this post was submitted on 13 Feb 2024
212 points (97.3% liked)

Programming

17270 readers
39 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]



founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 54 points 8 months ago (1 children)

Also:

  • Simple sites allow visitors to stay safe from browser exploits by keeping scripts disabled.
  • Simple sites pose very little threat of fingerprinting or other invasive tracking techniques.
  • Simple sites can look beautiful, with a bit of well-crafted CSS.
[–] [email protected] 16 points 8 months ago (2 children)

I don't think your second point is correct. You can still embed analytics on a static website. I believe you're conflating it with your first point by assuming that scripts are disabled on the browser side, in which case it's a bit of a redundant point.

I also think it's a bit unrealistic in this day and age to run with scripts completely disabled. I know it sucks, but we need better ways of protecting our privacy and disabling all scripts is a bit of an extreme measure given so much of the modern web relies on it.

[–] [email protected] 3 points 8 months ago* (last edited 8 months ago)

I think it's impossible if you want for things to work. JavaScript is so ubiquitous it's been baked into the browser since 1995.

[–] [email protected] 2 points 8 months ago* (last edited 8 months ago)
  1. My first two points make a distinction between fingerprinting and more invasive attacks that JavaScript has enabled, including data exfiltration. You might not have encountered the latter, but that doesn't make them the same thing. (Also, the analytics you refer to that are possible without scripts are far less invasive than what scripts can do, as is hinted in my second point.)
  2. It's not unrealistic, since scripts can be turned off by default and enabled selectively when needed. (But were that not the case, it would be reason to use them less, not more.)