Hacker News new | ask | show | jobs
by ioulian 3414 days ago
These are my thoughts (as a webdeveloper):

We have 5 big browsers and 3 OS's that we need to support (different rendering, different canvas rendering, not to mention 3d rendering quircks, different installed fonts), I think we don't need yet another way to make our lives difficult.

I understand that privacy is a big issue, but think about "normal" web developers who just want to show a cool working website to their users, but need to display this message to them: "Thank you for looking at our website, but unfortunately your browser is in lite JavaScript mode. Please set it to full functionality again and restart your browser en go to our site once more.".

I have already used dirty hacks to support the default setting of 3rd party cookies in Safari, while developing facebook apps or some apps inside an iframe that have different domains. It's there to make users feel more secure, but there are always ways around it.

It would be better to add the functionality you are suggesting as an option and not by default, so people, who understand the "risks" of not viewing some sites properly in favor of more privacy, will turn it on by themselves.
4 comments
Majestic121 3414 days ago
I understand the view and pains of the webdeveloper, but quite frankly I think privacy issues are way more important. Not even in the same order of magnitude.

Your comment feels like a restaurant saying 'Ok, I understand cleanliness is important, but as a cook washing dishes all the time is really annoying so I only wash them if customers ask for clean dishes'

link
ioulian 3414 days ago
Haha, good one, but joking aside, I would rather prefer that the dishes can never get dirty, no matter what.

I don't think it's in Google best interest to add anti tracking features into Chrome browser (and same with MS and Apple). So for now on we must bring our own cloth to clean out the dishes or go to another restaurant where the dishes are always clean.

The problem is that it's impossible to change the current behaviour of the browsers without breaking the whole internet. It would be much easier and better to create a new browser (look at Tor Browser for example), that has a lot of anti tracking features enabled by default.

People know that if they want privacy, they can use this browser. But it's still a "big" hassle to install it, not to mention my grandmother knows Chrome/Firefox, but not Tor Browser so she will never use it.

We do not need to change the browsers to let them defend us, but to teach folk what privacy is and what to do if you don't want to get tracked.

PS: keep in mind that browser is 1 item in the big picture of "tracking private data". IoT devices are really booming now, and everything is tracking us, our watches, refrigerators, thermostats, ... we can't just install a AdBlocker there.

link
Silhouette 3414 days ago
The problem is that it's impossible to change the current behaviour of the browsers without breaking the whole internet.

That just doesn't track, sorry.

For one thing, plenty of sites would continue to work just fine if browsers (for example) wouldn't allow any JS to upload anything without the user's explicit consent. That would immediately solve a significant part of the problem, for a cost of one click the first time a user visits a site where they do want to allow it.

For another thing, web developers respond plenty quick enough to new opportunities to exploit browser functionality. If the major browser developers told them where to go, they'd fix their broken sites plenty quickly too.

IoT devices are really booming now, and everything is tracking us, our watches, refrigerators, thermostats, ... we can't just install a AdBlocker there.

Maybe they're booming where you are. I've yet to see anyone, from my most gadget-obsessed geek friends to my least technical family members, actually use one, other than devices specifically made for some communications purpose or whose main/only function is to provide access to some remote service. Certainly I've yet to meet anyone who thought everyday household appliances like their fridge or thermostat needed to phone home to do their jobs.

As for installing a blocker, I've already seen multiple places interested in implementing something that is essentially a privacy firewall for home devices and/or building a database of which devices try to communicate with which remote hosts for which purposes. If IoT really does outgrow the marketing hype, tools to limit its capabilities for privacy and security reasons will surely follow, maybe even at ISP level in the same way that a lot of spam no longer even reaches our junk folders.

link
wtbob 3414 days ago
> Haha, good one, but joking aside, I would rather prefer that the dishes can never get dirty, no matter what.

Using JavaScript to deploy content-focused websites is like a restaurant which uses its cookpots for urinals: sure, it can be done hygienically, but it's Just Wrong.

link
adrianN 3414 days ago
The majority of the web works fine without any Javascript at all.
link
coldpie 3414 days ago
> I understand that privacy is a big issue, but think about "normal" web developers who just want to show a cool working website to their users, but need to display this message to them: "Thank you for looking at our website, but unfortunately your browser is in lite JavaScript mode. Please set it to full functionality again and restart your browser en go to our site once more.".

My brain melted out of my ears when I read this sentence. Why on Earth do you need JavaScript to display a "cool" website? So you can make the text fade in for no reason? I think you need to re-think what the Internet is for.

link
ioulian 3414 days ago
As a developer in a web agency, we create a lot of "fancy" (= sites that are interesting to look at, and they need to draw attention) websites, no it is not to create a text fade that can be done in CSS btw.

It is to validate forms with ajax, it is to display ajax loaded content, it is to upload a file without needing a page refresh, to create a simple image slider/viewer, ...

Of course the content is king, but do not forget that there are a lot of stuff going around content. Look at Facebook, Youtube, Pinterest, ... Sure they could work without any Javascript at all, but it will not be the same experience.

Like somebody here already said, we beginning to create web apps because it's possible and because it's cheaper to do directly in the browser than to hire a native device developer (another discussion).

We can't forget Javascript nowadays, it's a big and popular language for a reason, it allows the developers to create interesting user experiences (and apps) inside a browser. There are a lot of fine examples of good javascript implementations, but of course there are also companies that use it the "bad" way.

link
coldpie 3414 days ago
Sure, if you need user interaction, it's reasonable to build a web app. But the vast majority of websites are simply conveying information. You don't need vast amounts of JavaScript just to shove text at a user, but a fair number of websites break anyway.
link
VA3FXP 3414 days ago
Let me address the "normal" web developers then:

Don't use cookies. Don't use Javascript.

And to use your own words:

<quote> "It would be better to add the functionality you are suggesting as an option and not by default, so people, who understand the "risks" of not viewing some sites properly in favor of more privacy, will turn it on by themselves." </quote>

Turning off all the cruft makes websites MORE usable not less. Plain text, offers the highest information density available. So do you want dancing monkeys on your screen, or do you want information?

link
Silhouette 3414 days ago
Given that popular uses for the Web today include social networking, e-commerce, web apps, and online access to services like banking, I think the idea that sites should just display static information and should work better without JS and cookies is at least a decade out of date. Pushing for a very limited web is a battle that was lost long ago.

What needs to stop is the idea that just because JS is useful for interactive aspects of sites, it should also provide access by default to 1,945,255 other features that 99.9999% of sites have no legitimate use for.

link
wtbob 3414 days ago
> Given that popular uses for the Web today include social networking, e-commerce, web apps, and online access to services like banking, I think the idea that sites should just display static information and should work better without JS and cookies is at least a decade out of date.

Do you realise that every item on your list wasn't just possible but flourished without JavaScript, and works fine without third-party cookies?

JavaScript is a cancer on the web, a metastasised extension language which is swallowing up what was a thriving hypertext infrastructure.

link
Silhouette 3414 days ago
Do you realise that every item on your list wasn't just possible but flourished without JavaScript

No, I don't realise that at all.

Imagine how tedious it would be even to use a relatively simple discussion forum like HN if you had to wait for a full page reload every time you hit a voting button or expanded/contracted a thread.

That's about as simple an interaction as you can get, but there are countless other simple examples where JS-based interaction is much more responsive and easier to use than a round-trip to the server. Think real-time form validation, for example.

At the more complicated end of the spectrum, how exactly would you implement a web app like, say, a spreadsheet, without any client-side interaction?

JavaScript is ... swallowing up what was a thriving hypertext infrastructure.

Sure it was, 20 years ago, but the technology has evolved to serve new purposes, as technologies do. The Web of 2017 is unquestionably far more useful for far more people than the Web of 1997, and the interactivity offered by JS is a significant contributory factor.

link
zeveb 3414 days ago
> Imagine how tedious it would be even to use a relatively simple discussion forum like HN if you had to wait for a full page reload every time you hit a voting button or expanded/contracted a thread.

You don't need a full page reload to implement voting; that's what the 204 No Content response is for: your browser sends the vote & doesn't refresh the page.

link
Silhouette 3414 days ago
That's a fair answer in the specific case of voting, but it doesn't help in the other situations I mentioned.
link
eeZah7Ux 3414 days ago
> Imagine how tedious it would be even to use a relatively simple discussion forum like HN if you had to wait for a full page reload every time you hit a voting button or expanded/contracted a thread.

If javascript did not exist HTML/CSS/SVG would have evolved simple features like submitting a POST when an element is clicked without reloading a page.

Iframes were already enabling something similar and CSS supports animations.

link
Silhouette 3414 days ago
If javascript did not exist HTML/CSS/SVG would have evolved...

Perhaps it would. Perhaps if JavaScript did not exist then we would have developed better tools for building what we now call web apps instead. Perhaps if JavaScript did not exist, those apps would be using something separate to the Web, and the Web would have remained a mostly non-interactive, read-only medium. I'm quite sure that with the wisdom of hindsight that we enjoy today we could have designed much, much better ways to do what web apps are doing.

But the thing is, JavaScript does exist, and it's being used to provide sites/apps that many people find useful, arguably much more useful by now than the original purpose of the Web. Meanwhile, those hypothetical alternatives do not exist, and so obviously they aren't providing any of that desirable functionality to users.

This being the case, I think reverting to the Web being a very limited medium that doesn't offer those benefits is no longer plausible. It would set the development of useful and/or enjoyable technologies used by billions of people back 10-15 years, and there's no guarantee that whatever would actually evolve to replace it would be any better.

I'm been developing for the Web professionally for many years, and a programmer for many years more. I'd be the first to agree that what we have today has problems, some of them serious, and that we should try to do something about them. But no-one's going to stop the train or turn back time, so any realistic solutions have to start from where we actually are and provide better practical alternatives, not start from where some of us might have preferred to be and provide wishful thinking.

link
osoba 3414 days ago
Good point. So maybe browsers should make the full version the default and then add the following options for more tech savvy users (and users can set the permanent default or per website setting):

1) full mode (all JS is enabled)

2) lite mode (only the bare JS is enabled, no tracking possible)

3) suggested mode (a machine learning algorithm decides what is really needed to be enabled and what is there for tracking purposes)

4) manual mode (somewhere in the settings you can tick and untick verious JS APIs that you want enabled and disabled, like websockets, WebGL etc)

link