14 votes

Topic deleted by author

56 comments

  1. [6]
    whbboyd
    Link
    An abbreviated list of my objections to Javascript: It very rarely adds consequential value to a site. It never adds value of any kind to a content-focused site. It can be (and often is) used to...

    An abbreviated list of my objections to Javascript:

    • It very rarely adds consequential value to a site. It never adds value of any kind to a content-focused site.
    • It can be (and often is) used to add extremely consequential negatives of all sorts to all kinds of pages, including invasive tracking, broken scrolling, broken browser history, unreasonably poor performance, etc.
    • It often makes it difficult or impossible to perform static processing of a given site or page.
    • It's untrusted code running on my CPU, which means any and all Spectre-type vulnerabilities are exposed to it, and it can perform arbitrarily nefarious actions such as cryptocurrency mining, attacking my browser or local network, etc.
    • Building a Javascript engine performant enough to run the modern Web is almost impossible. Microsoft gave up on maintaining their own browser engine. Javascript is a major contributor to Chrome's deeply problematic hegemony.
    • The entire category of "XSS attack" is ludicrous. The fact that an ecosystem where this was even conceptually possible was permitted to develop goes well beyond mind-boggling.
    • I utterly despise Javascript as a language and the ecosystem which has grown up around it. It would be laughably terrible if it weren't functionally mandatory to interact with it in order to live in the modern world.

    Despite all that, I don't actually disable Javascript anywhere. I've found the tools to do so to vary from clunky to virtually unusable, and so many pages become unusable broken that it's simply not worth the effort. (Not that the benefit is small, because it's certainly not—did you know computers are stinking fast when they don't have to functionally compile and execute a sprawling, extremely poorly-written application just to display a page of text?—but the effort is essentially unbounded.)

    35 votes
    1. Protected
      Link Parent
      ublock origin has a button for disabling javascript on the current host. If a website is abusing javascript you can revoke its javascript privileges in two clicks, without having to install any...

      ublock origin has a button for disabling javascript on the current host. If a website is abusing javascript you can revoke its javascript privileges in two clicks, without having to install any additional tools.

      12 votes
    2. [2]
      babypuncher
      Link Parent
      I disagree with this. I use the RES plugin with Reddit which uses Javascript to add a lot of interactivity that makes consuming content on the site easier (such as showing/hiding content,...

      It very rarely adds consequential value to a site. It never adds value of any kind to a content-focused site.

      I disagree with this. I use the RES plugin with Reddit which uses Javascript to add a lot of interactivity that makes consuming content on the site easier (such as showing/hiding content, expanding/shrinking images, flipping through image albums). There are lots of interactions on many content-focused websites that make a much better user experience with just a little bit of JavaScript.

      11 votes
      1. FlippantGod
        (edited )
        Link Parent
        Its a plugin tho. Have you ever come across a website that uses JavaScript like RES? No, cause RES is pretty big and keeping it local is much faster than forcing users to fetch it from a CDN or...

        Its a plugin tho. Have you ever come across a website that uses JavaScript like RES? No, cause RES is pretty big and keeping it local is much faster than forcing users to fetch it from a CDN or what have you.

        In fact, I'd say new Twitter, which now requires JS, is a prefect example of JS making a website actively worse.

        Edit: spelling. lol.

        4 votes
    3. [2]
      lionirdeadman
      Link Parent
      Wasn't the problem around DOM web compat rather than Javascript? AFAIK EdgeHTML and Chakra (the JS engine) were fairly performant. The problem was compatibility.

      Building a Javascript engine performant enough to run the modern Web is almost impossible. Microsoft gave up on maintaining their own browser engine. Javascript is a major contributor to Chrome's deeply problematic hegemony.

      Wasn't the problem around DOM web compat rather than Javascript? AFAIK EdgeHTML and Chakra (the JS engine) were fairly performant. The problem was compatibility.

      2 votes
      1. vord
        Link Parent
        When it comes to the web, compatibility is 9/10ths of the law. If you can't match it, you haven't actually built a viable competitor. Microsoft hasn't been able to keep up since Firefox hit the scene.

        When it comes to the web, compatibility is 9/10ths of the law. If you can't match it, you haven't actually built a viable competitor.

        Microsoft hasn't been able to keep up since Firefox hit the scene.

        5 votes
  2. [4]
    Wes
    Link
    It's a very small minority of users. They tend to be the loudest voices on websites like Hacker News and certain subreddits, but it's a small crowd using a speaker phone. Real users aren't posting...

    It's a very small minority of users. They tend to be the loudest voices on websites like Hacker News and certain subreddits, but it's a small crowd using a speaker phone. Real users aren't posting with Lynx or downloading pages with curl, so I simply don't worry about it. If the website breaks, those users know how to fix it. If they choose to go elsewhere, that's fine too.

    In this day and age, every browser is evergreen. They support JavaScript and all the latest specs. That includes screen readers and other accessibility devices, so that excuse is no longer valid. As a result of this, the original concerns that led to progressive enhancement are no longer valid. Websites can be fully featured and it will be supported by virtually everyone.

    Nowadays I worry more about performance than capability. A glut of JavaScript will slow pages down, so I try to do as much with as little as I can. I've no aversion to the technology, but developers can be lazy about their uses. By requiring a compilation/interpretation step, JS is the heaviest content a page can send. It's best to be thoughtful about what features a page or app really need.

    24 votes
    1. [3]
      vord
      (edited )
      Link Parent
      A small minority of users that happen to be right. There's a reason browsers are the biggest security risk and it's not because of the HTML and CSS. Regarding downloading pages with curl... I...

      A small minority of users that happen to be right. There's a reason browsers are the biggest security risk and it's not because of the HTML and CSS.

      Regarding downloading pages with curl...

      I actively resent how much harder it is to grab files and websites off the web using curl and wget these days. It used to be trivial to find a link to a file, paste 'wget <url>' into a terminal. It is immensely useful to get stuff to an offsite location.

      It was way easier to archive websites before JQuery came around.

      16 votes
      1. [2]
        Adys
        Link Parent
        You resent how easy it is to grab pages off a website. I adore how the SPA model has made data available via APIs even when the website doesn’t give a shit. APIs are a realisation of the power of...

        You resent how easy it is to grab pages off a website. I adore how the SPA model has made data available via APIs even when the website doesn’t give a shit.

        APIs are a realisation of the power of the internet… at some point enough devs will figure it out.

        7 votes
        1. vord
          Link Parent
          Don't get me wrong. I love a good API. But it's also obtuse and unique to each site. Let me know when I can leverage a standardized API to compare/contrast prices at my preferred retailers and...

          Don't get me wrong. I love a good API. But it's also obtuse and unique to each site.

          Let me know when I can leverage a standardized API to compare/contrast prices at my preferred retailers and generate the appropriate pickup orders when my home inventory runs low.

          Best I can tell the curl/wget methods have been neutered and the APIs have not nearly caught up enough.

          6 votes
  3. [5]
    Amarok
    Link
    It's less about the javascript and more about me not trusting the 187 rando .wtf domains any given page is pulling scripts from. I just block anything that isn't first party from the primary host....

    It's less about the javascript and more about me not trusting the 187 rando .wtf domains any given page is pulling scripts from. I just block anything that isn't first party from the primary host. I have plugins to cache the latest versions of commonly used .js files without the need to download them every time I hit a page that uses them.

    14 votes
    1. [4]
      Tardigrade
      Link Parent
      What's your plugin setup because that sounds like an upgrade from what I currently operate?

      What's your plugin setup because that sounds like an upgrade from what I currently operate?

      2 votes
      1. [3]
        riQQ
        Link Parent
        Not GP, but one addon to don't download commonly used .js files is Decentraleyes.

        Not GP, but one addon to don't download commonly used .js files is Decentraleyes.

        5 votes
        1. Amarok
          Link Parent
          Yep, same one I'm using for it. Most of my other addons are for simple quality of life stuff like gestures, skipping redirects, etc.

          Yep, same one I'm using for it. Most of my other addons are for simple quality of life stuff like gestures, skipping redirects, etc.

          3 votes
        2. Tardigrade
          Link Parent
          Thanks for sharing that. Nice to see it's available on mobile too.

          Thanks for sharing that. Nice to see it's available on mobile too.

  4. [32]
    tomf
    Link
    unless the content is being pulled from an API, typically JS doesn't provide a lot of value to a site. Some sites use JS to mess with the scrolling, disabling context menus, simple paywalls,...

    unless the content is being pulled from an API, typically JS doesn't provide a lot of value to a site. Some sites use JS to mess with the scrolling, disabling context menus, simple paywalls, popups for mailing lists, etc. On the rare occasion that a site actually needs JS, its easier to enable it for that one site instead of disabling it for annoying ones.

    I don't disable js across the board anymore, but I do for a lot of sites for various reasons.

    9 votes
    1. [31]
      teaearlgraycold
      Link Parent
      As a web developer I think JS provides a lot of value in enabling dynamic content.

      unless the content is being pulled from an API, typically JS doesn't provide a lot of value to a site

      As a web developer I think JS provides a lot of value in enabling dynamic content.

      8 votes
      1. [30]
        joplin
        Link Parent
        There’s no doubt that it can. It’s just that the majority of use of it is for displaying content that 98% of users ignore (ads) and it also enables our current horrendously broken surveillance...

        There’s no doubt that it can. It’s just that the majority of use of it is for displaying content that 98% of users ignore (ads) and it also enables our current horrendously broken surveillance capitalism (tracking, etc.).

        8 votes
        1. [29]
          teaearlgraycold
          Link Parent
          I could defend JS tracking but I don’t think Tildes users would like that. It’s at least easy to block on its own.

          I could defend JS tracking but I don’t think Tildes users would like that.

          It’s at least easy to block on its own.

          3 votes
          1. [28]
            WhyCause
            Link Parent
            I'd actually be curious to hear a defense of it. I say that in all seriousness; why should we accept tracking via JS?

            I'd actually be curious to hear a defense of it.

            I say that in all seriousness; why should we accept tracking via JS?

            9 votes
            1. [11]
              teaearlgraycold
              Link Parent
              I don't know if you "should accept tracking". You shouldn't have to run code on your computer that you don't want to have ran. Ad blockers and tracking blockers tend to work pretty well and sites...

              I don't know if you "should accept tracking". You shouldn't have to run code on your computer that you don't want to have ran. Ad blockers and tracking blockers tend to work pretty well and sites are (usually) built with them in mind. So even though outside of the EU there isn't any law that requires a tracking opt-out you can stop ad tracking from affecting you pretty much everywhere (except iOS or browsers on similarly locked-down devices).

              As a disclaimer I'm a developer for a SaaS platform that uses tracking for analytics purposes. It's important that the business has access to that information. We're not operating a brick-and-mortar where we can see first hand how people use our app and where they're coming from. A lot of software improvements and improvements to product-market-fit only exist because of JS tracking code.

              I think the problem most people have with tracking code is that it's impossible to know what a server is going to throw at you before you open a web page. I'm favorable to a system that would alert you to that. You could get an OAuth-like modal that says all of the information the website is requesting before it's opened. But getting changes implemented on the web is hard.

              7 votes
              1. [5]
                joplin
                Link Parent
                You can absolutely use ad and tracker blockers on iOS. I’m not sure why you think it’s not possible. I use Firefox Focus when browsing in Safari and it blocks a huge number of ads and trackers.

                you can stop ad tracking from affecting you pretty much everywhere (except iOS or browsers on similarly locked-down devices).

                You can absolutely use ad and tracker blockers on iOS. I’m not sure why you think it’s not possible. I use Firefox Focus when browsing in Safari and it blocks a huge number of ads and trackers.

                2 votes
                1. [4]
                  teaearlgraycold
                  Link Parent
                  Oh? I run normal Firefox on iOS and didn’t think I could install an ad blocker.

                  Oh? I run normal Firefox on iOS and didn’t think I could install an ad blocker.

                  2 votes
                  1. [2]
                    crdpa
                    Link Parent
                    Isn't Firefox on iOS just a frontend to safari? I heard elsewhere that they only allow their engine.

                    Isn't Firefox on iOS just a frontend to safari? I heard elsewhere that they only allow their engine.

                    1 vote
                    1. Weldawadyathink
                      Link Parent
                      Yes, but they also allow content blockers. I use AdGuard and hush.

                      Yes, but they also allow content blockers. I use AdGuard and hush.

                      1 vote
                  2. joplin
                    Link Parent
                    Yeah, if you run Firefox Focus, it can act as a browser itself, or you can go into the in-app settings and if you scroll down there's a checkbox for "Safari Integration". Turn that on, and its...

                    Yeah, if you run Firefox Focus, it can act as a browser itself, or you can go into the in-app settings and if you scroll down there's a checkbox for "Safari Integration". Turn that on, and its settings also affect Safari.

              2. [5]
                vord
                Link Parent
                I am curious, are there any aspects that you couldn't just capture with access logs on the server?

                A lot of software improvements and improvements to product-market-fit only exist because of JS tracking code.

                I am curious, are there any aspects that you couldn't just capture with access logs on the server?

                1. [4]
                  teaearlgraycold
                  Link Parent
                  That wouldn't tell you how confused the user is by the UI. Tracking software often includes complete webpage recordings.

                  That wouldn't tell you how confused the user is by the UI. Tracking software often includes complete webpage recordings.

                  4 votes
                  1. [3]
                    vord
                    Link Parent
                    Well. That is unpleasant. If that's what it takes to justify incremental UI improvements send me back to 2004 please. I wonder how many more people would block javascript if a massive disclosure...

                    Well. That is unpleasant. If that's what it takes to justify incremental UI improvements send me back to 2004 please.

                    I wonder how many more people would block javascript if a massive disclosure like "The owners of this website are literally recording every move you make on it." was posted.

                    2 votes
                    1. [2]
                      teaearlgraycold
                      Link Parent
                      Whether or not a session gets recorded is randomized to keep costs down - so it depends how lucky you are. https://cohere.io/ is one SaaS product in particular that enables this. You can check if...

                      Whether or not a session gets recorded is randomized to keep costs down - so it depends how lucky you are.

                      https://cohere.io/ is one SaaS product in particular that enables this. You can check if that's in your block rules.

                      3 votes
                      1. Wes
                        Link Parent
                        Microsoft Clarity, Hotjar, and Mouseflow are the heatmap tools I'm familiar with. I expect the default uBlock filters already block them all, though.

                        Microsoft Clarity, Hotjar, and Mouseflow are the heatmap tools I'm familiar with. I expect the default uBlock filters already block them all, though.

                        4 votes
            2. [16]
              joplin
              Link Parent
              There are legitimate uses of tracking. If you know a user is the same user you can set various settings on your web page to their preferred settings. You can automatically connect things they...

              There are legitimate uses of tracking. If you know a user is the same user you can set various settings on your web page to their preferred settings. You can automatically connect things they probably want connected but might not know can be connected. Things like that. Instead, though, most sites use it to sell info about you to third parties so they can show you ads for items you already purchased.

              2 votes
              1. [3]
                lionirdeadman
                Link Parent
                I don't think most people count remembering settings as tracking although it could certainly be used for that. I think most people think of analytics and ad networks when thinking of tracking.

                I don't think most people count remembering settings as tracking although it could certainly be used for that. I think most people think of analytics and ad networks when thinking of tracking.

                7 votes
                1. vord
                  Link Parent
                  Definitely. That's what a single logon cookie and an account are for. If they're not signed in, don't send a cookie.

                  Definitely. That's what a single logon cookie and an account are for.

                  If they're not signed in, don't send a cookie.

                  5 votes
                2. joplin
                  Link Parent
                  I was thinking more cross-site tracking. Like say Discord detects you have cookies from Steam, they could potentially read them and offer to hook you up with chat rooms related to games you’ve...

                  I was thinking more cross-site tracking. Like say Discord detects you have cookies from Steam, they could potentially read them and offer to hook you up with chat rooms related to games you’ve downloaded or something (or at least from the top 10 Steam games if they can’t get info on which ones you downloaded from the cookies). I’m not saying I’d want that, but I know people who would.

                  1 vote
              2. [12]
                Wes
                (edited )
                Link Parent
                This is bandied around a lot, but I just don't see it. Where are these data markets? As a site owner, where do I go to offload my analytics for $$$? If like me you start reading privacy policies,...

                Instead, though, most sites use it to sell info about you to third parties so they can show you ads for items you already purchased.

                This is bandied around a lot, but I just don't see it. Where are these data markets? As a site owner, where do I go to offload my analytics for $$$?

                If like me you start reading privacy policies, you'll see that 95% of them explicitly state they do not sell user data. That includes large companies like Facebook and Google.

                That's not to say that it never happens. Certainly companies have sold big portions of user data, such as credit card companies. But for the millions of regular site owners who are accused of profiting off tracking, I just don't see anything like that. Even if they place ads on their sites, they're not engaging in any sale of user data. You'd have to really stretch the definitions involved to make that argument ("no no, they're actually selling you out").

                Mostly I think this idea of selling user data is a big boogieman online. Tracking is done primarily by site owners who want to measure performance. Are people clicking Purchase? Are videos being watched? Are the ads converting?

                I have no problem at all with people blocking tracking (and I believe my own adblocker does so by default), but I think internet denizens have really developed a twisted view on this topic over the years. What I see out in the real world is nothing at all like what I see described in the tech circles.

                6 votes
                1. [3]
                  vord
                  (edited )
                  Link Parent
                  I just searched a whole bunch of larger-company physical stores near me, and they all have stuff like what I discuss below. I'm using Taco Bell as my example. This is gonna get big, as quoting...

                  I just searched a whole bunch of larger-company physical stores near me, and they all have stuff like what I discuss below. I'm using Taco Bell as my example. This is gonna get big, as quoting privacy policies. First, some data they collect:

                  Location information. We may collect information about your location if you provide your address or postal/zip code or we may approximate your location based on your IP address. If you provide our mobile applications access to location services on your device, we and our third party providers may collect location data through GPS, Wi-Fi, wireless network triangulation or other similar methods. We may use your location information to provide personalized content and advertising, to enhance your shopping and dining experience, to allow you to view deals and products available to you based on your location, to assist us with analytics such as foot traffic measurement, and to improve the effectiveness of our websites, restaurants, mobile applications, merchandise, advertising, and customer service. We may also use your location information to provide you with more information regarding events, personalized offers regarding products, services, or other opportunities, and notifications via social media which may interest you. We may also use the Google Maps Application Programming Interface to gather information about your location. Google uses various technologies to determine your location, including your IP address, GPS, and other sensors that may, for example, provide Google with information on nearby devices, Wi-Fi access points, and cell towers (see Google Maps Privacy Policy to learn more).

                  Pair that data with this some of the in-store data the collect :

                  In some locations, we may work with third party partners that collect location and movement data from your mobile device when you’re using a mobile app configured for this purpose. We receive aggregated information about visitors to our stores and may use this data to analyze foot traffic patterns and measure the effectiveness of our marketing and promotional campaigns. See “Your Choices and Control Over Your Information” below to learn how you may adjust location data collection through your mobile device.

                  An example of one of these third party partners. There are many like it. They aren't bound by Taco Bell's privacy policy for reselling your data...and good luck finding which company your Taco Bell is using. They all use BLE, the always-on unique identifier for your phone. This part they don't even need your permission to collect. And this could be any rand company doing this.

                  But the real kicker is these two bullets, Two of the main ones present in almost every privacy policy, which essentially says "We'll share your data however we feel like it"

                  • Select marketing and strategic business partners: We may share limited data with our preferred marketing and strategic business partners so that they can provide you with information and marketing messages about products or services that may interest you. These parties may use your information in accordance with their own privacy policies.

                  • Online advertising partners: We may share information with third party online advertising partners or permit these partners to collect information from you directly on our Sites to facilitate online advertising. To learn more, see our Cookie and Ads Policy, available on our Site.

                  And that's not even digging into the details about sharing internally with the parent/child/sibling companies.

                  5 votes
                  1. [2]
                    Wes
                    Link Parent
                    I'm afraid I get redirected to a regional homepage when I try viewing that privacy policy. From your quotes here though, is this describing the website's data collection or that of their mobile...

                    I'm afraid I get redirected to a regional homepage when I try viewing that privacy policy. From your quotes here though, is this describing the website's data collection or that of their mobile application? I think it must be the latter. I don't see how a BLE identifier could currently be captured on a website, for example.

                    Similarly, an IP address allows a rough approximation of location in the same way that caller ID gives away a caller's area code. But on the web a more precise lookup requires consent via the geolocation API.

                    I fully expect that mobile applications which have full access to your device will have more onerous tracking due to a greater permission scope. However I'm a web developer, and I was only speaking to my own experience in that area. I expect the mobile app landscape is very different when it comes to privacy.

                    1. vord
                      Link Parent
                      It's company-wide. Including website, app, in-store wifi, and other data. Not necessarily. But you pretty easily can tie a new BLE identifier to a new device connecting to wifi. Especially if you...

                      From your quotes here though, is this describing the website's data collection or that of their mobile application? I think it must be the latter. I don't see how a BLE identifier could currently be captured on a website, for example.

                      It's company-wide. Including website, app, in-store wifi, and other data.

                      I don't see how a BLE identifier could currently be captured on a website, for example.

                      Not necessarily. But you pretty easily can tie a new BLE identifier to a new device connecting to wifi. Especially if you have a wifi gateway page. You can also just collect them and cross-reference all the other metadata you've gathered. I expanded a bit on some of these things here

                      But on the web a more precise lookup

                      Well, unless they have a geolocation call from someone else on that IP. At home, maybe viable, though they can likely also compare against other subnets in your area from your ISP. They don't necessarily need address, just like neighborhood (much smaller than zip code or area code). In public anybody who connects to same wifi network as you (see xfinity public hotspots) can also do this. I'll bet you a nickle Nextdoor (the neighborhood communication app) sells some level of IP-> address -> ad engagement data.

                      One bit of aggregated or anonymized data isn't generally harmful on its own. However, it is becoming increasing easier to tie these bits together. And while not all companies are re-selling this tied-together bit, they certainly are buying it from anyone who does to improve their own picture.

                      1 vote
                2. [6]
                  mat
                  Link Parent
                  You are correct. The vast majority of things people complain about regarding 'tracking' and advertising online is totally unfounded. Faceboogle at al have no interest in selling their datasets...

                  You are correct. The vast majority of things people complain about regarding 'tracking' and advertising online is totally unfounded.

                  Faceboogle at al have no interest in selling their datasets because the exclusivity of those datasets are all that is holding up their entire business model. Log into Adwords or Facebook Ad Manager and see exactly what you can't see. It's noting. You can't see anything about the actual users.

                  Also even if any of the stuff people claim happens, did happen, I'm still not clear why I would care. It makes no difference to me. My "data" isn't worth anything and I couldn't care less who has it. Anything I actually want to be private I keep private by myself already.

                  4 votes
                  1. [5]
                    vord
                    Link Parent
                    If the data wasn't worth anything nobody would be scrambling to collect it, paying big bucks in the process. You and I might have different expecations of things we want to be private. Or what we...

                    My "data" isn't worth anything and I couldn't care less who has it. Anything I actually want to be private I keep private by myself already.

                    If the data wasn't worth anything nobody would be scrambling to collect it, paying big bucks in the process.

                    You and I might have different expecations of things we want to be private. Or what we think is private and isn't really.

                    Do you share publicly every single place you visit? If you carry a cellphone you do. I certainly consider my location history private, but it seems nobody else does unless they see someone physically following them.

                    Related.

                    6 votes
                    1. [3]
                      mat
                      Link Parent
                      Are people doing that? Who is paying whom, and for what? Faceboogle et al are gathering some information on stuff you like so they can show you relevant ads but they're not paying for it. Oh, I'm...

                      If the data wasn't worth anything nobody would be scrambling to collect it, paying big bucks in the process.

                      Are people doing that? Who is paying whom, and for what? Faceboogle et al are gathering some information on stuff you like so they can show you relevant ads but they're not paying for it.

                      You and I might have different expecations of things we want to be private.

                      Oh, I'm pretty sure we do :)

                      But the point is that a lot of the things you might think are being "harvested" about you, probably aren't. I've installed various 'tracking' stuff on plenty of websites from tiny ones to vast multinational corporate sites, I was even (briefly) involved in a company who ran tracking services and never once has it involved anything which could be considered malicious. The vast majority of this stuff is just about finding out how people use websites so they can be improved.

                      Also - and do understand that I mean this in the nicest possible way - nobody cares about you. Or me. Or anyone. A large dataset of people's preferences is useful for selling adverts (although it's a fairly open secret in the industry that it's nowhere near as useful as the ad sellers like to say it is), and adverts are largely how we have an internet, like them or not. But while you represent a miniscule datapoint in those vast databases, nobody knows or cares about you personally. Nobody can find out anything about you. You might come back from a search for eyeballs who like technology and open source and prefers to disable Javascript (yup, that's a datapoint, sorry) but only as an anonymous target to show an ad to. Nobody knows it's you.

                      If the security services want you, they're taking you regardless of anything you do. Nobody else cares. So it doesn't matter. I have a limited amount of things I can worry about and that some computer system somewhere knows that last week I was searching for both sash clamps and buttplugs is so far down that list it barely registers. I'm fascinated to see what kind of ads I get this week though.

                      People have been telling me how awful and invasive online advertising and the associated data acquisition is since gmail (with ads) launched in 2004 and I've yet to see any negative effects. Or, particularly, positive ones - although if I have to see adverts (and I choose to do that because advertising supports the websites I like, and for a long time that was how I made my money too) I'd rather they were for things I might vaguely like, or at least don't hate. For example, I've pretty much disabled seeing ads for alcohol at this point, which is nice for me to be able to avoid.

                      Do you share publicly every single place you visit? If you carry a cellphone you do.

                      Are you sure I do that? Google certainly knows where I am (well, there is location data attached to my account but I'm not sure that meaningfully translates to Google "knowing" where I am in the same sense that Gmail doesn't "read" my emails) because I have an Android phone and I use location services such as navigation - but do they share that information publicly? Not that I care if they do, but I'm pretty sure they don't.

                      Someone physically following me is very different to my personal Google account logging location data.

                      3 votes
                      1. vord
                        Link Parent
                        I agree that generally nobody cares about any of us individually. I mean, the datasets are there, and anybody who does aggregate enough certainly could abuse it. Like governments whom grow...

                        I agree that generally nobody cares about any of us individually. I mean, the datasets are there, and anybody who does aggregate enough certainly could abuse it. Like governments whom grow increasingly authoritarian. But even that isn't the big factor.

                        I don't want to be targetted or tracked. I don't want people to be able to say "Let's send ads to people in their late thirties who recently went to a pet store, bought a burger from a local burger chain, and traveled at least 50 miles away from their home in the last month." Because all of that is possible, and even if it isn't directly targetted at me, it feels just as creepy as someone calling me and saying "Hey I saw you at the pet store, wnna meet up at that burger place you went to yesterday?"

                        Targetted advertising might not be super effective. But it's effective enough that people still pay top dollar for it. Maybe you don't see the wider picture of it all.

                        I worked for a college. They pay hundreds of thousands of dollars every year gathering all sorts of data on high school students to figure out how to get them to apply. Then spend money on ads to target them. Maybe toss out social media posts relevant to their interests.

                        Anybody who vists the website gets their tracking data added into a database where this will get aggregated to try to tie that visit history to any sort of other contact information that might have been gathered. If we get a match on any sort of email or addrees, possibly of a parent or alum, some sort of outreach will be done. Alums might get an extra event thrown they're invited to. Remind them of their good old days and build brand awareness and maybe remind college bound kid that college was awesome.

                        If any apply, that data is further reenforced with more tracking data, hidden pixels in emails, both marketing and progress. Any unopened emails get reminders sooner than opened ones who didn't follow through.

                        This factors into who to offer admission to...not just their application data, but their perceived excitement to attend. So this is scratching the surface. And any sort of confirmation bias, real or imagined, will further increase that desire for more data.

                        I wasn't talking entirely about Google or Apple, or any of the apps you use getting your GPS/wireless/IP location data. I'm talking about Bluetooth Low Energy.

                        Places (businesses and schools for sure) setup beacons around their building. They collect the BLE ID of every phone that passes through. They, or another company who they pay, aggregate this data. They might share and use internally. If they pay a company that company will add it to the data from other customers or other tracking companies to build a very detailed location database.

                        The college I worked for was investigating installing these beacons to determine detailed foot traffic around campus. To see which study rooms were occupied. To see who was sitting at which desks in the computer labs and compare against logged in sessions.

                        It's not just about personal privacy. It's about maintaining and building a culture that values any privacy at all.

                        10 votes
                      2. Akir
                        Link Parent
                        Your story would be great if it were only Facebook or Google doing the tracking, but there are thousands of less scrupulous companies out there and not all of them have the same policies. More...

                        Your story would be great if it were only Facebook or Google doing the tracking, but there are thousands of less scrupulous companies out there and not all of them have the same policies. More importantly, not all of them have the same amount of security.

                        But even in regards to Facebook and Google, I think it’s naive to believe that the data you have access to on their advertising platforms are all they have on you.

                        Honestly, though, the point that bothered me the most about your post was how much you dismiss the vast psychological power of advertising. You and I both know that a number of advertising companies are useless, but advertising itself works. That’s why they are everywhere. That’s why the last election cost 14 Billion dollars.

                        What’s worse is that internet advertising - the specific kind that uses the tracking we are talking about - is the single most effective type of advertising known to man, and it’s entirely because you are being individually tracked. Do you want to know what the most successful advertising campaign is at the company I work for? Remarketing. People visit our website once and Google starts showing our name and logo on websites everywhere. Eventually, people break down, go back to our website, and contact us about our products.

                        Of course there are other kinds of campaigns they run, but the remarketing campaign is responsible for nearly double the conversions as the next most affective campaign.

                        Do you want to know what your data is worth? To my company, it’s typically somewhere between $200 and $500. That is how much it costs to get a person to walk through the doors to our store.

                        5 votes
                    2. Wes
                      Link Parent
                      Sort of. That's knowledge possessed by the cellphone companies, by necessity of cellphones pinging towers as you move around. That's not inherently public knowledge, but it is queryable by law...

                      Do you share publicly every single place you visit? If you carry a cellphone you do.

                      Sort of. That's knowledge possessed by the cellphone companies, by necessity of cellphones pinging towers as you move around. That's not inherently public knowledge, but it is queryable by law enforcement.

                      2 votes
                3. lionirdeadman
                  Link Parent
                  But those scripts don't only show ads, that's the issue. Facebook and Google will store the fact that you went on the website hence the website owner is selling the information "X person went to...

                  But those scripts don't only show ads, that's the issue. Facebook and Google will store the fact that you went on the website hence the website owner is selling the information "X person went to read/see Y thing" to the ad company. In exchange for that information, Google and Facebook can provide 'better' advertising and pay the website.

                  It's also worth noting that a lot of these ad companies will buy information from data brokers about you and that advertisers can know a certain amount of information about you if you click on their advertising because they can do very niche targeting so that could be argued as selling information.

                  Of course, a lot of tracking is about analyzing human behaviour. I'm not sure I buy that they care performance considering how heavy those websites tend to be, or at least, they're doing a pretty poor job at it.

                  4 votes
                4. joplin
                  Link Parent
                  This is a big topic that goes beyond this question, but what it comes down to is that even when a company like Google or Facebook "only sells your eyeballs and not your data," as soon as you click...

                  This is a big topic that goes beyond this question, but what it comes down to is that even when a company like Google or Facebook "only sells your eyeballs and not your data," as soon as you click on any ad that Google or Facebook shows you, the advertiser (or the third party they work through) gets a bunch of data on you (via browser fingerprinting, tracking cookies, and other stuff) that they can immediately connect up with a bunch of other data on you that they bought from credit card companies who very much do directly sell it to them. So while it's true that Google and Facebook don't directly sell the data they have on you, they very much facilitate getting large amounts of data about you to third party brokers who aggregate and collate such data. And they fully know this is what happens. Maybe if you never click on any of the ads nobody will ever get your data, but despite trying hard not to ever click on any ads for 30 or so years, I have on occasion accidentally clicked on one I didn't mean to. It's nearly impossible not to get caught up in their drag nets, even with ad blocking on.

                  3 votes
  5. [3]
    Eric_the_Cerise
    Link
    Javascript isn't the problem. The problem is what people (mostly, corporations) are using it for. I routinely use both uMatrix and NoScript in combination on my browsers. uMatrix is no longer...

    Javascript isn't the problem. The problem is what people (mostly, corporations) are using it for.

    I routinely use both uMatrix and NoScript in combination on my browsers. uMatrix is no longer actively supported, and gradually becoming outdated, so I don't recommend it, but together with NoScript, they give a wonderful picture of all the things that modern websites are doing on your computer without your knowledge or permission.

    I firmly believe that user tracking together with targeted advertising, is one of the four or five biggest and most dangerous problems facing humanity today, right up there with climate change ... and potentially even worse, simply because the vast majority of people do not recognize/acknowledge the danger, and simply shrug and accept it as inevitable.

    I really wish many more people would try NoScript, not even to block Javascript, but just to periodically look "under the hood" and see all the nasty, creepy 3rd-party stuff that is being downloaded and launched on their computers/phones without their knowledge/permission.

    7 votes
    1. [2]
      mat
      Link Parent
      That's a pretty extraordinary claim. I assume you have some extraordinary evidence to back it up? I'd love to hear it. Having worked in both the web dev and online advertising/marketing industry...

      I firmly believe that user tracking together with targeted advertising, is one of the four or five biggest and most dangerous problems facing humanity today, right up there with climate change

      That's a pretty extraordinary claim. I assume you have some extraordinary evidence to back it up? I'd love to hear it.

      Having worked in both the web dev and online advertising/marketing industry for quite a number of years - albeit a little while ago, but I still have plenty of friends in the sector - I seem to have managed to avoid seeing any significant evidence of anything particularly bad, let alone anywhere near as existentially terrifying as the climate crisis..

      3 votes
      1. arghdos
        Link Parent
        I think the connection would be the click-bait-ificiation of the news media, encouraging all sorts of shitty journalistic processes (e.g.). While I think it’s much harder to prove the influence &...

        I seem to have managed to avoid seeing any significant evidence of anything particularly bad, let alone anywhere near as existentially terrifying as the climate crisis..

        I think the connection would be the click-bait-ificiation of the news media, encouraging all sorts of shitty journalistic processes (e.g.).

        While I think it’s much harder to prove the influence & blame of adtech, it absolutely exacerbates many other issues… in the moment where having really top-notch journalism is really fucking necessary to cut through misinformation/bullshit and help drive really critical policy decisions (like on climate change), you have a profession in peril, at least in part, because of shitty incentives from the advertising based revenue model.

        How much? Hard to say. But it’s not a hard link to see.

        8 votes
  6. [2]
    userexec
    Link
    My two cents on this as a primarily JavaScript developer: I sometimes disable JS because I've got a thing for squeezing every last week out of hardware I can possibly manage. You could charitably...

    My two cents on this as a primarily JavaScript developer: I sometimes disable JS because I've got a thing for squeezing every last week out of hardware I can possibly manage. You could charitably say that my taste in computers is thrifty, but I've been known to use even failing hardware for years until it simply won't turn on anymore. My primary machine was still a Pentium MMX in 2010, although maybe I'm not quite that bad anymore. You can bet I was blocking anything I could on that, though I don't know if I'd say it was trendy then.

    JS is often absurdly heavy these days, and on a performance-constrained machine you really get a feel for just what a slog some sites are. I was planning to do a little mobile work this week with my GalliumOS chromebook but quickly found that while it's still perfectly acceptable for day-to-day web stuff, trying to load Outlook Web and Slack takes about 15 minutes before they're ready to use. It's a shame because I really love developing on that machine--it keeps me aware of how well my code actually runs by not burying inefficiencies with shovels full of RAM and clock cycles.

    I think a lot of the trend of disabling JS comes not from any one shortcoming of JS itself, or even heavier feature-rich apps-as-sites, but from how some developers holding the JS hammer start seeing everything as a nail and try to emulate functionality you should be getting for free with sprawling frameworks and dependency nightmares. You end up with situations where you're loading 7MB of scripts or something just to have them render out a couple paragraphs of text. Have you ever seen flatbed semi truck drivers who, between loads, strap a little toy excavator onto the trailer as a joke? A lot of websites feel like that.

    What others said about JS being used heavily in some areas for user annoyances like scrolljacking, unsolicited modals, tracking scripts, etc. applies too. At one point I complained to my bank because they were loading 5 different tracking/analytics libraries on their homepage.

    Anyway there's your niche objections, I guess. Most people will never really notice these because they don't cobble their computers together out of trash like some deranged cyber-raccoon.

    7 votes
    1. whbboyd
      Link Parent
      Hello, fellow deranged cyber-raccoon! (I'm much less extreme than you, though—I think the most out-of-date my primary computer ever got was a Thinkpad X40 with a Pentium M at 1.2GHz into 2012.) I...

      Hello, fellow deranged cyber-raccoon! (I'm much less extreme than you, though—I think the most out-of-date my primary computer ever got was a Thinkpad X40 with a Pentium M at 1.2GHz into 2012.) I just want to point out that you don't have to be a deranged cyber-raccoon to experience slowness from overuse of Javascript. I regularly run across pages that lag for no clear reason on my work computer (i7 quad-core at 1.8GHz) and even my monstrosity of a gaming desktop (Ryzen 5 6-core at 3.4GHz).

      3 votes
  7. KapteinB
    Link
    I like that no-one has attempted to answer the headline question yet. In fairness, I don't really know the answer myself. Javascript used to be optional. Not all web browsers supported Javascript,...

    I like that no-one has attempted to answer the headline question yet. In fairness, I don't really know the answer myself.

    Where did the trend of disabling Javascript in one's browser originate from?

    Javascript used to be optional. Not all web browsers supported Javascript, and so if you wanted your website to work in all browsers, it had to work without Javascript. I vaguely recall browsers having an easily accessible setting to toggle Javascript on or off. Websites would still be functional (though usually less fancy), but you'd gain performance, stability, and security. (We didn't care as much about privacy back then; Facebook didn't exist, and we still believed in Google's company slogan.) That's where I believe the trend of disabling Javascript originated.

    As browser extensions became a thing, we started seeing extensions that offered more fine-grained control. The most popular is possibly NoScript, which according to their website has been around since 2004.

    6 votes
  8. [3]
    lionirdeadman
    Link
    Personally I don't do this but I've avoided using Javascript unless absolutely necessary on my website for the sake of compatibility with browsers who disable it (usually for security) and...

    Personally I don't do this but I've avoided using Javascript unless absolutely necessary on my website for the sake of compatibility with browsers who disable it (usually for security) and text-based ones with no javascript engine (and frankly, I have no need for it).

    That said, CSS tends to be thing kicking my butt the most because I use a lot of modern features but want to keep compatibility with things like Opera Presto and Netsurf because I'm an insane idealist.

    5 votes
    1. [2]
      skyfaller
      Link Parent
      I also aspire to support older, simpler browser engines, and I have to say... how do you test with Opera Presto? Do you have an ancient copy of it running somewhere? Is that... safe? Where did you...

      I also aspire to support older, simpler browser engines, and I have to say... how do you test with Opera Presto? Do you have an ancient copy of it running somewhere? Is that... safe? Where did you get it? How do you install it?

      I've been able to install and test with NetSurf and Pale Moon, and I've been using those as representatives of simpler browsers, but even if I wanted to support old proprietary browsers (and I'm not sure I do, seems like encouraging people to browse unsafely), I don't know how I would run a copy of IE4. At least NetSurf is maintained, and if I leave Javascript turned off, that has to reduce the security risk.

      Here's a crappy work-in-progress blog post about how I try to use progressive enhancement with CSS to support simpler browsers: https://www.maximumethics.dev/blog/2021/09/progressive-enhancement/

      3 votes
      1. lionirdeadman
        Link Parent
        I have tried in the past this old version which is the last desktop version but I strictly only used it on my own website on my local network. I mostly did it for fun but afterwards I learned that...

        I also aspire to support older, simpler browser engines, and I have to say... how do you test with Opera Presto? Do you have an ancient copy of it running somewhere? Is that... safe? Where did you get it? How do you install it?

        I have tried in the past this old version which is the last desktop version but I strictly only used it on my own website on my local network. I mostly did it for fun but afterwards I learned that phones running J2ME run a version of Presto in the cloud through this blog post so what I sometimes do is host my website with localtunnel for a short period to test it with Opera Mini Extreme Dating saving which uses that same path as those J2ME browsers.

        I personally don't support older browsers, if they work, it is by accident. The full list of things I try to support is : Firefox, Chromium, Safari, GNOME Web, Opera Presto (for J2ME), IE12, EdgeHTML (used for UWP), NetSurf, dillo, w3m, links and lynx. IE is dying in 2022 iirc and it was not something I actively tried to make work.

        Now, do they all work equally as well? Of course but they're usable.

        I do want to make a blog post at some point to say how it all works and why it works and just show off for fun.

        1 vote