[brisad]

> Erm, no? You've visited my site that I have built, you can either use it as is, or not use it - your choice - but don't start trying to mess about with it and sending stuff, I might be terrible at writing backend side and sending things wrong blows up a server.

Just because it's your site, you shouldn't assume that you have the exclusive rights to decide what executable code that should run on my computer. If you don't want uses to mess with that, the code should be kept on the backend, because that's "your" computer and you can decide what to run there.

EDIT: Perhaps there should be a required banner for every JS-using site, telling the user that it sends you executable code, and you need to press a button to confirm that you indeed want to let the browser do that. (joke)

[tannhaeuser]

I don't think it's a joke at all. A user clicking on a link usually wants to view a page, not getting sent 100's of tracking scripts (or miners, fishers, or whatever), and it's not clear at all the user has given consent or is even aware. Search engines flagging ad- and script-heavy sites would be cool, too.

[XCSme]

But what if all those "extra" things are what keep that site alive?

[matheusmoreira]

Then it should shut down.

[XCSme]

But in that case the user loses value, as he wanted what the site was offering.

[musingsole]

That's begging the question. Advertising and tracking are not the sole business models of the web nor the ones I have any impulse to protect or cater to.

[Thiez]

Wouldn't it be much easier to pass laws that would prohibit all these tracking scripts (e.g. GDPR) rather than writing custom Javascript for every individual website out there?

[rpdillon]

Yes, it's much easier to pass laws, but enforcement becomes a real challenge...this has been an issue for the GDPR specifically[0]:

> This means that at the time of writing this report, over a year and a half after the complaints were launched, a decision on the complaints is still far off and it is unclear when such a decision could be expected. Meanwhile, Google continues to spy on the comings and goings of millions of European consumers. Moreover, since the complaints were launched, the company has even carried out a (misleading) public PR campaign to portray itself as company that respects privacy and highlight that users are in control of their personal data.

[0]: https://www.beuc.eu/publications/beuc-x-2020-074_two_years_o...

[parksy]

I'm pretty sure you're joking, but the client's browser makes the request for a resource. If you're letting your browser request code you don't want to execute, that's on you.

[brisad]

Actually I wasn't joking. But you're right of course. It's on me, just as it's on me whether or not I will execute a proprietary executable on my computer. And if I don't want to, the solution is to just not do it.

It is still my opinion though, that if you let your browser request the resource, you should have complete control of what code should be permitted to be executed or not. Or if you want to, you should be able to mess with it freely. Because it is your computer, and you should be in control what it executes or not executes.

But the law is not with me on that in many places in the world I believe. And therefore I am happy we have free software :-)

[matheusmoreira]

> If you're letting your browser request code you don't want to execute, that's on you.

Indeed. We can run blockers to get rid of user hostile javascripts but we can't get rid of the web site's own code since that's likely to break everything. That's why we'll eventually have to replace them with free software.

[gpvos]

This is one of the things that the FSF is proposing, with a method of tagging executable code under a free license. In general, you can only check that tag after retrieving the code.

[young_unixer]

EU lawmakers don't understand that. It makes too much sense.

[Phrodo_00]

About your edit, that's pretty much what extensions like noscript do

[TeMPOraL]

> Perhaps there should be a required banner for every JS-using site, telling the user that it sends you executable code, and you need to press a button to confirm that you indeed want to let the browser do that. (joke)

IIRC, this was exactly what we had in the old days of IE4/IE5. Also for cookies, even earlier than that.

(We sort of got cookie popups back, thanks to it being easier to throw a popup than to actually obey the spirit of GDPR and be a good web citizen. I wonder if at some point same will happen with JS?)