fsebugoutzone.org:9999

       Post 9spaXtdOZvmwitF8G8 by LienRag@miaou.drycat.fr
 (DIR) More posts by LienRag@miaou.drycat.fr
 (DIR) Post #9sorWq1a1EEFIfg09I by strypey@mastodon.nzoss.nz
       2020-03-09T04:21:06Z
       
       0 likes, 1 repeats
       
       Here&#39;s an excellent flow chart laying out the many reasons why over-use of #Javascript in websites is a bad idea, even for serving users who don&#39;t habitually block some or all JS: https://kryogenix.org/code/browser/everyonehasjs.html#MakeJavascriptOptional
       
 (DIR) Post #9sosuP8liz7KpCq9NA by strypey@mastodon.nzoss.nz
       2020-03-09T04:36:35Z
       
       0 likes, 0 repeats
       
       A lot of the problems caused by #Javascript, from invasions of privacy to crashing browser, would be solved if web browsers disabled scripts from third-party domain by default. They could pop up a scary warning on websites that use them (akin to #HTTPS error warnings), asking if they ought to let the third-party scripts run. That would heavily discourage web developers from lazily using third-party resources when they don&#39;t really need to.
       
 (DIR) Post #9spJ227Nnp26XzUS5Q by sirikon@plaza.remolino.town
       2020-03-09T06:57:52.316236Z
       
       0 likes, 0 repeats
       
       @strypey What do you understand as a third party domain?I&#39;m thinking about the CDNs many people/orgs use to distribute static content globally, which is something pretty expensive to run by yourself.
       
 (DIR) Post #9spJ23I3RdACBNUUMK by strypey@mastodon.nzoss.nz
       2020-03-09T09:29:17Z
       
       0 likes, 0 repeats
       
       @sirikon &gt; What do you understand as a third party domain?Exactly what it says on the tin. Any domain that isn&#39;t the one the visitor typed into their browser (or clicked on a link to).&gt; I&#39;m thinking about the CDNs There are better solutions, like #WebTorrent and #IPFS, that don&#39;t require centralizing the web and exposing site visitors to third-party #datafamers.
       
 (DIR) Post #9spLLregc2zvnUeSUC by sirikon@plaza.remolino.town
       2020-03-09T09:34:12.629564Z
       
       0 likes, 0 repeats
       
       @strypey How do you make sure that the content loaded thru IPFS or WebTorrent isn&#39;t third party, if you depend on the domain name to do so?
       
 (DIR) Post #9spLLs25D3iGy3b8xE by strypey@mastodon.nzoss.nz
       2020-03-09T09:53:54Z
       
       0 likes, 0 repeats
       
       @sirikon I&#39;m not sure I understand the question. With IPFS and WebTorrent, there is no &quot;party&quot;, just a P2P network. * An IPFS link works a bit like a #BitTorrent magnet link.* With WebTorrent, you seed the file from the webserver at the primary domain, but any website visitor that connects to that seed can also upload to a BitTorrent swarm, which shares the load of serving the file. It&#39;s what #PeerTube uses.
       
 (DIR) Post #9spNWmkFPQmbf6aW0W by sirikon@plaza.remolino.town
       2020-03-09T10:01:14.240615Z
       
       0 likes, 0 repeats
       
       @strypey What I&#39;m talking about is: If the problem here is loading third-party content, like trackers and so, how does IPFS or WebTorrent help.For example: Google could distribute the Google Analytics .js file in IPFS, and any website that wants to include it, just needs to host the hash and then use the P2P network to make it reach the client browser.
       
 (DIR) Post #9spNWnENbOszAYgZyS by strypey@mastodon.nzoss.nz
       2020-03-09T10:19:39Z
       
       0 likes, 0 repeats
       
       @sirikon &gt; Google could distribute the Google Analytics .js file in IPFSIntriguing. I&#39;m pretty sure JS doesn&#39;t work that way, but I&#39;m no expert of browser engineering. But if it is possible to sideload JS into the browser from anywhere, that would make it even more of a security risk than I thought.@alcinnz any thoughts on this?
       
 (DIR) Post #9spQ6VMZiB2K5QfwUS by sirikon@plaza.remolino.town
       2020-03-09T10:26:39.501055Z
       
       0 likes, 0 repeats
       
       @strypey @alcinnz Not sure how IPFS works either, but doesn&#39;t seem crazy to just reference to a hash if that&#39;s the way the network has to distribute content.Anyway: If third-party script loading gets blocked in a significant amount of web page access, it wouldn&#39;t be hard for Google to develop Nginx/Apache/etc plugins that download the most recent version of their tracking script and acts as a proxy to their server for data collection.I&#39;m not sure if third party or first party is the problem.
       
 (DIR) Post #9spQ6Vqhu98hasm0SO by strypey@mastodon.nzoss.nz
       2020-03-09T10:48:29Z
       
       0 likes, 0 repeats
       
       @sirikon &gt; I&#39;m not sure if third party or first party is the problem.It&#39;s a big part of the current problem. But sure, it&#39;s not the only one. As you say, convincing people running webservers to serve evil shit off their own domain/ IP, instead of pulling it in from EvilCorp.com, is also a risk, and would become more of a risk if third-party scripts were de-normalized. Of course, that would require the surveillance capitalists to share full JS source code ...@alcinnz
       
 (DIR) Post #9spQKHmJ173C0XHYA4 by strypey@mastodon.nzoss.nz
       2020-03-09T10:49:00Z
       
       0 likes, 0 repeats
       
       @sirikon &gt; I&#39;m not sure if third party or first party is the problem.It&#39;s a big part of the current problem. But sure, it&#39;s not the only one. As you say, convincing people running webservers to serve evil shit off their own domain/ IP, instead of pulling it in from EvilCorp.com, is also a risk, and would become more of a risk if third-party scripts were de-normalized. Of course, that would require the surveillance capitalists to share their JS with folks running servers ...@alcinnz
       
 (DIR) Post #9spaXtdOZvmwitF8G8 by LienRag@miaou.drycat.fr
       2020-03-09T12:45:32Z
       
       0 likes, 0 repeats
       
       @strypey Isn&#39;t it what NoScript does ?
       
 (DIR) Post #9sps7Vs66W8qfZgmIa by alcinnz@floss.social
       2020-03-09T16:02:25Z
       
       0 likes, 0 repeats
       
       @strypey @sirikon For Google Analytics the concern is less that it&#39;s downloaded initially from Google than that to do it&#39;s job it&#39;ll contact Google later. Browser engines could much more easily enforce privacy if it weren&#39;t for AJAX!But yes, I do support adding some sort of DHT support (like BitTorrent or IPFS) into web browsers! It could just be another URI scheme like https: &amp; data:.
       
 (DIR) Post #9sqS1EHaBQ9CjMudOK by alvarezp@mastodon.xyz
       2020-03-09T14:33:42Z
       
       0 likes, 1 repeats
       
       @sirikon @strypey I am of the idea that if it&#39;s too expensive to be run by the devs, it should be removed from the Website or optimized on the server instead of making the users pay for it. For example, JS execution: devs don&#39;t care if a JS file is heavy to be run because they don&#39;t execute it; users do. If the devs did, it would have to run 10000x (1x per access) on the server so they would actually care for performance. JS should be executed on the server.
       
 (DIR) Post #9sqbmx7qAvsX0SBdeC by strypey@mastodon.nzoss.nz
       2020-03-10T00:34:11Z
       
       0 likes, 0 repeats
       
       @LienRag #NoScript disables JS on all domains, primary and third-party, except for the ones the user allows. NS is a great tool, but it&#39;s an add-on, not a default feature of FF, let alone all browsers.