this post was submitted on 11 Aug 2024
113 points (91.2% liked)

Privacy

31799 readers
280 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I highly recommend disabling JavaScript by default in your browser and then whitelisting the websites that you use frequently and need JavaScript to function.

The privacy benefit of this is that when you read articles online or visit new websites, most of the time it will not need JavaScript to function which will stop loading a lot of ads and tracking scripts.

The security benefit here is massive, first if you visited a bad link that contains a malware that is dependent on JavaScript it would not work, secondly if you visited a link for a service that you use and JavaScript did not work there, then you can see in real time that this is a fake page and not the real websitewebsite you intended to visit.

Bonus tip: try to replace the unnecessary websites that can't work without JavaScript and you need by JavaScript free websites or open source apps.

Disclaimer: Stay cautious. This recommendation will improve your privacy and security, but it does not protect you from everything.

you are viewing a single comment's thread
view the rest of the comments
[–] Emotet@slrpnk.net 100 points 2 months ago (5 children)

15-20 years ago, I'd have agreed with you. But apart from a select few news sites and exceedingly rare static sites, what percentage of websites most users use day to day actually function even minimally without JavaScript?

I'm convinced that in practice, most users would be conditioned to whitelist pretty much every site they visit due to all the breakage. Still a privacy and security improvement, but a massive one? I'm not sure.

Very happy to be convinced otherwise.

[–] smeeps@lemmy.mtate.me.uk 22 points 2 months ago

Yep, software dev here for a static marketing site for a product. We are in a constant battle with PMs and SEO who want Google tracking, Facebook, TikTok, A/B testing, cursor tracking, etc. We're trying to keep page-speeds fast while loading megabytes of external JS code...

Luckily all that can be blocked by the end user without affecting the site though, all you'd lose is some carousels and accordions etc that are done with a few lines of code.

[–] montar@lemmy.ml 21 points 2 months ago

Tried and can confirm almost every webpage even static ones which could be simple as rock needs truckload of bloat js code to be loaded from ext servers.

[–] AnAmericanPotato@programming.dev 16 points 2 months ago

It's incredibly annoying, but it gets easier over time as you fill out you whitelist.

One of the big advantages to something like NoScript is that it lets you enable scripts only from certain domains. So you can enable the functionally-required scripts while still blocking other scripts.

But yes, it's a giant pain in the ass. It's absurd that the web has devolved into such a state.

[–] ModerateImprovement@sh.itjust.works 5 points 2 months ago* (last edited 2 months ago) (1 children)

I had been doing this since long time and I am super comfortable with this as most of the websites that I come across does not need JavaScript to function.

Even for the websites that need JavaScript and I need them, I try to replace them with open source apps and clients.

You can list the websites you use and require JavaScript and I can give you alternatives if you want.

Happy to help you.

[–] Emotet@slrpnk.net 7 points 2 months ago

It's great that it works for you and that you strive to spread your knowledge. Personally, I'm quite happy with my DNS filtering/uBlock Origin and restrictive browser approach and already employ alternatives where feasible in my custom use case.

Thanks for your offer, though!

[–] s38b35M5@lemmy.world 3 points 2 months ago

I agree that most websites don't load without JavaScript, but you don't need seven or more different domains with java allowed for the main site to work. Most sites have their own, plus six google domains, including tag manager, Facebook, etc. I whitelist the website and leave the analytics and tracking domains off.