Obfuscation at this level is such a dead-end. People already reverse engineer optimized native binaries. Microsoft faced the same "problem" with .NET and even went so far as to put a "no not disassemble" bit that their ildasm tool honoured. (That flag was removed because it's such a stupid idea.)
This kind of lightweight obfuscation only works if your product is of very low value. At that point, you're better of spending the few minutes of obfuscating on making your product more valuable.
The only real useful obfuscation is on malware (which always has a negative value to the user), and on games to gain a couple of non-pirated days after launch.
The only real prevention is to not run code on the user's device (like Diablo III).
Most developers complaining about this are just surprised to learn that reversing is relatively easy and it reflects more on their lack of knowledge than an actual problem.
Disclaimer: In 2004 I actually wrote a decent IL obfuscator, etc. I never shipped it because as I got better at writing it, I got better at reversing, until I realised it was a stupid, pointless battle. I guess that makes me less of a business person.
That is true for most code protections other than moving the code away from the client. Developers definetely need to understand they they are only making it harder but not preventing access.
The Emscripten recommendation is hilarious. How long before people are writing JS and bundling it with a JS interpreter which is compiled with Emscripten merely as an obfuscation measure to satisfy a very confused manager?
For a group supposedly keen on JS that's a really stupid recommendation.
It is true that the way from JS to C to JS is an awkward recommendation. The common use case for Emscripten is the cross compilation when you already have native libraries that you want to share with your web app; which makes the web just another build target. And I concluded in the article that the obfuscation is really just a benefitial side effect.
It would be nice to see Mozilla's app-store have more first-class support for open-source projects. The notion of Free software (apps, particularly) seems to have died with mobile, but I think Mozilla is in a position to bring it back.
This kind of lightweight obfuscation only works if your product is of very low value. At that point, you're better of spending the few minutes of obfuscating on making your product more valuable.
The only real useful obfuscation is on malware (which always has a negative value to the user), and on games to gain a couple of non-pirated days after launch.
The only real prevention is to not run code on the user's device (like Diablo III).
Most developers complaining about this are just surprised to learn that reversing is relatively easy and it reflects more on their lack of knowledge than an actual problem.
Disclaimer: In 2004 I actually wrote a decent IL obfuscator, etc. I never shipped it because as I got better at writing it, I got better at reversing, until I realised it was a stupid, pointless battle. I guess that makes me less of a business person.