"If you're seeing this message, that means JavaScript has been disabled on your browser.

Please enable JavaScript to make this website work."
techinasia.com/

I'm so sick of websites websites refusing to even display text and images if I don't agree to run their proprietary Javascript on my computer. Isn't it time that browsers started treating requests to run Javascript like requests to use the mic or camera, and asked the user before allowing them? Ideally with crowdsourced info about what the scripts are, and what they do? In other words, make something like #NoScript a standard part of browsers.

@strypey Be careful what you ask for: that would kill the peer web before it started. JavaScript on the client isn’t the enemy. Business logic on the server is the enemy.

@aral that's a fine distinction. As a developer, you're in a better position than I am to know. But you'll need to convince me. Because it seems to me that outsourcing processing work to the user's PC - via JS black boxes - is exactly how #SurveillanceCapitalism achieves massive scale, while claiming that #ThereIsNoAlternative to centralized server infrastructure. A myth they've propagated so effectively that even many developers have started believing it:
signal.org/blog/the-ecosystem-

@strypey

JavaScript isn't a black box, though. You can inspect all the code that's running in your browser.

Some JS is obfuscated, but it can be easily de-obfuscated. All browser-side JavaScript is effectively open source, even if it's not licensed as such.

If your concern is about privacy, it's not the JS running in your browser that should concern you. It's the data sent from the JavaScript to the server.

It would be reasonably simple to disable AJAX, thus preventing data to be sent to/received from the server, but allow all other JavaScript, allowing interactivity to still work.

@aral

@danjones fair points. But privacy is only a subset of a much larger concern, which is about *control*. Putting aside the argument we could have over the "black box" part of my post, the fact remains that:

> outsourcing processing work to the user's PC - via JS - is exactly how #SurveillanceCapitalism achieves massive scale, while claiming that #ThereIsNoAlternative to centralized server infrastructure.
@aral

@danjones There are many possible strategies for redecentralizing, and resolving the *many* problems with JS, some of which are described here:
gnu.org/philosophy/javascript-

I agree with @alcinnz that moving interactive functions back into native apps, leaving the web as a platform for static pages that don't require (or use) JS, is a strategy worth exploring.
@aral

@strypey @danjones @alcinnz Maybe the FSF should worry more about its logo appearing next to Google’s as they sponsor the same events than some ridiculous and ill-informed stance against a programming language that spreads FUD about potential alternatives. Remember that an AGPLv3 licensed app specifically built for drones to send hellfire missiles to little children would get the FSF seal of approval. Free Software is just a component of ethical tech but doesn’t care about ethics of use cases.

@aral I share your concerns about open source events being sponsored by Google, as do FSF, but they can't control this. As for approving of child-killing drone software, that's FUD worthy of Microsoft. FSF have often spoken out about the use of freely-licensed code to do much less anti-social things than that:
fsf.org/blogs/rms/ubuntu-spywa

Perhaps you could respond to the concerns laid out in 'The Javascript Trap' with some substance, rather than resorting to whattaboutism?
@danjones @alcinnz

@aral as for the claim that the FSF's criticisms of Javascript are a ...
> ridiculous and ill-informed stance against a programming language

I note that they're far from alone in seeing JS as a problem. Plenty of experienced engineers have serious problems with it too. A quick selection off the top of my head:
* soc.freedombone.net/objects/20
* hackernoon.com/the-javascript-
* onpon4.github.io/articles/kill
@danjones @alcinnz

@aral I'm aware of the holy wars that constantly rage for and against programming languages. But AFAIK JS is the only one that results in code being downloaded and run on the users computer on-the-fly. As onPon's article points out, that makes proprietary JS code effectively impossible to replace at the user end with free code. These are not trivial issues, and implying that they are suggests a failure to understand the scope of the problem.
@danjones @alcinnz

Follow

@strypey @danjones @alcinnz Right and what happens exactly when you have automatic updates on and a native app gets updated? Now what happens when you’ve allowed say Apple to use bitcode? Instead of vilifying JS when some of us are trying to build systems using it, let’s understand that the real issue is business logic on the server, proprietary/closed source code, and lack of reproducible builds. Spreading FUD about in-browser JS could jeopardise what I’m working on with ar.al/2019/02/13/on-the-genera

@aral
> the real issue is business logic on the server, proprietary/closed source code, and lack of reproducible builds.

Sure, these are all problems, and I get that JS isn't the only vector for them. But the way it's deployed makes it particularly vulnerable.You've left out the major architectural weaknesses of JS (eg the security audit nightmare created by dependance on hundreds of third-party modules). As for Apple, the FSF criticize their practices harshly elsewhere, as I'm sure you know.

@aral
> could jeopardise what I’m working on

This is neither here nor there, but it does suggest you're getting too emotionally close to the issues to be totally objective in your analysis. For the discussion to continue productively, it's probably best to look at it from 50,000 ft, and purely from a user POV, pretending for the sake of argument that you have no skin in the game as a technology creator.

@strypey You bet I’m emotionally invested in it – I’m not sitting in an ivory tower perpetuating some bs notion of neutrality in the matter while enjoying my tenure. I’m building what I’m building because I care about the issues not the other way around :) (And I’d further argue that objectivity is impossible for any being with self interests – even base ones like a need for food or shelter. The best we can be is transparent about our biases and subjectivity.)

@aral make no mistake, I believe you really do care about protecting users from surveillance capitalism, as I do, which is why I regularly signal boost your stuff. All I'm saying is that folks who really like their hammers have a tendency to start seeing every problem as a nail. It's important not to let a sunk cost fallacy prevent you from considering other options that might also work, and corner you into interpreting any suggestion along those lines as a demand to ban hammers ;)

@aral @strypey

> objectivity is impossible

True but only because we are limited by our physical nature.

> for any being with self interests

Yet some people act independently of their self-interests.

I'm one, so I know they exist.

I'm not particularly good or wise, I'm just curious.

@aral, just like @strypey
I appreciate your work, but I agree that you are scared by something that isn't going to affect your work.
Let's assume that one days #JavaScript and #WASM execution becomes opt-in in #Web #browsers, your application is not a web browser, so nothing would change.

This is not #FUD, but a real attack from the #Russian gov (mostly) to their citizens: bugzilla.mozilla.org/show_bug.

#JS enabled this #surveillance, and if it was #Google doing the same we would have never known it.

Sign in to participate in the conversation
Aral’s Mastodon

This is my personal Mastodon.