Nandakumar Edamana's Personal Website
nandakumar.org

JavaScript Is for Web Apps, Not for Websites

Update on 2021-08-03: My views remain the same regarding the privacy issues and JS on websites, and I still keep myself away from JS-heavy proprietary Web apps. However, I've stopped supporting the idea that all the JS on the Web should be under some libre license like GNU GPL. Having second thoughts.

"When you have eliminated the JavaScript, whatever remains must be an empty page," says Google Maps. Then it adds: "Enable JavaScript to see Google Maps."

The imaginary quote with a picture of [probably] Sherlock Holmes is really funny, but it can't persuade me to turn on JavaScript and proceed to their website. I have multiple reasons not to use Google Maps, major concerns being privacy issues and proprietary JavaScript. If Google Maps respected users' freedom, and it had free (as in freedom) JavaScript, I wouldn't hesitate to enable JavaScript for it. It is a Web app, and it has the right to ask for JavaScript, for that is the only way to do client-side programming on the Web (WebAssembly also requires JavaScript).

Then why am I quoting Google Maps here? Because I [dis]liked the empty page part. That's exactly what I get when I try to visit some websites. Sometimes a throbber appears, and remains either dead or never-ending. Most of these websites use free JavaScript from projects including Bootstrap and jQuery. Still, I don't like the idea of JavaScript becoming mandatory for browsing the Web. It can be used to enhance the usability, but it shouldn't be the thing that loads the basic page contents.

There are multiple reasons to browse without JavaScript:

  • You no longer have to worry about tracking scripts, adware and other kinds of malware. Although there are addons to prevent such elements, they cannot detect all of them, especially the new and yet-to-be-blacklisted ones.
  • Browsers are getting feature-rich and as complicated as an operating system. There might be vulnerabilities and JavaScript is major tool for attackers to utilize them.
  • You don't trust the JavaScript code from a site either because you don't know how to read it, or they won't let you read it (Obfuscript; read this), or you don't have the time to check it.
  • Blocking JavaScript makes page loading faster.
  • When you are using a lightweight browser like dillo or a text-based console browser like w3m or lynx.
  • When the script is under a proprietary license.

So if you are a user, consider browsing with JavaScript disabled, and if you are a developer, please make your pages render without any client-side programming.

We can still use JavaScript for Web apps, and they should be under free (libre) licenses.


Tags: javascript, websites, web apps, security, privacy

Read more from Nandakumar at nandakumar.org/blog/


Copyright © 2017–2021 Nandakumar Edamana. All rights reserved.
Give preference to the copyright notices and licenses given with individual posts (if any). Shots of movies, books or other works owned by others are included for review purpose only.