[csande17]

> CSS, cookies, external images and fonts, redirect links, referrer headers, browser caches

Aside from CSS and redirect links, all of these features are fairly straightforward. The consequences of disabling the Referer header, for example, are pretty small and easy to understand: you'll stop sending sites information about what links you used to get to them, but some very picky websites that check the header (e.g. image hosts that try to prevent hotlinking) might not work. This means browsers can provide options to let the user choose their preferred balance of privacy, functionality, performance, and "helping us improve your experience".

With JavaScript, on the other hand, it is very difficult for end-users to tell what a given website is doing. Are those hundred kilobytes of minified code a tracking/fingerprinting script, a crypto-miner, or a Hello World app in the UI framework du jour? It's hard for even an experienced developer to know for sure, and it's basically impossible for browsers. Your options are (1) allow everything, (2) use really crummy heuristics like "what domain is this file being served from", or (3) disable JavaScript and give up on using half the websites on the Internet.

[danShumway]

I do think most of these things (with the exception of IP addresses and caching) are easier to solve than Javascript. I disagree that they are trivial to solve or that combined, they are substantially less harmful than Javascript. Let me try to sidestep this debate though and focus on the broader problem.

JS has a few stupid design decisions, but the fundamental reason Javascript is hard to run safely is because it's a turing-complete language that exposes a lot of powerful features.

You can argue that the web doesn't need a turing-complete language that exposes a lot of powerful features. Can you argue that phones don't? Can you argue that personal computers don't need that?

All of the tracking that happens on the web right now also happens on mobile phones and desktops. Users have broadly shown that the "only download code you trust" security model doesn't work (see recent articles on both the Android and iOS app store for reference). Even something basic like adblocking on Android is kind of terrible -- the best app I know of is AFWall, and that's maybe half as powerful as something like UMatrix because it's relying on static firewall rules.

You get rid of powerful applications on the web, and users will go back to downloading apps like crazy just so they can order pizza from their phone. Since currently, all of those platforms are pretty terrible for privacy; it is very hard to argue that a world where people could only download native apps would be more private than the world we have now.

We could also keep the web and switch wholesale to a SaaS model for everything, which is broadly bad for consumers, and carries its own privacy risks (there are some computations like password generation that I don't want to be done on a 3rd-party computer). Switching over to using forms and remote computation for everything on the web would also greatly increase the prevalence of 3rd-party cookies, making them much harder to block.

The point I'm getting at is that I don't see a world where Javascript vanishes and privacy gets any better. In fact, it might even have the opposite effect if the deprecation of Javascript means people download more Android apps. Privacy is a really hard, complicated problem and there probably isn't any single solution.

[csande17]

> I don't see a world where Javascript vanishes and privacy gets any better.

If JavaScript vanished, it would accomplish one huge win for privacy: it would split the "reading content and submitting forms" part of the Web out from the "powerful applications" part.

It is cool that you can use JavaScript to build a collaborative 3D modeling program. It might even be better for privacy than a native app. But it is less cool that Facebook and every news site you read gets access to the exact same capabilities and attack surface as the 3D modeling program.

And personally, I think ordering pizza would land on the "content and forms" side of the divide.

[kazinator]

Absolutely. What is Javascript? It's andom pages all over the world telling your computer to download code from other random pages all over the world and execute it. Executable data is one of the first no-no-s of security.

A native app collaborative 3D program could be worse for privacy if it were closed source. If it were open source, then no way. For one thing, unlike a Javascripted one, it wouldn't update behind your back. Its code wouldn't be obfuscated, and wouldn't be dynamically pieced together from the four corners of the world.

[danShumway]

I think GP is making a reasonable argument about capabilities, and that's something that we should be pushing harder for both on the web and on native. I also think that's something we are actively looking at on the web, we're just looking at it from a feature/platform perspective instead of at a language level.

On the other hand, I don't think the Open Source argument holds at all. This is pushing for something that just isn't going to happen. Now we need to not only get rid of Javascript, we also need to convince Facebook to Open Source its native app?

I run mostly Open Source native apps, but the only way I can do that is because web-apps take the place of many native apps I would otherwise need to install on my phone or computer.

> For one thing, unlike a Javascripted one, it wouldn't update behind your back.

Most people's phone apps are set to auto-update, and most PC apps have the ability to download and execute additional code on the fly. I like to think I run a pretty tight Linux system, but all of my programs have write permissions to their own personal install directories.

It sounds to me like your problem isn't so much Javascript as it is 3rd-party requests/assets and mutable web-pages. These are also interesting problems to talk about, but they're largely unrelated to Javascript. It would maybe be helpful to see the web move more towards a DAT/IPFS model where webpages could be versioned.

On the Javascript side of things, all of this boils down to the security idea the users should only run code that they trust. Users have broadly rejected that idea -- both on the web and on native platforms like phones. They want the ability to safely run untrusted and semi-trusted code.

We can argue over whether that's a reasonable thing for them to ask, but that's the position we're in. The web is trying to figure out how to let you run untrusted code.