1. 13

  2. 7

    Turning off Javascript leads to a broken browsing experience. Many sites today will not work without Javascript, plain and simple. Whether it’s Google Analytics usage, single-page apps, or Bootstrap dropdowns, you’ll find out, like I did, that almost every site is broken slightly by disabling Javascript. I applaud the author for fighting the good fight, but I just got tired of things not working.

    1. 2

      Conterdote: I use NoScript so scripting is off by default for any new site and most sites work fine.

      When I browse on my tablet where ijs runs by default and routinely encounter modal popups and view-blocking Share This bars I am reminded what a better experience it is to pick and choose when scripts run.

    2. 7

      I was expecting this to be another “I’m disabling JavaScript for security” post, to which I would just mentally reply, “but modern browsers still have such a huge attack vector even with JavaScript disabled, so the security isn’t worth the trade-off in loss of usability on many sites” but strangely the OP is doing it for a loss in usability.

      I used to browse with Firefox configured to prompt me to accept cookies on every single site because I thought I was getting some privacy gains with it. For every new site, I’d have to decide, in advance of using the site, whether I thought it needed to set cookies and whether I wanted to maintain a session. After a while I realized how much time I was wasting doing that mental exercise, especially when I’d block a site’s cookies, then discover it completely broke without them, and have to go remove the block and reload.

      Then I switched to a default browser policy of session-only cookies, so only sites that I whitelist (a dozen or so) can maintain permanent cookies and the rest get cleared every time I close and re-open the browser. But then I found I wasn’t closing it as often as I’d like (more likely Firefox just doesn’t crash as much as it used to) and so those tracking cookies staying around for just a session were still able to do their dirty work for a few days. Now I use Self-Destructing Cookies with a whitelist policy so just closing the tab of a site will destroy any cookies it set, allowing me to have a long-lasting browser process without all the tracking cookies, and without having to make any decisions for 99.9% of the sites I browse.

      Whitelisting works for cookies and nasty things like flash, but I think we’re too far along to kill JavaScript by default. It’s rare for developers to bother writing sites that degrade properly without JS and I would have a hard time justifying the extra cost for a commercial site (though if anyone wants to submit patches to make Lobsters degrade with regular <form>s and redirects like HN, I’ll accept them). The only argument I remember being relevant for it used to be that search engines needed static content somewhere to index, but now they can all grok heavily dynamic sites.

      1. 5

        This is a bit of an unfocused rant, but there are some good points. I mostly agree with the complaint about using javascript to unnecessarily break common user interactions. Don’t do that.

        I have had JavaScript turned off by default (but with white-listed domains) for the last 3 years in order to make my setup more strange for anyone attempting script injection or cookie stealing.

        Also I think it’s strange to click around the internet running arbitrary (albeit sandboxed) code on my machine. I don’t browse the Android or iOS app stores installing every app willy-nilly to see which ones are good either. I read reviews and check which permissions are required and then install once I’ve convinced myself of the app maker’s trustworthiness. This is essentially the same as putting a trusted domain in the JavaScript whitelist is it not?

        1. 3

          That’s what I like about xombrero: If you use it in whitelist mode, cookies and JS are off-by-default.

          You can toggle them on a per-session basis by hitting F4, cookies will be cleared on exit.

          1. 2

            I’m a huge fan of xombrero for this reason.

            1. 1

              Thanks for the tip to xombrero! Just got it built and running on ubuntu.