Life without Javascript

Discussion in 'other security issues & news' started by MisterB, Jun 27, 2014.

  1. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    I've been browsing with javascript disabled by default these days with only vetted sites allowed to use it. I have noscript with a very small list of permitted sites installed in Firefox and Seamonkey and javascript completely disabled in the two versions of Opera I'm running. It started when I installed Process Lasso and noticed how busy the cpu was with just three browsers running passively. I disabled javascript in Opera 9 which I only use for a few sites that are still compatible with it, mainly a few forums one of which I'm a moderator on. No real problems at all. I can log on to both of them and post but a few things don't work like emoticons. I then disabled javascript on Opera 12 which is the browser I use for Wilders as well as casual browsing. Wilders works fine but I do lose a few conveniences like previewing posts and the "New Posts" button is gone but "Recent Posts" works normally. On the other hand, a lot of things that really annoy me like unwanted video feeds from news sites don't happen anymore.

    Considering that most exploits and drive by malware installs use javascript, not using it has great security advantages but I'm surprised how much cpu and memory javascript was using on two browsers. My CPU idle was around 15-25% and now it is around 4-6%. That didn't surprise me too much but the reduction in memory use did. I went from 60 to 80% of 3gb with just 3 browsers running to 40-50% with the same 3 browsers on the same sites. When I check active processes, Firefox which has limited javascipt enabled is now the resource hog. Overall, my whole system is much more smooth and responsive and things that used to stress it like starting up a virtual machine running Xp don't any more. I am at around 75-79% ram when I do that on top of my normal browsers.
     
  2. guest

    guest Guest

    I'm basically doing it too. Most of the time I don't allow javascript, iframes and plugins to run. When a website/blog requires me to allow javascript just to read its content, I usually won't bother with it and leave. It's usually just a copy-paste from some other places anyway. Not worth the risk.
     
  3. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    On mine plugins are click to play. Iframes can be toggled or opened as links. Neither runs automatically. Completely disabling javascript makes several sites that I use very inconvenient. I chose to filter it via Proxomitron. Nosy scripts that try to mine information are blocked while those that add functions I want are allowed. Request Policy stops most of the scripts in ads, 3rd party trackers, and content from other sites.
     
  4. Alhaitham

    Alhaitham Registered Member

    Joined:
    May 18, 2013
    Posts:
    173
    Location:
    Egypt
    NoScript is a must for me

    Reasons

    - Security (blocking js and the likes)
    - Privacy (blocking cookies and the likes)
    - Adblocking
    - Bandwidth saving, a heavy site opens like it was a text file
    - It makes Firefox lighter in general
     
  5. guest

    guest Guest

    It's been a very long time since I tried NoScript, so I might be forgetting things, but I can't remember it also blocks cookies. New feature?
     
  6. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    A lot of those third-party java-script sites will ALSO set cookies - If you allow java-scripting globally and use default cookie-policies that is .
    So, if you block the 3.party-site from running it's java-script exploits, you will of course also be blocking it's cookies, as an added 'bonus' .
     
  7. guest

    guest Guest

    Oh, I thought he meant full-blown cookie filtering functionality.
     
  8. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    surfing with Javascripts disabled breaks the web.
    too much stuff relies on it.

    that's why i don't use NoScript and the likes anymore.
    you end up spending more time babysitting the bloody addon than surfing the web itself. lol
     
  9. Dave0291

    Dave0291 Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    553
    Location:
    U.S
    I've had a love-hate relationship with these blockers. They're wonderful for making the web faster and blocking a lot of undesired things. However, the trouble isn't so much dealing with allowing sites, but figuring out which seemingly random named script buried deep in the list is responsible for that one piece of audio or video you want to see, the link you can't click, missing options etc. You end up playing Russian Roulette, and that's no way to use a security extension. I think most people are better off with a reliable ad blocker, 3rd party cookies disabled and a good web-scanning AV.
     
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    NoScript has website information feature
     
  11. Dave0291

    Dave0291 Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    553
    Location:
    U.S
    I've never found it useful for determining anything beyond generic information as to whether it is or isn't an advertising/marketing company. That's if you can find anything at all, which I often found wasn't the case. I don't blame NoScript for that, I blame the databases.
     
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I often use http://website.informer.com/ for this. Ghostery with checkbox "Reveal tracker source URL lists by default" ticked is also helpful.
     
  13. Dave0291

    Dave0291 Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    553
    Location:
    U.S
    Website Informer actually looks like a much better option, I'll bookmark that one. The thing is though, having to go through both blocking/allowing and checking these scripts elsewhere ends up being a lot of extra work just to use the web. Not many are going to want to do that or even can do that depending on their situation. All that being said, there's very little middle ground you can take if you really want to remain safer or keep some amount of privacy.
     
  14. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    I disagree on that one, it breaks parts of the web and certain sites but what I've found is that a lot of sites work fine without it--Wilders included--even if some things don't work. I'm posting this now without javascript. I'm actually having a better web experience just due to the reduction of ram and cpu use on my laptop. Everything I'm doing is smoother, faster and more responsive whether it involves the web or not. I'm actually finding it a better experience to be able to read news articles without unwanted video feeds which are often advertising. If there is anything I'm interested in that needs javascript, I just enable it for that instance and then disable it again.
     
  15. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    I don't see how blocking JS in your browsers could make things more responsive when you do something that does not involve the web.
     
  16. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I just rely on third-party blacklists instead of black/greylisting everything, much less trouble whitelisting. Security and performance differences in a modern system is minimal.
     
  17. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    If your browsing pattern consist of mostly text (blogs, articles), disabling JavaScript is usually fine. That's what I usually do.

    It's when you want to access drop-down menus, fill up forms, post on forums, download from file-sharing site (with timer) and watch videos - those usually make use of Javascript.

    If you built up a whitelist and you frequent the same sites on a routine basis, it's not going to be much of a pain.

    It's when you do binge browsing and in no mood for white listing, that is when disabling Javascript can become annoying.

    One man's meat is another man's poison.
     
  18. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    The less CPU and memory used, the more that is available for anything the computer does. The CPU cycles and memory that javascript was wasting are now available for other processes.
     
  19. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    Forum posting works fine on most forums with minor inconveniences. Timers don't work. Drop down menus often turn into full page menus. Youtube play doesn't work but I can still search for videos and enable javascript to view them. I'm using a brute force approach with Opera 12 but it has the advantage of being able to enable and disable javascript on the fly. There isn't a version of noscript for it but there are script blocker extensions and eventually I might install one for this browser instead of blocking everything. One annoyance is that AdBlock plus isn't working right with javescript disabled but the only adds that are getting through that weren't before are Google text adds on search results.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    @ MisterB

    I know exactly how you feel! JavaScript has ruined most of the web. I can´t believe how many no-skill idiots are designing website nowadays. Ugly and unhandy layouts with way too many scripting, resulting in slow loading websites and high CPU + RAM usage. It´s sickening, especially on old PC´s but even new PC sometimes have problems, resulting in freezing browser-tabs. :thumbd:

    EDIT:

    One of the worst examples is Facebook, it´s a nightmare on a 8 years old machine.
    Zuckerberg should be ashamed of himself for designing this crap.
     
    Last edited: Jun 30, 2014
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Yes exactly, I´m using a combo of ScriptKeeper and Ghostery on Opera v12. With the first one I block certain scripts that slowdown web-page loading on some of my favorite sites. On all other pages, Ghostery is doing the blocking, with the advantage that it almost never breaks sites, while it still speeds up loading a bit. But my fantasy would be to ban JavaScript from the web completely. When it comes to designing websites it´s really not needed at all. :)
     
  22. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    780
    I first configure my Firefox portable browser (old version) Firefox 6.0 to run with javascript disabled and 'Secret Agent' in stealth Mode. I then run Firefox in it's own Sandbox (Sandboxie) as a 'program start' 'forced folder'. So the browser always opens in this state and if I if I need to go to a site that uses javascript etc it's easy to go to tools options in Firefox whilst in a sandboxed session and enable javascript and untick stealth mode in 'Secret Agent' .
    After viewing that site if I close the browser and empty the sandbox. Next time I open my Firefox it will be defaulting to javascript disabled and stealthed in Secret Agent.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    By the way a quick update:

    The end conclusion is that I can´t really live without script blockers, even on a fast machine, some sites are way too slow. Browsers just can´t seem to handle a lot of scripting, even with a high end CPU, lots of RAM and a fast SSD/HDD. I was shocked to see that on my new machine, Facebook and Twitter still feel slow/sluggish as hell, both in Opera and Firefox. FB has to have the worst web-developers ever seen. :thumbd:
     
  24. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    After a month of the brute force approach of completely blocking javascript in Opera 12, I finally installed a script blocker, ScriptKeeper, along with Ghostery. This is a nice combination. I actually like Scriptkeeper which is just for Presto Opera better than Noscript. I get a nice notification widget that tells me how many scripts a given page runs. This is really cool along with a similar Ghostery widget that tells me how many trackers the page has.

    Javascript uses up a lot of cpu cycles, memory and internet bandwidth if left to run unchecked. All of these things I pay for and I don't want them used up to track me and spew ads at me, targeted or otherwise.
     
  25. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,513
    Location:
    USA - Back in a real State in time for a real Pres
    I don't worry about JS. But I get peeved when a site asks me to confirm I want to leave their site. Only one click yeah, but how dare they ask. So I installed QuickJava 2.0.4 extension in FF. So I don't have to deal with giving/asking permission to leave. It's very much a control issue with me. If I have JS disabled I don't have to answer the sites query. If I have JS enabled I click the QuicKJava icon on the toolbar to quickly disable JS. It'll still take an extra click but it's my click ~ Snipped as per TOS ~ it not their mother may I ~ Snipped as per TOS ~ click. So there & I take my ball & go home.
     
    Last edited by a moderator: Aug 31, 2014
Loading...