(no title)

> CSS, cookies, external images and fonts, redirect links, referrer headers, browser caches

Aside from CSS and redirect links, all of these features are fairly straightforward. The consequences of disabling the Referer header, for example, are pretty small and easy to understand: you'll stop sending sites information about what links you used to get to them, but some very picky websites that check the header (e.g. image hosts that try to prevent hotlinking) might not work. This means browsers can provide options to let the user choose their preferred balance of privacy, functionality, performance, and "helping us improve your experience".

With JavaScript, on the other hand, it is very difficult for end-users to tell what a given website is doing. Are those hundred kilobytes of minified code a tracking/fingerprinting script, a crypto-miner, or a Hello World app in the UI framework du jour? It's hard for even an experienced developer to know for sure, and it's basically impossible for browsers. Your options are (1) allow everything, (2) use really crummy heuristics like "what domain is this file being served from", or (3) disable JavaScript and give up on using half the websites on the Internet.

No, the law is to blame. Digital surveilance should be considered separate to advertising and should be regulated or made illegal.

If JavaScript is an automobile, HTML/CSS is an electric bike. You can get pretty much wherever you want on an ebike, they're safer than cars, more intuitive, and lighter on natural resources. Nearly everyone knows how to ride one, and there's very few surprises, unlike automobiles which are repackaged in all sorts of odd ways (gas on the left or right, or maybe it's electric, car vs truck vs bus). And all that complexity comes at a cost to both the driver (who knows if the car is spying on you) and the manufacturer (need to keep up with the current trends because reasons).

Sometimes you need a car, but usually an ebike will be more than sufficient. Going on a road trip or doing a large Costco run? You probably want a car. Just picking up some eggs from the grocery store or making a visit to the library? An ebike is probably the best option, and is also likely faster (closer parking, can ride on roads, sidewalks, bike trails, etc).

I use a static site generator for my blog and personal web site, and there's absolutely no JavaScript involved. I use JavaScript with a web framework for webapps because otherwise we would need to build a desktop app, which would limit our reach to those platforms we have the resources to support.

I'm of the opinion that you should use the simplest technology that will get the job done. It's far easier to make a static site secure than a dynamic one. It's far easier for a customer to vet your server-rendered site than your pile of JavaScript (nothing runs locally, so they just vet form actions and HTTP headers).

If only using JavaScript required a license to operate and came with a set of rules enforced by fines and jail time :)

If every browser had done the sane thing from day 1 (no third-party scripts and no cross-domain communication) we wouldn't be in the mess we're in. Sites could still use all the power that comes with scripting, ad networks just wouldn't be feasible.

> The world would be a safer, cleaner place. And a small fraction of people would be happy with it.

You might be missing how expectations change after the introduction of a technology. I wouldn’t guess that people would be unhappy about not having cars before the car was even invented.

Yes, if the world had functioned just fine without atoms, and then atoms were invented and foisted on everyone for little gain.

JavaScript isn't from nature. It could have been designed so that it didn't enable those things, but it wasn't. It's probably more accurate to say the ability browsers grant JavaScript is to blame, but that's just splitting atoms.

It's crazy Steve Gibson (of all people) calls this too impractical to use.

If you're a total tech-novice, sure, but as a power user it's fine. I'm blocking ycombinator.com right now. I can still submit this. If something doesn't work, just click the icon and trust its domain. If pictures don't show, trust a CDN. Amazon, Paypal, 99% of sites work with an initial adjustment of trust settings.

What if the Web were filesystem accessible?

https://old.reddit.com/r/dredmorbius/comments/6bgowu/what_if...

But you can't build a pop-up if you don't have access to create new windows, yet you can still be turing complete. For example, WASM is Turing complete, but it can't create popup windows because it has no access to the DOM.

I think JavaScript should have to request access to use browser APIs, and you should be able to disable access to any of all of them. For example, I should be about to disable:

- network access (disables adding script tags, XMLHttpRequest, fetch) - 2d canvas access - 3d canvas access - WASM

And so on, just like mobile apps, but perhaps more granular. The app should also be able to put a note as to why it needs each specific feature.

Being Turing-complete seems a bit overkill for a hyperlinked document platform.