how to determine if a web site requires non free java script?
- Inicie sesión ou rexístrese para enviar comentarios
If a web site requires java script in order to work is there an easy way to
determine if the web site is running non free java script software?
Thank you.
There is GNU LibreJS: https://www.gnu.org/software/librejs/
However, since many webmasters do not publish the license information as GNU LibreJS suggests, it may block JavaScript that is actually free.
It also depends on what kind of site it is too.
In some cases, you can probably be 80% sure it is or isn't due to the purpose of said website.
That aside, javascript is a messy programming language.
I do recall once hearing 90% of web security problems are caused by javascript.
This could be more true or less true since I heard this.
Can't say I know as of now.
Though programming for some things seems to go down in quality as time goes on, bigger and more bloated.
> 90% of web security problems
Do you have documentation? What about surveillance? Is java script able
to spy on people? If so is java script commonly used
to spy on people? Documentation?
If you want navigate in Abrowser with security I recommend you combine GNU LibreJS and JShelter
https://jshelter.org/ and https://www.gnu.org/software/librejs/
Truthfully, I head this from noscript developers, but they could have exaggerated I suppose.
In any case, I also remember hearing javascript was not developed as a framework for the web when it was first developed.
That was determined later by other people I think.
Although there are other possibilities.
I found this which has some other thoughts:
https://dev.to/nikl/is-javascript-really-as-insecure-as-they-say-mi8
Feel free to read if you want.
If we are talking about client-side vulnerabilities, I believe JavaScript is indeed involved in the vast majority of them. Not because of the language itself, but simply because, on today's Web, JavaScript is the only programming language Web browsers execute. 99% of websites use it. Flash used to be extremely popular (and the source of even more vulnerabilities: we are better off with JavaScript!) and there were Java applets, but all those are essentially gone. HTML, CSS, SVG, MathML, etc. are not programming languages. They are markup languages.
You got me there, flash was much, much worse.
There are command line text based browsers like the w3m. They do
not support java script. I have been contemplating
if by law everyone having a website should be
forced to ensure their website always is accessible with a command
line browser. Are there strong enough arguments
for such a rule?
One argument is absence of java script if java
script is not secure and commonly spies on people. Is it not
more difficult to create a text browser supported
website that spies on people? Then there is the power
energy consumption argument. Smaller requirements for
devices. Does websites that support text browsers
not have fewer attack vectors? What I do not know
is, if text browser supporting websites would require redundant
websites? Or can any website with some configurations become
accessible by text browsers? Would it be an
inadequate burden for website providers
to support text browsers?
I am for making web 4.0, lighter on resources then web 2.0
I am a translator!
Many free software projects use discourse for their discussion forum, which only works with javascript. Forcing them to change this to a non-javascript option would mean changing the software they use, creating significant work.
Besides, many websites actually include apps that are run by the user in their web browser, and I guess the only way to run such processing without javascript might be to send their data to the server which would run the processing and return the result, and that looks somehow worse from a privacy pespective.
Then, nowadays more and more people use a smartphone as their only computing device, and these people install whatever (almost always non-free) app they are told to install to get the service they expect. If there is a requirement on websites tp be javascript-free, this may just result in those websites disappearing and the (non-free) smartphone app to become the only way to access some services.
All of this to say that, while your idea looks nice, supposing it would become a legal requirement, the effects might not be the ones you expect.
> somehow worse
I do not think it does. Having random software running in your browser
looks worse.
> those websites disappearing
No, the law would say if you provide something on the internet, that service
must be accessible by a text browser. If there are no text
browsers for phones they would probably show up. What could be a challenge
would be framing which basic features the text browser part
of a given web site should provide?.
> the effects
My only factor is if it could get implemented at a low cost for the
web site providers. Would it be an option technically to make a
software module available for people? The module would then integrate
in a given website and provide the text browser support.
Are there strong enough arguments for such a rule?
Besides the fact that almost nobody uses (or want to use) text-based Web browsers, there is another argument against such a rule: "being text-based and executing proprietary software are conceptually unrelated". As far as I know, nothing theoretically prevents text-based Web browsers from interpreting JavaScript.
I used NoScript for many years to block JS but have recently switched to using uBlock Origin (which I was already using as an ad blocker) as it has the same ability to block JS but with more fine-grained control and apparently fewer bugs.
What really annoys me is websites that are supposed display an article, but show up completely blank when JS is diabled. On the opposite end of the spectrum are websites that are more functional with JS disabled than without it, like theatlantic.com. The paywall only shows up with JS enabled so you can read all the articles for free with JS disabled (the images show up blurred but that can be fixed with a uBlock filter).
I am a translator!
I use the combination of NoScript, uBlock Origin, JShelter and LibreJS.
When the display is not good enough, depending on the website, I either just give it up (it looks like a website providing poor information anyway), or I gradually try to allow more things by putting the website as temporarily trusted on NoScript, then I may allow some things with LibreJS.
Recently, with Anubis, which is something put in place because of DDoS attacks, I had to disable the javascript shield from JShelter in order to access certain pages. I did this to access the archlinux wiki. I would not do this for a website that I don't know is valuable or that I have the choice not to use. For sites like tax declaration (I have no choice for that one), I have to disable everything, perhaps except uBlock Origin.
uBlock can do most of the same things that NoScript does. There is no XSS protection but every XSS warning I've gotten from NoScript was a false positive so I don't really care about that anymore.
Does JShelter help beyond the built-in "strict" level of tracking protection in Firefox/Abrowser? Seems like a not very widely used addon.
I don't bother with LibreJS because avoiding websites with nonfree JS is just too inconvenient. And even if a website uses only free JS, it likely does not support LibreJS.
I am a translator!
I wonder whether we are talking about the same extensions. When I have NoScript active for a website, it blocks Javascript, fonts and some other things while uBlock Origin seems to allow them all. My competence is too limited to understand what kind of "protection" uBlock Origin provides, while NoScript looks rather clear.
Unlike NoScript, LibreJS allows what it considers trivial, so even if the website does not support LibreJS, it may still be good-enough with LibreJS. So my approach is, if a website does not work well enough with NoScript, make the website allowed in NoScript and see what happens while LibreJS is active. Then, if it is still not good enough and I decide to somehow trust the website, I will add exceptions to LibreJS for it.
Then, I use several abrowser profiles with different sets of extensions, for different purposes.
uBlock has an advanced mode where you can do many of the same types of per-domain blocking as noscript.
Yes, this is what I was referring to. It also seems to offer better control than NoScript. You can allow scripts from a domain on one domain but not another. Whereas with NoScript, as far as I can tell, if you allow scripts from a particular domain, they are allowed on all webpages you visit.
Also in my experience NoScript seemed buggy. For example sometimes I would choose to allow all scripts on a particular tab and they would still not load. In such cases I would have to disable NoScript globally for the webpage to work.
Besides ad and script blocking, I also have some custom filters in uBlock Origin, for example for filtering out paywalls, and making StartPage search open links in the same tab rather than opening a new one. uBlock Origin has very advanced capabilities.
I wonder if the demise of uBlock Origin on Chromium (and probably most Chromium-based browsers) due to the removal of Manifest V2 will cause some people to switch to Firefox. But I think most average people do not use an ad blocker. Even my technically competent family members don't.
That's idiotic that anyone would allow ads to go unblocked.
When ads run, it does four stupid things I can think of:
1: hurts the climate
2: risk of malware
3: feeds the greedy a-holes data that they can sell/share.
4: additional wastes of electricity
Although, my parents do the same... it blows my mind though that anyone in their right mind tolerate those four problems and allow ads to run free on their computers. Just stupid it is.
I could go on and on, but i have said what is most important that I can think of for me personally.
I think the average user probably doesn't know that you can block ads. Many people don't even know what a browser is. All they know is Google.
Even people who are technically competent struggle with this. I have a family member who is an electrical engineer and very intelligent. He installed Chrome because some banking websites weren't working in Firefox. I checked his laptop and found that this was because he was running an EOL version of Ubuntu with a very outdated version of Firefox. I also advised him to use Ungoogled Chromium if he has to use a Chromium-based browser.
I am a translator!
I did not know about this. I will look at it more, but I could not find how to easily see such rules per site, while with noscript it is rather easy.
Fortunately, Anubis works with GNU LibreJS.
Honestly Anubis is a breath of fresh air compared to those annoying Google CAPTCHAs. I would prefer if these things weren't necessary at all but I think that ship has sailed.
I am a member!
Firejail is a tool that you can use to "isolate" the browser from your OS. It is in Trisquel repos. There is a browser sandboxing guide that works with GNU Icecat and abrowser.
Have in mind, though, that running non-free javascript in isolation protects your privacy but doesn't protect your freedom.