I highly recommend disabling JavaScript by default in your browser and then whitelisting the websites that you use frequently and need JavaScript to function.

The privacy benefit of this is that when you read articles online or visit new websites, most of the time it will not need JavaScript to function which will stop loading a lot of ads and tracking scripts.

The security benefit here is massive, first if you visited a bad link that contains a malware that is dependent on JavaScript it would not work, secondly if you visited a link for a service that you use and JavaScript did not work there, then you can see in real time that this is a fake page and not the real websitewebsite you intended to visit.

Bonus tip: try to replace the unnecessary websites that can’t work without JavaScript and you need by JavaScript free websites or open source apps.

Disclaimer: Stay cautious. This recommendation will improve your privacy and security, but it does not protect you from everything.

  • Emotet@slrpnk.net
    link
    fedilink
    arrow-up
    104
    arrow-down
    1
    ·
    3 months ago

    15-20 years ago, I’d have agreed with you. But apart from a select few news sites and exceedingly rare static sites, what percentage of websites most users use day to day actually function even minimally without JavaScript?

    I’m convinced that in practice, most users would be conditioned to whitelist pretty much every site they visit due to all the breakage. Still a privacy and security improvement, but a massive one? I’m not sure.

    Very happy to be convinced otherwise.

    • montar@lemmy.ml
      link
      fedilink
      arrow-up
      23
      ·
      3 months ago

      Tried and can confirm almost every webpage even static ones which could be simple as rock needs truckload of bloat js code to be loaded from ext servers.

    • smeeps@lemmy.mtate.me.uk
      link
      fedilink
      arrow-up
      22
      ·
      3 months ago

      Yep, software dev here for a static marketing site for a product. We are in a constant battle with PMs and SEO who want Google tracking, Facebook, TikTok, A/B testing, cursor tracking, etc. We’re trying to keep page-speeds fast while loading megabytes of external JS code…

      Luckily all that can be blocked by the end user without affecting the site though, all you’d lose is some carousels and accordions etc that are done with a few lines of code.

    • AnAmericanPotato
      link
      fedilink
      English
      arrow-up
      16
      ·
      3 months ago

      It’s incredibly annoying, but it gets easier over time as you fill out you whitelist.

      One of the big advantages to something like NoScript is that it lets you enable scripts only from certain domains. So you can enable the functionally-required scripts while still blocking other scripts.

      But yes, it’s a giant pain in the ass. It’s absurd that the web has devolved into such a state.

    • ModerateImprovement@sh.itjust.worksOP
      link
      fedilink
      arrow-up
      8
      arrow-down
      2
      ·
      edit-2
      3 months ago

      I had been doing this since long time and I am super comfortable with this as most of the websites that I come across does not need JavaScript to function.

      Even for the websites that need JavaScript and I need them, I try to replace them with open source apps and clients.

      You can list the websites you use and require JavaScript and I can give you alternatives if you want.

      Happy to help you.

      • Emotet@slrpnk.net
        link
        fedilink
        arrow-up
        8
        ·
        3 months ago

        It’s great that it works for you and that you strive to spread your knowledge. Personally, I’m quite happy with my DNS filtering/uBlock Origin and restrictive browser approach and already employ alternatives where feasible in my custom use case.

        Thanks for your offer, though!

    • s38b35M5@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      3 months ago

      I agree that most websites don’t load without JavaScript, but you don’t need seven or more different domains with java allowed for the main site to work. Most sites have their own, plus six google domains, including tag manager, Facebook, etc. I whitelist the website and leave the analytics and tracking domains off.