What happens if you disable JavaScript?

[whm1974]

OK as an experiment I disabled JavaScript in both Chrome and Firefox to see if I can improve my security by eliminating malware vectors.

Will I still be able to browse the Web without any problems, or will I end up turning it back on?

Although I'm Linux user, I'm posting this here so this will get wider exposer as Windows may benefit from doing this as well.

 

[lxskllr]

Using something like NoScript/uMatrix is better. JS is *required* on too many sites for basic functionality, with some showing exactly nothing if js is disabled. Some sites work just fine, but are in the minority.

Using addons as above, you can block the crap, but allow functionality. It's all a lot of work, and not for the average user, but that's how I use the web.

 

[whm1974]

Thanks, that should work better.

 

[lxskllr]

u/wtsh gives a decent breakdown of privacy/security addons here...

https://www.reddit.com/r/privacy/comments/6t6z8p/is_the_umatrix_firefox_addon_really_useless_in/

 

[whm1974]

Well I had NoScript install for a few days now and it seems to work pretty well along with Privacy Badger. What is nice about NoScript is I can turn on/off JavaScript on the fly instead having to dig through about:config to do that.

 

[lxskllr]

As you get the time, are bored, or whatever, you can research scripts, then blacklist them so they never get loaded, and won't take up space in the list when open NoScript. That makes it easier to see what the minimum amount of scripts necessary to make a site run is.

That's how I do it anyway, but it is a fair amount of work, and tedium to browse. I avoid 'professional' news sites due to the number of scripts they typically use. It's a more secure way of browsing, but not for everyone, and I don't necessarily recommend it for the general population. You need a certain amount of dedication and patience to use the web that way.

 

[whm1974]

As you get the time, are bored, or whatever, you can research scripts, then blacklist them so they never get loaded, and won't take up space in the list when open NoScript. That makes it easier to see what the minimum amount of scripts necessary to make a site run is.

That's how I do it anyway, but it is a fair amount of work, and tedium to browse. I avoid 'professional' news sites due to the number of scripts they typically use. It's a more secure way of browsing, but not for everyone, and I don't necessarily recommend it for the general population. You need a certain amount of dedication and patience to use the web that way.

I don't have a problem with Ads, but do have issues with data collection and the slowing down of the Web with badly written and unnecessary scripts. And not to mention targeted Ads as well.

Seriously, I have run into many webpages that almost completely unusable by having lots and lots of badly developed JavaScript code.

 

[urvile]

I used to use NoScript but I don't anymore. The only thing I block by default is flash.The avoidance of dodgy sites is the best policy and if you feel a need to visit such sites use a VM.

 

[urvile]

I don't have a problem with Ads, but do have issues with data collection and the slowing down of the Web with badly written and unnecessary scripts. And not to mention targeted Ads as well.

Seriously, I have run into many webpages that almost completely unusable by having lots and lots of badly developed JavaScript code.

Unfortunately javascript is well a scripting language which leads to bad code. I have spent the last 18 months or so coding lots and lots of it (maybe that is why the code is bad? ). Mainly jquery though. The weak typing and non checking of actual parameters against formal paramaters at runtime (talking about JS...) are two of it's worst features. Once you get a lot of javascript in an app you will have problems maintaining it.

Because it is very easy to end up with crazy spaghetti code. I use a few different patterns. Most people don't.

 

[Red Squirrel]

Unfortunately it seems a lot of sites are TERRIBLY coded and actually overuse Javascript to the point that pages won't even load. Even news sites, which are suppose to just be text and pictures - it's not rocket science to write a news site without it being so bloated, but they seem to be the worse. I used to use Noscript but it just made using the internet frustrating. A lot of these sites seem to use like 30 different domains to host the .js files instead of putting it all on the same server. Not sure what they're trying to accomplish there.

 

[whm1974]

Unfortunately javascript is well a scripting language which leads to bad code. I have spent the last 18 months or so coding lots and lots of it (maybe that is why the code is bad? ). Mainly jquery though. The weak typing and non checking of actual parameters against formal paramaters at runtime (talking about JS...) are two of it's worst features. Once you get a lot of javascript in an app you will have problems maintaining it.

Because it is very easy to end up with crazy spaghetti code. I use a few different patterns. Most people don't.

I have to ask, but does JS have GOTO instructions? Wasn't there a trend in the late 80's and early 90's to avoid using those? I'm under the impression that newer programming and scripting languages don't even have those at all to help prevent spaghetti code. Or do lazy developers find new ways to produce spaghetti code anyway?

 

[urvile]

I have to ask, but does JS have GOTO instructions? Wasn't there a trend in the late 80's and early 90's to avoid using those? I'm under the impression that newer programming and scripting languages don't even have those at all to help prevent spaghetti code. Or do lazy developers find new ways to produce spaghetti code anyway?

Nope. No goto. So I guess not authentic spaghetti code. It's more something you will pick up on over time. I have created plenty myself and probably still do. I don't include that on my resume though. It's about structure and what happens when you end up with a large javascript code base. That has just evolved..... It's easy to lose track of the correct number and type of parameters etc. with out any checks due to the language design but it is an interpreted/JIT language.

So it is what it is. I use some basic patterns to enforce some structure and try and code it in a semi OO way because it is an OO language. Of course it's easy to create spaghetti using strongly typed langauages but those languages have checks in place that prevent the developer from making silly mistakes.

 

[whm1974]

While ever since I installed Privacy Badger and NoScript I noticed a decent spend up in browsing the Web.

 

[whm1974]

Well ever since I installed Privacy Badger and NoScript I noticed a decent spend up in browsing the Web.

So there is that.

 

[whm1974]

Crap I clicked reply instead of edit. How do I delete a post?

 

[Ratman6161]

Unfortunately javascript is well a scripting language which leads to bad code. I have spent the last 18 months or so coding lots and lots of it (maybe that is why the code is bad? ). Mainly jquery though. The weak typing and non checking of actual parameters against formal paramaters at runtime (talking about JS...) are two of it's worst features. Once you get a lot of javascript in an app you will have problems maintaining it.

Because it is very easy to end up with crazy spaghetti code. I use a few different patterns. Most people don't.

Of course jquery doesn't necessarily save you either. In a recent Audit, after doing network scans, we had an audit finding stating that we had an outdated version of JQuery on one of our systems. Never occurred to me that that had to be updated like everything else. Problem is, its a third party application using it so we don't really have any idea if the problematic functionality in the older version is something the application uses or not. We also have no idea if something will break if we update it. So, it carries its own set of problems.

 

[urvile]

Of course jquery doesn't necessarily save you either. In a recent Audit, after doing network scans, we had an audit finding stating that we had an outdated version of JQuery on one of our systems. Never occurred to me that that had to be updated like everything else. Problem is, its a third party application using it so we don't really have any idea if the problematic functionality in the older version is something the application uses or not. We also have no idea if something will break if we update it. So, it carries its own set of problems.

Yeah. jQuery is no magic bullet it's supposed to be magically cross browser but in my experience it isn't (although it is fair to say that can be jQuery version specific). Updating third party javascript APIs can break stuff. The more JS APIs you have in an app the more potential for problems. The more versions (in particular IE) or type of browsers that have to be supported the more potential for problems. Add it all together and it's not fun.

I am working in an environment currently where I have to write JS that supports all versions of IE starting at 8 as well as chrome and I am over it. Actually I am kind of over JS as well.....

EDIT: That having been said though I do have a lot of love for the guys who develop jQuery and plugins like JsTree. It takes a lot of work to implement and maintain a framework like jQuery and then they just give it back to the dev community free of charge.

 

[Mike64]

Crap I clicked reply instead of edit. How do I delete a post?

I've done that more than once... You can't delete even your own posts themselves (though you can edit/delete their content) even if there aren't replies/later thread posts, but while I don't know if there are technical or "policy" restrictions on doing so, you can "Report" your own post and ask the mods to delete it for you...

 

[whm1974]

Thanks. Well it seems that Privacy Badger and NoScript could live savers for those unfortunate souls who are still using dialup or tightly metered broadband.

 

[lxskllr]

Thanks. Well it seems that Privacy Badger and NoScript could live savers for those unfortunate souls who are still using dialup or tightly metered broadband.

For shaving kb off page loads, I'll also suggest Decentraleyes...

https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/?src=ss

and LoadFromCache...

https://addons.mozilla.org/en-US/firefox/addon/load-from-cache/?src=ss

 

[whm1974]

I also have set Firefox to delete everything on exit. I use FF for web surfing and Chrome for video watching.

 

[SMOGZINN]

While ever since I installed Privacy Badger and NoScript I noticed a decent spend up in browsing the Web.

Of course, because there is now exactly 4 websites on the internet that you can go to, and those host static information that has not changed since 2009. Your browser has just cached the entire website.

 

[whm1974]

Of course, because there is now exactly 4 websites on the internet that you can go to, and those host static information that has not changed since 2009. Your browser has just cached the entire website.

And which four are they?

 

[PeterRoss]

While it might not be the worst idea of all time to disable Javascript entirely, It is not that great. Pretty much every single website uses that, for various tasks. Limiting potentially malicious code execution on your browser can be useful, completely disabling is going to "break" the pages.

 

[whm1974]

While it might not be the worst idea of all time to disable Javascript entirely, It is not that great. Pretty much every single website uses that, for various tasks. Limiting potentially malicious code execution on your browser can be useful, completely disabling is going to "break" the pages.

Yeah I found that out fast, so I use NoScript along with Privacy Bagder instead.