[osoba]

Random idea: Couldn't browsers have two modes of browsing, one lightweight one where only the most basic of JS features are enabled by default (this is something that 99% of websites actually need) and the full version where everything is enabled. The lightweight one is the default state and the users can manually switch to full version. Or even better use logistic regression or a neural network to decide when a website genuinely needs advanced features and when it's just to track you. As a bonus the lightweight mode would also probably render much faster? How realistic is this? What would be the downside?

[zzzcpan]

> Couldn't browsers have two modes of browsing

They could, they could even use click-to-play like interfaces or similar for pretty much everything that might hurt user experience or weaken their privacy, but enabling by default all of the features required to show ads is much more important for all major browsers. They are only interested in helping users as long as their backers can benefit from it, i.e. can show them ads or drmed content. Even Mozilla is like that. There is no incentive for privacy there, except for PR purposes, but PR is not something you can install on your computer. Best bet is probably to donate to privacy oriented forks and use them.

[nrki]

This is why I use uMatrix.

[pragone]

Sometimes it's frustrating to get sites working with it, but it's nice to know I can have such fine grained control over every (I think?) connection each website is making. Sometimes I'm just astonished - some sites are making network requests to dozens and dozens of other domains!

[coldpie]

Observe, a local newspaper website: http://i.imgur.com/hmFaW3M.png

[navs]

To me a typical web developer uses HTML, CSS and simple javascript limited to basic dom manipulation, maybe a sprinkle of ajax. All of which can degrade gracefully for the non-js browsing user (lite javascript maybe?)

Then again, seeing what's trending and the topics of many bootcamp courses, I see that is moving towards SPAs which are all just JS (non-lite javascript)

As a web developer I can see that introducing a painful troubleshooting process, lots of confused jira tickets (explaining caching is bad enough).

It would be nice to simply have websites that can function within the scope of light javascript functin without it at all. For those that have the complex JS, well they get a bren experience but a browser notice that informs them why. Chrome does part of this with a whitelist JS feature. Now if only it were as noticeable as the click to play flash feature is.

[ioulian]

These are my thoughts (as a webdeveloper):

We have 5 big browsers and 3 OS's that we need to support (different rendering, different canvas rendering, not to mention 3d rendering quircks, different installed fonts), I think we don't need yet another way to make our lives difficult.

I understand that privacy is a big issue, but think about "normal" web developers who just want to show a cool working website to their users, but need to display this message to them: "Thank you for looking at our website, but unfortunately your browser is in lite JavaScript mode. Please set it to full functionality again and restart your browser en go to our site once more.".

I have already used dirty hacks to support the default setting of 3rd party cookies in Safari, while developing facebook apps or some apps inside an iframe that have different domains. It's there to make users feel more secure, but there are always ways around it.

It would be better to add the functionality you are suggesting as an option and not by default, so people, who understand the "risks" of not viewing some sites properly in favor of more privacy, will turn it on by themselves.

[Majestic121]

I understand the view and pains of the webdeveloper, but quite frankly I think privacy issues are way more important. Not even in the same order of magnitude.

Your comment feels like a restaurant saying 'Ok, I understand cleanliness is important, but as a cook washing dishes all the time is really annoying so I only wash them if customers ask for clean dishes'

[ioulian]

Haha, good one, but joking aside, I would rather prefer that the dishes can never get dirty, no matter what.

I don't think it's in Google best interest to add anti tracking features into Chrome browser (and same with MS and Apple). So for now on we must bring our own cloth to clean out the dishes or go to another restaurant where the dishes are always clean.

The problem is that it's impossible to change the current behaviour of the browsers without breaking the whole internet. It would be much easier and better to create a new browser (look at Tor Browser for example), that has a lot of anti tracking features enabled by default.

People know that if they want privacy, they can use this browser. But it's still a "big" hassle to install it, not to mention my grandmother knows Chrome/Firefox, but not Tor Browser so she will never use it.

We do not need to change the browsers to let them defend us, but to teach folk what privacy is and what to do if you don't want to get tracked.

PS: keep in mind that browser is 1 item in the big picture of "tracking private data". IoT devices are really booming now, and everything is tracking us, our watches, refrigerators, thermostats, ... we can't just install a AdBlocker there.

[Silhouette]

The problem is that it's impossible to change the current behaviour of the browsers without breaking the whole internet.

That just doesn't track, sorry.

For one thing, plenty of sites would continue to work just fine if browsers (for example) wouldn't allow any JS to upload anything without the user's explicit consent. That would immediately solve a significant part of the problem, for a cost of one click the first time a user visits a site where they do want to allow it.

For another thing, web developers respond plenty quick enough to new opportunities to exploit browser functionality. If the major browser developers told them where to go, they'd fix their broken sites plenty quickly too.

IoT devices are really booming now, and everything is tracking us, our watches, refrigerators, thermostats, ... we can't just install a AdBlocker there.

Maybe they're booming where you are. I've yet to see anyone, from my most gadget-obsessed geek friends to my least technical family members, actually use one, other than devices specifically made for some communications purpose or whose main/only function is to provide access to some remote service. Certainly I've yet to meet anyone who thought everyday household appliances like their fridge or thermostat needed to phone home to do their jobs.

As for installing a blocker, I've already seen multiple places interested in implementing something that is essentially a privacy firewall for home devices and/or building a database of which devices try to communicate with which remote hosts for which purposes. If IoT really does outgrow the marketing hype, tools to limit its capabilities for privacy and security reasons will surely follow, maybe even at ISP level in the same way that a lot of spam no longer even reaches our junk folders.

[wtbob]

> Haha, good one, but joking aside, I would rather prefer that the dishes can never get dirty, no matter what.

Using JavaScript to deploy content-focused websites is like a restaurant which uses its cookpots for urinals: sure, it can be done hygienically, but it's Just Wrong.

[adrianN]

The majority of the web works fine without any Javascript at all.

[coldpie]

> I understand that privacy is a big issue, but think about "normal" web developers who just want to show a cool working website to their users, but need to display this message to them: "Thank you for looking at our website, but unfortunately your browser is in lite JavaScript mode. Please set it to full functionality again and restart your browser en go to our site once more.".

My brain melted out of my ears when I read this sentence. Why on Earth do you need JavaScript to display a "cool" website? So you can make the text fade in for no reason? I think you need to re-think what the Internet is for.

[ioulian]

As a developer in a web agency, we create a lot of "fancy" (= sites that are interesting to look at, and they need to draw attention) websites, no it is not to create a text fade that can be done in CSS btw.

It is to validate forms with ajax, it is to display ajax loaded content, it is to upload a file without needing a page refresh, to create a simple image slider/viewer, ...

Of course the content is king, but do not forget that there are a lot of stuff going around content. Look at Facebook, Youtube, Pinterest, ... Sure they could work without any Javascript at all, but it will not be the same experience.

Like somebody here already said, we beginning to create web apps because it's possible and because it's cheaper to do directly in the browser than to hire a native device developer (another discussion).

We can't forget Javascript nowadays, it's a big and popular language for a reason, it allows the developers to create interesting user experiences (and apps) inside a browser. There are a lot of fine examples of good javascript implementations, but of course there are also companies that use it the "bad" way.

[coldpie]

Sure, if you need user interaction, it's reasonable to build a web app. But the vast majority of websites are simply conveying information. You don't need vast amounts of JavaScript just to shove text at a user, but a fair number of websites break anyway.

[VA3FXP]

Let me address the "normal" web developers then:

Don't use cookies. Don't use Javascript.

And to use your own words:

<quote> "It would be better to add the functionality you are suggesting as an option and not by default, so people, who understand the "risks" of not viewing some sites properly in favor of more privacy, will turn it on by themselves." </quote>

Turning off all the cruft makes websites MORE usable not less. Plain text, offers the highest information density available. So do you want dancing monkeys on your screen, or do you want information?

[Silhouette]

Given that popular uses for the Web today include social networking, e-commerce, web apps, and online access to services like banking, I think the idea that sites should just display static information and should work better without JS and cookies is at least a decade out of date. Pushing for a very limited web is a battle that was lost long ago.

What needs to stop is the idea that just because JS is useful for interactive aspects of sites, it should also provide access by default to 1,945,255 other features that 99.9999% of sites have no legitimate use for.

[wtbob]

> Given that popular uses for the Web today include social networking, e-commerce, web apps, and online access to services like banking, I think the idea that sites should just display static information and should work better without JS and cookies is at least a decade out of date.

Do you realise that every item on your list wasn't just possible but flourished without JavaScript, and works fine without third-party cookies?

JavaScript is a cancer on the web, a metastasised extension language which is swallowing up what was a thriving hypertext infrastructure.

[Silhouette]

Do you realise that every item on your list wasn't just possible but flourished without JavaScript

No, I don't realise that at all.

Imagine how tedious it would be even to use a relatively simple discussion forum like HN if you had to wait for a full page reload every time you hit a voting button or expanded/contracted a thread.

That's about as simple an interaction as you can get, but there are countless other simple examples where JS-based interaction is much more responsive and easier to use than a round-trip to the server. Think real-time form validation, for example.

At the more complicated end of the spectrum, how exactly would you implement a web app like, say, a spreadsheet, without any client-side interaction?

JavaScript is ... swallowing up what was a thriving hypertext infrastructure.

Sure it was, 20 years ago, but the technology has evolved to serve new purposes, as technologies do. The Web of 2017 is unquestionably far more useful for far more people than the Web of 1997, and the interactivity offered by JS is a significant contributory factor.

[zeveb]

> Imagine how tedious it would be even to use a relatively simple discussion forum like HN if you had to wait for a full page reload every time you hit a voting button or expanded/contracted a thread.

You don't need a full page reload to implement voting; that's what the 204 No Content response is for: your browser sends the vote & doesn't refresh the page.

[eeZah7Ux]

> Imagine how tedious it would be even to use a relatively simple discussion forum like HN if you had to wait for a full page reload every time you hit a voting button or expanded/contracted a thread.

If javascript did not exist HTML/CSS/SVG would have evolved simple features like submitting a POST when an element is clicked without reloading a page.

Iframes were already enabling something similar and CSS supports animations.

[osoba]

Good point. So maybe browsers should make the full version the default and then add the following options for more tech savvy users (and users can set the permanent default or per website setting):

1) full mode (all JS is enabled)

2) lite mode (only the bare JS is enabled, no tracking possible)

3) suggested mode (a machine learning algorithm decides what is really needed to be enabled and what is there for tracking purposes)

4) manual mode (somewhere in the settings you can tick and untick verious JS APIs that you want enabled and disabled, like websockets, WebGL etc)