[robalni]

I don't care how many people there are that care about whether they are running javascript. The problem persists even if 0 people care about it.

The problem is that people are getting abused, even if they don't care about it. They are unknowingly lending their computers to unknown people who use them as their tools by running code on them. My computer is my tool and nobody else's.

If website owners think it's totally fine to run code on my computer when I visit their site without my permission or knowledge, I wonder what they would think if I ran code on their servers without their permission or knowledge. That would be fair. My computer for you and your computer for me.

[nfw2]

Do you feel the same abuse when you download a desktop application, and it runs code?

You are free to revoke your permission for any site to run javascript, but website owners are not obligated to go out of their way to provide their services to you if you choose to do so.

[robalni]

> Do you feel the same abuse when you download a desktop application, and it runs code?

Not if the source code is available. Other reasons for no are that it's not automatic and invisible.

> You are free to revoke your permission for any site to run javascript, but website owners are not obligated to go out of their way to provide their services to you if you choose to do so.

People don't do that enough for it to have much of an effect.

[whakim]

I'm not really sure I get the point. Simply opening a browser means you're allowing the browser developer to run code on your computer, and you're giving them permission to do so by downloading, installing and using their software.

[robalni]

The differences between the browser I'm currently using and a random website with javascript on the web are:

- The browser's source code is available so I can see what it does.

- The browser is distributed by Debian who also distribute most other software I use so there is 1 organization to trust instead of 1000.

- The browser is not downloaded and executed and upgraded automatically, so it's possible for me to know what code runs and doesn't run on my computer.

- There are multiple browsers I can choose from. I can't choose which javascript to use when I visit a website.

- I can modify the browser if I want it to work differently (which I have actually done). It's harder to modify the javascirpt on a website because it's updated every time and very tied to the rest of the site and is often unreadable.

- Modifications can be distributed, so if I make a better version, other people can use it and forget about the original version if it was bad.

[whakim]

I guess I understand (and respect) the argument that you only want to run code that you can vet and easily modify. But I don't think most people feel that way - I think most people expect that they're getting some service (like a browser) by allowing developers to execute arbitrary code they've built on their device. I therefore don't think javascript is abusive in the way you describe it, because it follows the paradigm people expect and want out of their software.

[robalni]

> I guess I understand (and respect) the argument that you only want to run code that you can vet and easily modify

This is not about me. It doesn't matter what most people feel or what they want to do. It's the situation where people are expected to run often invisible code written by untrustable people that is wrong. People should have the right to know and control what their computer is doing, even if they don't want to use that right. The current situation doesn't allow them to have that right.

> I think most people expect that they're getting some service (like a browser) by allowing developers to execute arbitrary code

The problem is that it's too easy for developers to use other peoples' computers for their own benefit when the current situation of the web is that people automatically let random people on the internet run code on their computers. It happens all the time. That's why they should not have this freedom.

[whakim]

This is purely about your preferences. You're arguing for a world in which the vast majority of people give up something they really like in exchange for something they really don't care about. "Abusive" is quite literally the wrong term because the exchange (you run arbitrary code on my device, I get software I want to use) is helpful to most people, not harmful.

[robalni]

> the vast majority of people give up something they really like

I don't know what you mean that people like exactly but it's definitely possible to let people use software in fair ways so they don't have to give up anything. A lot of times the use of javascript is unnecessary so removing it doesn't make any difference for the user.

> the exchange (you run arbitrary code on my device, I get software I want to use) is helpful to most people, not harmful

It doesn't matter that the exchange is helpful if it happens in an unfair way. Compare this to prostitution. It's illegal (at least the other side of it) in many countries. But everyone involved gets what they want or need and the exchange is helpful to everyone, so why is it illegal? I guess it's because some people just think it's wrong and that it's an exchange that can't happen in a fair way even if everyone involved is happy with it.

[easrng]

Modifying websites with userscripts, userstyles, and extensions is wayyyy easier than modifying native apps IMO, especially if they aren't open source.

[robalni]

The problem with modifying javascript is that it is very dependent on the website so the modified version can stop working at any time. I can't write a javascript program for a website and then use it forever just like I can write a text editor and use it forever.

[danaris]

Any Javascript your browser runs is, by definition, available for you to see what it does.

[robalni]

It's usually distributed in an unreadable format and even if I'm able to read it, it may change the next time I visit the website without any notice, so I would have to read it every time I visit unless I want to risk using and outdated version that will stop working soon.

[verisimilitudes]

It's funny how this argument doesn't fly with people when it comes to blocking advertisements, with one man claiming it takes food out of his child's mouth.

[yellowapple]

Maybe he should consider feeding his child with actual food rather than my personal data. Probably would taste better, at the very least.

[bearmode]

Lmao are you serious? You're specifically visiting their website. You are explicitly requesting whatever they're serving up. It's akin to complaining that a program you downloaded is gasp executing code on YOUR computer!

[robalni]

> You're specifically visiting their website. You are explicitly requesting whatever they're serving up.

It would be preferable if I could visit a website without having to trust them to run code on my computer. In general, it's preferable to make things as little intrusive as possible.

> a program you downloaded is gasp executing code on YOUR computer

The same is true for programs people download too. There is too much abusive code, both on the web and in other programs.

When I download a program I do it from a trusted source. The program has the source code available and I (and everyone else) have the right to read and modify that code. The web can't work like this because:

1. Websites are so many that I can't trust all of them.

2. Even if the javascript is readable, it is tied to the rest of the website and can change at any time so any modifications or rewrites will stop working.

[connordoner]

Unless you want to go down the ultra-pedantic route that HTML is markup rather than code, why are you reading HN?

[robalni]

The difference between HTML and Javascript is that it's much harder to use peoples' computers for arbitrary things through only HTML. With Javascript it's done all the time. I don't know what this has to do with me reading HN but I can add that HN works without Javascript which is something more websites should do so we can get rid of the expectation that you have the right to run arbitrary script code on peoples' computers when they just want to read a page of text.

[krapp]

You do have the right to run arbitrary script code on people's computers. That's been a fundamental part of what the web is and what it is capable of for over 20 years. You, as a web developer, publisher, what have you, have the right to write whatever code you want, even to render text, just as you have the right to design your own page layout, choose your own fonts and colors. It's up to the user agent to decide whether or not to run the code.

[robalni]

Something is not right just because it has been happening for a long time.

> It's up to the user agent to decide whether or not to run the code.

Yes, it should be. The problem is that things are constructed so that that solution doesn't work because most people don't know how to do it and if you do it a lot of things break. That forces people to let others take control over their computers when they may not actually want to do that. If I let you control my computer, that should be because I want to, not because I'm forced to in order to be able to do what I need to do.

[krapp]

>That forces people to let others take control over their computers when they may not actually want to do that.

This is unnecessarily fear-laden hyperbole. Javascript doesn't force you to let others take control over your computer. And even if it did, for the sake of argument, then literally all code you run does the same, and likely takes far greater control than javascript is capable of.

[robalni]

If I need to run the code in order to do what I need to do then I'm forced to let someone else control my computer.

[cercatrova]

Then, don't visit their websites? If you want to run only things you trust, then do so. Others (both users and website creators) are free to make their own decisions.

[robalni]

I want to use the web and do a lot of other things on my computer. I don't want to have to avoid a lot of things just because people tend to make abusive software.

> Others (both users and website creators) are free to make their own decisions.

I don't know how much of a free decision it is when the user can't know or control what the code is doing.

[AkshatJ27]

This reads like satire.