Notes from the Intelpocalypse

Posted Jan 4, 2018 11:20 UTC (Thu) by roc (subscriber, #30627)
In reply to: Notes from the Intelpocalypse by flussence
Parent article: Notes from the Intelpocalypse

It's not exceptionally difficult to disable Javascript.

Even if removing Javascript from the browser entirely was a good idea in the abstract, there are a couple of problems. One is that all users would immediately switch to a competitor browser, possibly an earlier version from the same vendor.

Another, even deeper problem is that the only alternative to run-by-default execution of untrusted code is some kind of trusted gatekeeper like the app stores have. (Don't say users should decide; they mostly can't.) But those gatekeepers don't work very well, and they put too much power in the hands of Google and Apple.

Notes from the Intelpocalypse

Posted Jan 6, 2018 18:52 UTC (Sat) by flussence (guest, #85566) [Link]

I know a JS-free web will never happen, it's too impractical, it's some people's dayjob, etc. The sky is falling, I don't have a good answer and I don't expect anyone does right now.

Maybe we could, for a start, treat CPU-hungry webpages with a bit more paranoia than passive event-driven ones? There's sufficient fine-grained security for the latter group but all we've had for the former is sledgehammers like NoScript, or whack-a-mole solutions like that one coinhive blocking extension. Enumerating badness isn't sustainable, there has to be a better way.

I wouldn't mind having less reasons to allow JavaScript in the first place though. Google should be busy restoring their MathML support after this week, for one.