certain topics, such as adult content, politics, and LGBT+ topics, will likely be unfairly censored by the governing body or company that has a say on what platform has the '''potential''' to be inappropriate for minors or other age groups.<ref>{{Cite web |date=2025-09-01 |title=Strict Age Verification Laws: Balancing Content Restriction and Educational Rights |url=https://www.thinkacademy.ca/blog/strict-age-verification-laws-impact-k12-education/#:~:text=Impact%20on%20K12,affect%20these%20groups |access-date=2025-09-04 |website=Think Academy |archive-url=https://web.archive.org/web/20251018030711/https://www.thinkacademy.ca/blog/strict-age-verification-laws-impact-k12-education/ |archive-date=2025-10-18 }}</ref><ref name=":0">{{Cite web |last=Kelley |first=Jason |last2=Mackey |first2=Aaron |last3=Mullin |first3=Joe |date=2024-02-15 |title=Don’t Fall for the Latest Changes to the Dangerous Kids Online Safety Act |url=https://www.eff.org/deeplinks/2024/02/dont-fall-latest-changes-dangerous-kids-online-safety-act |access-date=2025-09-04 |website=Electronic Frontier Foundation |archive-url=https://web.archive.org/web/20240215234054/https://www.eff.org/deeplinks/2024/02/dont-fall-latest-changes-dangerous-kids-online-safety-act |archive-date=2024-02-15 }}</ref>

Platforms that host this type of content may also be more proactive in deleting/hiding posts that may get them in trouble or fined by laws or policies by local governments, leading to a more censored internet where opinions are streamlined to fit a set narrative or outlook.<ref name=":0" />

===Increased inequality and denial of service===
Some stores, such as grocery stores, prohibit young people from viewing their web sites or using [[loyalty cards]], which provide discounts and digital coupons. Age verification means that young people and families where the young person does the shopping pay more for essentials like food.<ref>{{Cite news |last=Pell |first=Miranda |date=25 Oct 2024 |title=Tesco, Lidl and Sainsbury's shoppers issued warning over little-known 'age limit' rules |url=https://www.manchestereveningnews.co.uk/whats-on/shopping/tesco-lidl-sainsburys-shoppers-issued-30233318 |access-date=20 Sep 2025 |work=Manchester evening news |archive-url=https://web.archive.org/web/20251021121644/https://www.manchestereveningnews.co.uk/whats-on/shopping/tesco-lidl-sainsburys-shoppers-issued-30233318 |archive-date=2025-10-21 }}</ref> Those who do not have ID, or do not chose to use it (for instance, those who fear domestic violence, or are members of a group subject to persecution) may also be locked out or have to pay more.

===Storage of private and biometric Information by age verification service providers===
A study commissioned by the Australian government found that age verification service providers accumulate a concerning amount of personal information, sometimes even biometric in nature, even when that was not necessary to provide the age verification service.<ref>{{Cite web |last=Meineck |first=Sebastian |date=2025-09-03 |title=Anbieter von Alterskontrollen horten biometrische Daten [Age Verification Providers are hoarding biometric Data] |url=https://netzpolitik.org/2025/australisches-gutachten-anbieter-von-alterskontrollen-horten-biometrische-daten/ |access-date=2025-09-03 |website=Netzpolitik.org |archive-url=https://web.archive.org/web/20250903115436/https://netzpolitik.org/2025/australisches-gutachten-anbieter-von-alterskontrollen-horten-biometrische-daten/ |archive-date=2025-09-03 }}</ref><ref>{{Cite web |last=Meineck |first=Sebastion |date=2025-09-03 |title=Anbieter von Alterskontrollen horten biometrische Daten [Google Translate English Version] |url=https://netzpolitik-org.translate.goog/2025/australisches-gutachten-anbieter-von-alterskontrollen-horten-biometrische-daten/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de&_x_tr_pto=wapp |access-date=2025-09-03 |website=Netzpolitik.org |archive-url=https://web.archive.org/web/20251023063119/https://netzpolitik-org.translate.goog/2025/australisches-gutachten-anbieter-von-alterskontrollen-horten-biometrische-daten/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de&_x_tr_pto=wapp |archive-date=2025-10-23 }}</ref>

===Driving users towards smaller and completely unregulated offerings===
Big platforms can be regulated and forced to comply with applicable laws since they need to have infrastructure such as servers in all major markets. Only these will be affected by the age restriction requirement.

However, users who do not wish to compromise their privacy or who are not of age will then go looking towards smaller niche platforms, often in other regions not affected by the regulation or the darknet.<ref name=":1">{{Cite web |last=Kaleta |first=Miroslav |date=2025-08-20 |title=The Cost of Data Privacy Negligence (And How to Avoid It) |url=https://countly.com/blog/data-privacy-negligence#:~:text=2.%20Losing%20Customer,IBM%20Report. |url-status=live |archive-url=http://web.archive.org/web/20251217003447/https://countly.com/blog/data-privacy-negligence |archive-date=17 Dec 2025|access-date=2025-09-04 |website=Countly Blog}}</ref> With these offerings, there is little to no leverage with regards to removal of illegal content. Increased exposure to illegal content can then lead to both a strengthening of illegal content providers<ref>{{Cite web |last=Branley |first=Dawn |last2=Covey |first2=Judith |date=2016-06-06 |title=Is exposure to online content depicting risky behavior related to viewers' own risky behavior offline? |url=https://www.sciencedirect.com/science/article/pii/S0747563217303357 |url-status=live |archive-url=https://web.archive.org/web/20220403233150/https://www.sciencedirect.com/science/article/pii/S0747563217303357 |archive-date=2022-04-03 |access-date=2025-09-04 |website=ScienceDirect}}</ref> and significantly increased danger to minors, who may not yet be able to differentiate between legal and illegal content as well as an adult.<ref>{{Cite web |date= |title=Potential risks of content, features, and functions: The science of how social media affects youth |url=https://www.apa.org/topics/social-media-internet/youth-social-media-2024 |url-status=live |archive-url=https://web.archive.org/web/20240416042251/https://www.apa.org/topics/social-media-internet/youth-social-media-2024 |archive-date=2024-04-16 |access-date=2025-09-04 |website=American Psychological Association}}</ref> 

===Increased damage from data breaches===
Platforms which implement age checks that require sensitive information such as a government-issued ID will likely be more of a target for cyber criminals.<ref>{{Cite web |date=2025-04-02 |title=Cybercriminals Target These Industries the Most – Here’s Why and How to Stay Safe |url=https://brandefense.io/blog/cybercriminals-target-these-industries/#:~:text=The%20Most%20Vulnerable%20Industries%20to,information%20stored%20within%20their%20networks. |url-status=live |archive-url=http://web.archive.org/web/20260119030330/https://brandefense.io/blog/cybercriminals-target-these-industries/ |archive-date=19 Jan 2026|access-date=2025-09-04 |website=Brandefense}}</ref> As more platforms comply with the age checks, it becomes more likely that a data breach on at least one of these platforms can reveal extremely sensitive information. In the case of a data breach, it can be catastrophic if users' sensitive information were exposed, which can likely result in identity theft.<ref>{{Cite web |last=Popov |first=Cristina |date=2023-03-22 |title=Why breaches can affect you long after they occur |url=https://www.bitdefender.com/en-us/blog/hotforsecurity/why-breaches-can-affect-you-long-after-they-occur#:~:text=%232%3A%20Breaches%20can,for%20online%20accounts. |url-status=live |archive-url=http://web.archive.org/web/20260104220250/https://www.bitdefender.com/en-us/blog/hotforsecurity/why-breaches-can-affect-you-long-after-they-occur |archive-date=4 Jan 2026|access-date=2025-09-04 |website=Bitdefender}}</ref>

Platforms already experience major losses and consumer distrust from data breaches that reveal information less sensitive than government-issued IDs or biometric data.<ref name=":1" /> A data breach involving information this sensitive will seriously damage a business, and the users even more so. As stated previously, users who foresee these privacy risks will turn away from platforms which implement the policy, and towards niche platforms.

==Examples==
*[[YouTube]]'s Age verification and account estimation algorithm. (See [[YouTube age verification]] for more information)

*[[Spotify]]'s Age affirmation for MA rated songs and content.

*[[Discord]]'s Age verification for accounts determining what eligible servers are available.

*[[Roblox]]'s Age verification and account estimation algorithm for talking with users of similar age.

== External links ==

* [https://agelesslinux.org/distros.html Ageless Linux — Distro Compliance Tracker]

==References==
{{reflist}}

[[Category:Common terms]]

Article suggestions

2026-03-20T09:30:31Z

Rudxain: del JS; because it's mostly complete

This page is dedicated towards providing a communal list for users to submit potential articles to feature on the wiki, and to give editors inspiration on what pages they might want to add to the wiki. If you create an article based on an entry from this list, or see that someone else has done so, please make sure to delete the row from this page in order to prevent confusion.

Sources should be inserted within the 'refs' section of the table. If using the visual editor, take advantage of '<nowiki/>'''insert reference'''<nowiki/>' via ''''ctrl + shift + k'''<nowiki/>' so that the sources are quick to add to future articles. If you are using the source editor, feel free to copy and paste the formatting from other correctly formatted references on the page. The more sources you include with an article idea, the more likely it is that others will pick the article idea up and run with it, so please attempt to include a good variety of descriptive sources!

Please take note of the wiki's [[Consumer Rights Wiki:Inclusion guidelines|Inclusion criteria]] when submitting article suggestions. If you see article suggestions here which do not fit the Wiki, feel free to remove them, leaving your reasoning in an edit note.

If you are an editor looking for further inspiration to write an article, you can also check out the [[Louis Rossmann - Video Directory|Louis Rossmann video directory]] for a good collection of potential articles.

==Example==
Below is an example of what an entry should appear as:
{| class="wikitable"
|+
!Company
!Summary of Incident
!Refs
|-
|[[Nintendo]]
|In 2025, the company Nintendo stripped Switch 2 consoles that used the MIG switch cartridge of all online functionality
|<ref name=":3">{{Cite web |last=Scattered Brain |date=Jun 16, 2025 |title=Soo... Nintendo banned my Switch 2 (Don't try the MIG Switch!) |url=https://www.youtube.com/watch?v=ExgYTA18_vo&t=656s |url-status=live |archive-url=https://preservetube.com/watch?v=ExgYTA18_vo |archive-date=22 Feb 2026|access-date=Jun 18, 2025 |website=[[YouTube]]}}</ref><ref name=":0">{{Cite news |last=Orland |first=Kyle |date=Jun 17, 2025 |title=Switch 2 users report online console bans after running personal game “backups” |url=https://arstechnica.com/gaming/2025/06/playing-personal-game-backups-could-get-your-switch-2-banned-by-nintendo/ |url-status=live |archive-url=http://web.archive.org/web/20251222013641/https://arstechnica.com/gaming/2025/06/playing-personal-game-backups-could-get-your-switch-2-banned-by-nintendo/ |archive-date=22 Dec 2025|access-date=Jun 19, 2025 |work=Ars Technica}}</ref>
|}

==List of incidents not yet covered==
{| class="wikitable sortable"
!Company
!Summary of Incident
!Refs
|-
|Regus
|A flexible office / workplace provider for freelancers, contractors, small businesses, etc.
This is specifically for their Virtual Office service. I am sure they apply these same predatory and deceptive tactics with the rest of their services as well.
Locks you into a contract for virtual services that they may terminate at any time. You can too only if you follow very specific and exaggerated terms. They will bill you for the entire agreement even with it terminated. You lose access to the services immediately upon termination but are forced to pay for the rest of the agreement. They are predatory with agreements and will not allow you to break them and will charge you for the entire thing regardless of what happens.
Forced arbitration. Force you to waive any right to class action lawsuits.
Contract comes with terms hidden in their "house rules" document, automatically opting the user into services they did not knowingly agree to, by default. These services are NOT included in the original contract in any way except through the referencing to other documents like the "Terms of Service" and "House Rules", not disclosed ahead of time. They clearly show a lower price and do not clearly show any of the additional services you unknowingly opt into.
They lead you into a low price to get the agreement signed. Once signed, you cannot escape or get out with their terms. You find out later that they've made you agree to additional services by default. They require YOU to jump through hoops to opt out of those services, and they bury the information to do it.
They have predatory auto-renewals for the contracts that are typically months to years long, with many being sold into higher 1 year+ contracts for "savings" and "discounts". These auto-renewals cannot be canceled without 3 MONTHS notice! If it renews, you are locked into another term which you will be forced to pay in full even if you terminate.
This is all for VIRTUAL office services that cost nothing to provide or remove.
A lot of deceptive patterns including, but not limited to: Comparison prevention, hidden costs, hidden subscription, obstruction.
|[https://serviceagreement.regus.com/TermsPDF/VirtualOffice/Global20250301.pdf Terms of Service]
[https://serviceagreement.regus.com/PreviewHouseRule.aspx?guidId=840179ed-c894-4e91-8ccc-3b882bcf4b38 House Rules]
[https://www.myregus.com/help#:~:text=you%20can%20give%20notice%20to%20terminate%20your%20agreement%20at%20anytime%20in%20your%20online%20account%20%2D%20but%20you%20will%20be%20charged%20until%20the%20end%20of%20your%20agreement%20term. Help Page - terminate anytime but pay everything]
|-
|GM
|GM originally released the EV1 in 1996 on a lease program, and then instead of selling the much loved used/leased vehicles to consumers, they decided to crush the grand majority of them. Very few surviving examples can be found today, with most in private collections or at universities.
Because it was seen as a failure to major auto manufacturers, It would take over a decade before another EV was produced in the United States.
|
|-
|Wizards of the Coast
|Wizards of the Coast (WotC) seems to be positioning itself to move away from publishing physical books that last forever in favor of pushing digital-only sales and micro-transactions of content and subscriptions. They attempted to amend the OGL (Open Game License) to include language that would require third party authors of D&D content to give up rights to their own content, so WotC can sell it to consumers without crediting the original authors.
Notably, as a direct response to these anti-consumer activities and policies, a select few of the third party publishers have instead decided to come out with their own systems that are not beholden to WotC's whims. A couple of examples include ''Draw Steel'' and ''Daggerheart''. An earlier conflict prompted Paizo to release their own version of the classic D20-based tabletop RPG, ''Pathfinder'', when WotC started releasing the fourth edition of it's rule-set.
|
|-
|Foxconn
|Foxconn is an electronics manufacturer with various human rights violations on it's record. They've also convinced the government to use eminent domain to take people's property to build factories, that never end up using the factories.
|
|-
|ASUS (ROG)
|Releases bios updates via windows executable, meaning that you can't update your bios to the latest version to amend a security vulnerability or fix an issue unless you're running microsoft windows. The windows executable simply extracts a binary file, that you can drop on a thumb drive. This could be easily done via direct download to support other operating systems.
|
|-
|Symantec
|Product: Norton Internet Security.
This one might be tough to document, because it's been slowly going on for the past 15 years. Norton used to offer a great internet security package with a ton of good and useful services for a decent price. Unfortunately, slowly over the years, they've gone further and further down the rabbit hole of charging more money for fewer and fewer features, and then locking some of those features behind even more paywalls and micro-transactions.
|
|-
|8Player
|In early March, 2026, the Apple TV application called 8Player began displaying a notice informing users who had already paid for the app, that the app would not continue to function unless they agreed to an ongoing subscription.
The text of the notice says the following:
----Thank you for being a valued 8player user.

To keep improving the app and delivering new features, 8player is moving to a subscription model.

You can continue using the full version at no cost until April 15, 2026.

After that, activate the subscription in the app to keep full access. Your existing features will remain available, and no action is needed today.

Thank you for supporting 8player over the years.

[[:File:8player-subscription-model-notice.png]]
|
|-
|[[ABC Financial Services]]
|Manages memberships and recurring service subscriptions for other companies. Prevents customers from being able to cancel a service by locking them into a never-ending cycle of auto renewals, and not allowing the customer to opt out of auto renewal.
|-
|Affinity / [[Canva]] page created needs editors to help
|Canva purchases [[Serif]]; the owner of perpetual license design software Affinity Publisher, Designer, and Photo on March 26th 2024. Provides a pledge to assure users that Canva will not "ruin" the suite. In October 2025, Affinity users are locked out of the community forum for a new "Creative Freedom" announcement on October 30th 2025. Complete radio silence for a whole month while they tease long term users on Twitter and Discord. Finally on October 30th 2025, the new Affinity software is announced as "free". Instead, all creative professionals that used the original software are forced to create a new Canva account to access the new Affinity and thus agree to Canva's ToS<ref name=":1">{{Cite web |date=2025-10-30 |title=Canva Terms of Use |url=https://www.canva.com/policies/terms-of-use/ |url-status=live |archive-url=http://web.archive.org/web/20260128105545/https://www.canva.com/policies/terms-of-use/ |archive-date=28 Jan 2026|website=Canva Legal Trust Center}}</ref>. Affinity redirects the pledge page to an announcement for the new software, effectively burying the original pledge<ref name=":4">{{Cite web |date=2024-03-27 |title=The Affinity and Canva Pledge |url=https://affinity.serif.com/en-us/press/newsroom/affinity-and-canva-pledge |url-status=dead |archive-url=https://web.archive.org/web/20251002083749/https://affinity.serif.com/en-us/press/newsroom/affinity-and-canva-pledge/ |archive-date=2025-10-02 |website=web.archive.org}}</ref>. Questions about Canva now being able to monetize the work of professionals to train their own AI models sold to Canva users are left unanswered. Free, but at what cost?
EDIT: Initial article has been written but needs more work, citation, and verification. [[Canva adds arbitration clause for future Affinity Studio users|See this article here]].
|<ref name=":1" /><ref name=":4" />
|-
|[[Alibaba]]
|[[wikipedia:Alibaba_Group|WP]]
|
|-
|[[Amazon]]
|Amazon renders Fire TV Blaster unusable, offers Amazon gift card to affected customers
EDIT: Incident has been added to the Amazon page but needs more work.

---

Sometime in 2025 Amazon added an upgrade nag widget to Alexa for "Alexa+" that is impossible to turn off. In some cases the upgrade was automatic, and users had to opt-out
|<ref>{{Cite web |title= |url=https://www.heise.de/en/news/Amazon-makes-Fire-TV-Blaster-unusable-11145570.html |url-status=live |archive-url=http://web.archive.org/web/20260120070820/https://www.heise.de/en/news/Amazon-makes-Fire-TV-Blaster-unusable-11145570.html |archive-date=20 Jan 2026}}</ref>
---
<ref>{{Cite web |title=Amazon is automatically upgrading Prime members to Alexa+. Here's how to opt out |url=https://www.12news.com/article/news/nation-world/amazon-automatic-upgrade-alexa-plus-how-to-opt-out/507-3105c319-0f52-421a-b741-9ad6919f22e5}}</ref>
|-
|[[Anker]]
|In Anker's Terms of Service for Solix solar generator product, under 19.3 Mandatory Updates:
In critical situations—such as addressing severe security vulnerabilities, complying with legal requirements, or ensuring compatibility with our service architecture—we reserve the right to issue mandatory Updates for both the firmware and the App. These essential updates may install automatically, or require immediate installation before further use, and you will not be permitted to opt out. If you fail to install such an update, certain device functionalities or access to the App may be limited or suspended to maintain the security and integrity of our service.
https://www.anker.com/ca/policies/terms-of-service
|
|-
|Apotheka
|Personal ID codes, purchase information and contact details of almost half of Estonian citizens and residents have been compromised in a mass data breach of the IT system operated by Allium UPI, a firm dealing with pharmacy and hospital products.
|[https://news.err.ee/1609302096/cybercriminals-steal-data-of-around-700-000-apotheka-pharmacy-customers]
|-
|[[Apple]]
|Apple changes Logic Pro and the Apple office suite into a subscription when it was either a one time purchase or free with the mac.
|
|-
|[[Apple]]
|$17 000 Apple Watch 18 karat gold edition out of support only 8 years after its introduction (not end of sale!). This means no software support, and, crucially, no repair or replacement parts. If the battery dies, the watch is but a paperweight.
|<ref>{{Cite web |title=Apple will no longer fix the $17,000 gold Apple Watch |url=https://www.theverge.com/2023/10/2/23900158/apple-watch-edition-gold-2015-obsolete-unsupported-beyonce |url-status=live |archive-url=https://web.archive.org/web/20260222211749/https://www.theverge.com/2023/10/2/23900158/apple-watch-edition-gold-2015-obsolete-unsupported-beyonce |archive-date=22 Feb 2026|website=The Verge}}</ref>
|-
|[[Apple]], [[Beats]]
|No support for Powerbeats (4th generation) despite the headphones being under 5 years from when Apple last distributed the product for sale. The product is not listed as discontinued or vintage, and by Apple's own guidelines, should be eligible for replacement parts and repair. OEM replacement eartips cannot be purchased for any Beats earphones.
|<ref>{{Cite web |title=Obtaining service for your Apple product after an expired warranty |url=https://support.apple.com/en-us/102772 |url-status=live |archive-url=http://web.archive.org/web/20260207094149/https://support.apple.com/en-us/102772 |archive-date=7 Feb 2026|access-date=2025-10-18}}</ref><ref>{{Cite web |title=Beats Repair and Service |url=https://support.apple.com/beats/repair |url-status=live |archive-url=http://web.archive.org/web/20260104000857/https://support.apple.com/beats/repair |archive-date=4 Jan 2026|access-date=2025-10-18}}</ref><ref>{{Cite web |title=Apple store search for eartips |url=https://www.apple.com/us/search/eartips?src=alp |url-status=live |archive-url=http://web.archive.org/web/20251028001314/https://www.apple.com/us/search/eartips?src=alp |archive-date=28 Oct 2025|access-date=2025-10-18}}</ref>
|-
|[[Apple]] iWork/Creator Studio
|The update that makes the iWork apps part of the new Apple Creator Studio subscription now adds tracking that is enabled by default and implemented as opt-out. The information about it is displayed in a first launch screen without any immediate way opt out, which qualifies as a dark pattern. Instead, the user has to go through a slightly convoluted path via the iPhone/iPad system settings app, and under the submenu "Apps" find each of the iWork apps and disable analytics there individually for each app. On Desktop, it is under a dedicated menu item under the "Pages"/"Numbers"/"Keynote" menu.
|<ref>{{Cite web |title= |url=https://www.reddit.com/r/ios/comments/1qq7q9m/new_versions_of_keynote_numbers_and_pages_collect/ |archive-url=https://web.archive.org/web/20260223032029/https://old.reddit.com/r/ios/comments/1qq7q9m/new_versions_of_keynote_numbers_and_pages_collect/ |archive-date=23 Feb 2026}}</ref>
|-
|[[archive.today]] / archive.ph (Web Archival Service)
|The website used [[JavaScript]] embedded into the website code to conduct a DDOS attack from users' devices against a blogger who has voiced criticism of the service in the past. This may make also cause legal issues for users.
NOTE: A similar technique has previously been used by Chinese search giant [[Baidu]], so we might want to create a category or tag for this type of thing

ADDENDUM: This page was reported to have been changing the information displayed in some archived screenshots, such as the author who published particular articles.
|<ref>{{Cite web |title= |url=https://www.heise.de/en/news/Archive-today-Operator-uses-users-for-DDoS-attack-11171455.html |url-status=live |archive-url=http://web.archive.org/web/20260212060655/https://www.heise.de/en/news/Archive-today-Operator-uses-users-for-DDoS-attack-11171455.html |archive-date=12 Feb 2026}}</ref><ref>{{Cite web |last=LMG Clips |title=Wikipedia Banned 690,000 Archive Links - LMG Clips |url=https://youtu.be/rrnFUvFGf5A?si=32JRogu2ID9xykHd |access-date=2026-03-03 |website=LMG Clips on YouTube - Wikipedia Banned 690,000 Archive Links}}</ref>
|-
|'''[[Arduino]]''' (/ɑːrˈdwiːnoʊ/) is an Italian open-source hardware and software company owned by Qualcomm
|Arduino’s new terms of service worries hobbyists ahead of Qualcomm acquisition.
User shall not:

*translate, decompile or reverse-engineer the Platform, or engage in any other activity designed to identify the algorithms and logic of the Platform’s operation, unless expressly allowed by Arduino or by applicable license agreements …
|<ref>{{Cite web |last=Harding |first=Scharon |date=2025-11-24 |title=Arduino’s new terms of service worries hobbyists ahead of Qualcomm acquisition |url=https://arstechnica.com/gadgets/2025/11/arduinos-new-terms-of-service-worries-hobbyists-ahead-of-qualcomm-acquisition/ |url-status=live |access-date=2026-03-14 |website=Ars Technica}}</ref>
|-
|Atlassian
|Users forced from on-premise to cloud only subscriptions
Edit: Page has been started [[Atlassian on premise to subscription|here]], more work, citation, and verification needs to be done.
|<ref>{{Cite web |title=Ascend to the cloud: The next chapter for Atlassian and our customers |url=https://www.atlassian.com/blog/announcements/atlassian-ascend |url-status=live |archive-url=http://web.archive.org/web/20251018171903/https://www.atlassian.com/blog/announcements/atlassian-ascend |archive-date=18 Oct 2025}}</ref>
|-
|[[AutoAuth]]
|'''AutoAuth''' represents a significant shift toward "repair-by-subscription," where owning a vehicle no longer guarantees the right to maintain it. By placing a digital firewall between the owner and the car’s computer, AutoAuth forces independent shops and DIY enthusiasts to pay recurring access fees and register their personal data with a third-party gatekeeper just to perform basic maintenance, such as electronic parking brake retractions or oil life resets.
|
|-
|[[Axon]]
|Tazers sold with lease agreement that makes purchase effectively a subscription.
|[https://norwoodrecord.weebly.com/uploads/1/1/4/8/114832579/norwood_record_pages_1_to_12__4sep2025.pdf <nowiki>[69]</nowiki>]
|-
|[[Bayer]]
|[[wikipedia:Bayer|Wikipedia]]. See [[Monsanto]]
|
|-
|Benjamin
|Offerwall phone app that pays users money for various tasks- such as watching ads, or downloading and using software. After years of user satisfaction, in late 2025, the company first put a 2 month moratorium on users' ability to withdraw their earned money, then rolled out a massive wave of enshittification features, the most egregious of which, is a "withdrawl queue", where withdrawing your earnings is placed into a queue with no visible progress. No days, no queue tracker, many members have been waiting over 3 months for their withdrawls to be processed, on a feature listed as "instant withdrawl". Various policies also implemented that would completely void a user's earned money, mainly inactivity but also many baseless random user bans (many of which were reversed). There are hundreds of frustrated user testimonials on reddit (https://www.reddit.com/r/benjaminone/).
|
|-
|[[Best Buy]]
|In late 2025, BestBuy added [https://www.bestbuy.com/site/help-topics/pricing-message/pcmcat748302046647.c?id=pcmcat748302046647#:~:text=Our%20%E2%80%9CComparable%20Value%E2%80%9D%20(Comp,retailers%20or%20e%2Dcommerce%20companies. "Comparable Value"] as means of comparing values of products that is of equivalent value to other products sold by manufacturers, 1st party, or 3rd party vendors. Changes to their pricing model has made it to where it is more difficult to determine overall value of a product compared to MSRP.
|<ref>{{Cite web |last=Support |first=Best Buy |date=2025-01-24 |title=Pricing: Promotions |url=https://www.bestbuy.com/site/help-topics/pricing-message/pcmcat748302046647.c?id=pcmcat748302046647#:~:text=Our%20%E2%80%9CComparable%20Value%E2%80%9D%20(Comp,retailers%20or%20e%2Dcommerce%20companies. |url-status=live |access-date=2026-02-24 |website=Best Buy}}</ref>
|-
|[[Bluesky]]
|Introduced ID check for Direct Messaging to comply with laws in certain states and abroad, despite both the company and community being against it.
|
|-
|[[Bosch]] and [[Shimano]]
|Electric bike companies including Bosch and Shimano limit consumer's abilities to access their e-bike electrical system such as when installing a new light or a phone charger. Special software only accessible to qualified bike shops is required to activate ports or accept new devices. Additional connectivity barriers exist such as difficult to acquire Bosch specific cables.
|<ref>{{Cite web |first=RunBikeMike |date=2024-1-1 |title=Installing an EBike Light To Run Off Your Battery / MagicShine ME2000 |url=https://www.youtube.com/watch?v=AvG7Fpb1tzI&t=50s |access-date=2026-3-6 |website=Youtube}}</ref><ref>{{Cite web |last=Rossmann |first=Louis |date=15 Mar 2022 |title=Bosch takes the L on right to repair for ebikes |url=https://www.youtube.com/watch?v=j7e9hO5yMtk |access-date=March 6 2026 |website=Youtube}}</ref>
|-
|[[Carvana]]
|Saying cars that have been in accidents have not; Lies about inspection and does not replace brake pads even when worn down. Non-refundable $1,500 shipping fee. See [https://www.youtube.com/watch?v=r9yhOeTUEo4 Louis Rossmann's Video]
|
|-
|Chuwi
|Misleading consumers by falsifying the specsheet of one of their latest laptops, and repeatedly threatened one of the online publications that wrote an article of their alleged misdeeds.
|<ref>{{Cite web |last=Leitner |first=Simon |date=2026-03-12 |title=CPU fraud, next round: Chuwi CoreBook Plus with supposed AMD Ryzen 5 7430U also affected |url=https://www.notebookcheck.net/CPU-fraud-next-round-Chuwi-CoreBook-Plus-with-supposed-AMD-Ryzen-5-7430U-also-affected.1248660.0.html |url-status=live |archive-url=https://archive.today/N7UmU |archive-date=2026-03-12 |access-date=2026-03-12 |website=Notebookcheck}}</ref>
|-
|[[Cloud-first]]
|The antithesis of [https://www.inkandswitch.com/essay/local-first local-first]. See "[https://karl-voit.at/cloud You Can't Control Your Data in the Cloud]"
|
|-
|[[Cloudary Holdings Limited / Webnovel]]
|Terms of service with binding Arbitration.
|<ref>{{Cite web |title=Webnovel ToS |url=https://www.webnovel.com/terms_of_service |url-status=live |archive-url=http://web.archive.org/web/20260101204816/https://www.webnovel.com/terms_of_service |archive-date=1 Jan 2026}}</ref>
|-
|[[Devolo]]
|Devolo switches off servers and removes their app from stores for their "Home Control" system, thus severely reducing the functionality of their devices (apparently Z-Wave-based).
|<ref>{{Cite web |title=IT-News für Profis |url=https://www.golem.de/news/weiterbetrieb-verursacht-weitere-kosten-devolo-macht-smart-home-system-zum-grossteil-unbrauchbar-2508-199409.html |url-status=live |archive-url=http://web.archive.org/web/20251210052941/https://www.golem.de/news/weiterbetrieb-verursacht-weitere-kosten-devolo-macht-smart-home-system-zum-grossteil-unbrauchbar-2508-199409.html |archive-date=10 Dec 2025|website=Golem |language=de}}</ref>
|-
|DeviantArt
|DeviantArt launched in 2000 and quickly became a household name among digital artists. [https://www.wix.com/press-room/home/post/wix-acquires-deviantart-pairing-wix-capabilities-with-global-creative-community But in 2017 WiX] bought the website and in 2022 had made all art on it's site liable to be training data by default. They then back peddled and then set all art to noai by default. Now they are moving basic functions to be behind their paywall. [https://www.deviantart.com/razorstargazer/journal/Deviantart-is-the-worst-website-ever-created-1309667089 Ones that were free.]
|[https://expertbeacon.com/the-ai-controversy-on-deviantart-how-a-creative-paradise-became-a-battleground/][https://www.wix.com/press-room/home/post/wix-acquires-deviantart-pairing-wix-capabilities-with-global-creative-community]
|-
|[[Dell]] and [[HP]]
|HP and Dell have disabled HEVC (H.264/H.265) hardware encoding and decoding support built into their laptops’ CPUs using both Intel and AMD processors.
|<ref>{{Cite web |last=Harding |first=Scharon |date=2025-11-21 |title=HP and Dell disable HEVC support built into their laptops’ CPUs |url=https://arstechnica.com/gadgets/2025/11/hp-and-dell-disable-hevc-support-built-into-their-laptops-cpus/ |url-status=live |archive-url=https://web.archive.org/web/20251121083438/https://arstechnica.com/gadgets/2025/11/hp-and-dell-disable-hevc-support-built-into-their-laptops-cpus/ |archive-date=2025-11-21 |access-date=2025-11-21 |website=Ars Technica}}</ref>
|-
|DotPe cyber-sec negligence
|In 2024, an Indian company that provides digital services to food-chains got trivially hacked/cracked, allowing anyone to get customer data and company revenue-stats across many countries
|<ref>https://web.archive.org/web/20240923081639/https://peabee.substack.com/p/whats-inside-the-qr-code-menu-at</ref>
|-
|E621
|Terms of service that require agreement to forced arbitration to use the website.
|<ref>{{Cite web |date=2025-10-02 |title=E621 |url=https://e621.net/ |url-status=live |archive-url=http://web.archive.org/web/20260128164339/https://e621.net/ |archive-date=28 Jan 2026|website=E621}}</ref>
|-
|[[EcoVac]]
|Vacuum cleaner robots produced by company 'EcoVac' were found vulnerable to hacking over bluetooth allowing for remote control and access to camera feed. Security researcher Dennis Giese notified the company in December of 2023. In August of 2024, the issue was described by the company as "extremely rare in typical user environments and require specialized hacking tools and physical access to the device."
|<ref>{{Cite web |last=Fell |first=Julian |date=2024-10-04 |title=We hacked a robot vacuum — and could watch live through its camera - ABC News |url=https://www.abc.net.au/news/2024-10-04/robot-vacuum-hacked-photos-camera-audio/104414020 |url-status=live |archive-url=http://web.archive.org/web/20251128025250/https://www.abc.net.au/news/2024-10-04/robot-vacuum-hacked-photos-camera-audio/104414020 |archive-date=28 Nov 2025|access-date=2025-09-10 |website=ABC News}}</ref><ref>{{Cite web |last=Franceschi-Bicchierai |first=Lorenzo |date=2024-08-09 |title=Ecovacs home robots can be hacked to spy on their owners, researchers say {{!}} TechCrunch |url=https://techcrunch.com/2024/08/09/ecovacs-home-robots-can-be-hacked-to-spy-on-their-owners-researchers-say/ |url-status=live |archive-url=https://web.archive.org/web/20260222212044/https://techcrunch.com/2024/08/09/ecovacs-home-robots-can-be-hacked-to-spy-on-their-owners-researchers-say/ |archive-date=10 Aug 2024}}</ref><ref>{{Cite web |last=Franceschi-Bicchierai |first=Lorenzo |date=2024-08-15 |title=Lorenzo Franceschi-Bicchierai on X: "Finally, Ecovacs responds to the researchers' findings, saying it won't fix the bugs. |url=https://x.com/lorenzofb/status/1823774980460388675 |url-status=live |archive-url=http://web.archive.org/web/20241108194816/https://x.com/lorenzofb/status/1823774980460388675 |archive-date=8 Nov 2024}}</ref>
|-
|[[Elegoo Centauri Carbon|Elegoo]]
|The Elegoo Centauri Carbon 3d printer has been proven to use open source Klipper software which requires them to publish their changes to the code.
|<ref>{{Cite web |date=2025-08-28 |title=PSA: Elegoo Centauri Carbon & GPL Compliance |url=https://freethecode.lol/ |url-status=live |archive-url=http://web.archive.org/web/20251206142736/https://freethecode.lol/ |archive-date=6 Dec 2025|access-date=2025-08-28 |website=PSA: Elegoo Centauri Carbon & GPL Compliance}}</ref>
|-
|Foxit Reader
|Updater uses dark pattern to trick unsuspecting users into installing a trial version of their paid product. The checkbox is enabled again by default with each update in the hope that the user misses it by accident at some point.
|
|-
|[[Gaggia]]
|Between 2015 to 2019, the redesigned Gaggia Classic removed the traditional three-way solenoid valve. The valve was restored in the 2019 Gaggia Classic Pro after criticism and backlash from the espresso enthusiast community.
|<ref>{{Cite web |last=Waddell |first=Kelsey |date=2023-03-23 |title=Gaggia Classic vs Pro: A Closer Look at the Differences |url=https://www.roastycoffee.com/gaggia-classic-vs-pro/ |website=Roasty Coffee}}</ref>
|-
|[[Google Chromecast]]
|Chromecast has transitioned from a standalone product to one that [[Forced_app_download|requires the Google Home app]] for setup and control. This change prevents customers who either don't own a smartphone or prefer not to use the app from accessing their Chromecast devices. As a result, certain televisions—such as the Caixon EC43S1UA, which relied on built-in Chromecast functionality—can no longer be used as intended. This effectively removes a key feature from a product that was already purchased, diminishing its value or rendering it unusable altogether.
|
|-
|Google TLS Changes
|Google's new requirements to certificate authorities require separate authority/signing chains to be used to issue Server Authentication and Client Authentication certificates. Therefore, starting 11 February 2026, Let's Encrypt will no longer include the Client Authentication EKU on default certificates
|
|-
|[[Google]]
|Google apparently plans to reduce the interval of publishing source code of security patches they consider non-critical. This is another blow to the custom ROM community.
Right now we don't have these incidents organised chronologically, maybe we should have a table with a timeline of measures Google takes to enshittify and close down Android (more APIs moved to Play Services, Developer verification, withholding AOSP device trees for Pixel devices to mess with Graphene OS, now delayed source code disclosure). What's worst, they always cite safety as a reason.
|<ref>{{Cite web |title=Exclusive: Google wants to make Android phones safer by switching to ‘risk-based’ security updates |url=https://www.androidauthority.com/android-risk-based-security-updates-3597466/ |archive-url=http://web.archive.org/web/20260107025310/https://www.androidauthority.com/android-risk-based-security-updates-3597466/ |archive-date=7 Jan 2026}}</ref>
|-
|Google Maps
|Google restricts data visible in Google Maps for users who are not signed in with an account (see [[Forced account]]). Reviews and photos are no longer visible without login. This also forces users to agree to Google's TOS and logs them into all other Google services, such as YouTube or Google Search so that now all their data in those other services is associated with their accounts. This also raises concerns that other services such as YouTube might follow.
|<ref>{{Cite web |title= |url=https://www.reddit.com/r/GoogleMaps/comments/1r4iauf/google_maps_now_forces_you_to_signin/ |archive-url=https://web.archive.org/web/20260223032117/https://old.reddit.com/r/GoogleMaps/comments/1r4iauf/google_maps_now_forces_you_to_signin/ |archive-date=23 Feb 2026}}</ref><ref>{{Cite web |title= |url=https://www.reddit.com/r/GoogleMaps/comments/1r74v0f/cant_view_images_without_logging_in/ |archive-url=https://web.archive.org/web/20260223032213/https://old.reddit.com/r/GoogleMaps/comments/1r74v0f/cant_view_images_without_logging_in/ |archive-date=23 Feb 2026}}</ref>
|-
|[[Google]], [[Mozilla]], [[Apple]], [[Microsoft]], but largely Google-led
|Google Chrome, Mozilla Firefox, and Safari are removing XSLT 1.0 support, which could break critical parts of government's websites worldwide<ref>{{Cite web |last=Dimant |first=Dimitrii "Mamut" |date=2025-08-10 |title=XSLT removal will break multiple government and regulatory sites across the world #11582 |url=https://github.com/whatwg/html/issues/11582 |url-status=live |archive-url=http://web.archive.org/web/20260211221059/https://github.com/whatwg/html/issues/11582 |archive-date=11 Feb 2026|access-date=2025-10-25 |website=Github (specifically the Web Hypertext Application Technology Working Group's HTML standards repo, controlled by Mozilla, Google, Microsoft and Apple)}}</ref>. There are valid security reasons for them to want to stop supporting this 1999-era standard, however they have had 26+ years to update to a newer standard (such as the 2017-era 3.1 standard, which is backwards compatible and would allow these sites to continue to work<ref>{{Cite web |date=2017-03-21 |title="XML Path Language (XPath) 3.1: W3C Recommendation 21 March 2017" |url=https://www.w3.org/TR/xpath-31/ |url-status=live |archive-url=http://web.archive.org/web/20260116015839/https://www.w3.org/TR/xpath-31/ |archive-date=16 Jan 2026|website=W3C}}</ref>). The single unpaid developer maintaining these libraries has more or less retired after getting flooded with impossible to satisfy security requests from these companies<ref>{{Cite web |last=Wellnhoffer |first=Nick |date=2025-05-08 |title=Triaging security issues reported by third parties |url=https://gitlab.gnome.org/GNOME/libxml2/-/issues/913 |url-status=live |archive-url=http://web.archive.org/web/20260131231248/https://gitlab.gnome.org/GNOME/libxml2/-/issues/913 |archive-date=31 Jan 2026|access-date=2025-10-25 |website=gitlab.gnome.org}}</ref>. There is an existing project called XRUST to implement the 3.1 standard<ref>{{Cite web |date=2025-05-09 |title=XRust: XPath, XQuery, and XSLT for Rust |url=https://gitlab.gnome.org/World/Rust/markup-rs/xrust |url-status=live |archive-url=http://web.archive.org/web/20260204085435/https://gitlab.gnome.org/World/Rust/markup-rs/xrust |archive-date=4 Feb 2026|access-date=2025-10-14 |website=gitlab.gnome.org}}</ref>, which is 2/3rds of the way through supporting all the features of 1.0 - the XSLT part fully supports all the 1.0 features at this point. XSLT is part of the W3C Consortium's open web standards for formatting and presenting XML, and is also how RSS works, so RSS feeds would stop working as well, disrupting the livelihoods of podcasters<ref>{{Cite web |last=Rijo |first=Luis |date=2025-08-20 |title=Google targets RSS feeds in new XSLT removal proposal |url=https://ppc.land/google-targets-rss-feeds-in-new-xslt-removal-proposal/ |url-status=live |archive-url=https://web.archive.org/web/20260222212228/https://ppc.land/google-targets-rss-feeds-in-new-xslt-removal-proposal/ |archive-date=22 Feb 2026|access-date=2025-10-14 |website=PPC-Land}}</ref>. This has led to questions of who owns the web - the public (including the government) who paid for and laid down the highways / web infrastructure - or a handful of large corporations? <ref>{{Cite web |last=Branscombe |first=Mary |date=2025-09-01 |title=XSLT Debate Leads to Bigger Questions of Web Governance |url=https://thenewstack.io/xslt-debate-leads-to-bigger-questions-of-web-governance/ |url-status=live |archive-url=http://web.archive.org/web/20260131231310/https://thenewstack.io/xslt-debate-leads-to-bigger-questions-of-web-governance/ |archive-date=31 Jan 2026|access-date=2025-10-14 |website=The New Stack}}</ref>
|
|-
|[[GoPro]] Hero 12
|GoPro Hero 12 requires the GoPro app to be installed before you can use the camera. Many currently used devices are not compatible with the app, therefore making use of the camera difficult to impossible for new owners or upon camera factory reset. There's also the question of what data the app collects and whether it requires login and or camera activation.
|
|-
|[[Hikvision]]
|Chinese surveillance camera manufacturer complicit in Uighur genocide which used to advertise recognition of praying and ramadan fasting among its selling points. Similarly to [[Flock license plate readers|Flock]], they are in use world wide and likely feed directly into the Chinese government's surveillance infrastructure and could conceivably be used to find dissidents world-wide. Recently, [https://netzpolitik.org/2025/hikvision-hersteller-der-hamburger-ki-ueberwachungskameras-ist-fuer-menschenrechtsverletzungen-bekannt/ the city of Hamburg has installed them] ([https://netzpolitik-org.translate.goog/2025/hikvision-hersteller-der-hamburger-ki-ueberwachungskameras-ist-fuer-menschenrechtsverletzungen-bekannt/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=de&_x_tr_pto=wapp Google Translate Version in English]).
|
|-
|[[Internet radios]]
|I'd like a page where I can share information about internet radios "openness." Few allow you to enter a radio station's URL (which I would consider the least intrusive option). Most depend on third-party websites or apps; [https://www.sangean.com/uk/blog/149 some of which have already bricked devices].
|
|-
|[[IPVideo Corporation]] (owned by [[Motorola]])
|Manufacturer of surveillance hardware. The notable example that brought them to my attention is the Halo 3C/3C-PC Smart Sensor, which is deployed in places such as school bathrooms and subsidized/social housing. This system has a variety of sensors on it, from air quality ones (for detecting smoking/vape usage) all the way to microphones (ostensibly for audio analysis to identify aggression and gunshots, without the capability to stream the audio elsewhere, but this not a limitation built into the hardware and could be changed by a firmware update).
|<ref>{{Cite_web |last=Reynaldo |last2=nyx |name-list-style=amp |date=2025-10-10 |title=DEF CON 33 - Unmasking the Snitch Puck: IoT surveillance tech in the school bathroom |url=https://youtu.be/WCnojaEpF2I |publisher=DEF CON |url-status=live |archive-url=https://preservetube.com/watch?v=WCnojaEpF2I |archive-date=16 Feb 2026}}</ref><ref>{{Cite_web |access-date=2025-10-26 |url=https://www.pelco.com/sensors |url-status=live |archive-url=https://web.archive.org/web/20250922000017/https://www.pelco.com/sensors |archive-date=2025-09-22 |title=HALO Smart Sensor Suite |website=PELCO}}</ref>
|-
|[[iRacing]]
|iRacing is a racing game that's subscription-based, requiring payment just to play the actual game in either online or offline mode.
|
|-
|[[itch.io]], [[Night School Studios]], [[Netflix]]
|In September 2024, users who purchased the game Oxenfree on itch.io were warned that the game was going to be pulled from the platform on October 1st. Consumers would not be able to download the installers after this date, so they would lose access unless they had them backed up. Users speculated that Netflix, the parent company of the development studio, had ordered the move; however, no response from Netflix or the developers was ever published. This is particularly notable because it is against itch.io's terms of service: "Users shall retain a license to this content even after the content is removed from the Service."
|<ref>{{Cite web |last=itch corp |date=15 Apr 2023 |title=itch.io Terms of Service |url=https://itch.io/docs/legal/terms |url-status=live |archive-url=https://web.archive.org/web/20240907004719/https://itch.io/docs/legal/terms |archive-date=7 Sep 2024 |access-date=27 Jun 2025 |website=itch.io}}</ref> <ref>{{Cite web |last=ShawnS |date=31 Jan 2025 |title=OXENFREE |url=https://delistedgames.com/oxenfree/ |url-status=live |archive-url=https://web.archive.org/web/20250321070400/https://delistedgames.com/oxenfree/ |archive-date=21 Mar 2025 |access-date=27 Jun 2025 |website=Delisted Games}}</ref> <ref>{{Cite web |last=Colp |first=Tyler |date=9 Sep 2024 |title=Another reminder that your digital library isn't forever: Oxenfree will be completely removed from Itch.io next month |url=https://www.pcgamer.com/games/adventure/another-reminder-that-your-digital-library-isn-t-forever-oxenfree-will-be-completely-removed-from-itch-io-next-month/ |url-status=live |archive-url=https://web.archive.org/web/20250523111125/https://www.pcgamer.com/games/adventure/another-reminder-that-your-digital-library-isn-t-forever-oxenfree-will-be-completely-removed-from-itch-io-next-month/ |archive-date=23 May 2025 |access-date=27 Jun 2025 |website=PC Gamer}}</ref>
|-
|[[The Japan Times|Japan Times, The]]
|The Japan Times uses the DMCA to take down an open source study resource for the Genki and Quartet workbooks.
|<ref>{{Cite web |last=Clydesdale |first=Seth |date=2025-09-11 |title=Important Information Regarding Genki and Quartet Study Resources |url=https://ko-fi.com/post/Important-Information-Regarding-Genki-and-Quartet-D1D21L4B1S |url-status=live |archive-url=http://web.archive.org/web/20251116072121/https://ko-fi.com/post/Important-Information-Regarding-Genki-and-Quartet-D1D21L4B1S |archive-date=16 Nov 2025}}</ref><ref>{{Cite web |title=Update Regarding Genki and Quartet Study Resources DMCA Situation |url=https://ko-fi.com/post/Update-Regarding-Genki-and-Quartet-Study-Resources-Y8Y21M1F5E |url-status=live |archive-url=http://web.archive.org/web/20251115073152/https://ko-fi.com/post/Update-Regarding-Genki-and-Quartet-Study-Resources-Y8Y21M1F5E |archive-date=15 Nov 2025}}</ref><ref>{{Cite web |date=2025-10-03 |title=All Exercises for Genki/Quartet Study Resources Have Been Removed |url=https://ko-fi.com/post/All-Exercises-for-GenkiQuartet-Study-Resources-Wi-R6R81M8LLN |archive-url=http://web.archive.org/web/20251113045244/https://ko-fi.com/post/All-Exercises-for-GenkiQuartet-Study-Resources-Wi-R6R81M8LLN |archive-date=13 Nov 2025}}</ref>
|-
|[[KOSA]]
|KOSA claims to make kids safer, but it’s really a dangerous censorship bill that would give the U.S. government unprecedented control over the internet. This would put youth in danger by preventing them from accessing potentially life-saving resources.
|<ref>{{Cite web |last= |first=Fight for the Future |date=2026-01-24 |title=Reject online censorship. Tell lawmakers to oppose KOSA! |url=https://www.stopkosa.com/ |url-status=live |archive-url= |archive-date= |access-date=2026-01-24 |website=Stop KOSA}}</ref><ref>https://web.archive.org/web/20250228145348/https://www.houstonchronicle.com/news/houston-texas/education/article/Katy-ISD-blocks-LGBTQ-resources-suicide-16647274.php</ref>
|-
|[[LBRY]] Foundation, [[Odysee]]
|Community first decentralization & Odysee's plan to enable censorship by switching away from the opensource LBRY network.
|<ref>{{Cite web |title=The LBRY Foundation |url=https://lbry.org/ |url-status=live |archive-url=http://web.archive.org/web/20260211161516/https://lbry.org/ |archive-date=11 Feb 2026|access-date=2025-08-08 |quote=The LBRY community invites everyone to join us in building a more free and open way to share content and information online.}}</ref><ref name=":2">{{Cite news |last=Watson |first=RT |date=6 Jun 2024 |title=Decentralized YouTube alternative Odysee acquired by Forward Research despite content concerns |url=https://www.theblock.co/post/298888/decentralized-youtube-alternative-odysee-acquired-by-forward-research-despite-content-concerns |url-status=live |archive-url=http://web.archive.org/web/20251127094918/https://www.theblock.co/post/298888/decentralized-youtube-alternative-odysee-acquired-by-forward-research-despite-content-concerns |archive-date=27 Nov 2025|access-date=16 Aug 2025 |work=The Block}}</ref><ref>{{Cite journal |last=Li |first=Jun |last2=Grintsvayg |first2=Alex |last3=Kauffman |first3=Jeremy |last4=Fleming |first4=Charles |date=2020 |title=LBRY: A Blockchain-Based Decentralized Digital Content Marketplace |url=https://ieeexplore.ieee.org/document/9126007 |journal=2020 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS) |location=Oxford, UK |publisher=IEEE |doi=10.1109/DAPPS49028.2020.00005 |isbn=978-1-7281-6978-1 |via=IEEE Xplore |url-status=live |archive-url=http://web.archive.org/web/20250825221749/https://ieeexplore.ieee.org/document/9126007/ |archive-date=25 Aug 2025}}</ref>
|-
|[[LG]]
|LG discontinued its LG Bluetooth Remote app (including plugins such as "btc4") making it non-public on the Play Store and making Bluetooth controllable devices (like for example the CM2630B) half as useful, without even publishing neither the protocol used to control such devices nor the source code of the app.
|
|-
|[[Lowe's]]
|Lowe's uses flock cameras and other AI powered cameras to collect data and build a profile on "prospective, current, or former Lowe's customers". Their cameras point away from their stores.
|<ref>{{Cite web |last=Koebler |first=Jason |date=6 Aug 2025 |title=Home Depot and Lowe's Share Data From Hundreds of AI Cameras With Cops |url=https://www.404media.co/home-depot-and-lowes-share-data-from-hundreds-of-ai-cameras-with-cops/ |url-status=live |archive-url=http://web.archive.org/web/20260216173226/https://www.404media.co/home-depot-and-lowes-share-data-from-hundreds-of-ai-cameras-with-cops/ |archive-date=16 Feb 2026|access-date=15 Sep 2025 |website=404 Media}}</ref><ref>{{Cite web |date=26 Aug 2025 |title=Lowe’s U.S. Privacy Statement |url=https://www.lowes.com/l/about/privacy-and-security-statement |url-status=live |archive-url=http://web.archive.org/web/20251228013530/https://www.lowes.com/l/about/privacy-and-security-statement |archive-date=28 Dec 2025|access-date=15 Sep 2025 |website=Lowe's}}</ref>
|-
|[[McDonald's]]/Taylor
|McDonald's US mandates which ice cream machine has to be used by franchise licensees. The company that makes these machines uses deliberately obfuscated error codes to force restaurant owners to use their expensive tech service to fix them and reset the machines. The company makes more money from these "repairs" support than with actual sales. Not strictly end consumer, but the pattern warrants documenting imo.
A similar problem exists with Doremi (Dolby) cinema projectors where their DRM leads to a ridiculous number of actions breaking the so-called "marriage" (projector-media block unity), requiring a costly technician to reset it. This one needs sources researched, though, as I don't have one on hand.
|<ref>{{Cite web |title=Why McDonald's Ice Cream Machines Are Always Broken and How To Fix Them |url=https://www.youtube.com/watch?v=2uCpY3tFTIA |url-status=live |archive-url=https://preservetube.com/watch?v=2uCpY3tFTIA |archive-date=22 Feb 2026}}</ref>
|-
|Microsoft
|Microsoft's Android keyboard app SwiftKey set to make it impossible to backup user data without a Microsoft Account, backups must be stored in Microsoft cloud
|<ref>{{Cite web |title= |url=https://www.theverge.com/tech/896859/swiftkey-will-soon-require-a-microsoft-account-to-save-your-typing-info}}</ref>
|-
|[[Minut]]
|Minute sells sensors and alarms. They released an alarm (Point) on kickstarter that long after release got a firmware update adding forced subscription if more than one person wanted to use the alarm.
|<ref>https://www.kickstarter.com/projects/minut/pointthe-friendly-home-alarm</ref>
<ref>https://www.minut.com/</ref>
|-
|[[Mitsubishi Motors]]
|Mitsubishi Motors has a rich history of consumer protection, compliance issues and privacy breaches. These include concealing safety defects, falsifying fuel economy data, and being fined for false advertising. Following the trend of subscription services for the automotive industry, Mitsubishi paywalls built-in features including remote start, SOS, collision detection, and car tracking through its app Mitsubishi Connect subscription service.
|[https://www.autoevolution.com/news/mitsubishi-fined-42-million-by-japans-consumer-affairs-agency-115026.html?utm_source=chatgpt.com] [https://leakd.com/leaks/mitsubishi-motors-vietnam-customer-data-breached/?utm_source=chatgpt.com] [https://en.wikipedia.org/wiki/Mitsubishi_Motors?utm_source=chatgpt.com] [https://violationtracker.goodjobsfirst.org/?order=pen_year&parent=mitsubishi-motors&sort=&utm_source=chatgpt.com][https://www.mitsubishi-motors.com/en/newsroom/newsrelease/2017/20171129_3.html?utm_source=chatgpt.com]
|-
|Multiple
|Several legal cases involving forced arbitration in some manner; many of these relate to other anticonsumer practices, such as when Wells Fargo illegally opened up ~3.5M fake checking and credit accounts in customers' names. Highly advised to deeply scrub for supplementary sources.
|<ref>{{Cite web |date=Apr 16, 2019 |title=Fact Sheet: Cases Tossed Out of Court Because of Forced Arbitration Causes and Class Action Bans |url=https://www.centerjd.org/content/fact-sheet-cases-tossed-out-court-because-forced-arbitration-causes-and-class-action-bans#_ftn1 |access-date=Feb 12, 2026 |website=Center for Justice & Democracy at New York Law School |url-status=live |archive-url=http://web.archive.org/web/20251013145327/https://centerjd.org/content/fact-sheet-cases-tossed-out-court-because-forced-arbitration-causes-and-class-action-bans |archive-date=13 Oct 2025}}</ref>
|-
|MuseGroup (MuseSounds)
|Releasing more and more subscription sound packs while previously released one-time purchase sound packs are full of bugs/issues and have gone without updates for sometimes over a year. They have also increased the price of one-time purchase packs by about 500% while still providing no additional or improved functionality.
They also added unsolicited popups advertising their paid sound packs at startup of the open source MuseScore application, as well as buttons and commands for their cloud service to the home screen, which cannot be disabled. They previously ran into controversy when changing the privacy policy of Audacity and tried to add tracking. The closed-source MuseHub application (which is required to download the free sound packs) connects to tracking services with neither a real opt-in nor an opt-out option. Newer versions of MuseHub now seem to [[Forced account|require an account]] to download free sound packs and sound effects, which previously was not the case. Muse Hub starts at every system launch by default and stays active in the background despite this not being required for its functionality. They also added proprietary parts to MuseScore (like the MuseSample), which is kept closed source. They also bought StaffPad and seem to have quietly ceased its development without publishing any statements.
|
|-
|[[Navdy]], [[Harman International]]
|Device discontinued and no updates, device can be used offline for 1 year until it stops working.
https://www.reddit.com/r/navdy/
|
|-
|[[Netgear]] (internet networking equipment)
|Almost every Netgear internet router requires the creation of a new account to function as a router (see [[Forced account]]), where the TOS includes an agreement to binding arbitration. Most if not all devices are locked into proprietary firmware with no option to change. Some automatic updates have reportedly cause loss of performance with option to revert to a previous version, "bricking" the device in some cases.
Engages in anti-consumer practices, requiring a subscription for basic WiFi-router features such as parental controls. According to a blogpost by a senior employee, grew from "45% in 2016 to over 60% in 2019" of the US consumer router market. In 2025, Netgear is "being sued by TP-Link for a 'Smear Campaign' to Advance US Router Ban [of it's competitor TP-Link].
|[https://www.netgear.com/about/terms-and-conditions/ <nowiki>[62]</nowiki>]
[https://kb.netgear.com/000062104/What-subscription-plans-are-available-for-NETGEAR-Smart-Parental-Controls <nowiki>[63]</nowiki>]
[https://www.netgear.com/hub/author/abhorkar/ <nowiki>[64]</nowiki>]
[https://www.pcmag.com/news/tp-link-accuses-netgear-of-smear-campaign-to-advance-us-router-ban?test_uuid=04IpBmWGZleS0I0J3epvMrC&test_variant=B <nowiki>[65]</nowiki>]
|-
|[https://www.nexigroup.com/ Nexi S.p.A.]
|Nexi is a payment services provider based in Italy, which has been used by the [https://fsfe.org/ Free Software Foundation Europe] (FSFE) for ~ 15 years. They have allegedly been asking FSFE for personal information of FSFE executives and supporters and have recently cancelled their contract with FSFE.
|<ref>{{Cite web |date=2026-03-16 |title=450 FSFE supporters affected: Payment provider Nexi cancelled us |url=https://fsfe.org/news/2026/news-20260316-01.en.html |url-status=live |archive-url=https://web.archive.org/web/20260317162959/https://fsfe.org/news/2026/news-20260316-01.en.html |archive-date=2026-03-17 |access-date=2026-03-17 |website=FSFE - Free Software Foundation Europe}}</ref>
|-
|[[Nothing]]
|Nothing brings home-screen ads (can be disabled manually) and [[bloatware]] to its lower end models despite previously boasting about being bloatware free
|<ref>{{Cite web |last=Floemer |first=Andreas |date=2025-10-27 |title=Phone 3a: NothingOS 4.0 brings optional ads to the lock screen |url=https://www.heise.de/en/news/Phone-3a-NothingOS-4-0-brings-optional-ads-to-the-lock-screen-10904033.html |url-status=live |archive-url=https://web.archive.org/web/20260222212507/https://www.heise.de/en/news/Phone-3a-NothingOS-4-0-brings-optional-ads-to-the-lock-screen-10904033.html |archive-date=22 Feb 2026|access-date=2025-10-27 |website=Heise Online}}</ref>
|-
|Odido Netherlands B.V.
|Odido is an internet service provider in the Netherlands with a 10-15% market share [[https://www.acm.nl/nl/publicaties/acm-telecommonitor-derde-kwartaal-2025 79]]. On the 3rd of March 2026 a user reported that his Odido Zyxel EX5601-T1 router was (illegally) sending analytics data to a Turkish AI-company [[https://www.linkedin.com/pulse/odido-router-verzamelt-analytics-van-je-huishouden-sipke-mellema-0uoie/ 80]]. The user reported on the 8th of March 2026 that the router silently stopped sending this data with no formal mention/patch from Odido. The user reported on the poor security of the router and that the analytics data contained the unencrypted names of local networks, the names of devices connected to these networks, and MAC-addresses. The poor security of Odido's routers follows a massive data leak of 6.2 million customers' full legal names, phone numbers, emails, bank account numbers, passport numbers and more [[https://tweakers.net/nieuws/244656/odido-waarschuwt-voor-datalek-miljoenen-klantgegevens-gestolen-bij-cyberaanval.html 81]].
|[[https://www.acm.nl/nl/publicaties/acm-telecommonitor-derde-kwartaal-2025 79]] [[https://www.linkedin.com/pulse/odido-router-verzamelt-analytics-van-je-huishouden-sipke-mellema-0uoie/ 80]] [[https://tweakers.net/nieuws/244656/odido-waarschuwt-voor-datalek-miljoenen-klantgegevens-gestolen-bij-cyberaanval.html 81]]
(I do not know how to add these to the list)
|-
|[[OICA]] (European automotive lobby organisation)
|The OICA recently pushed for the right to emit sounds from quiet electric cars to make them as loud as conventional cars with combustion engine and against stricter noise regulation in cities. The fake engine noises in question are specifically not for safety purposes, but for emotional effect for the driver. However, instead of playing the noises only inside for just the driver to hear, the noise is to be played on speakers on the exterior, thus affecting the general public. Noise pollution has long been known to have adverse health effects. ''[NOTE: Similar to environmental aspects, greenwashing etc., we will have to find a good angle for how this fits the wiki. I would say it does match the general theme of manufacturers deliberately making their products worse for minor financial gain and lobbies pushing against things that are in public interest.]''
|<ref>{{Cite web |last=Krempl |first=Stefan |date=2026-01-07 |title=Sound Dictatorship vs. Quiet: The Battle for E-Car Roar |url=https://www.heise.de/en/news/Sound-Dictatorship-vs-Quiet-The-Battle-for-E-Car-Roar-11133630.html |url-status=live |archive-url=http://web.archive.org/web/20260108165124/https://www.heise.de/en/news/Sound-Dictatorship-vs-Quiet-The-Battle-for-E-Car-Roar-11133630.html |archive-date=8 Jan 2026|access-date=2026-01-08 |website=Heise Online}}</ref>
|-
|[[Oracle]]
|Similarly to [[Tencent]], this corp is behind many other companies, so it has a lot of power over users. Also, their CEO is very petty about letting go the [[JavaScript]] trademark<ref>https://deno.com/blog/javascript-tm-gofundme</ref>
|
|-
|[[Persona]] (Age verification service)
|Used by Discord to do age verification using facial 3d scans, which are transmitted to Persona servers. It has been revealed that the company has ties to Palantir and Peter Thiel.
|<ref>{{Cite web |title= |url=https://www.pcgamer.com/software/platforms/oh-good-discords-age-verification-rollout-has-ties-to-palantir-co-founder-and-panopticon-architect-peter-thiel/ |archive-url=http://web.archive.org/web/20260221224755/https://www.pcgamer.com/software/platforms/oh-good-discords-age-verification-rollout-has-ties-to-palantir-co-founder-and-panopticon-architect-peter-thiel/ |archive-date=21 Feb 2026}}</ref>
|-
|[[Proton]]
|Proton helped FBI unmask anonymous "Stop Cop City" protestor
|<ref>https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/</ref>
|-
|[https://www.skystone.games/ Skystone Games]
|Boundary, a multiplayer online-only first-person shooter, got shut down just a year after its release by Skystone games, and its publishing rights relinquished, citing "ongoing delays and a lack of updates from the developer". Studio Surgical Scalpels (the developer) stated that the publisher decissions were "extremely sudden and unreasonable", and attempted to "regain the rights to boundary". The game has been offline for more than a year at the time of writing, and no refunds or communications to the userbase has been made by Skystone Games.
|<ref>{{Cite web |date=2024-06-19 |title=Boundary - End of service notice |url=https://store.steampowered.com/news/app/1364020/view/4209257868262605607?l=english |url-status=live |access-date=2025-07-07 |website=Steam |archive-url=http://web.archive.org/web/20251021143111/https://store.steampowered.com/news/app/1364020/view/4209257868262605607?l=english |archive-date=21 Oct 2025}}</ref><ref>{{Cite web |date=2024-06-30 |title=Boundary Shut Down: Who's to Blame? |url=https://www.youtube.com/watch?v=Kr8IhV1fovE |url-status=live |archive-url=https://preservetube.com/watch?v=Kr8IhV1fovE |archive-date=16 Feb 2026}}</ref>
|-
|[[Sony]], Sony Online Entertainment/[[Daybreak Game Company]]
|Selling off SOE to the investment firm Columbus Nova, all games published by SOE were delisted without prior notice to consumers or developers, and licenses were revoked as well.
|<ref>{{Cite web |last=S |first=Shawn |date=Jun 10, 2016 |title=Akimi Village |url=https://delistedgames.com/akimi-village/ |url-status=live |archive-url=http://web.archive.org/web/20251127030103/https://delistedgames.com/akimi-village/ |archive-date=27 Nov 2025|website=Delisted Games}}</ref><ref>{{Cite news |last=Weber |first=Rachel |date=Feb 2, 2015 |title=SOE acquired, becomes Daybreak Game Company |url=https://www.gamesindustry.biz/soe-acquired-becomes-daybreak-game-company |work=GamesIndustry.biz |url-status=live |archive-url=http://web.archive.org/web/20260204235742/https://www.gamesindustry.biz/soe-acquired-becomes-daybreak-game-company |archive-date=4 Feb 2026}}</ref>
|-
|[[Superbox]]
|Android TV box manufacturer Superbox remotely locks consumers' devices if they were sold below the manufacturer's minimum specified prices and asks consumers to contact the retailer when they complain.
They are not the first to do something like this. [[Deye]] locked down inverters in the US that they suspected might be gray imports.
|<ref>{{Cite web |title=You'll Own Nothing and Be Happy |url=https://www.youtube.com/watch?v=5I5-rAyFQrk |website=YouTube |type=Video |url-status=live |archive-url=https://preservetube.com/watch?v=5I5-rAyFQrk |archive-date=16 Feb 2026}}</ref>
|-
|[[Twitch]]
|Twitch has recently partnered with Persona to verify the ages of new affiliates before first payouts.
|
|-
|[[UP3]] By [[Jawbone]]
|Approximately 2011, Pioneering startup company from San Francisco, had revolutionary fitness trackers. In 2017 with no notice to customers they stole personal data and shut down app which in turn, bricked devices. Highly likely went bankrupt and sold to sister company to manipulate customer services and rights. Now owned by Aliph brands.
|
|-
|[[Vive]]
|In 2022, Vive discontinued the original Vive Facial Tracker module a year after the original release, then released an updated model with proprietary firmware that blocked use on other 3rd party VR headset, while only allowing the new model to work with their new locked-down headset. The 2021 version of the face tracker's long term support was seemingly cut overnight without any software updates since 2021.
|<ref>{{Cite web |last=Vive Team |date=2022-08-07 |title=VIVE Focus 3 gets Facial Tracker, and Eye Tracker |url=https://blog.vive.com/us/vive-focus-3-gets-facial-tracker-and-eye-tracker/ |url-status=live |archive-url=https://web.archive.org/web/20250619155201/https://blog.vive.com/us/vive-focus-3-gets-facial-tracker-and-eye-tracker/ |archive-date=2025-06-19 |access-date=2025-09-21 |website=Vive Blog}}</ref><ref>{{Cite web |last=StateKi |date=2023-10-10 |title=Post by StatekTi on X |url=https://x.com/StatekTi/status/1733954156379963393 |url-status=live |archive-url=https://archive.ph/DiYbF |archive-date=9 Jan 2026 |access-date=2025-11-21 |website=X (Formerly Twitter)}}</ref>
|-
|[[WHMCS]]
|Discontinuation of support and updates for WHMCS legacy “Owned” licenses, forcing users who want ongoing updates or technical support to switch to subscription licensing and pay recurring fees rather than continue with the original owned model. This change affects all holders of legacy owned licenses and alters the long-term terms under which those licenses were originally sold
|<ref>{{Cite web |title=WHMCS Knowledgebase |url=https://www.whmcs.com/members/index.php/knowledgebase/70/Support-and-Updates-Expiration.html |url-status=live |archive-url=http://web.archive.org/web/20251211021038/https://www.whmcs.com/members/index.php/knowledgebase/70/Support-and-Updates-Expiration.html |archive-date=11 Dec 2025}}</ref><ref>{{Cite web |title=Important pricing changes to your WHMCS owned license Mailer |url=https://www.whmcs.com/members/mailings/?k=price21-emailo |url-status=live |archive-url=https://web.archive.org/web/20260215233549/https://www.whmcs.com/members/mailings/?k=price21-emailo |archive-date=15 Feb 2026}}</ref>
|-
|Wheatstone Corporation
|Wheatstone Corporation are a manufacturer of professional broadcast equipment, mainly audio consoles and interfaces that utilise their proprietary Wheatnet audio over IP protocol.
Wheatstone restricts access to firmware updates, software configuration tools and software. You must open a support ticked in order for them to send you a download link to these software tools, they make it very difficult to access software required to make their hardware audio interfaces work, even stating they want proof of purchase (not just a licence key) before they will even give you the download link. Managing licences is also non-existent and you will need to contact support, and as such a fee is imposed.
|
|-
|[[Wireless Power Consortium]]
|After monopolizing wireless charging market Qi turned from an open standard into a proprietary.
Version 1.3 introduced "secure authentication between the transmitter and the receiver", i.e. in order to operate every charger must include an expensive proprietary chip licensed only to certified members. This results in increased development and manufacturing costs directly passed onto consumer. Version 2.2, unlike previous versions, "is available for WPC Members only".
|<ref>{{Cite web |title=Qi Certification Is Changing and We've Got You Covered |url=https://www.nxp.com/company/about-nxp/smarter-world-blog/BL-QI-CERTIFICATION-IS-CHANGING |url-status=live |archive-url=http://web.archive.org/web/20251104012700/https://www.nxp.com/company/about-nxp/smarter-world-blog/BL-QI-CERTIFICATION-IS-CHANGING |archive-date=4 Nov 2025|website=NXP Semiconductors}}</ref>
<ref>{{Cite web |title=Download the Qi Specifications |url=https://www.wirelesspowerconsortium.com/knowledge-base/specifications/download-the-qi-specifications/ |url-status=live |archive-url=http://web.archive.org/web/20251104094044/https://www.wirelesspowerconsortium.com/knowledge-base/specifications/download-the-qi-specifications/ |archive-date=4 Nov 2025|website=Wireless Power Consortium}}</ref>
|-
|Wolfgang Puck Bread Makers
|Some of the bread makers have anti repair screws in them to prevent people from repairing them themselves. Needs more citations.
|
|-
|[[World Orb]]
|World Network (Sam Altman/Open AI) scheme to collect biometric data on all people. Tied to cryptocurrency, AI schemes. Supposedly way for people to show they are human (run by the people who are trying to make a profit from AI).
|
|-
|[[Xcode]] support dropped for older MacBooks
|Apple has discontinued support for up to date versions of Xcode iOS development on older MacBook devices (discovered on my MacBook Pro 2017, but I’m sure it applies to other old devices as well), resulting in not being able to use a perfectly capable machine for iOS app development without having to go through countless loopholes. 1) you cannot commit new updates without utilizing a third-party medium, 2) the warning and error compiler is out of date due to not being able to update to the latest version, which of course supports the latest iOS release, so you have to figure it out on your own like it’s the 80’s 3) you must commit and release a new TestFlight build (through [1] loophole) to do any testing instead of being able to simulate on your Mac or even a connected device 4) this all really stems from the fact that the new Xcode updates require the new MacOS version which is also discontinued for older MacBooks. This means 8 year old device is basically just useless for such applications.
|[[Category:Sources]]
|-
|[[Zhiyun]]
|Like competing products from [[DJI]], Zhiyun video gimbals require a Chinese smartphone app, internet access and an [[Forced account|account]] to activate on first use.
|<ref>{{Cite web |title= |url=https://www.youtube.com/watch?v=_CjNp6pWNoQ |archive-url=https://preservetube.com/watch?v=_CjNp6pWNoQ |archive-date=23 Feb 2026}}</ref>
|-
|Kohls
|There is no option to delete your account on their website
|
|-
|Microsoft Rewards
|Used to be a good program, but over the last few years they've implemented a number of anti-user policies including extensive cool-downs for earning points on Bing, and making it more difficult to redeem points. There are multiple reports on r/microsoftrewards of people getting banned or restricted when they have over $100 worth of points that they are trying to redeem. They've also removed points opportunities that used to be interesting and engaging.
|
|-
|
|City of Berlin installs security cameras that alerts authorities about people who are "loitering without reason".
|<ref>{{Cite web |title= |url=https://www.heise.de/en/news/Surveillance-in-Berlin-When-AI-reports-loitering-without-reason-11206420.html}}</ref>
|}

==List of themes not yet covered==
Consumer Rights Wiki is not an encyclopedia.

*Before proposing or making a theme article, see if you can find an article that covers the topic on wikipedia, or some other reference. If you can, just use a reference to that.
*Check the list of theme articles [[:Category:common terms]], to be sure there isn't already an article on the topic, or one closely related. Sometimes a theme may be covered by generalizing an existing article.

{| class="wikitable"
|+
!Theme
!Summary of Theme
!Refs
|-
|Anti-rollback or ARB for device firmware
|most recent example being [[Oneplus phone update introduces hardware anti-rollback]] but ain't exclusive to it. Also implemented by [[Oneplus phone update introduces hardware anti-rollback#Comparison with other manufacturers|Samsung]], [https://mavicpilots.com/threads/not-be-able-to-degrade-firmfare-of-dji-mini2-from-01-06-0200.134806/#post-1518967 DJI] (link found from [[DJI]]) and likely many more.
|
|-
|Car manufacturers replacing physical controls by touch-screens
|This is increasingly common, and puts drivers at risk. Some corps pretend touchscreens are a "premium" or "modern" feature, but are typically cheaper for them
|
|}

==List of companies doing the right thing==
It would be helpful to include examples of companies doing the right thing, even if they aren't, strictly speaking, consumer products.
{| class="wikitable"
|+
!Company
!Good deed
!Refs
|-
|APSystems
|After requests from users, the company released a firmware update that adds a local API to their EZ-1M solar micro inverter, allowing it to remain fully usable if the company ends support for the device
|<ref>{{Cite web |title=APsystems EZHI Local API User Manual |url=https://global.apsystems.com/document/apsystems-ezhi-local-api-user-manual/ |url-status=live |archive-url=http://web.archive.org/web/20251107061040/https://global.apsystems.com/document/apsystems-ezhi-local-api-user-manual/ |archive-date=7 Nov 2025|website=global.apsystems.com}}</ref>
|-
|Concept2
|Readily provides parts and diagrams. Exists under a [https://www.concept2.com/about/perpetual-purpose-trust Perpetual Purpose Trust].
|
|-
|Core Devices (from creator of Pebble Smartwatches)
|Not strictly Core Devices, but when Pebble was sold to Fitbit, the servers remained online for some time, and the Pebble app was updated to allow the Rebble community project to take over some of the Pebble server-side functionality. All backers of the upcoming Pebble 2 series of watches were refunded in full, despite it being a crowd-funding campaign.
Following Google's acquisition of Fitbit and after many years, Google released much of the Pebble Smart Watch source code on github (excluding proprietary libraries). Core Devices and Rebble replaced the usage of the proprietary libraries with open source alternatives, and released new Android and iOS apps, not only supporting the new core devices, but bringing updated support to legacy Pebble devices.
|
|-
|Fairphone
|The new Fairphones (5th and 6th generation) are availible with stock android as well as e/os, which is a fork of lineage os and a european alternative cloud provider (murena) instead of google. This has many privacy features (app tracker blocker, tor network usage, and gps spoofing) availible in a few clicks. Also degoogle apps (microg, safetynet, ...) are preinstalled therefore it is w´possible to install everything also from playstore with an anonymous account. As e/os is a fork of lineage os and there is an official guide to flash the fairphone with e/os and is officially supported, flashing lineage os is very easy.
|<ref>{{Cite web |date=2026-02-24 |title=How to manually install Android on your Fairphone |url=https://support.fairphone.com/hc/en-us/articles/18896094650513-How-to-manually-install-Android-on-your-Fairphone |url-status=live}}</ref><ref>{{Cite web |title=The Fairphone (Gen. 6) with privacy first /e/OS |url=https://shop.fairphone.com/the-fairphone-gen-6-e-operating-system |url-status=live}}</ref>
|-
|Home Assistant
|Open-source smart home platform that provides local control, automation, and interoperability for a wide range of smart home devices. Provides support for many cloud devices after they're subject to [[discontinuation bricking]].
|<ref>{{Cite web |title=Home Assistant |url=https://www.home-assistant.io/ |url-status=live |archive-url=https://web.archive.org/web/20260129222300/https://www.home-assistant.io/ |archive-date=2026-01-29 |access-date=2026-02-05}}</ref>
|-
|Noctua
|Extremely long support for old products and availability of upgrade kits
|<ref>{{Cite web |title= |url=https://www.youtube.com/watch?v=D3g4-fb6u90 |archive-url=https://preservetube.com/watch?v=D3g4-fb6u90 |archive-date=23 Feb 2026}}</ref>
|-
|Numatic International
|A UK based manufacture of commercial and consumer wet/dry floor cleaning products (vacuums, scrubbers, floor buffers) that provides a robust library of technical documents, parts breakdowns, data sheets and training for free on both new and existing products without the need to login, pay additional fees or be an approved repair facility.
|
|-
|Oral-B
|When installing the Android App, there is no login, and the user is asked for analytics tracking consent.
|
|-
|Philips
|Added files for replacement parts to Printables so you can 3D print parts for your Philips products
|
|-
|ratgdo
|A garage door opener controller developed by Paul Wieland, allowing you to locally control it (namely Chamberlain openers that would otherwise require the MyQ app for smart home features).
|<ref>{{Cite web |last=Wieland |first=Paul |title=About - ratgdo |url=https://ratcloud.llc/pages/about |url-status=live |archive-url=https://web.archive.org/web/20251213022055/https://ratcloud.llc/pages/about |archive-date=2025-12-13 |access-date=2026-02-05}}</ref>
|-
|Reticulum
|Reticulum is an open-source, decentralized networking stack designed to communicate between practically any wireless device, even without internet. Its purpose is to provide fully anonymous end-to-end encrypted communication by default, especially in the age of government surveillance. The Reticulum network, protocol, and hardware are not tied any company in particular but were initially created by Github user 'markqvist'. Honorable mention to NomadNet, which is a network of nodes that serve webpages, similar to the internet, that communicate via Reticulum.
|<ref>{{Cite web |last=markqvist |title=Reticulum Network |url=https://reticulum.network/ |access-date=2026-02-15 |website=Reticulum |archive-url=http://web.archive.org/web/20260222180553/https://reticulum.network/ |archive-date=22 Feb 2026}}</ref>
|-
|stevesgames.co.uk
|Will never put ads or in-app purchases in their computer games and will make gamees available for free after securing the companys future.
|
|-
|Tektronix
|Provided extensive product data on unsupported products to a museum, vintageTEK, and thus to tekwiki and the rest of the community.
|<ref>{{Cite web |last=Lenihan |first=Thomas F. |date=2012-02-28 |title=Copyright Notice |url=https://vintagetek.org/copyright-notice/ |url-status=live |archive-url=https://web.archive.org/web/20250828004431/https://vintagetek.org/copyright-notice/ |archive-date=2025-08-28 |access-date=2025-10-18 |website=vintageTEK museum}}</ref>
|-
|Ulanzi
|The company offers a tutorial on how users can mix their own fog juice to use with Ulanzi mini fog machines from readily available low-cost ingredients, whereas competitors sell proprietary fog juice at extortionate prices, refuse to release the formula and refuse to honour the warranty if users use anything but the OEM brand with their machines.
|<ref>{{Cite web |title=Tutorial {{!}} How to DIY Ulanzi FM01 Fog Machine Juice? |url=https://www.youtube.com/watch?v=qiq1B6-dcEM |type=Video}} ([https://preservetube.com/watch?v=qiq1B6-dcEM Archived])</ref>
|}

==See Also==

*[[Louis Rossmann - Video Directory]]
*[[Other Channels - Video Directory|Other Channels - Video Directory]]

==Reference List==
<references />

JavaScript

2026-03-20T09:19:44Z

Rudxain: mention "Web API" in "How it works", to clarify, yet again, that JS needs Web APIs to perform side-effects

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' ('''JS''') is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior, because of its first-class access to [https://developer.mozilla.org/en-US/docs/Web/API user-agent (UA) APIs].<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS (alongside [[wikipedia:WebAssembly|Wasm]]) are built into almost every web-browser and UA, including "light-weight" ones (such as [[wikipedia:W3m|w3m]]). Incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even be a Web Standard,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] (such as Java Applets and [[Adobe]] Flash) the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that JS is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]) is a recipe for disaster, as it makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code has access to Web APIs, so it could do anything from updating part of the page only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" Web API (such as the microphone) the browser pauses it until the user has granted access to that API. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

==Why it is a problem==
Note that, despite its flaws, JS typically is not a problem on its own, but it becomes a problem when given too much power.

Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref> The only valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ECMAScript spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are economically incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a bloated pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*[[Google]] being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[[Instagram]] refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*[[Discord]] being extremely [[Bloatware|bloated]] to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated [[wikipedia:Document_Object_Model|DOM-tree]], but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

Forced account

2026-03-20T08:45:41Z

Rudxain: change section symbol

{{StubNotice}}

'''Forced''' '''account registration/sign-in/log-in''' is a practice committed by entities, where users must have (and use) a digital identity to perform simple tasks that may have otherwise been possible without any sort of identifiers.

Because forced accounts generally means anonymity is technically possible, entities that engage in this practice have little reason to do so outside of personal gain. They may find it favorable for several reasons, including:

#'''Identification and tracking of users''' - often accomplished through device identifiers, location information, and network connection.<sup>[''[[Consumer Rights Wiki:Verifiability|citation needed]]'']</sup>
#'''Increased digital integration''' - more integrating means more sharing data with payment processors, ad providers, and more.<sup>[''[[Consumer Rights Wiki:Verifiability|citation needed]]'']</sup>
#'''Increased centralization and dependency on big companies''' - further consolidates power and wealth into large companies, such as the tech companies who own the authentication [[wikipedia:Server_(computing)|servers]], as well as payment processors. While [[wikipedia:Decentralized_identifier|not all user identification mechanisms need centralization]], most corporations tend to prefer centralization.{{Citation needed}}

==Examples==

*[[Samsung]] and [[Google]] both deliberately limit what the user can do on the [[wikipedia:Galaxy_Store|Galaxy Store]]<ref>{{Cite web |title=Do I Need a Samsung Account to Download Galaxy Store Apps? |url=https://www.samsung.com/uk/support/apps-services/do-i-need-a-samsung-account-to-download-an-app/ |url-status=live |archive-url=https://web.archive.org/web/20260228134531/https://www.samsung.com/uk/support/apps-services/do-i-need-a-samsung-account-to-download-an-app/ |archive-date=2026-02-28 |access-date=2026-03-16 |website=Samsung UK}}</ref><ref>{{Cite web |last=Sharma |first=Adamya |date=2024-09-25 |title=A Samsung account is now mandatory to access the Galaxy Store |url=https://www.androidauthority.com/samsung-account-galaxy-store-access-3484730/ |url-status=live |archive-url=https://web.archive.org/web/20251007130724/https://www.androidauthority.com/samsung-account-galaxy-store-access-3484730 |archive-date=2025-10-07 |access-date=2026-03-16 |website=Android Authority}}</ref> and [[wikipedia:Google_Play|Play Store]]{{Citation needed}}, respectively. Most features (such as updating and installing apps) are either completely blocked, or hidden from the main [[wikipedia:User_interface|UI]], nagging the user into signing-in to unlock the "extra" features.{{Citation needed}}
*[[LG]] mandates login to download (and update) apps on smart TVs.<ref>{{Cite web |date=8 Aug 2015 |title=Can't sign in to LG account on TV |url=https://www.avforums.com/threads/cant-sign-in-to-lg-account-on-tv.1973633/ |url-status=live |archive-url=http://web.archive.org/web/20250405170128/https://www.avforums.com/threads/cant-sign-in-to-lg-account-on-tv.1973633/ |archive-date=5 Apr 2025 |access-date=2026-03-17 |website=avforums}}</ref>
*[[Windows 11]] requires to log in with a [[Microsoft]] account in order to configure and use the operating system.<ref>{{Cite web |last=Microsoft Corporation |date=2025-08-17 |title=Windows 11 Specs and System Requirements |url=https://www.microsoft.com/en-us/windows/windows-11-specifications?r=1 |url-status=live |archive-url=https://web.archive.org/web/20250817084049/https://www.microsoft.com/en-us/windows/windows-11-specifications?r=1#expand |archive-date=2025-08-17 |access-date=2025-08-07 |website=Microsoft Corporation}}</ref>
*Many social-media apps (both web and native), (such as: [[Meta|Facebook]], [[Instagram]], [[X Corp|Twitter/X]], [[Pinterest]], etc...) are well-known for nagging users that aren't logged-in.{{Citation needed}} Instagram is a especially anti-consumer example, as it deliberately nags users even if they disabled [[JavaScript]],<ref>{{Cite web |last=Fernández Serrata |first=Ricardo |date=2025-08-16 |title=GTFO "meta Inc." |url=https://github.com/Rudxain/uBO-rules/pull/9 |url-status=live |archive-url=https://web.archive.org/web/20260317064359/https://github.com/Rudxain/uBO-rules/pull/9 |archive-date=2026-03-17 |access-date=2026-03-17 |website=GitHub}}</ref> going as far as blocking access to any media (images, videos and "reels") after the user has watched a few of them.<ref>https://mashable.com/article/instagram-requires-log-in-to-view-profiles</ref><ref>https://thenextweb.com/news/instagram-now-forces-people-to-sign-in-to-view-public-profiles</ref>
*[[Discord]] doesn't even allow viewing public guilds, unless the user has logged-in. This is especially bad for archival purposes, since they aggressively block "self-bot" accounts unless the bot has been officially registered.<ref>https://discord.com/guidelines</ref><br />
==See also==

*[[Forced app download]]
*[[Dark pattern#Forced action|Dark pattern § Forced action]]
*[[Android]]
*[[Android Developer Verification]]

==References==
{{Reflist}}

[[Category:Common terms]]
[[Category:Theme]]

Proposed Ring-Flock partnership (2025-2026)

2026-03-20T08:45:09Z

Rudxain: /* Default opt-in feature */ link DP#Forced_action

{{IncidentCargo
|Company=Amazon, Ring, Flock Safety
|StartDate=2025-10
|EndDate=2026-02-12
|Status=Resolved
|ProductLine=Ring Video Doorbells
|ArticleType=Service
|Type=Privacy
|Description=Ring intended to form a close partnership with Flock Safety, a private surveillance company with close ties to law enforcement, but withdrew before launch.
}}

The '''proposed Ring–Flock Safety partnership''' was an announced integration between Amazon-owned [[Ring]] and surveillance technology company [[Flock Safety]], which would have enabled law enforcement agencies using Flock's platforms to request footage from Ring camera owners through Ring's "Community Requests" feature. Announced in October 2025, the partnership was cancelled on February 12, 2026, before ever becoming operational, following significant public backlash and criticism from privacy advocates and members of the United States Congress.<ref name="ring-cancellation-blog">{{Cite web |date=2026-02-12 |title=Ring and Flock Cancel Partnership |url=https://blog.ring.com/about-ring/ring-and-flock-cancel-partnership/ |access-date=2026-02-19 |website=The Ring Blog |publisher=Ring (Amazon) |archive-url=http://web.archive.org/web/20260218143503/https://blog.ring.com/about-ring/ring-and-flock-cancel-partnership/ |archive-date=18 Feb 2026}}</ref><ref name="flock-cancellation-blog">{{Cite web |date=2026-02-12 |title=Flock and Ring Cancel Announced Community Requests Integration |url=https://www.flocksafety.com/blog/an-update-on-ring-partnership |access-date=2026-02-19 |website=Flock Safety Blog |publisher=Flock Safety |archive-url=https://web.archive.org/web/20260224121628/https://www.flocksafety.com/blog/an-update-on-ring-partnership |archive-date=24 Feb 2026}}</ref>

The cancellation came days after Ring's Super Bowl LX advertisement for its "Search Party" feature drew widespread criticism for what viewers described as depicting a "dystopian" surveillance network.<ref name="cnbc-ring-flock-cancellation-2026">{{Cite web |author=Ashley Capoot |date=2026-02-12 |title=Amazon's Ring Cancels Flock Partnership Amid Super Bowl Ad Backlash |url=https://www.cnbc.com/2026/02/12/amazons-ring-cancels-flock-partnership-amid-super-bowl-ad-backlash.html |access-date=2026-02-19 |website=CNBC |archive-url=http://web.archive.org/web/20260222192108/https://www.cnbc.com/2026/02/12/amazons-ring-cancels-flock-partnership-amid-super-bowl-ad-backlash.html |archive-date=22 Feb 2026}}</ref> Although Search Party was technically unrelated to the Flock partnership, public concern about both initiatives became interlinked in the ensuing controversy.

==Background==

===Ring's law enforcement partnerships===
Ring, acquired by Amazon in 2018, has maintained relationships with law enforcement agencies since approximately 2016. By 2022, Amazon disclosed to Senator Ed Markey that 2,161 law enforcement agencies were part of Ring's Neighbors Public Safety Service.<ref name="markey-2022-ring-probe">{{Cite web |date=2022-07-13 |title=Senator Markey's Probe into Amazon Ring Reveals New Privacy Problems |url=https://www.markey.senate.gov/news/press-releases/senator-markeys-probe-into-amazon-ring-reveals-new-privacy-problems |access-date=2026-02-19 |website=U.S. Senator Ed Markey of Massachusetts |publisher=United States Senate |archive-url=http://web.archive.org/web/20260220163209/https://www.markey.senate.gov/news/press-releases/senator-markeys-probe-into-amazon-ring-reveals-new-privacy-problems |archive-date=20 Feb 2026}}</ref>

In January 2024, Ring discontinued its "Request for Assistance" tool, which had allowed police to directly request footage from Ring users.<ref name="eff-ring-police-requests-2024">{{Cite web |date=2024-01-24 |title=Victory! Ring Announces It Will No Longer Facilitate Police Requests for Footage from Users |url=https://www.eff.org/deeplinks/2024/01/ring-announces-it-will-no-longer-facilitate-police-requests-footage-users |access-date=2026-02-19 |website=Electronic Frontier Foundation |archive-url=http://web.archive.org/web/20260216094353/https://www.eff.org/deeplinks/2024/01/ring-announces-it-will-no-longer-facilitate-police-requests-footage-users |archive-date=16 Feb 2026}}</ref> However, following the return of founder Jamie Siminoff as CEO in April 2025, Ring launched a replacement program called "Community Requests" through partnerships with third-party evidence management companies.<ref name="geekwire-cancellation">{{Cite web |author=Todd Bishop |date=2026-02-13 |title=Ring cancels Flock partnership amid broader surveillance concerns |url=https://www.geekwire.com/2026/ring-cancels-flock-partnership-amid-broader-surveillance-concerns/ |access-date=2026-02-19 |website=GeekWire}}</ref>

===Flock Safety===
Flock Safety, founded in 2017 and headquartered in Atlanta, Georgia, manufactures automated license plate reader (ALPR) cameras, AI-powered video surveillance systems, and gunshot detection technology. By 2025, the company operated over 80,000 cameras across approximately 7,000 networks in 49 U.S. states, partnering with more than 5,000 law enforcement agencies.<ref name="cnbc-ring-flock-announcement-2025">{{Cite web |author=Eric Rosenbaum |date=2025-10-16 |title=Amazon Ring Security Cameras Moving Deeper into Law Enforcement with Flock Safety, Axon Deals |url=https://www.cnbc.com/2025/10/16/amazon-ring-cameras-surveillance-law-enforcement-crime-police-investigations.html |access-date=2026-02-19 |website=CNBC |archive-url=http://web.archive.org/web/20260222024845/https://www.cnbc.com/2025/10/16/amazon-ring-cameras-surveillance-law-enforcement-crime-police-investigations.html |archive-date=22 Feb 2026}}</ref>

Flock Safety has faced criticism regarding its technology's connections to federal immigration enforcement. In May 2025, 404 Media reported that Immigration and Customs Enforcement (ICE) had accessed Flock's network through local police departments conducting searches on ICE's behalf.<ref name="404media-ice-flock-2025">{{Cite web |author=Jason Koebler |author2=Joseph Cox |date=2025-05-27 |title=ICE Taps into Nationwide AI-Enabled Camera Network, Data Shows |url=https://www.404media.co/ice-taps-into-nationwide-ai-enabled-camera-network-data-shows/ |access-date=2026-02-19 |website=404 Media |archive-url=http://web.archive.org/web/20260219181050/https://www.404media.co/ice-taps-into-nationwide-ai-enabled-camera-network-data-shows/ |archive-date=19 Feb 2026}}</ref> Flock has stated that it does not have a direct partnership with ICE and that federal agencies cannot directly access its cameras or data.<ref name="cnn-ring-flock-cancellation-2026">{{Cite web |date=2026-02-13 |title=Amazon's Ring Cancels Controversial Partnership with Tech Company Flock Amid Privacy Concerns |url=https://www.cnn.com/2026/02/13/tech/amazon-ring-flock-partnership-ice |access-date=2026-02-19 |website=CNN Business |archive-url=http://web.archive.org/web/20260216162346/https://www.cnn.com/2026/02/13/tech/amazon-ring-flock-partnership-ice |archive-date=16 Feb 2026}}</ref>

==The proposed partnership==
On October 31, 2025, Ring and Flock Safety announced their intention to integrate Flock's FlockOS and Flock Nova platforms with Ring's Community Requests feature.<ref name="flock-partnership-announcement">{{Cite web |date=2025-10-31 |title=Flock Safety and Ring Partner to Help Neighborhoods Work Together for Safer Communities |url=https://www.flocksafety.com/blog/flock-safety-and-ring-partner-to-help-neighborhoods-work-together-for-safer-communities |access-date=2026-02-19 |website=Flock Safety Blog |publisher=Flock Safety |archive-url=https://web.archive.org/web/20260224125157/https://www.flocksafety.com/blog/flock-safety-and-ring-partner-to-help-neighborhoods-work-together-for-safer-communities |archive-date=24 Feb 2026}}</ref>

Under the planned system, law enforcement officers using Flock's software could post a "Community Request" in the Ring Neighbors app during active investigations. Each request would include the specific location, timeframe, incident details, and a case number. Ring users who saw the request could choose whether to share video footage or ignore it. According to Ring, participation would be voluntary, and law enforcement agencies could not see which users received their requests.<ref name="ring-community-requests-launch">{{Cite web |title=Ring Launches Community Requests: A New Way to Help Your Community |url=https://blog.ring.com/about-ring/ring-launches-community-requests-a-new-way-to-help-your-community |access-date=2026-02-19 |website=The Ring Blog |publisher=Ring (Amazon) |archive-url=http://web.archive.org/web/20260210203308/https://blog.ring.com/about-ring/ring-launches-community-requests-a-new-way-to-help-your-community/ |archive-date=10 Feb 2026}}</ref>

===Consumer consent concerns===
Privacy advocates raised concerns about the consent model. While Ring device owners could choose whether to share footage, individuals captured on Ring cameras—such as passersby, visitors, and delivery workers—had no ability to consent to being recorded or to having that footage shared with law enforcement.<ref name="privacyguides-ring-flock-2026">{{Cite web |author=Fria |date=2026-02-17 |title=Amazon Cancels Ring Partnership with Flock |url=https://www.privacyguides.org/news/2026/02/17/amazon-cancels-ring-partnership-with-flock/ |access-date=2026-02-19 |website=Privacy Guides |archive-url=http://web.archive.org/web/20260217203518/https://www.privacyguides.org/news/2026/02/17/amazon-cancels-ring-partnership-with-flock/ |archive-date=17 Feb 2026}}</ref>

Additionally, when a Ring user chose to share footage through Community Requests, their home address and email address were provided to the requesting law enforcement agency, a detail users were notified of before sharing.<ref name="cnn-ring-flock-cancellation-2026" />

The Flock integration was Ring's second law enforcement technology partnership for Community Requests; a similar partnership with Axon Enterprise had been announced concurrently and remains active.<ref name="axon-ring-community-requests">{{Cite web |title=Building Safer Communities Together: Axon and Ring Launch Community Request Partnership |url=https://www.axon.com/blog/building-safer-communities-together-axon-and-ring |access-date=2026-02-19 |website=Axon.com |publisher=Axon Enterprise |archive-url=http://web.archive.org/web/20260216015621/https://www.axon.com/blog/building-safer-communities-together-axon-and-ring |archive-date=16 Feb 2026}}</ref>

==Super Bowl advertisement and backlash==
On February 8, 2026, Ring aired a 30-second advertisement during Super Bowl LX promoting its "Search Party" feature, an AI-powered tool designed to help locate lost pets by scanning footage from Ring cameras across a neighborhood.<ref name="geekwire-search-party">{{Cite web |date=2026-02-10 |title=What Ring's 'Search Party' actually does, and why its Super Bowl ad gave people the creeps |url=https://www.geekwire.com/2026/what-rings-search-party-actually-does-and-why-its-super-bowl-ad-gave-people-the-creeps/ |access-date=2026-02-19 |website=GeekWire |archive-url=http://web.archive.org/web/20260220080410/https://www.geekwire.com/2026/what-rings-search-party-actually-does-and-why-its-super-bowl-ad-gave-people-the-creeps/ |archive-date=20 Feb 2026}}</ref>

While technically unrelated to the Flock partnership, the advertisement prompted widespread criticism. Viewers described the depiction of a coordinated camera network scanning an entire community as "dystopian" and "sinister."<ref name="cnbc-ring-flock-cancellation-2026" /> Social media users expressed concern that the same technology could be used to track people rather than pets.

===Default opt-in feature===
{{See also|Dark pattern#Forced_action}}
The backlash was amplified by the revelation that Search Party was enabled by default on eligible outdoor Ring cameras, requiring users to actively opt out rather than opt in.<ref name="geekwire-search-party" /><ref name="engadget-search-party">{{Cite web |date=2026-02-10 |title=Here's how to disable Ring's creepy Search Party feature |url=https://www.engadget.com/big-tech/heres-how-to-disable-rings-creepy-search-party-feature-185420455.html |access-date=2026-02-19 |website=Engadget |archive-url=http://web.archive.org/web/20260215061041/https://www.engadget.com/big-tech/heres-how-to-disable-rings-creepy-search-party-feature-185420455.html |archive-date=15 Feb 2026}}</ref> This default-on design drew criticism as an example of practices that automatically enroll consumers in data-sharing arrangements without their explicit consent.

Ring stated that users retain control over whether to share any footage identified by Search Party and that nothing is shared automatically. However, the automatic scanning of footage on participating cameras occurs regardless of whether the device owner has made an active choice.<ref name="geekwire-search-party" />

===Viral misinformation===
Following the Super Bowl advertisement, a viral post on X falsely claimed that ICE could directly access Ring cameras. The post received approximately 2 million views and prompted some Ring users to cancel their subscriptions.<ref name="cnn-ring-flock-cancellation-2026" /> While Ring has stated it has no partnership with ICE and does not share video with the agency, the claims contributed to the broader backlash against the company. Flock and Ring do have relationships with local US police departments, who in some cases co-operate with federal agencies such as ICE.<ref name="cnn-ring-flock-cancellation-2026" />

==Cancellation==
On February 12, 2026, Ring and Flock Safety jointly announced the cancellation of their planned partnership.

===Ring's response===
Ring published a statement on its blog stating: "Following a comprehensive review, we determined the planned Flock Safety integration would require significantly more time and resources than anticipated. As a result, we have made the joint decision to cancel the planned integration." The company emphasized that "the integration never launched, so no Ring customer videos were ever sent to Flock Safety."<ref name="ring-cancellation-blog" />

Ring spokesperson Emma Daniels confirmed that the partnership was never active and that no videos were ever shared between the services.<ref name="nbcnews-ring-flock-cancellation-2026">{{Cite web |date=2026-02-12 |title=Amazon No Longer Working with Controversial Police Tech Company After Backlash over Ring Doorbell Super Bowl Ad |url=https://www.nbcnews.com/news/us-news/amazon-no-longer-working-police-tech-flock-safety-super-bowl-ad-rcna258855 |access-date=2026-02-19 |website=NBC News |archive-url=https://web.archive.org/web/20260224121707/https://www.nbcnews.com/news/us-news/amazon-no-longer-working-police-tech-flock-safety-super-bowl-ad-rcna258855 |archive-date=24 Feb 2026}}</ref>

===Flock Safety's response===
Flock Safety described the decision as mutual in its own statement: "We believe this decision allows both companies to best serve their respective customers and communities. Flock remains dedicated to supporting law enforcement agencies with tools that are fully configurable to local laws and policies."<ref name="flock-cancellation-blog" />

==Response==

===Congressional===
Senator Ed Markey (D-MA), who had conducted oversight investigations into Ring since 2019, released a statement following the cancellation: "Amazon's decision to abandon its partnership with Flock is an important step in guarding against the ever-expanding network of surveillance technologies in this country." Markey added: "Amazon is finally getting the message: Enough is enough with the Orwellian surveillance state. This decision is a good first step, but it can't be the end. Amazon must go further and end facial recognition in its Ring doorbells—full stop."<ref name="markey-2026-flock-end-statement">{{Cite web |date=2026-02-13 |title=Markey Statement on End of Amazon Ring and Flock Partnership |url=https://www.markey.senate.gov/news/press-releases/markey-statement-on-end-of-amazon-ring-and-flock-partnership |access-date=2026-02-19 |website=U.S. Senator Ed Markey of Massachusetts |publisher=United States Senate |archive-url=http://web.archive.org/web/20260217003506/https://www.markey.senate.gov/news/press-releases/markey-statement-on-end-of-amazon-ring-and-flock-partnership |archive-date=17 Feb 2026}}</ref>

Prior to the cancellation, on February 11, 2026, Markey had written to Amazon CEO Andy Jassy urging the company to discontinue Ring's "Familiar Faces" facial recognition feature, stating that the Super Bowl advertisement had "confirmed public opposition to Ring's constant monitoring and invasive image recognition algorithms."<ref name="markey-2026-super-bowl-letter">{{Cite web |date=2026-02-11 |title=Letter to Amazon CEO Andy Jassy re: Ring Facial Recognition and Super Bowl Ad (PDF) |url=https://www.markey.senate.gov/imo/media/doc/follow-up_ring_frt_letter1.pdf |access-date=2026-02-19 |website=U.S. Senator Ed Markey of Massachusetts |publisher=United States Senate |format=PDF |archive-url=http://web.archive.org/web/20260218141414/https://www.markey.senate.gov/imo/media/doc/follow-up_ring_frt_letter1.pdf |archive-date=18 Feb 2026}}</ref>

===Advocacy organizations===
The Electronic Frontier Foundation (EFF) had published criticism of Ring's surveillance capabilities before the cancellation, warning that combining Ring's biometric features with neighborhood video searches could create significant privacy risks. EFF investigative researcher Beryl Lipton wrote: "It doesn't take much to imagine Ring eventually combining these two features: face recognition and neighborhood searches."<ref name="eff-ring-surveillance-nightmare-2026">{{Cite web |author=Beryl Lipton |date=2026-02-10 |title=No One, Including Our Furry Friends, Will Be Safer in Ring's Surveillance Nightmare |url=https://www.eff.org/deeplinks/2026/02/no-one-including-our-furry-friends-will-be-safer-rings-surveillance-nightmare-0 |access-date=2026-02-19 |website=Electronic Frontier Foundation |archive-url=http://web.archive.org/web/20260220165255/https://www.eff.org/deeplinks/2026/02/no-one-including-our-furry-friends-will-be-safer-rings-surveillance-nightmare-0 |archive-date=20 Feb 2026}}</ref>

The American Civil Liberties Union raised concerns about the potential for footage to reach federal agencies despite Flock's stated policies. Senior Policy Counsel Chad Marlow stated that combining Ring doorbell cameras with Flock's license plate readers would "create a more detailed picture of where people go, when they leave, and when they return home."<ref name="cnbc-ring-flock-announcement-2025" />

===Consumer response===
Following the Super Bowl advertisement and news coverage of the Flock partnership, some Ring users publicly cancelled their subscriptions, returned devices, or disabled features. According to Peak Metrics data reported by CNBC, approximately 17% of brand-relevant conversations about Ring in the days following the advertisement included references to boycotts or cancellations.<ref name="cnbc-ring-flock-cancellation-2026" />

On February 13–14, 2026, approximately 200–250 protesters gathered outside Amazon's headquarters in Seattle, organized by a coalition including Amazon Employees for Climate Justice and other groups. The protest called on Amazon to end the Ring–Flock partnership (which had already been cancelled), as well as other relationships with federal immigration enforcement agencies.<ref name="techcrunch-ring-flock-cancellation-2026">{{Cite web |author=Amanda Silberling |date=2026-02-13 |title=Amazon's Ring Cancels Partnership with Flock, a Network of AI Cameras Used by ICE, Feds, and Police |url=https://techcrunch.com/2026/02/13/amazons-ring-cancels-partnership-with-flock-a-network-of-ai-cameras-used-by-ice-feds-and-police/ |access-date=2026-02-19 |website=TechCrunch |archive-url=http://web.archive.org/web/20260220002154/https://techcrunch.com/2026/02/13/amazons-ring-cancels-partnership-with-flock-a-network-of-ai-cameras-used-by-ice-feds-and-police/ |archive-date=20 Feb 2026}}</ref>

==Ongoing concerns==
The partnership's cancellation did not affect Ring's existing Community Requests program, which continues to operate through its partnership with Axon. Ring's Search Party and Familiar Faces features also remain active.<ref name="geekwire-cancellation" />

Privacy advocates have noted that Ring has previously made reforms in response to public pressure before later expanding surveillance capabilities through new mechanisms. The EFF characterized Ring's history as a recurring pattern of expansion, criticism, reform, and subsequent re-expansion.<ref name="eff-ring-surveillance-nightmare-2026" />

==See also==
*[[Ring]]
*[[Flock Safety]]
*[[Amazon]]

==References==
{{reflist}}
[[Category:Amazon]]
[[Category:Privacy]]
[[Category:Surveillance]]
[[Category:Incidents]]

Bloatware

2026-03-19T13:57:12Z

Rudxain: add "The 49MB Web Page" to ext-links

{{StubNotice}}

There are multiple definitions of bloatware within the context of software. They include:

*[[wikipedia:Software_bloat#Bloatware|Pre-installed software]] that is not required for a system functionality
*Redundant or duplicate features included on a device (physical or digital)
*[[wikipedia:Potentially_unwanted_program|Undesirable programs]] that were [https://www.deceptive.design/types/sneaking not requested by the user]
*Software that has [[wikipedia:Software_bloat|become bloated over time]]

While the term "bloatware" is commonly ascribed to software, ''hardware'' bloat also exists.<ref>{{Cite web |last=Ionescu |first=Bogdan |date=2025-09-13 |title=Hosting a WebSite on a Disposable Vape |url=https://bogdanthegeek.github.io/blog/projects/vapeserver/ |access-date=2026-01-15 |website=BogdanTheGeek's Blog |url-status=live |archive-url=http://web.archive.org/web/20260209021718/https://bogdanthegeek.github.io/blog/projects/vapeserver/ |archive-date=9 Feb 2026}}</ref> See [[Internet_of_things|IoT devices]] for examples.

Bloat can be a symptom of a decline in quality of devices and services, colloquially referred to as [[enshittification]].

==Why it is a problem==
Bloatware often arises as pre-installed software and applications because the device manufacturer (OEM) has a contract or partnership with another corporation. The terms and processes leading to these partnerships, however, lack transparency. One study determined that personal data collection and user tracking was prevalent in pre-installed apps, with the data collection including [[wikipedia:Personal_data|personally identifying info]] (PII) and geo-location data, personal email and phone call metadata, contacts, behavioral and usage statistics as well as isolated malware samples.<ref>''J. Gamba, M. Rashed, A. Razaghpanah, J. Tapiador and N. Vallina-Rodriguez, "An Analysis of Pre-installed Android Software," 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2020, pp. 1039-1055, doi: 10.1109/SP40000.2020.00013.'' https://ieeexplore.ieee.org/document/9152633 Accessed 2''6 Feb 2026.'' ([http://web.archive.org/web/20251130162318/https://www.researchgate.net/publication/332932516_An_Analysis_of_Pre-installed_Android_Software Archived])</ref>

Bloat, in any of its forms, raises privacy and security concerns<ref>{{Cite web |last=Hubert |first=Bert |date=2024-02-08 |title=Why Bloat Is Still Software’s Biggest Vulnerability |url=https://spectrum.ieee.org/lean-software-development |access-date=2025-11-21 |website=IEEE Spectrum |url-status=live |archive-url=http://web.archive.org/web/20260131190126/https://spectrum.ieee.org/lean-software-development |archive-date=31 Jan 2026}}</ref>. As a rule of thumb, every added branch of code can make a program exponentially harder to prove for correctness<ref>{{Cite web |last=Howard |first=Gavin |date=2024-03-26 |title=What Computers Cannot Do: The Consequences of Turing-Completeness |url=https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |url-status=dead |archive-url=http://web.archive.org/web/20251214082939/https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness#infinite-state |archive-date=2025-12-14 |access-date=2026-01-06 |website=Gavin D. Howard}}</ref>, making it impractical or impossible to verify that a program is not malicious (such as [[spyware]]) or has an exploitable [[wikipedia:Software_vulnerabilities|vulnerability]]. The problem is exacerbated if the [[wikipedia:Source-available_software|source-code of the app is not available]], since [[wikipedia:Reverse_engineering|reverse engineering]] is difficult and (in some cases) illegal. This means that user is unable to control or ensure the safety of their devices.

Bloat is known for causing sub-par [[wikipedia:User_experience|user experience]] (UX):

*Increased latency, "slowness", when using programs and applications<ref>https://developer.mozilla.org/en-US/docs/Web/Performance ([http://web.archive.org/web/20260211103730/https://developer.mozilla.org/en-US/docs/Web/Performance Archived])</ref>
*High memory use prevents or impedes multitasking<ref>https://en.wikipedia.org/wiki/Thrashing_(computer_science) ([http://web.archive.org/web/20260207194502/https://en.wikipedia.org/wiki/Thrashing_(computer_science) Archived])</ref>
*High power usage increases energy bills and reduces battery lifespan
*Over reliance on network connections (e.g., internet) preventing data from being cached locally<ref>{{Cite web |year=2019 |title=Local-first software: You own your data, in spite of the cloud |url=https://www.inkandswitch.com/essay/local-first |url-status=live |website=Ink & Switch |archive-url=http://web.archive.org/web/20260130001648/https://www.inkandswitch.com/essay/local-first/ |archive-date=30 Jan 2026}}</ref>, which can both impede access as well as increase cellular-data billing
*Instability issues due to difficulty in testing and verifying big code-bases<ref>{{Cite web |last=Muratori |first=Casey |date=2018-05-12 |title=The Thirty Million Line Problem |url=https://youtu.be/kZRE7HIO3vk |url-status=live |access-date=2026-03-15 |website=Molly Rocket |via=YouTube}}</ref>

If non-sustainable energy sources are used to power these devices with bloatware, bloat can contribute to [[wikipedia:Climate_change|climate change]]. This is true for any excessive processing (CPU, GPU, etc.) and network abuse (such as [[Artificial_intelligence/training|AI training]]).

==Tools to deal with bloat==
This is a list of tools that can be used (or are primarily used) to reduce bloat. This is not a guide, just a list of suggestions.

*[[wikipedia:UBlock_Origin|uBlock Origin]] (uBO). A general-purpose content blocker for web-browsers. It's worth noting that its "Cosmetic Filtering" (element hiding) can, in rare cases (such as animated elements), improve performance.<ref>{{Cite web |date=2016-02-03 |title=html - Does hiding an animated GIF with CSS conserve browser resources? |url=https://stackoverflow.com/questions/33762652/does-hiding-an-animated-gif-with-css-conserve-browser-resources/35169688#35169688 |url-status=live |archive-url=https://web.archive.org/web/20251215062718/https://stackoverflow.com/questions/33762652/does-hiding-an-animated-gif-with-css-conserve-browser-resources/35169688#35169688 |archive-date=2025-12-15 |access-date=2026-03-15 |website=Stack Overflow}}</ref>
*[[wikipedia:Noscript|NoScript]]. Much more specialized than uBO, as it only deals with [[JavaScript]].
*[https://libredirect.github.io/ LibRedirect]. On-browser (client-side) redirector of popular websites to privacy-respecting alternatives (alts). Most of those alts are lightweight, so it can be used to ''avoid'' bloat rather than ''remove'' bloat.
*<code>[https://privacy.sexy/ privacy.sexy]</code>. A tool for improving security and privacy on popular operating-systems, it also serves as a "debloater".
*[[Android]] debloaters:
**[https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation Universal Android Debloater Next Generation] (UAD-NG). A [[wikipedia:Desktop_computer|desktop]] app that uses [[wikipedia:Android_Debug_Bridge|ADB]] to disable (or "freeze") and pseudo-uninstall almost (OEMs block some) any app (including system packages) without [[Jailbreak|root]]-access.
**[https://github.com/samolego/Canta Canta]. An Android app that uses UAD-NG's bloat-lists as its knowledge-base (KB), and [https://shizuku.rikka.app/ Shizuku] as ADB replacement.
**[https://github.com/MuntashirAkon/AppManager AppManager]. An "all-in-one"/general-purpose package manager that runs on Android. It uses a derivative of UAD's lists as its KB. It can show '''a lot''' of hidden info about apps, which can sometimes be used for reverse-engineering.
**[https://github.com/lavafroth/droidrunco Droidrunco], superseded by [https://github.com/lavafroth/zilch Zilch]
*[https://github.com/M66B/NetGuard NetGuard]. An app that uses [https://developer.android.com/develop/connectivity/vpn the local Android VPN API] to filter internet traffic (like a [[wikipedia:Firewall_(computing)|firewall]]). It can be used as an on-device [[Pi-hole]] to [[Ad block|block ads]] using [[wikipedia:Hosts_(file)|<code>hosts</code>-files]] as rules.<ref>{{Cite web |last=Bokhorst |first=Marcel |date=2016-03-20 |title=Ad Blocking with NetGuard |url=https://github.com/M66B/NetGuard/blob/7308869411ff87649bf3a46a9c7c08f1e5353801/ADBLOCKING.md |url-status=live |access-date=2026-03-15 |website=GitHub}}</ref>
*[https://github.com/celzero/rethink-app Rethink], [[wikipedia:Domain_Name_System|DNS]] + Firewall + [[wikipedia:Virtual_private_network|VPN]] for Android. Can use local and remote DNS.
*[[wikipedia:Youtube-dl|youtube-dl]] & [https://github.com/yt-dlp/yt-dlp YT-DLP]. Audio/Video downloaders or "[[wikipedia:Ripping|rippers]]". Similarly to LibRedirect, it can be used to avoid bloat, by simply downloading the main content of a page. There's also <code>--get-url</code>/<code>--print urls</code> options that can be used to open the URL of the media in a browser, effectively streaming it, without a customized player

==See also==

*[[JavaScript]]
*[[Electron]]

==External links==

*[https://thatshubham.com/blog/news-audit "The 49MB Web Page"]; a study on popular news/journalism sites. They also talk about cognitive-load and silent automated bidding, criticizing the degraded UX and privacy violations
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ How web bloat impacts users with slow connections]
*[https://www.keycdn.com/support/the-growth-of-web-page-size The Growth of Web Page Size]
*[https://tonsky.me/blog/js-bloat Javascript bloat in 2024]
*[https://tonsky.me/blog/disenchantment "Software disenchantment"]
*[https://github.com/gorhill/uBlock/wiki/Who-cares-about-efficiency,-I-have-8-GB-RAM-and%7Cor-a-quad-core-CPU uBlock-wiki counterpoint to "Who cares about efficiency, I have 8 GB RAM and|or a quad core CPU"]
*[https://randomascii.wordpress.com/2022/09/29/why-modern-software-is-slow-windows-voice-recorder/ Why Modern Software is Slow–Windows Voice Recorder]

==References==
<references />

[[Category:Common terms]]

JavaScript

2026-03-19T11:35:52Z

Rudxain: remove speculative claim about incentives

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' ('''JS''') is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior, because of its first-class access to [https://developer.mozilla.org/en-US/docs/Web/API user-agent (UA) APIs].<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS (alongside [[wikipedia:WebAssembly|Wasm]]) are built into almost every web-browser and UA, including "light-weight" ones (such as [[wikipedia:W3m|w3m]]). Incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even be a Web Standard,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] (such as Java Applets and [[Adobe]] Flash) the user willingly installs.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that JS is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]) is a recipe for disaster, as it makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the page only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" Web API (such as the microphone) the browser pauses it until the user has granted access to that API. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

==Why it is a problem==
Note that, despite its flaws, JS typically is not a problem on its own, but it becomes a problem when given too much power.

Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref> The only valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ECMAScript spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are economically incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a bloated pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*[[Google]] being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[[Instagram]] refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*[[Discord]] being extremely [[Bloatware|bloated]] to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated [[wikipedia:Document_Object_Model|DOM-tree]], but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-19T11:23:05Z

Rudxain: add Am-I-Unique ref

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' ('''JS''') is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior, because of its first-class access to [https://developer.mozilla.org/en-US/docs/Web/API user-agent (UA) APIs].<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref><ref>{{Cite web |title=Learn how identifiable you are on the Internet |url=https://www.amiunique.org/ |access-date=2026-03-19 |website=Am I Unique ?}}</ref>
*'''Market control''': JS (alongside [[wikipedia:WebAssembly|Wasm]]) are built into almost every web-browser and UA, including "light-weight" ones (such as [[wikipedia:W3m|w3m]]). Incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even be a Web Standard,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] (such as Java Applets and [[Adobe]] Flash) the user willingly installs; this would reduce the incentive to use JS, as there's no guarantee the user has it.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that JS is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]) is a recipe for disaster, as it makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the page only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" Web API (such as the microphone) the browser pauses it until the user has granted access to that API. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

==Why it is a problem==
Note that, despite its flaws, JS typically is not a problem on its own, but it becomes a problem when given too much power.

Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref> The only valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ECMAScript spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are economically incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a bloated pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*[[Google]] being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[[Instagram]] refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*[[Discord]] being extremely [[Bloatware|bloated]] to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated [[wikipedia:Document_Object_Model|DOM-tree]], but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

X Corp

2026-03-19T11:16:28Z

Rudxain: reword proxies part

{{CompanyCargo
|Description=X Corp. is known for acquiring and rebranding Twitter and developing the AI model Grok.
|Founded=2023
|Industry=Social media, Artificial intelligence
|Logo=X Corp logo.svg
|ParentCompany=X.AI Corp.
|Type=Private
|Website=https://x.com/
}}
[[File:Twitter logo.svg|thumb|150x150px|Old logo of Twitter.]]
'''{{Wplink|Twitter|X}}''', formerly known as '''Twitter''', is a global social-media platform that facilitates real-time communication and the sharing of short messages, known as "tweets". Founded in 2006 by {{Wplink|Jack Dorsey}}, Noah Glass, Biz Stone, and Evan Williams, Twitter quickly became a key platform for public discourse, news, and social interaction. Known for its character-limited posts and use of hashtags (#), Twitter played a pivotal role in shaping online communication, politics, and social movements.

In 2023, Twitter underwent a significant rebranding, adopting the name X, after being acquired by [[Elon Musk]] in a high-profile deal in the previous year. Elon Musk took the company private and underwent a large sweep of leadership changes including layoffs and policy shifts. X has faced scrutiny over various issues, including content-moderation practices, the de-prioritization of accessibility features, data-privacy concerns, and its handling of user-generated content.

==Consumer impact summary==
===Lack of privacy===
*X can read private messages sent through the platform.<ref name=":1">{{Cite web |author= |date=4 Apr 2025 |title=X - ToS;DR |url=https://tosdr.org/en/service/195 |url-status=live |archive-url=https://web.archive.org/web/20250318073339/https://tosdr.org/en/service/195 |archive-date=18 Mar 2025 |access-date=13 Feb 2026 |website=[[Terms of Service;Didn't Read]]}}</ref>
*X uses personal data collected from its website for third-part advertisements.
*Personal data collected include:
**Location data,
**What web page refers you to X,
**Content posted (tweets),
**Replies, and
**Interactions such as likes and follows.

===Lack of transparency===
Since its acquisition in 2022, X has faced a number of transparency concerns:
*In alignment with the downsizing of X, the communications department was unofficially disbanded.
*X has come under scrutiny for its unclear content-moderation policies, including what content is prohibited on the service. This stems partially from the inconsistent enforcement of platform rules.
*With the introduction of Twitter Blue, users were able to obtain a badge resembling one of an account verified to belong to a person or organization of importance. This incident blurred the lines between organic content and paid promotions.
*As of 2 February 2023, X has discontinued free access to its Application Programming Interface (API). This was replaced with paid plans.

===Censorship===
*X has the ability to delete content without prior notice and without a formal reason.<ref name=":1" />
*X has a binding [[forced arbitration]] clause in its [[terms of service]]. This includes prevention against [[Class action|class-action lawsuits.]]<ref name=":1" />
*X complied with requests and local censorship of people who are critical of Erdogan such as other political parties and politicians, LGBT organizations, journalists, and activists.<ref>{{Cite web |author= |title=Joint Open Letter to Social Media Companies on Censorship in Türkiye |url=https://www.hrw.org/news/2025/05/08/joint-open-letter-social-media-companies-censorship-turkiye
|website=Human Rights Watch |date=8 May 2025 |access-date=11 Aug 2025 |url-status=live |archive-url=https://web.archive.org/web/20250916171447/https://www.hrw.org/news/2025/05/08/joint-open-letter-social-media-companies-censorship-turkiye |archive-date=16 Sep 2025}}</ref>

==Incidents==
===Twitter illegally uses collected data (''May 2022'')===
In May 2022, the [[Federal Trade Commission]] (FTC) fined Twitter $150 million dollars for using data collected for targeted advertisements. In 2011, Twitter had made an agreement with regulators in which it vowed not to share information gathered for security purposes with third-parties for targeted advertisements.<ref>{{Cite web |last=Allyn |first=Bobby |title=Twitter will pay a $150 million fine over accusations it improperly sold user data |url=https://www.npr.org/2022/05/25/1101275323/twitter-privacy-settlement-doj-ftc |website=NPR |date=25 May 2022 |access-date=4 Apr 2025 |url-status=live |archive-url=http://web.archive.org/web/20251025031814/https://www.npr.org/2022/05/25/1101275323/twitter-privacy-settlement-doj-ftc |archive-date=25 Oct 2025}}</ref>

Information that was illegally used for targeted advertisements includes phone numbers and e-mail addresses. The user agreed that this information will be used for services such as two-factor authentication (2FA), account recovery, and account safeguarding.<ref>{{Cite web |last=Fair |first=Leslie |title=Twitter to pay $150 million penalty for allegedly breaking its privacy promises – again |url=https://www.ftc.gov/business-guidance/blog/2022/05/twitter-pay-150-million-penalty-allegedly-breaking-its-privacy-promises-again |website=FTC |date=25 May 2022 |access-date= |url-status=dead |archive-url=https://web.archive.org/web/20220525213257/https://www.ftc.gov/business-guidance/blog/2022/05/twitter-pay-150-million-penalty-allegedly-breaking-its-privacy-promises-again |archive-date=25 May 2022}}</ref>

===Reduction in accessibility features (''November 2022'')===
Throughout the latter half of 2022, Twitter laid off much of its staff. Among these layoffs was the accessibility team, created in 2020 to improve the use of Twitter for disabled consumers. Of the many features introduced by the team, "alt-text" was added to allow visually impaired users to hear a description of an image.<ref name=":0">{{Cite web |last=Knibbs |first=Kate |title=Twitter’s Layoffs Are a Blow to Accessibility |url=https://www.wired.com/story/twitter-layoffs-accessibility/ |website=Wired |date=21 Nov 2022 |access-date=4 Apr 2025 |url-status=live |archive-url=http://web.archive.org/web/20250905183106/https://www.wired.com/story/twitter-layoffs-accessibility/ |archive-date=5 Sep 2025}}</ref>

As a result of the de-prioritization of accessibility in Twitter, alt-text badges were removed, making it more challenging for visually-impaired users to identify accessible content.<ref name=":0" />

===Data hack affecting millions of users (''January 2023'')===
In January 2023, X underwent a data breach that caused millions of account e-mails to be leaked.<ref>{{Cite web |last=Vallance |first=Chris |title=Twitter: Millions of users' email addresses 'stolen' in data hack |url=https://www.bbc.com/news/technology-64153381 |website=BBC |date=5 Jan 2023 |access-date=4 Apr 2025 |url-status=live |archive-url=http://web.archive.org/web/20260211113155/https://www.bbc.com/news/technology-64153381 |archive-date=11 Feb 2026}}</ref> X, under the new ownership of Elon Musk, did not take the precautionary steps to prevent this incident. Before the data hack, X had underwent significant layoffs, including ones which affected the trust, safety, and security teams. This is directly linked to the weakening of security before the breach, as these teams were essential for identifying vulnerabilities and patching them. Moreover, the media communications team was disbanded, leading to a lack of transparency surrounding the issue.

===Terms of Service allows use of user content for training AI (''November 2024'')===
[[File:X Terms of Service 2024 screenshot.webp|thumb|527x527px]]
On 15 November 2024, X issued new [[Terms of Service]] (TOS) to allow artificial intelligence (AI) to train on user content:<ref>{{Cite web |last=Maruf |first=Ramishah |title=X changed its terms of service to let its AI train on everyone’s posts. Now users are up in arms |url=https://edition.cnn.com/2024/10/21/tech/x-twitter-terms-of-service/index.html |website=CNN |date=21 Oct 2024 |access-date=4 Apr 2025 |url-status=live |archive-url=http://web.archive.org/web/20260208195110/https://edition.cnn.com/2024/10/21/tech/x-twitter-terms-of-service/index.html |archive-date=8 Feb 2026}}</ref><ref>{{Cite web |author= |title=Terms of Service |url=https://x.com/en/tos#current |website=X Corp |date=15 Nov 2024 |access-date=4 Apr 2025 |url-status=live |archive-url=http://web.archive.org/web/20260126180413/https://x.com/en/tos |archive-date=26 Jan 2026}}</ref>
<blockquote>"By submitting, posting or displaying Content on or through the Services, you grant us a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display, upload, download, and distribute such Content in any and all media or distribution methods now known or later developed, for any purpose. For clarity, these rights include, for example, curating, transforming, and translating. This license authorizes us to make your Content available to the rest of the world and to let others do the same. You agree that this license includes the right for us to (i) analyze text and other information you provide and to otherwise provide, promote, and improve the Services, including, for example, for use with and '''training of our machine learning and artificial intelligence models, whether generative or another type'''..."</blockquote>
This development raises concerns over the user's right to their own intellectual data posted on X. There is also concern over the privacy implications of private conversations being used to train a public AI. This AI may also use work by content creators, artists, and writers without compensation. [[Hidden EULA language|Being buried in a large TOS]], this is a clear example of taking away the consumer's right of ownership and not obtaining adequate disclosure.

As a response to the increased backlash, X released a feature to opt out of sharing data by navigating four different menus (Settings⇒Privacy and Safety⇒Data Sharing and Personalization⇒Grok⇒Allow your posts as well as your interactions, inputs, and results with Grok to be used for training and fine-tuning).<ref>{{Cite web |last=Peters |first=Jay |title=Here’s how to stop X from using your posts to train its AI |url=https://www.theverge.com/2024/7/26/24206904/x-grok-ai-train-turn-off |website=The Verge |date=26 Jul 2024 |access-date=4 Apr 2025 |url-status=live |archive-url=https://web.archive.org/web/20240726163920/https://www.theverge.com/2024/7/26/24206904/x-grok-ai-train-turn-off |archive-date=26 Jul 2024}}</ref> This setting being on by default is an example of a [[dark pattern]].

===Breakage of proxies (2023 - present)===
Twitter/X has taken many measures (such as the removal of "Guest" accounts, and [[Forced account|login requirement]]) against proxies, such as [[wikipedia:Nitter|Nitter]]<ref>{{Cite web |last=Carvajal Sarabia |first=Chema |date=2024-02-19 |title=You can no longer access Twitter without an account: Elon Musk has won |url=https://en.softonic.com/articles/you-can-no-longer-access-twitter-without-an-account-elon-musk-has-won |website=Softonic}}</ref><ref><nowiki>https://techcrunch.com/2023/06/30/twitter-now-requires-an-account-to-view-tweets/</nowiki></ref><ref>https://github.com/zedeus/nitter/issues/919</ref><ref><nowiki>https://github.com/zedeus/nitter/issues/983</nowiki></ref>. It has gotten to the point that the main developer of Nitter gave up,<ref><nowiki>https://github.com/zedeus/nitter/issues/1155#issuecomment-1913361757</nowiki></ref><ref>{{Cite web |last=Brodkin |first=Jon |date=2024-02-15 |title=Twitter front-end Nitter dies as Musk wins war against third-party services |url=https://arstechnica.com/tech-policy/2024/02/twitter-front-end-nitter-dies-as-musk-wins-war-against-third-party-services/ |access-date=2026-03-19 |website=Ars Technica}}</ref> then months later, decided to continue by supporting regular account types.<ref><nowiki>https://github.com/zedeus/nitter/discussions/1212</nowiki></ref>

==References==
{{Reflist}}

[[Category:X Corp]]

JavaScript

2026-03-19T11:15:11Z

Rudxain: replace 2 adjacent links by single

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' ('''JS''') is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior, because of its first-class access to [https://developer.mozilla.org/en-US/docs/Web/API user-agent (UA) APIs].<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref>
*'''Market control''': JS (alongside [[wikipedia:WebAssembly|Wasm]]) are built into almost every web-browser and UA, including "light-weight" ones (such as [[wikipedia:W3m|w3m]]). Incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even be a Web Standard,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] (such as Java Applets and [[Adobe]] Flash) the user willingly installs; this would reduce the incentive to use JS, as there's no guarantee the user has it.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that JS is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]) is a recipe for disaster, as it makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the page only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" Web API (such as the microphone) the browser pauses it until the user has granted access to that API. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

==Why it is a problem==
Note that, despite its flaws, JS typically is not a problem on its own, but it becomes a problem when given too much power.

Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref> The only valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ECMAScript spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are economically incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a bloated pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*[[Google]] being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[[Instagram]] refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*[[Discord]] being extremely [[Bloatware|bloated]] to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated [[wikipedia:Document_Object_Model|DOM-tree]], but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

JavaScript

2026-03-19T11:13:32Z

Rudxain: static hosting, not site

{{ToneWarning}}
{{ProductCargo
|Company=
|ReleaseYear=1995
|InProduction=Yes
|Category=Software
|Website=https://tc39.es/ecma262/multipage/,https://openjsf.org/
|Description=A high-level programming language that's also the "lingua franca of the web"
|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' ('''JS''') is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

==Consumer-impact summary==

*'''Degraded accessibility''': Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as [[wikipedia:WAI-ARIA|WAI-ARIA]] were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
*'''Lack of transparency''': To optimize network bandwidth, JS code is typically served in [[wikipedia:Minification_(programming)|minified]] form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly [[wikipedia:Source-available_software|available]], which is typically the case of [[wikipedia:Proprietary_software|proprietary software]].
*'''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior, because of its first-class access to [https://developer.mozilla.org/en-US/docs/Web/API user-agent (UA) APIs].<ref>https://clickclickclick.click/</ref> JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both.<ref>https://privacycheck.sec.lrz.de/</ref><ref>https://abrahamjuliot.github.io/creepjs</ref><ref>https://www.deviceinfo.me/</ref>
*'''Market control''': JS (alongside [[wikipedia:WebAssembly|Wasm]]) are built into almost every web-browser and UA, including "light-weight" ones (such as [[wikipedia:W3m|w3m]]). Incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".<ref>{{Cite web |title=Everyone has JavaScript, right? |url=https://www.kryogenix.org/code/browser/everyonehasjs |url-status=live |archive-url=https://web.archive.org/web/20260316024516/https://www.kryogenix.org/code/browser/everyonehasjs.html |archive-date=2026-03-16 |access-date=2026-03-19 |website=Kryogenix Consulting}}</ref> Some people say that JS shouldn't even be a Web Standard,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref><ref>https://daringfireball.net/linked/2017/06/27/web-without-javascript</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] (such as Java Applets and [[Adobe]] Flash) the user willingly installs; this would reduce the incentive to use JS, as there's no guarantee the user has it.
*'''Security risks''': It is well-known that JS is poorly-designed,<ref>https://github.com/denysdovhan/wtfjs</ref><ref>https://github.com/brianleroux/wtfjs</ref><ref>https://wiki.theory.org/YourLanguageSucks#JavaScript_sucks_because</ref><ref>https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js</ref> even [[wikipedia:Ecma_International|tc39]] acknowledges that{{Citation needed}}. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that JS is [[wikipedia:Turing_completeness|Turing-complete]] (both [https://gavinhoward.com/2024/03/what-computers-cannot-do-the-consequences-of-turing-completeness/#mathematical-vs-practical in practice and in theory]) is a recipe for disaster, as it makes [[wikipedia:Debugging|debugging]] and [[wikipedia:Reverse_engineering|reverse-engineering]] impractical in big code-bases. It's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==How it works==
Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <code><script></code> [[wikipedia:HTML_element|tags]]. This code could do anything from updating part of the page only when the user requests it, to showing a [[wikipedia:Pop-up_ad|popup/popunder]].

When JS tries to access a "privacy-sensitive" Web API (such as the microphone) the browser pauses it until the user has granted access to that API. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

==Why it is a problem==
Note that, despite its flaws, JS typically is not a problem on its own, but it becomes a problem when given too much power.

Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref> The only valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
*[[wikipedia:Static_web_page|Static]] [[wikipedia:Web_hosting_service|web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS

Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

Expanding on the security risks, these are the most common vulnerabilities found in JS code:
*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of the ECMAScript spec), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are economically incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

JS not only makes pages "dynamic", the language itself is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a bloated pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

==Incidents==
This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===Google Search requires JS (2025)===
In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

==List of sites refusing to work without JS==
The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled:

*[[YouTube]]
*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
*[[Instagram]]
*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
*[[wikipedia:Bluesky|Bluesky]]:
**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable at best
**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate

==Benefits==
It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it
*[[Google]] being anti-competitive towards [[Firefox]]: https://github.com/uBlockOrigin/uBlock-issues/discussions/3240
*[[Instagram]] refusing to serve content to <code>noscript</code> users, and deliberately nagging them to [[Forced app download|install the app]] or [[Forced account|login]]: https://github.com/Rudxain/uBO-rules/pull/9
*[https://github.com/iam-py-test/my_filters_001/blob/fc5f61eff0b0d821cb426bea76b18937072bc390/no-js-warnings.txt Websites that nag users to enable JS, even when it provides negligible value]
*[[Discord]] being extremely [[Bloatware|bloated]] to the point of crashing when opening Developer-tools: https://github.com/Rudxain/uBO-rules/blob/42220bd4f80052ee15136dff7269df19529c43ec/rx.ubo#L3-L19. This is not the fault of bloated JS, it's likely a bloated [[wikipedia:Document_Object_Model|DOM-tree]], but discord only bloats the DOM when JS is enabled.
*[https://www.slideshare.net/slideshow/enough-withthejavascriptalready/23262138 "Enough with the JavaScript already!"]
*[https://eev.ee/blog/2016/03/06/maybe-we-could-tone-down-the-javascript "Maybe we could tone down the JavaScript"]
*[https://www.kryogenix.org/code/dont-need-that-js "You really don't need all that JavaScript, I promise"]
*[https://jakearchibald.com/2013/progressive-enhancement-still-important "Progressive Enhancement Still Important"]
*https://gomakethings.com/why-progressive-enhancement-still-matters/
*https://www.viget.com/articles/the-case-against-progressive-enhancements-flimsy-moral-foundation
*[https://youtu.be/xE9W9Ghe4Jk "Shipping a button in 2026…"], by Kai Lentit. This illustrates the burnout and fatigue software developers can experience on a daily basis
*[https://grugbrain.dev/ HTMX developer advocating for less JS]
*[https://idlewords.com/talks/website_obesity.htm "Web Obesity Crisis"]
*[https://danluu.com/web-bloat/ "How web bloat impacts users with slow connections"]
*[https://tonsky.me/blog/js-bloat JS bloat (2024)]
*[https://tonsky.me/blog/disenchantment How JS makes web apps more unstable]
*[https://www.gnu.org/philosophy/javascript-trap.html GNU/FSF explaining why JS takes freedom away]
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]]
*[https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/ "I Used The Web For A Day With JavaScript Turned Off"]
*[https://tobyho.com/2010/03/11/how-much-of-the-web-actually/ "How Much of the Web Actually Work Without Javascript"]
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'')

==See also==

*[[Electron]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

X Corp

2026-03-19T10:37:29Z

Rudxain: more refs for "Breakage of proxies"; link "Forced account"

{{CompanyCargo
|Description=X Corp. is known for acquiring and rebranding Twitter and developing the AI model Grok.
|Founded=2023
|Industry=Social media, Artificial intelligence
|Logo=X Corp logo.svg
|ParentCompany=X.AI Corp.
|Type=Private
|Website=https://x.com/
}}
[[File:Twitter logo.svg|thumb|150x150px|Old logo of Twitter.]]
'''{{Wplink|Twitter|X}}''', formerly known as '''Twitter''', is a global social-media platform that facilitates real-time communication and the sharing of short messages, known as "tweets". Founded in 2006 by {{Wplink|Jack Dorsey}}, Noah Glass, Biz Stone, and Evan Williams, Twitter quickly became a key platform for public discourse, news, and social interaction. Known for its character-limited posts and use of hashtags (#), Twitter played a pivotal role in shaping online communication, politics, and social movements.

In 2023, Twitter underwent a significant rebranding, adopting the name X, after being acquired by [[Elon Musk]] in a high-profile deal in the previous year. Elon Musk took the company private and underwent a large sweep of leadership changes including layoffs and policy shifts. X has faced scrutiny over various issues, including content-moderation practices, the de-prioritization of accessibility features, data-privacy concerns, and its handling of user-generated content.

==Consumer impact summary==
===Lack of privacy===
*X can read private messages sent through the platform.<ref name=":1">{{Cite web |author= |date=4 Apr 2025 |title=X - ToS;DR |url=https://tosdr.org/en/service/195 |url-status=live |archive-url=https://web.archive.org/web/20250318073339/https://tosdr.org/en/service/195 |archive-date=18 Mar 2025 |access-date=13 Feb 2026 |website=[[Terms of Service;Didn't Read]]}}</ref>
*X uses personal data collected from its website for third-part advertisements.
*Personal data collected include:
**Location data,
**What web page refers you to X,
**Content posted (tweets),
**Replies, and
**Interactions such as likes and follows.

===Lack of transparency===
Since its acquisition in 2022, X has faced a number of transparency concerns:
*In alignment with the downsizing of X, the communications department was unofficially disbanded.
*X has come under scrutiny for its unclear content-moderation policies, including what content is prohibited on the service. This stems partially from the inconsistent enforcement of platform rules.
*With the introduction of Twitter Blue, users were able to obtain a badge resembling one of an account verified to belong to a person or organization of importance. This incident blurred the lines between organic content and paid promotions.
*As of 2 February 2023, X has discontinued free access to its Application Programming Interface (API). This was replaced with paid plans.

===Censorship===
*X has the ability to delete content without prior notice and without a formal reason.<ref name=":1" />
*X has a binding [[forced arbitration]] clause in its [[terms of service]]. This includes prevention against [[Class action|class-action lawsuits.]]<ref name=":1" />
*X complied with requests and local censorship of people who are critical of Erdogan such as other political parties and politicians, LGBT organizations, journalists, and activists.<ref>{{Cite web |author= |title=Joint Open Letter to Social Media Companies on Censorship in Türkiye |url=https://www.hrw.org/news/2025/05/08/joint-open-letter-social-media-companies-censorship-turkiye
|website=Human Rights Watch |date=8 May 2025 |access-date=11 Aug 2025 |url-status=live |archive-url=https://web.archive.org/web/20250916171447/https://www.hrw.org/news/2025/05/08/joint-open-letter-social-media-companies-censorship-turkiye |archive-date=16 Sep 2025}}</ref>

==Incidents==
===Twitter illegally uses collected data (''May 2022'')===
In May 2022, the [[Federal Trade Commission]] (FTC) fined Twitter $150 million dollars for using data collected for targeted advertisements. In 2011, Twitter had made an agreement with regulators in which it vowed not to share information gathered for security purposes with third-parties for targeted advertisements.<ref>{{Cite web |last=Allyn |first=Bobby |title=Twitter will pay a $150 million fine over accusations it improperly sold user data |url=https://www.npr.org/2022/05/25/1101275323/twitter-privacy-settlement-doj-ftc |website=NPR |date=25 May 2022 |access-date=4 Apr 2025 |url-status=live |archive-url=http://web.archive.org/web/20251025031814/https://www.npr.org/2022/05/25/1101275323/twitter-privacy-settlement-doj-ftc |archive-date=25 Oct 2025}}</ref>

Information that was illegally used for targeted advertisements includes phone numbers and e-mail addresses. The user agreed that this information will be used for services such as two-factor authentication (2FA), account recovery, and account safeguarding.<ref>{{Cite web |last=Fair |first=Leslie |title=Twitter to pay $150 million penalty for allegedly breaking its privacy promises – again |url=https://www.ftc.gov/business-guidance/blog/2022/05/twitter-pay-150-million-penalty-allegedly-breaking-its-privacy-promises-again |website=FTC |date=25 May 2022 |access-date= |url-status=dead |archive-url=https://web.archive.org/web/20220525213257/https://www.ftc.gov/business-guidance/blog/2022/05/twitter-pay-150-million-penalty-allegedly-breaking-its-privacy-promises-again |archive-date=25 May 2022}}</ref>

===Reduction in accessibility features (''November 2022'')===
Throughout the latter half of 2022, Twitter laid off much of its staff. Among these layoffs was the accessibility team, created in 2020 to improve the use of Twitter for disabled consumers. Of the many features introduced by the team, "alt-text" was added to allow visually impaired users to hear a description of an image.<ref name=":0">{{Cite web |last=Knibbs |first=Kate |title=Twitter’s Layoffs Are a Blow to Accessibility |url=https://www.wired.com/story/twitter-layoffs-accessibility/ |website=Wired |date=21 Nov 2022 |access-date=4 Apr 2025 |url-status=live |archive-url=http://web.archive.org/web/20250905183106/https://www.wired.com/story/twitter-layoffs-accessibility/ |archive-date=5 Sep 2025}}</ref>

As a result of the de-prioritization of accessibility in Twitter, alt-text badges were removed, making it more challenging for visually-impaired users to identify accessible content.<ref name=":0" />

===Data hack affecting millions of users (''January 2023'')===
In January 2023, X underwent a data breach that caused millions of account e-mails to be leaked.<ref>{{Cite web |last=Vallance |first=Chris |title=Twitter: Millions of users' email addresses 'stolen' in data hack |url=https://www.bbc.com/news/technology-64153381 |website=BBC |date=5 Jan 2023 |access-date=4 Apr 2025 |url-status=live |archive-url=http://web.archive.org/web/20260211113155/https://www.bbc.com/news/technology-64153381 |archive-date=11 Feb 2026}}</ref> X, under the new ownership of Elon Musk, did not take the precautionary steps to prevent this incident. Before the data hack, X had underwent significant layoffs, including ones which affected the trust, safety, and security teams. This is directly linked to the weakening of security before the breach, as these teams were essential for identifying vulnerabilities and patching them. Moreover, the media communications team was disbanded, leading to a lack of transparency surrounding the issue.

===Terms of Service allows use of user content for training AI (''November 2024'')===
[[File:X Terms of Service 2024 screenshot.webp|thumb|527x527px]]
On 15 November 2024, X issued new [[Terms of Service]] (TOS) to allow artificial intelligence (AI) to train on user content:<ref>{{Cite web |last=Maruf |first=Ramishah |title=X changed its terms of service to let its AI train on everyone’s posts. Now users are up in arms |url=https://edition.cnn.com/2024/10/21/tech/x-twitter-terms-of-service/index.html |website=CNN |date=21 Oct 2024 |access-date=4 Apr 2025 |url-status=live |archive-url=http://web.archive.org/web/20260208195110/https://edition.cnn.com/2024/10/21/tech/x-twitter-terms-of-service/index.html |archive-date=8 Feb 2026}}</ref><ref>{{Cite web |author= |title=Terms of Service |url=https://x.com/en/tos#current |website=X Corp |date=15 Nov 2024 |access-date=4 Apr 2025 |url-status=live |archive-url=http://web.archive.org/web/20260126180413/https://x.com/en/tos |archive-date=26 Jan 2026}}</ref>
<blockquote>"By submitting, posting or displaying Content on or through the Services, you grant us a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display, upload, download, and distribute such Content in any and all media or distribution methods now known or later developed, for any purpose. For clarity, these rights include, for example, curating, transforming, and translating. This license authorizes us to make your Content available to the rest of the world and to let others do the same. You agree that this license includes the right for us to (i) analyze text and other information you provide and to otherwise provide, promote, and improve the Services, including, for example, for use with and '''training of our machine learning and artificial intelligence models, whether generative or another type'''..."</blockquote>
This development raises concerns over the user's right to their own intellectual data posted on X. There is also concern over the privacy implications of private conversations being used to train a public AI. This AI may also use work by content creators, artists, and writers without compensation. [[Hidden EULA language|Being buried in a large TOS]], this is a clear example of taking away the consumer's right of ownership and not obtaining adequate disclosure.

As a response to the increased backlash, X released a feature to opt out of sharing data by navigating four different menus (Settings⇒Privacy and Safety⇒Data Sharing and Personalization⇒Grok⇒Allow your posts as well as your interactions, inputs, and results with Grok to be used for training and fine-tuning).<ref>{{Cite web |last=Peters |first=Jay |title=Here’s how to stop X from using your posts to train its AI |url=https://www.theverge.com/2024/7/26/24206904/x-grok-ai-train-turn-off |website=The Verge |date=26 Jul 2024 |access-date=4 Apr 2025 |url-status=live |archive-url=https://web.archive.org/web/20240726163920/https://www.theverge.com/2024/7/26/24206904/x-grok-ai-train-turn-off |archive-date=26 Jul 2024}}</ref> This setting being on by default is an example of a [[dark pattern]].

===Breakage of proxies (2023 - present)===
Twitter/X has taken many measures (such as the removal of "Guest" accounts, and [[Forced account|login requirement]]) to block the use of proxies, such as [[wikipedia:Nitter|Nitter]]<ref>{{Cite web |last=Carvajal Sarabia |first=Chema |date=2024-02-19 |title=You can no longer access Twitter without an account: Elon Musk has won |url=https://en.softonic.com/articles/you-can-no-longer-access-twitter-without-an-account-elon-musk-has-won |website=Softonic}}</ref><ref><nowiki>https://techcrunch.com/2023/06/30/twitter-now-requires-an-account-to-view-tweets/</nowiki></ref><ref>https://github.com/zedeus/nitter/issues/919</ref><ref><nowiki>https://github.com/zedeus/nitter/issues/983</nowiki></ref>. It has gotten to the point that the main developer of Nitter gave up,<ref><nowiki>https://github.com/zedeus/nitter/issues/1155#issuecomment-1913361757</nowiki></ref><ref>{{Cite web |last=Brodkin |first=Jon |date=2024-02-15 |title=Twitter front-end Nitter dies as Musk wins war against third-party services |url=https://arstechnica.com/tech-policy/2024/02/twitter-front-end-nitter-dies-as-musk-wins-war-against-third-party-services/ |access-date=2026-03-19 |website=Ars Technica}}</ref> then months later, decided to continue by supporting regular account types.<ref><nowiki>https://github.com/zedeus/nitter/discussions/1212</nowiki></ref>

==References==
{{Reflist}}

[[Category:X Corp]]

X Corp

2026-03-19T10:24:44Z

Rudxain: clarify "Breakage of proxies", link Nitter to WP

{{CompanyCargo
|Description=X Corp. is known for acquiring and rebranding Twitter and developing the AI model Grok.
|Founded=2023
|Industry=Social media, Artificial intelligence
|Logo=X Corp logo.svg
|ParentCompany=X.AI Corp.
|Type=Private
|Website=https://x.com/
}}
[[File:Twitter logo.svg|thumb|150x150px|Old logo of Twitter.]]
'''{{Wplink|Twitter|X}}''', formerly known as '''Twitter''', is a global social-media platform that facilitates real-time communication and the sharing of short messages, known as "tweets". Founded in 2006 by {{Wplink|Jack Dorsey}}, Noah Glass, Biz Stone, and Evan Williams, Twitter quickly became a key platform for public discourse, news, and social interaction. Known for its character-limited posts and use of hashtags (#), Twitter played a pivotal role in shaping online communication, politics, and social movements.

In 2023, Twitter underwent a significant rebranding, adopting the name X, after being acquired by [[Elon Musk]] in a high-profile deal in the previous year. Elon Musk took the company private and underwent a large sweep of leadership changes including layoffs and policy shifts. X has faced scrutiny over various issues, including content-moderation practices, the de-prioritization of accessibility features, data-privacy concerns, and its handling of user-generated content.

==Consumer impact summary==
===Lack of privacy===
*X can read private messages sent through the platform.<ref name=":1">{{Cite web |author= |date=4 Apr 2025 |title=X - ToS;DR |url=https://tosdr.org/en/service/195 |url-status=live |archive-url=https://web.archive.org/web/20250318073339/https://tosdr.org/en/service/195 |archive-date=18 Mar 2025 |access-date=13 Feb 2026 |website=[[Terms of Service;Didn't Read]]}}</ref>
*X uses personal data collected from its website for third-part advertisements.
*Personal data collected include:
**Location data,
**What web page refers you to X,
**Content posted (tweets),
**Replies, and
**Interactions such as likes and follows.

===Lack of transparency===
Since its acquisition in 2022, X has faced a number of transparency concerns:
*In alignment with the downsizing of X, the communications department was unofficially disbanded.
*X has come under scrutiny for its unclear content-moderation policies, including what content is prohibited on the service. This stems partially from the inconsistent enforcement of platform rules.
*With the introduction of Twitter Blue, users were able to obtain a badge resembling one of an account verified to belong to a person or organization of importance. This incident blurred the lines between organic content and paid promotions.
*As of 2 February 2023, X has discontinued free access to its Application Programming Interface (API). This was replaced with paid plans.

===Censorship===
*X has the ability to delete content without prior notice and without a formal reason.<ref name=":1" />
*X has a binding [[forced arbitration]] clause in its [[terms of service]]. This includes prevention against [[Class action|class-action lawsuits.]]<ref name=":1" />
*X complied with requests and local censorship of people who are critical of Erdogan such as other political parties and politicians, LGBT organizations, journalists, and activists.<ref>{{Cite web |author= |title=Joint Open Letter to Social Media Companies on Censorship in Türkiye |url=https://www.hrw.org/news/2025/05/08/joint-open-letter-social-media-companies-censorship-turkiye
|website=Human Rights Watch |date=8 May 2025 |access-date=11 Aug 2025 |url-status=live |archive-url=https://web.archive.org/web/20250916171447/https://www.hrw.org/news/2025/05/08/joint-open-letter-social-media-companies-censorship-turkiye |archive-date=16 Sep 2025}}</ref>

==Incidents==
===Twitter illegally uses collected data (''May 2022'')===
In May 2022, the [[Federal Trade Commission]] (FTC) fined Twitter $150 million dollars for using data collected for targeted advertisements. In 2011, Twitter had made an agreement with regulators in which it vowed not to share information gathered for security purposes with third-parties for targeted advertisements.<ref>{{Cite web |last=Allyn |first=Bobby |title=Twitter will pay a $150 million fine over accusations it improperly sold user data |url=https://www.npr.org/2022/05/25/1101275323/twitter-privacy-settlement-doj-ftc |website=NPR |date=25 May 2022 |access-date=4 Apr 2025 |url-status=live |archive-url=http://web.archive.org/web/20251025031814/https://www.npr.org/2022/05/25/1101275323/twitter-privacy-settlement-doj-ftc |archive-date=25 Oct 2025}}</ref>

Information that was illegally used for targeted advertisements includes phone numbers and e-mail addresses. The user agreed that this information will be used for services such as two-factor authentication (2FA), account recovery, and account safeguarding.<ref>{{Cite web |last=Fair |first=Leslie |title=Twitter to pay $150 million penalty for allegedly breaking its privacy promises – again |url=https://www.ftc.gov/business-guidance/blog/2022/05/twitter-pay-150-million-penalty-allegedly-breaking-its-privacy-promises-again |website=FTC |date=25 May 2022 |access-date= |url-status=dead |archive-url=https://web.archive.org/web/20220525213257/https://www.ftc.gov/business-guidance/blog/2022/05/twitter-pay-150-million-penalty-allegedly-breaking-its-privacy-promises-again |archive-date=25 May 2022}}</ref>

===Reduction in accessibility features (''November 2022'')===
Throughout the latter half of 2022, Twitter laid off much of its staff. Among these layoffs was the accessibility team, created in 2020 to improve the use of Twitter for disabled consumers. Of the many features introduced by the team, "alt-text" was added to allow visually impaired users to hear a description of an image.<ref name=":0">{{Cite web |last=Knibbs |first=Kate |title=Twitter’s Layoffs Are a Blow to Accessibility |url=https://www.wired.com/story/twitter-layoffs-accessibility/ |website=Wired |date=21 Nov 2022 |access-date=4 Apr 2025 |url-status=live |archive-url=http://web.archive.org/web/20250905183106/https://www.wired.com/story/twitter-layoffs-accessibility/ |archive-date=5 Sep 2025}}</ref>

As a result of the de-prioritization of accessibility in Twitter, alt-text badges were removed, making it more challenging for visually-impaired users to identify accessible content.<ref name=":0" />

===Data hack affecting millions of users (''January 2023'')===
In January 2023, X underwent a data breach that caused millions of account e-mails to be leaked.<ref>{{Cite web |last=Vallance |first=Chris |title=Twitter: Millions of users' email addresses 'stolen' in data hack |url=https://www.bbc.com/news/technology-64153381 |website=BBC |date=5 Jan 2023 |access-date=4 Apr 2025 |url-status=live |archive-url=http://web.archive.org/web/20260211113155/https://www.bbc.com/news/technology-64153381 |archive-date=11 Feb 2026}}</ref> X, under the new ownership of Elon Musk, did not take the precautionary steps to prevent this incident. Before the data hack, X had underwent significant layoffs, including ones which affected the trust, safety, and security teams. This is directly linked to the weakening of security before the breach, as these teams were essential for identifying vulnerabilities and patching them. Moreover, the media communications team was disbanded, leading to a lack of transparency surrounding the issue.

===Terms of Service allows use of user content for training AI (''November 2024'')===
[[File:X Terms of Service 2024 screenshot.webp|thumb|527x527px]]
On 15 November 2024, X issued new [[Terms of Service]] (TOS) to allow artificial intelligence (AI) to train on user content:<ref>{{Cite web |last=Maruf |first=Ramishah |title=X changed its terms of service to let its AI train on everyone’s posts. Now users are up in arms |url=https://edition.cnn.com/2024/10/21/tech/x-twitter-terms-of-service/index.html |website=CNN |date=21 Oct 2024 |access-date=4 Apr 2025 |url-status=live |archive-url=http://web.archive.org/web/20260208195110/https://edition.cnn.com/2024/10/21/tech/x-twitter-terms-of-service/index.html |archive-date=8 Feb 2026}}</ref><ref>{{Cite web |author= |title=Terms of Service |url=https://x.com/en/tos#current |website=X Corp |date=15 Nov 2024 |access-date=4 Apr 2025 |url-status=live |archive-url=http://web.archive.org/web/20260126180413/https://x.com/en/tos |archive-date=26 Jan 2026}}</ref>
<blockquote>"By submitting, posting or displaying Content on or through the Services, you grant us a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display, upload, download, and distribute such Content in any and all media or distribution methods now known or later developed, for any purpose. For clarity, these rights include, for example, curating, transforming, and translating. This license authorizes us to make your Content available to the rest of the world and to let others do the same. You agree that this license includes the right for us to (i) analyze text and other information you provide and to otherwise provide, promote, and improve the Services, including, for example, for use with and '''training of our machine learning and artificial intelligence models, whether generative or another type'''..."</blockquote>
This development raises concerns over the user's right to their own intellectual data posted on X. There is also concern over the privacy implications of private conversations being used to train a public AI. This AI may also use work by content creators, artists, and writers without compensation. [[Hidden EULA language|Being buried in a large TOS]], this is a clear example of taking away the consumer's right of ownership and not obtaining adequate disclosure.

As a response to the increased backlash, X released a feature to opt out of sharing data by navigating four different menus (Settings⇒Privacy and Safety⇒Data Sharing and Personalization⇒Grok⇒Allow your posts as well as your interactions, inputs, and results with Grok to be used for training and fine-tuning).<ref>{{Cite web |last=Peters |first=Jay |title=Here’s how to stop X from using your posts to train its AI |url=https://www.theverge.com/2024/7/26/24206904/x-grok-ai-train-turn-off |website=The Verge |date=26 Jul 2024 |access-date=4 Apr 2025 |url-status=live |archive-url=https://web.archive.org/web/20240726163920/https://www.theverge.com/2024/7/26/24206904/x-grok-ai-train-turn-off |archive-date=26 Jul 2024}}</ref> This setting being on by default is an example of a [[dark pattern]].

===Breakage of proxies (2023 - present)===
Twitter/X has taken many measures (such as the removal of "Guest" accounts) to block the use of proxies, such as [[wikipedia:Nitter|Nitter]]<ref><nowiki>https://techcrunch.com/2023/06/30/twitter-now-requires-an-account-to-view-tweets/</nowiki></ref><ref>https://github.com/zedeus/nitter/issues/919</ref><ref><nowiki>https://github.com/zedeus/nitter/issues/983</nowiki></ref>. It has gotten to the point that the main developer of Nitter gave up,<ref><nowiki>https://github.com/zedeus/nitter/issues/1155#issuecomment-1913361757</nowiki></ref> then months later, decided to continue by supporting regular account types.<ref><nowiki>https://github.com/zedeus/nitter/discussions/1212</nowiki></ref>

==References==
{{Reflist}}

[[Category:X Corp]]