(no title)

JavaScript is fine for e.g. territorial.io - where JS isn't an implementation detail but critical to the core concept - but if it's unnecessary, then some people despise being forced to use it.

Disabling JS reduces third-party blocking code, tends to speed up page loads by removing the need to download JS scripts, has no degradation of the content 99% of the time, and is an extremely effective ad/tracker blocker. Overall, it's not hard to see why some people love it.

JS also breaks some web browsers, which pisses off anyone who likes those web browsers.

JS is often proprietary code running on the client's computer, or at least hard-to-verify open-source code that's running on the client's computer and creates unnecessary remote code-execution security holes.

I don't care personally, but I can see why some people do and I think "the modern web" is rather problematic and needs to be reformed.

I think JS can actually be a good thing overall (when executed properly), because it reduces the need to load content from the server and thus can make the user's app more resilient against inconsistent internet connections. Also, JS runs client-side which is better than relying on code that runs serverside, as a rule. (See "service as a software substitute".)

Yes. All JS turned off by default unless it's on a whitelist. Takes a few days to get the whitelist set up, but its fairly straightforward.

Between this and uBlock, it makes the web a lot safer and resource intensive to browse. For example, people frequently cite Chrome as being faster than Firefox, but with my setup that has rarely been a the case in a very long time.

I've also generally found a strong correlation between websites that don't work or work badly without JS and them being websites I don't want to frequent. And when the website doesn't work without enabling most of the JS, including all the ad and tracking stuff? That's a good sign that I probably should never whitelist that website.

There's also just the matter of principle. If a website works just fine for my needs with most or all of the JS turned off, it wasn't really necessary in the first place was it?

Javascript is a security and privacy nightmare. It's frankly absurd to me that we default to Javascript switched on everywhere for everything. It feels like chmodding your entire home directory to 777 on a shared system.

JS is also an accessibility nightmare, but unfortunately turning it off doesn't fix that.

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=252165

1) Disgust at sites that use JS for gratuitous purposes, absurd scrolling, stupid visual effects.

2) A kind of chest thumping "I was here long before Javascript was a thing, laddy".

3) Security fears, desire to reduce attack surface

4) Revulsion of JS as a language

Not only analytics but advertising and general “tracking” stuff. There are many reasons and any individual may have one or more which would persuade the decision.

If one “offers advice” that a website “doesn’t work with javascript disabled” just consider that they are suggesting to try implementing progressive enhancement (https://en.wikipedia.org/wiki/Progressive_enhancement) as is done on the linked page. Basically get the page working with HTML only, then add CSS, then add JS.

Way more than justified, sadly. Web pages are supposed to serve documents which can be read, there is zero need for client-side scripting in that case. And that's the predominant use case.

Yes, javascript is useful for the occasional site that needs client-side interactivity. Games that run on the browser are a good use case. Maybe the only one.

But for documents? No, absolutely not needed.

As to why object to it? Code running on my computer being served from an untrusted third party is always a huge security risk. I don't want to run your code, I don't trust some random website admin. Yes, browsers do their best at containing the malware but it will never be completely perfect. The only perfect solution is to simply never run any code being served off some random website. Which means disabling javascript as much as possible.

It's not all or nothing. I enable JS for the bank, webmail, etc websites I visit regularly and trust. There's no need to have it enabled on the rest of the shit that I only visit when it gets linked on HN.

Sturgeon's law is understated. 99.987% of anything in an iframe is crap.

https://en.m.wikipedia.org/wiki/Sturgeon%27s_law

Yes.

"If so how and why?"

Make HTTP request(s) outside browser then view with HTML reader. Many other ways to do it. Depends on personal preference.

Why: Because it's more flexible and efficient than using a browser. For example, 1. send multiple HTTP request in single TCP connection, 2. filter response body, e.g., using UNIX utilities, 3. it's both fast and reliable. There is no waiting.

"Isn't most of the web dependent on JavaScript?"

For ads and tracking, yes. For displaying text, generally no. In the later case, some sites may use Javascript to request text (JSON) from some other path or domain. In these cases, one can send the requests to the other path or domain without using JS. If the user prefers only text content, without graphics, this is especially convenient.

I also do.

> If so how and why? Isn’t most of the modern web dependent on JavaScript?

I expect a webpage to be a webpage, not an "app". I always think it's funny that many pages will print the message "This app requires JavaScript to run" when they fail to work without JS. "Apps", I feel, should be executables I run on my machine after installation. I mean, that's bad enough -- how do I know a video game isn't scouring my system for all my personal data to sell to advertisers as it admitted in the EULA I didn't read? But now webpages can be fly-by-night Turing complete brain surgeries on my computer? No thanks.

Gee, thanks W3C, for making battery life and other things JS queries which are at best useless and at worst tools to track and datamine me. (By the way, all the ads, sometimes also malware, loaded via JS sure eat into that battery life. Yay!) Let me whole-heartedly subscribe to this Molochian acceleration to value extractive singularity so that I can visit a webpage! Maybe I'll also get to enjoy some shitty animations or standard workflow-breaking behavior (e.g., pagination/right-click context menu hijacking) while I'm at it to get in the way of the content I wanna get. :D

It's a defensive measure to help prevent tracking and other attacks.

> Are y’all browsing the internet like this?

I am.

> Isn’t most of the modern web dependent on JavaScript?

A well-designed webpage degrades gracefully and is still usable without JS. There are plenty of badly-designed websites that don't do this, of course. I just don't go back to those.

If I'm visiting your webpage it is because there is information as HTML that I wish to read. Why do you need to issue commands to my computer? That's invasive and unnecessary and certainly not something I'm enthusiastically consenting to.

Many JavaScript payloads are also huge. Millions of humans do not have a reliable and fast cable or fiber ISP connection.

But I can share my thoughts on NoScript:

An ad-blocker acts as a blacklist of sites/domains which are not allowed to run JavaScript in your browser. So basically everything is allowed by default - and the plugin downloads a list of known sites/domains that serve ads, track you, serve malware etc. That list is curated by someone else - and with the goal of disabling as many ads as possible while breaking as little site functionality as possible.

NoScript allows you to manage a whitelist of sites/domains which are allowed to run JavaScript in your browser. So by default everything is forbidden - and only sites/domains explicitly added to that list can run JS. And you have to curate that list yourself - so it's up to you to add sites/domains to those you want to trust permanently/temporarily. This is more involved, requires more effort, and many sites will break - loosing legit features, sometimes even breaking static content.

So, there are some parallels in there - one is a general blacklist that's remotely managed for you - and the other is a whitelist that you have to manage on your own.

You get more control and more security - at the cost of increased hassle, as many sites will just be broken out of the gate, and some will still be broken even after you (temporarily) allow first-party scripts a CDN or two. Some less recommendable sites need JS from 20+ domains (some of which dynamically load in even more domains) to work, while other sites work perfectly fine with just first-party scripts allowed and nothing else. For me that's interesting to know.

But you also get to see and learn a lot about what's going on under the hood, which might be interesting too, if you work in the field.

It's up to everyone to decide for themselves, whether that's worth the hassle - for most people it's probably not. But if you are technically minded and have already gained a little bit of experience with NoScript - the hassle isn't actually that great.

All pages you use regularly will be permanently whitelisted - many other pages can deliver you their static content fine even without JS - lots of pages are pretty easy to whitelist temporarily in just a few clicks - and the rest are often best to stay away from anyway.

Javascript is an inherent security vulnerability because it allows other entities to execute arbitrary code on your computer system. Disabling it is basic prudence at this point.

> Are y’all browsing the internet like this?

Yes. Every system I use online has Javascript disabled by default for all sites and a curated whitelist.

> If so how and why?

Why is already answered above. How is via Firefox + NoScript + uBlock Origin. This allows me to control which domains are allowed to execute Javascript with a default-deny policy and blanket disable XSS.

> Isn’t most of the modern web dependent on JavaScript?

Yes, but most of it renders text just fine without it, and the ones that don't are usually sites I don't want to be on anyway. Most of the modern web is also garbage that is actively harmful to the security of your system and to your psyche.

While some websites do need JS and therefore get it selectively enabled (if I trust them), if all I want to do is read some text then I generally have a better experience without JS.

You know how most security vulnerabilities are some form or another of Remote Code Execution, right?

Well, now consider what JavaScript usually is: Code from a Remote server that Executes on its own locally. The remote server might not have anything to do with the website you intended to visit, too.

The literal nature of JavaScript is a security threat and liability.

I suspect it's a very vocal minority.

> Are y’all browsing the internet like this

I'm not, no. 15 years ago I would NoScript for security reasons. But I visit far less shady sites and times have changed with browser security. Never did I NoScript for philosophical reasons.

most modern web developers are very dumb

c.f. tailwind

I think there’s some vague good reason to block all JS and put sites you trust on an allowlist but I no longer do it personally.