first of…

  1. the good about JavaScript is (always say something positive in the beginning)
    • cross OS (so runs almost anywhere where there is a www browser)
  2. the bad about JavaScript is
    • massive security problem (hackers using js can actually scan and attack any network in which a js program is downloaded and running INSIDE THE BROWSER)
    • slow
    • ugly to program directly so meta-langs are needed to translate into JavaScript (DART, TypeScript, even C++… others)
    • massive privacy problem (google js is embedded in almost ANY website)
      • so even when the user does not use google, google js embedded on 99.9% of websites can still spy on the user (try to read and collect as much data about the user as possible… not only screen size… )
  3. what makes things even worse is…
    • the complete over-use of JavaScript
      • to display content (bad bad bad)
      • to render layouts (this is just bad programming, any website should render fine with html + css alone… if the user wants the animations… okay enable some js in NoScript Addon (not necessarily all)

what to do?

  • install NoScript and allow only the really really necessary js to run (usually websites run fine without all js enabled, as a lot of js is just there for data collection aka spying)
  • it is not the user’s fault if 90% of website mis-use technology
  • send a friendly complaint mail to every website owner that does not render without js 1) nice website would really want to use it, but… 2) over-use of js is catastrophic puts the user’s privacy and user’s data in danger

tools to test user’s browser

https://panopticlick.eff.org/

https://valve.github.io/fingerprintjs/

js generated problems:

https://security.stackexchange.com/questions/95046/why-disable-javascript-in-tor

SecurityLab, [10.11.20 15:10]

Sonatype researchers have discovered an npm package (a JavaScript library) containing malicious code designed to steal confidential files from the user’s browser and Discord app.

https://www.securitylab.ru/news/513879.php

xiaomi nfc and baseband exploit – Confirmed! JavaScript is indeed EVIL! Also on Phones!

JavaScript is evil (= a major security problem)

links:

https://noscript.net/

https://dwaves.de/?s=javascript

Even PDF s can contain JavaScript macros! Why? Adobe Why? – how to disable JavaScript in PDF files

Mail Thunderbird – disable JavaScript

https://arstechnica.com/information-technology/2013/08/attackers-wield-firefox-exploit-to-uncloak-anonymous-tor-users/

 

admin