Here's another way of looking at it: Does this page really need to execute code on its users' machines? Why is this such an acceptable thing in the first place?
> Why is this such an acceptable thing in the first place?
Because before we had local desktop applications that were substantially less secure, with far greater default access rights (even root/admin in many cases).
Webapps that execute in a silo-ed virtual machine with only access to their own data (without express permissions), is a substantial security improvement (and also doesn't require the user to install anything).
To be honest the people who want to visit a website, for free, and then insist on how that website is delivered are super entitled. If you don't want to execute a site's code in a browser's secure context then don't, but you cannot whine about it like they owe you.
"To be honest the people who want to visit a website, for free, and then insist on how that website is delivered are super entitled."
This is a very poor argumnet - stealing data is a crime.
Why should people accept being victims of robbery just because they are in a free library or music concert?
Secondly, many websites have a paid plan - OneDrive, Xero, Flikr, LinkedIn, YouTube, etc. This is a terrible attitude: "I gave you candy for free, so don't complain if it's poisoned"
That’s a bit warped of a comparison - 99% plus of website JS isn’t a poisoned Apple that will cause some kind of real harm.
That (in your analogy) everyone giving candy on Halloween provides a potential threat vector for a serial killer to occasional slip one in is them taking advantage of an ecosystem that everyone desires, not a malicious act from everyone giving out candy.
> No, the site owner is usually gaining money from his users (through ads, tracking, etc). This is an incredibly dishonest statement.
Which you're purposely trying to avoid by disabling JavaScript, thus mooching and demanding that they design the site around your niche desires.
NoJs users are negative revenue users. They cost the same as a revenue user but block revenue streams. Then feel like more resources should be spent on just them.
You're then asking businesses to pay to place ads that you cannot assure them were actually viewed by anyone. It can work, but companies will pay more for ads that can prove they were even rendered let alone uniquely.
Many business models don't work with reduced revenues, thus you can embed ads in content, take the lower revenue, but then need to structure your business around the lower total revenue.
Typically, when businesses have goals like these they end up instead just doing a membership model wherein it is ad-less but the users/audience is paying them directly for content production.
Yes, it does. Not using JavaScript to present documents is the default, you actually need to devote time to make it the other way. Relying on JavaScript significantly increases your failure surface. Outdated browsers, buggy extensions, network failures, poor error handling - it becomes much more likely for your content to not display even when the user does not actually turn JavaScript off.
I'm not sure what the ratio is. What I do know is that there is a concept that, to me used to be a well known concept, that web developer's are encouraged to follow called "graceful degradation". I wish more people would pay it some attention.
Whether it's due to capabilities of a browser or extra security measures a user would like to practice graceful degradation allows content to be shared with more people than not.
I have JS enabled, but don't allow third-party JS.
Sorry, for the author, but I'm not going to enable google-apis and other google spyware scripts to load on my browser just to see what they're up to in this blog post.
As someone who supposedly wrote an article about fighting spyware, they should know better that to require loading google scripts in order to see a simple page.
A better question is, what % of web developers test their JS rendering on the array of browsers it's guaranteed to encounter, or consider what happens when very basic privacy tools are in use?
Those aren't relevant questions for this case, however. The page isn't failing to render without JS, it's failing to render without third party JS. For a group whose nominal message is bragging about their hax0r skills, it's pretty clumsy to build in a single point of fail dependency on code they don't control, then require their users to run it.
No idea, but I browse without js (enabled on a case-by-case basis). I'd say 10-15% of the links from the HN front-page are broken without js, I generally move on to the next one.
Anecdotally, based on my own data, roughly 0.2% to 0.3% after excluding bot/crawler UAs (and I run a website more likely to be visited by "techy" users, probably lower for the general population).
Just a note that you've framed the question as "without JS turned on" but it's not always a choice; there are people who don't have access to sufficiently new hardware or reliable telecoms that it will work as intended.
As an example, for the past ten years I have had to browse with a tablet that crashed every time JS was enabled (luckily I could recently justify the expense of a new one, so that won't be the case any more when it arrives)
I have JS turned on on my phone, yet this website did not render. I am using content blockers, yet there are no trackers on this site so I’m not sure what exactly is being blocked!