ZeroNet and JavaScript (II)

4 replies [Last post]
amuza
Offline
Joined: 02/12/2018

Hi, there is this https://trisquel.info/en/forum/zeronet-and-javascript but it is locked -don't know why. So I open this new thread.

I have been told "zeronet is sandboxed.so it is not a problem that javascript is enabled".

What do you think of it?
Is that correct?

Thank you.

amuza
Offline
Joined: 02/12/2018

That sentence was an answer to my concerns on ZeroNet security.

amuza
Offline
Joined: 02/12/2018

I guess concerns on freedom stay there, no matter if JavaScript is in a sandbox or not.

onpon4
Offline
Joined: 05/30/2012

"It's in a sandbox" is the excuse always given for JavaScript. It's not a good excuse. You know what JavaScript can be used for? Spectre and Meltdown exploits.

And the point remains: it's proprietary software running on your computer. Being sandboxed wouldn't change that even if the sandbox was perfect.

By the way, the old topic got locked automatically because it was old. The forum software does that after a while.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

"Sandboxed" JavaScript can also be used to mine cryptocurrency with your CPU. Some sites, like Pirate Bay, acknowledge that their JavaScript does this and try to justify it as an alternative to ads. Other sites do it secretly. Some sites have been attacked by a third party and don't realize that their site installs malicious JavaScript.

Security aside, sandboxing proprietary software does not give you the freedom to modify or redistribute it, so it is as much a violation of freedom as any other proprietary software.

I could buy a second laptop running Windows. It would be completely "sandboxed" from my current laptop. From a security standpoint, this would not compromise my Trisquel system. However, it would not magically turn Windows into freedom-respecting software, and if I relied on the second laptop for any of my computing I would be less free.