Request for Mozilla Position on an Emerging Web Specification Specification Title: Web Environment Integrity API Specification or proposal URL (if available): https://rupertbenwiser.github.io/Web-E...
The fact that this is even remotely controversial is stunning. Like does google not understand its not just home users that use adblock, but also businesses as well? Because google is so fucking bad they don’t understand there are viruses in their fucking ads. If this shit goes through, you think anyone’s dumb enough to believe google will be on top of the virus shit? Fuck off google
Let’s just go back to the good old days when the web worked without JS. That would remove a massive amount of attack surface. Might seem a bit shit without the interactivity, though.
Is there any way to make JS safer? E.g. limiting the scope of its access to specific functions (e.g. visual/DOM changes, posting/querying a server only but no local function), or is it just inherently unsafe?
There’s always possibilities to make things safer, but that often comes at a cost of features, features that many web developers (or possibly more likely their employer) would hate to see removed or be inaccessible. At least Firefox has done some great things to keep websites separated so a tracking cookie from tracking service A on site B and site C doesn’t quite get the same possibilities to track you as before (IIRC, take it with a grain of salt). But in general I would lean more towards JS sort of being inherently “unsafe”.
You can always make yourself a lot more secure by browsing the web through a browser confined to a virtual machine, but most people won’t do that. And as with IOT, the S in World Wide Web stands for Security.
Is there any way to make JS safer? E.g. limiting the scope of its access to specific functions (e.g. visual/DOM changes, posting/querying a server only but no local function), or is it just inherently unsafe?
The fact that this is even remotely controversial is stunning. Like does google not understand its not just home users that use adblock, but also businesses as well? Because google is so fucking bad they don’t understand there are viruses in their fucking ads. If this shit goes through, you think anyone’s dumb enough to believe google will be on top of the virus shit? Fuck off google
Ad blockers are more important to security than virus checkers.
ya, using the internet without an adblocker is a security risk because Google enables scams across its services.
How about they learn to clean house first before shitting on the internet lol.
incompetent company will do incompetent things.
I think the FBI recommends the use of ad blockers for personal safety, let me find that link real quick…
Edit: FOUND IT, Third point under “Tips to Protect Yourself”
Let’s just go back to the good old days when the web worked without JS. That would remove a massive amount of attack surface. Might seem a bit shit without the interactivity, though.
Is there any way to make JS safer? E.g. limiting the scope of its access to specific functions (e.g. visual/DOM changes, posting/querying a server only but no local function), or is it just inherently unsafe?
There’s always possibilities to make things safer, but that often comes at a cost of features, features that many web developers (or possibly more likely their employer) would hate to see removed or be inaccessible. At least Firefox has done some great things to keep websites separated so a tracking cookie from tracking service A on site B and site C doesn’t quite get the same possibilities to track you as before (IIRC, take it with a grain of salt). But in general I would lean more towards JS sort of being inherently “unsafe”.
You can always make yourself a lot more secure by browsing the web through a browser confined to a virtual machine, but most people won’t do that. And as with IOT, the S in World Wide Web stands for Security.
Is there any way to make JS safer? E.g. limiting the scope of its access to specific functions (e.g. visual/DOM changes, posting/querying a server only but no local function), or is it just inherently unsafe?
More like money hungry company will do money hungry things
You really think they don’t exactly know what they are doing?
They are an ad and data company, you blocking anything isn’t something they want to make possible.