| "Standalone engines are subject to fewer attacks from untrusted code, so they're probably easier to exploit than a browser." Probably? This is purely speculative. I'd be interested to see any actual exploits of Interactive Fiction engines. So far, they are a much less attractive target to malware authors than web browsers are. That alone makes me prefer them over web browsers, no matter what their theoretical vulnerabilities may be. "incognito mode / using a separate browser profile / portable browser installs are all options to completely preserve privacy" Users are often tracked by their IP addresses as well as OS and browser fingerprinting, which Javascript can facilitate. Try going to Panopticlick[1] with Javascript turned off and then with it turned on and see the difference. "that are either as convenient or more convenient than installing an interactive fiction engine." But I already have multiple Interactive Fiction engines installed, so using them is perfectly convenient for me. As for others, how many people do you think actually bother to use a separate browser profile or even "incognito mode"? Not a hell of a lot. And if they do, they might also do what I do and disable Javascript altogether. [1] - https://panopticlick.eff.org |
I sympathise but find it quite contrary that you prefer to download standalone engines over something sandboxed in the browser. Although I believe there is some unknown percentage of users who won't turn on Javascript for this game, I can only imagine that a vanishingly small percentage of those might take a stance similar to yours.
The other obvious flip-side of your argument is: Javascript has a much bigger potential audience than IF engines these days. That alone makes Javascript preferable to develop for. The security and privacy issues do not make enough of a dent in Javascript's userbase to make this a serious consideration for developers.