[sf-lug] An unpleasant experience

Rick Moen rick at linuxmafia.com
Thu Sep 8 15:08:08 PDT 2016


Quoting Bobbie Sellers (bliss-sf4ever at dslextreme.com):

> But does anyone know a way to block such false alerts?

To elaborate on Daniel's succinct answer, the Javascript (/ECMAscript)
language that drives the 'dynamic' features of many Web sites is
overfeatured, including giving the Web site designer the ability to
disable user navigation (close tab, close window, back, forward, etc.)
and in general control in fine detail what actions the user is permitted
to take.  From the point of view of Web designers, this control is A
Good Thing, because nobody would ever abuse that feature, right?  ;->

Looking from my own perspective, the full feature set of Javascript has
always been a menace to user security and well-being, and it's necessary
to corral those abilities, to take away some of the Web designers' toys
and say 'No, you don't get to do that.'  

Just the barest beginning of this topic:
http://www.makeuseof.com/tag/3-ways-javascript-can-used-breach-privacy-security/

The NoScript Firefox extension is a big-hammer toolkit for the _user_
taking charge of defining what parts of Javascript will be permitted vs.
which result in the browser saying 'Nope, not doing that to my user' and 
declining that part of the page's request.  However, be warned that
there's a learning curve.

_After_ mastering the effective use of NoScript, nuisances like those
you mentioned vanish, and many Web sites become a great deal faster to
load and cleaner looking, in general paying off the effort handsomely.

The browser publishers themselves are _not_ going to restrict Javascript's
abilities significantly, for many reasons including conflict of
interest.  (The same shenanigans that disabled navigation controls on
your manga site also underlies Web advertising / analytics / targeted
marketing (and other euphemisms for spying on users), which is what pays
for development of your browser software.

Mozilla, Inc. (developer of Firefox) is less in conflict of interest on
this point than is, say, Google, Inc. as developer of Chrome /
Chromium, but the sad fact is that the a large percentage of Mozilla,
Inc.'s revenue is payments from Google.





More information about the sf-lug mailing list