[danShumway]

I do think most of these things (with the exception of IP addresses and caching) are easier to solve than Javascript. I disagree that they are trivial to solve or that combined, they are substantially less harmful than Javascript. Let me try to sidestep this debate though and focus on the broader problem.

JS has a few stupid design decisions, but the fundamental reason Javascript is hard to run safely is because it's a turing-complete language that exposes a lot of powerful features.

You can argue that the web doesn't need a turing-complete language that exposes a lot of powerful features. Can you argue that phones don't? Can you argue that personal computers don't need that?

All of the tracking that happens on the web right now also happens on mobile phones and desktops. Users have broadly shown that the "only download code you trust" security model doesn't work (see recent articles on both the Android and iOS app store for reference). Even something basic like adblocking on Android is kind of terrible -- the best app I know of is AFWall, and that's maybe half as powerful as something like UMatrix because it's relying on static firewall rules.

You get rid of powerful applications on the web, and users will go back to downloading apps like crazy just so they can order pizza from their phone. Since currently, all of those platforms are pretty terrible for privacy; it is very hard to argue that a world where people could only download native apps would be more private than the world we have now.

We could also keep the web and switch wholesale to a SaaS model for everything, which is broadly bad for consumers, and carries its own privacy risks (there are some computations like password generation that I don't want to be done on a 3rd-party computer). Switching over to using forms and remote computation for everything on the web would also greatly increase the prevalence of 3rd-party cookies, making them much harder to block.

The point I'm getting at is that I don't see a world where Javascript vanishes and privacy gets any better. In fact, it might even have the opposite effect if the deprecation of Javascript means people download more Android apps. Privacy is a really hard, complicated problem and there probably isn't any single solution.

[csande17]

> I don't see a world where Javascript vanishes and privacy gets any better.

If JavaScript vanished, it would accomplish one huge win for privacy: it would split the "reading content and submitting forms" part of the Web out from the "powerful applications" part.

It is cool that you can use JavaScript to build a collaborative 3D modeling program. It might even be better for privacy than a native app. But it is less cool that Facebook and every news site you read gets access to the exact same capabilities and attack surface as the 3D modeling program.

And personally, I think ordering pizza would land on the "content and forms" side of the divide.

[kazinator]

Absolutely. What is Javascript? It's andom pages all over the world telling your computer to download code from other random pages all over the world and execute it. Executable data is one of the first no-no-s of security.

A native app collaborative 3D program could be worse for privacy if it were closed source. If it were open source, then no way. For one thing, unlike a Javascripted one, it wouldn't update behind your back. Its code wouldn't be obfuscated, and wouldn't be dynamically pieced together from the four corners of the world.

[danShumway]

I think GP is making a reasonable argument about capabilities, and that's something that we should be pushing harder for both on the web and on native. I also think that's something we are actively looking at on the web, we're just looking at it from a feature/platform perspective instead of at a language level.

On the other hand, I don't think the Open Source argument holds at all. This is pushing for something that just isn't going to happen. Now we need to not only get rid of Javascript, we also need to convince Facebook to Open Source its native app?

I run mostly Open Source native apps, but the only way I can do that is because web-apps take the place of many native apps I would otherwise need to install on my phone or computer.

> For one thing, unlike a Javascripted one, it wouldn't update behind your back.

Most people's phone apps are set to auto-update, and most PC apps have the ability to download and execute additional code on the fly. I like to think I run a pretty tight Linux system, but all of my programs have write permissions to their own personal install directories.

It sounds to me like your problem isn't so much Javascript as it is 3rd-party requests/assets and mutable web-pages. These are also interesting problems to talk about, but they're largely unrelated to Javascript. It would maybe be helpful to see the web move more towards a DAT/IPFS model where webpages could be versioned.

On the Javascript side of things, all of this boils down to the security idea the users should only run code that they trust. Users have broadly rejected that idea -- both on the web and on native platforms like phones. They want the ability to safely run untrusted and semi-trusted code.

We can argue over whether that's a reasonable thing for them to ask, but that's the position we're in. The web is trying to figure out how to let you run untrusted code.