ZeroNet and JavaScript (II)

4 respuestas [Último envío]
amuza
Desconectado/a
se unió: 02/12/2018

Hi, there is this https://trisquel.info/en/forum/zeronet-and-javascript but it is locked -don't know why. So I open this new thread.

I have been told "zeronet is sandboxed.so it is not a problem that javascript is enabled".

What do you think of it?
Is that correct?

Thank you.

amuza
Desconectado/a
se unió: 02/12/2018

That sentence was an answer to my concerns on ZeroNet security.

amuza
Desconectado/a
se unió: 02/12/2018

I guess concerns on freedom stay there, no matter if JavaScript is in a sandbox or not.

onpon4
Desconectado/a
se unió: 05/30/2012

"It's in a sandbox" is the excuse always given for JavaScript. It's not a good excuse. You know what JavaScript can be used for? Spectre and Meltdown exploits.

And the point remains: it's proprietary software running on your computer. Being sandboxed wouldn't change that even if the sandbox was perfect.

By the way, the old topic got locked automatically because it was old. The forum software does that after a while.

chaosmonk

I am a member!

I am a translator!

Desconectado/a
se unió: 07/07/2017

"Sandboxed" JavaScript can also be used to mine cryptocurrency with your CPU. Some sites, like Pirate Bay, acknowledge that their JavaScript does this and try to justify it as an alternative to ads. Other sites do it secretly. Some sites have been attacked by a third party and don't realize that their site installs malicious JavaScript.

Security aside, sandboxing proprietary software does not give you the freedom to modify or redistribute it, so it is as much a violation of freedom as any other proprietary software.

I could buy a second laptop running Windows. It would be completely "sandboxed" from my current laptop. From a security standpoint, this would not compromise my Trisquel system. However, it would not magically turn Windows into freedom-respecting software, and if I relied on the second laptop for any of my computing I would be less free.