Oh I have no problem with it on the server. But 95% of the stuff that tries to run in my browser is garbage I don’t want. 90% of it is garbage no one wants.
I would love to see a site provide a little pop-out window with all of the mined data displayed for the site users to see. I could see where the 3rd parties mining that data would not want all of the users to see that. I've never used GA or similar, but I seriously doubt that the 3rd parties provide the site owners/developers a method for being able to do this. They want to drive eyeballs back to their site to view the metrics.
Yes exactly, that's really underwhelming to me. It doesn't tell me my age, gender, location or anything about my browser or purchasing history. I'm certain real advertisers can do better. I'm using stock Chrome on Android.
I’m not sure they can. How would that work? It’s not at all obvious to me, unless you explicitly provide that information by creating an account and logging in.
Tracking pixels are incapable of such feats. At best they have your IP address from the latest visit, and information about your behavior on that site. I don’t see how they can magically conjure information you haven’t provided.
They just connect your browser to an account that has that data. If you have a Facebook account, a tracking pixel makes it easy.
If you don't provide that data, they can guess based on browsing history (e.g. if you look up baby products, you're likely in the 20-30 age range). They can use AI to see how your online behavior matches up with other people in a known demographic. All of that data paints a surprisingly clear picture, even if you don't create an account (e.g. browsing data by IP is likely from the same person/family).
My understanding is that the tracker collects your information, not the trackee, from the tracking pixel, correct? So that doesn't give some random website any additional information about you.
But I'm really curious here, because I'm an applications developer and sort of in the dark about a lot of web technology. If I wanted to create a website that just absorbs the kind of information you're alleged is possible, how precisely is that done? How do I access the user's browsing history that you claim is possible? Is there a tutorial on this hand-waving AI-magic? Even if I had somehow acquired a mega database of granular user data, how do I key in on the random-user-that-just-loaded-my-page?
The problem is that they can't do that to completion- they often can't know the data that their advertisers are collecting and they certainly can't share the data that they're collecting from 3rd parties using 'profiles'. An important fact from this article is your privacy is often the minimum of the privacy settings you have set. So it might be true that you've never authorized Vox to monitor your demographic data, but they know enough to get that information from other companies. Legally they can't share that information.
I think you would miss out on about 90% of what the web has to offer if you simply disable Javascript. A bit like saying you should never use a bank or credit cards and do everything with cash. Javascript is one of the most popular programming languages these days. This forum is full of programmers, so it's not surprising you get downvoted for recommending that people disable Javascript.
Downvotes or not, it is the way. I'm a programmer and I use uMatrix to whitelist only the JavaScript necessary to get the content I want. The Web is user adverse. I'll gladly miss out on that 90% of the Web, most of it is garbage. The average user generally only visits a few sites anyway.
Yep - same: I'm one of the biggest JavaScript fans there are, and there's no way I'm letting any-old schmo run code on my computer just because I visited their web site! I use no script and Privacy Badger... these days it has to be something pretty exceptional to make me temporarily whitelist.
If a page is blank, or just says "this app needs javascript to run", then it's insta-close: so not only am I not running javascript, I get a productivity boost too!
In my opinion that is a bad reason to downvote someone. He/She is entitled to their opinion. Their comment drove discussion, I enjoyed reading your response and I like your analogy of cash vs. card. The downvoting on HN breeds conformism, to me that is both unappealing and unoriginal. People should consider all perspectives and form their own opinions.
I agree with you. I think the down-voting that goes on here is basically group-speak censorship and creates an echo-chamber. Tyranny of the majority...
so if I say something that is technically infeasible, I should be downvoted? How about instead somebody informs me that what I stated is infeasible with some supporting facts? That will educate me and the rest of HN.
So, since you say disabling JS is infeasible.. to what extent? What websites work with JS disabled, what might I miss out on? Is it possible to compromise, perhaps a browser can be configured to whitelist certain JS APIs? Perhaps we create a JS-lite standard? I don't know. Let's talk about it though.
I like that kind of discussion. It is worth noting that I have always had JS enabled, but I would like to hear the opinions and perspectives of everyone.
The original comment by 'egdod referenced by 'superkuh was not constructive (likely the reason it was downvoted/flagged).
'superkuh could very well have been downvoted for commenting on downvotes contrary to the guidelines, rather than for anything about the other content (which otherwise looks fine).
> Please don't comment about the voting on comments. It never does any good, and it makes boring reading.
The guideline is there specifically to prevent threads like this, devolving into meta discussion rather than focussing on the submission. Post constructive comments, (silently) give compensatory upvotes to those you think are wrongly downvoted, and move along.
Thanks for pointing that out, I will refrain from comments like these in the future.
It just becomes frustrating to see this pattern of behavior and how pronounced it has become. I frequently disagree with comments but they often generate good discussion. This is how we all get smarter. Instead, the potential is deterred by downvotes.
At the risk of continuing this meta discussion, I would have flagged that comment too, but not for any disagreement about whether JavaScript should be avoided.
Many of us have family members fighting cancer, and there are cancer patients and survivors reading HN. I don't think a casual statement equating that terrible disease with a mere programming language is appropriate here or in any public forum.
By way of contrast, I would have upvoted a comment like this:
I avoid JavaScript whenever I can. I feel safer that way. I use FooBlock Organic to selectively whitelist JavaScript for sites that need it and that I trust. I recognize the irony of using a browser extension which is itself written in JavaScript, but it's open source and I've reviewed the source code carefully. I even contributed some patches to make it easier to use.
> I think you would miss out on about 90% of what the web has to offer if you simply disable Javascript.
I don't know, 80% of the web I'm interested in is text - like your comment - images and video. None of them require JS. Websites need JS more than I do, it seems.
It is true this forum is full of programmers. It is also true this forum is relatively "lightweight" and does not require Javascript to read and comment.
The article we're discussing would be part of that superior 10% then :)
My experience as a noscript user of several years is that the time I lose to one-time delays as I mark some domains trusted is vastly outweighed by the time I save avoiding repeated distended pageload times from sites suffering from multi-domain js bloat.
Usually, about 75-85% of js domains for a given page are delivering some peripheral service like tracking, advertising, or analytics, in my experience, and loading all these unessentials can represent significant performance loss as well as other detriments.
>A bit like saying you should never use a bank or credit cards and do everything with cash.
Yes, it is. I try to never use my bank card and always pay for things (even big purchases) in cash. For online stuff I try to use Bitcoin as much as possible.
I have been selectively whitelisting using noscript for a couple of years. It's a tedious burden, but it is interesting. The web is largely broken without JS.
“If you logged into our network through social media we also have access to portions of your public social profile, such as your name, email address, and photo.“
Obvious in hindsight, but the profile picture is probably a goldmine for targeted advertising. Not sure if anybody does that but using that for age estimation would probably be way more accurate than the guesses I’ve seen implicitly (lots of ads like “people in <age group> love this product”) and explicitly.
Also profile photos are frequently reused between sites. Easy way of connecting handles, though they're not always real since some people create fake profiles on one network from real profiles on another.
I use Brave and OpenVPN on a cloud server. I tested my privacy with this https://privacy.net/analyzer/ ... Strangely, it said I was logged in to twitter, facebook and reddit when I'm not logged in to any of them. I don't even have a twitter account.
Cool concept but for me on Brave the site was pretty broken. Content didn't seem to be loading correctly and honestly the navigation takes up half the page and made whatever results did come up really annoying to read. Scrolling was not smooth and things would disappear before they were actually out of the viewport. Also incorrectly reported me as using chrome.
>It’s a lot — I get it — but the net result is that you, dear reader, get to read our content without a paywall.
I'd love to examine this. Podcasts for example, have almost none of this tracking (as enforced by Apple) and no pay wall. And frankly, since journalism costs pretty much however much you're paying your staff I'd love to see the argument for how much the CEO of vox gets paid when compared to the cumulative loss of privacy and self-determination that their readers have suffered.
Podcast tracking is improving, but not super useful yet in many cases. It works best for advertisers with high LTV products that can be tracked via coupon codes or memorable vanity URLs. A lot of advertisers actually shy away from them because they try to charge high CPMs without great tracking, which is important when their reach is so low comparatively so other statistical methods aren't as useful for measurement.
I can recommend https://www.freefullrss.com where you can convert any rss feed into a full text rss feed. The websites get rendered for you and you can view them in the rss reader of your choice, so you don't have to visit the site at all, no JavaScript and no fingerprinting exposure at all.
In the long run, I think this might be the future, to have a server to render websites into a readable format for you.
46 comments
[ 4.1 ms ] story [ 97.0 ms ] threadServer-side JS is, well, just an inferior choice IMHO. But that's down to taste or the task at hand. But server-side it sure is no cancer.
[0] https://panopticlick.eff.org/
Tracking pixels are incapable of such feats. At best they have your IP address from the latest visit, and information about your behavior on that site. I don’t see how they can magically conjure information you haven’t provided.
If you don't provide that data, they can guess based on browsing history (e.g. if you look up baby products, you're likely in the 20-30 age range). They can use AI to see how your online behavior matches up with other people in a known demographic. All of that data paints a surprisingly clear picture, even if you don't create an account (e.g. browsing data by IP is likely from the same person/family).
But I'm really curious here, because I'm an applications developer and sort of in the dark about a lot of web technology. If I wanted to create a website that just absorbs the kind of information you're alleged is possible, how precisely is that done? How do I access the user's browsing history that you claim is possible? Is there a tutorial on this hand-waving AI-magic? Even if I had somehow acquired a mega database of granular user data, how do I key in on the random-user-that-just-loaded-my-page?
Sorry if I being incredulous. It's because I am.
Like egdod said at the bottom of this comment thread, downvoted into oblivion: "Javascript is a cancer and should be disabled whenever possible."
If a page is blank, or just says "this app needs javascript to run", then it's insta-close: so not only am I not running javascript, I get a productivity boost too!
Edited to remove reddit comparison.
That’s about as helpful as saying the best way to avoid being tracked is by not using the web.
So, since you say disabling JS is infeasible.. to what extent? What websites work with JS disabled, what might I miss out on? Is it possible to compromise, perhaps a browser can be configured to whitelist certain JS APIs? Perhaps we create a JS-lite standard? I don't know. Let's talk about it though.
I like that kind of discussion. It is worth noting that I have always had JS enabled, but I would like to hear the opinions and perspectives of everyone.
If you don’t accept JS, nothing renders.
https://news.ycombinator.com/newsguidelines.html
'superkuh could very well have been downvoted for commenting on downvotes contrary to the guidelines, rather than for anything about the other content (which otherwise looks fine).
> Please don't comment about the voting on comments. It never does any good, and it makes boring reading.
https://news.ycombinator.com/newsguidelines.html
The guideline is there specifically to prevent threads like this, devolving into meta discussion rather than focussing on the submission. Post constructive comments, (silently) give compensatory upvotes to those you think are wrongly downvoted, and move along.
It just becomes frustrating to see this pattern of behavior and how pronounced it has become. I frequently disagree with comments but they often generate good discussion. This is how we all get smarter. Instead, the potential is deterred by downvotes.
Many of us have family members fighting cancer, and there are cancer patients and survivors reading HN. I don't think a casual statement equating that terrible disease with a mere programming language is appropriate here or in any public forum.
By way of contrast, I would have upvoted a comment like this:
I avoid JavaScript whenever I can. I feel safer that way. I use FooBlock Organic to selectively whitelist JavaScript for sites that need it and that I trust. I recognize the irony of using a browser extension which is itself written in JavaScript, but it's open source and I've reviewed the source code carefully. I even contributed some patches to make it easier to use.
It would be nice if at least, the only way to be able to downvote, would be to also post (require) a comment.
I don't know, 80% of the web I'm interested in is text - like your comment - images and video. None of them require JS. Websites need JS more than I do, it seems.
My experience as a noscript user of several years is that the time I lose to one-time delays as I mark some domains trusted is vastly outweighed by the time I save avoiding repeated distended pageload times from sites suffering from multi-domain js bloat.
Usually, about 75-85% of js domains for a given page are delivering some peripheral service like tracking, advertising, or analytics, in my experience, and loading all these unessentials can represent significant performance loss as well as other detriments.
Yes, it is. I try to never use my bank card and always pay for things (even big purchases) in cash. For online stuff I try to use Bitcoin as much as possible.
Obvious in hindsight, but the profile picture is probably a goldmine for targeted advertising. Not sure if anybody does that but using that for age estimation would probably be way more accurate than the guesses I’ve seen implicitly (lots of ads like “people in <age group> love this product”) and explicitly.
https://webbrowsertools.com/privacy-test/ https://panopticlick.eff.org/ https://tenta.com/test/ https://dnsleaktest.com/
This page has lots good info on this topic. https://browserleaks.com/
I'd love to examine this. Podcasts for example, have almost none of this tracking (as enforced by Apple) and no pay wall. And frankly, since journalism costs pretty much however much you're paying your staff I'd love to see the argument for how much the CEO of vox gets paid when compared to the cumulative loss of privacy and self-determination that their readers have suffered.
In the long run, I think this might be the future, to have a server to render websites into a readable format for you.