JavaScript: Difference between revisions
there are no incident pages (yet) |
populate summary |
||
| Line 10: | Line 10: | ||
==Consumer-impact summary== | ==Consumer-impact summary== | ||
* '''Forced requirement''': Many webpages (and even entire websites), force the user to keep JS enabled. In 2026, considering the advancements in HTML and CSS technology, there is ''no technical reason'' why any website (other than real-time simulations and low-latency gaming) would ''ever'' need JS. The only valid justification are [[wikipedia:Legacy_code|legacy code-bases]], since those are impractical to migrate to no-JS solutions. That is, newer web-sites have no reason | |||
* '''Excessive tracking''': JS is much more capable than HTML and CSS '''combined''' to track user behavior, because of its first-class access to [https://developer.mozilla.org/en-US/docs/Web/API user-agent (UA) APIs]. JS can communicate with almost any server (only limited by [[wikipedia:Cross-origin_resource_sharing|CORS]]) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a [[Device fingerprint|fingerprint of the device]], user, or both. | |||
* [[Personalized Ads|'''Targeted ads''']]: JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve personalized ads, even across unrelated sites. | |||
* '''Market control''': JS (alongside [[wikipedia:WebAssembly|Wasm]]) are built into almost every web-browser and UA, including "light-weight" ones (such as [[wikipedia:W3m|w3m]]). Incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability". Some people say that JS shouldn't even be a Web Standard,<ref>https://daringfireball.net/linked/2017/06/22/navistone-form-data</ref> implying that it should be an [[wikipedia:Browser_extension|extension]] or [[wikipedia:Plug-in_(computing)|plug-in]] (such as Java Applets and [[Adobe]] Flash) the user willingly installs; this would reduce the incentive to use JS, as there's no guarantee the user has it. | |||
==Incidents== | ==Incidents== | ||
| Line 21: | Line 25: | ||
*[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it | *[https://libredirect.github.io/faq.html LibRedirect explaining why it exists], and how [[Google Chrome]]'s MV3 limits it | ||
*https://daringfireball.net/linked/2017/06/27/web-without-javascript | *https://daringfireball.net/linked/2017/06/27/web-without-javascript | ||
*https://daringfireball.net/linked/2025/01/18/google-search-javascript | *https://daringfireball.net/linked/2025/01/18/google-search-javascript | ||
| Line 47: | Line 50: | ||
*[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]] | *[https://www.gnu.org/philosophy/wwworst-app-store.html GNU/FSF explaining why "web apps" shouldn't exist]. '''WARNING''': contains overzealous claims! ([https://github.com/Rudxain/blog/blob/main/post/re_twwwas.md according to Rudxain]). Related: [[wikipedia:Local-first_software|Local-first]] | ||
*[https://clickclickclick.click/ Interactive page (game?) showing how websites can '''track almost anything''' the user does] | *[https://clickclickclick.click/ Interactive page (game?) showing how websites can '''track almost anything''' the user does] | ||
*[https://privacycheck.sec.lrz.de/ "Browserize"] | *[https://privacycheck.sec.lrz.de/ "Browserize"] fingerprinting showcase | ||
*[https://abrahamjuliot.github.io/creepjs "CreepJS"] fingerprint showcase | *[https://abrahamjuliot.github.io/creepjs "CreepJS"] fingerprint showcase | ||
*[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'') | *[https://github.com/Rudxain/blog/blob/main/post/js-abuse.md More sources] (''TO-DO'') | ||