For those of you who disable JavaScript, why?

[littlelum]

Everyone says to keep people who disable JavaScript in mind when making a website. I'm curious as to why people do that. Is there some sort of privacy or security concern? Does turning it off create inconveniences for you? Is it worth it, in your opinion?

[futurearcana]

Most of the bad, undesirable stuff that modern websites do these days, including but not limited to cookie consent popups, most ads, random videos on autoplay and invasive telemetry, relies on javascript. Add to it the fact that most of the time this javascript code is proprietary and obfuscated and the end result is random untrusted programs (because that's what javascript "scripts" are) running on your computer without consent.

Given all this I think it's more than understandable for some people to want none of that and just disable javascript entirely.

Of course there are legitimate ways to use javascript, I use it a fair bit on my websites and I like what I can do with it, and to be quite honest while my websites all mostly work without it, I don't usually go out of my way to make javascript free websites. But I do respect people's decision to disable it because of the corporate distopia we find ourselves living in.

[ThunderPerfectWitchcraft]

I use NoScript to disable all types of script per default. Most parts of the "normal web" (Wikipedia is a honorable exception here) only work in a reduced version this way: No video playback, no music, buttons and links often do not work, sometimes even the whole layout is defunct.
When I want something from such a page, I give it a temporary allowance to use scripts.

Additional to the reasons mentioned above: Yes, security concerns are a thing. Most of the drive-by exploits and other malicious behavior that one can encounter when surfing work by utilizing scripts.

[candycanearter07]

I also use NoScript, like stated above it makes a lot of websites more convenient and less annoying. I also like how you can whitelist or temporarily allow certain websites, since its a good balance between a binary on/off. It's really nice to be able to turn off cross-site google stuff since a lot of websites have that, too.

[noahie]

On my browser (Ungoogled Chromium), I set up site permissions so that sites aren't allowed to use Javascript by default, but I can easily give permission to use Javascript on a site-by-site basis. I do this for a few reasons. The biggest reason is for performance. Javascript, in most use cases, doesn't make the site more functional, and is often used for tracking. Beyond privacy, disabling Javascript generally makes sites load faster. What I've found is that in a web browser, the only thing I really use it for is to consume media. When it comes to reading text, listening to audio, looking at images, and watching most videos, you don't need Javascript for it. HTML handles all of that just fine.

Of course, there's other use cases for Javascript like in the case of dynamic websites. If your site needs any kind of user input, Javascript has become the best bet for it outside of languages like PHP or Perl. If you're making a web-based game or some other kind of application that's more complicated than just basic media consumption, Javascript there makes sense. However, most sites (especially news sites and magazines!!) use tons of Javascript and it's literally all just for tracking and ads. Gross!

Overall, I've found that it's best to not allow Javascript as a base rule, and allow sites on a case-by-case basis. I do a lot of internet browsing and find myself on all different kinds of unique sites every day, so disabling Javascript is generally going to be a more secure option. Regarding a personal site, I don't think it makes sense to accommodate to those who don't use Javascript. It's not like it's an accessibility thing. If someone doesn't want to enable Javascript but your site uses it, that's their problem; there's plenty of other sites they can browse.

[arcus]

Partly for safety, partly for accessibility, and partly on merit. I don't judge anyone that adds JavaScript to their site, but I greatly appreciate it when it's optional.

Problems that effect browsing:

• Account theft: Cross site scripting (XSS) can be used to steal accounts without needing passwords, 2FA, or programming knowledge. This used to be a huge problem on Neopets: If someone clicked on a pet page or shop that had a cookie grabbing script, the page's owner would be able to access their account and steal it. This issue was so widespread that Neopets bans JavaScript entirely on custom pages now. Even Neocities has had problems with XSS.
• Privacy: JavaScript can be used to identify people, even when they use a VPN. It can access a lot of information about one's PC, such as installed fonts and window size. If someone had a unique set of fonts installed, it wouldn't matter what browser or IP they had, a site's owner would know who they are. CreepJS (Github link) demonstrates how easy it is to identify a computer with JavaScript on.
• Security: This site links articles on the security issues. This is the main reason people disable it.
• Accessibility: If not taken into consideration, JavaScript can cause accessibility problems. It can make sites less accessible to screen readers, be overwhelming sensory-wise, and trigger photosensitive epilepsy in certain situations.
• Cryptocurrency mining: It can be used to mine cryptocurrencies in the background. This uses up extra electricity, and strains computers, making them break faster. JavaScript in general puts extra strain on PCs to run, but crypto mining is one of the worst cases of it.
• Data usage and speed: A lot of web developers use collections of code as a base (frameworks.) These frameworks can be pretty big, which quickly adds up to gigabytes spread over multiple sites. This slows sites down, and has prevented Californians from claiming SNAP benefits.
• It's overused: CSS and HTML can do a lot of their own. CSS especially.

Non-browser related issues:

• The creator is a homophobe: Brendan Eich donated towards Prop 8 and its supporters, a vote against gay marriage in the United States. He co-founded Mozilla and was appointed as the CEO, but stepped down after backlash. These days he works as the cofounder and CEO of the Brave Browser (which also has issues and should be avoided) and posts COVID denial theories on Twitter.
• Security, again: JavaScript isn't only used in browsers where it's (usually) sandboxed. It can do a lot more harm outside of a browser, see above.
• It's aesthetically unpleasing and has weird design choices: You'll see this reason more commonly than the others in web dev spaces. I agree, but please don't let some nerd opinions discount anything else I listed.

I also agree with the other points made so far. Anyone browsing random sites on the indie web should use JavaScript on an allow list. There's nothing stopping someone from running malicious scripts on their site. Adblockers help, but they work on community managed disallow lists, so they're less effective for the indieweb.

Does turning it off create inconveniences for you?

It's not a problem if it's on a toggle, which most people do. I don't use browsers that support JavaScript on my main machine, which cuts me off from sites. Mastodon instances and Wafrn are the main ones, but thankfully individual Wafrn posts display without it.

Some indieweb sites use JavaScript for navigation which is annoying. If it's an interesting site, I'll look at the source code and manually type out the URLs.

Is it worth it, in your opinion?

Yes. Sites load instantly and the sites I can't access tend to be corporate. Browsing without JavaScript has made me spend more time on the indie web finding cool sites. I have over 5k bookmarks of sites that work without JavaScript. I do look at sites that require it on another machine occasionally, but only if it's worth it.

It's great for my laptop. It saves power and I can keep thousands of tabs open without the fans activating.

It's also more peaceful. Sites are a lot less distracting without it, and infinite scroll doesn't work without it.

[Bede]

Overall, I've found that it's best to not allow Javascript as a base rule, and allow sites on a case-by-case basis.

I think I might try doing this. This might make me a hypocrite, because I use Javascript to load my site's navigation (though I do direct those with Javascript off to the sitemap for navigation), but I definitely don't trust non-indie sites with Javascript.

[fsr]

I think I might try doing this. This might make me a hypocrite...

I don't think it's a matter of hypocrisy at all. It's your computer, your CPU cycles running the code, your particular set of needs as a user (some javascript just crashes my web browser, I have no interest in that) and you're not denying anyone else that choice by putting javascript on your website. They are free to block it too.

Of course it's nice to consider non-js users when possible, but it's not always. I have a website with no server-side code and a sort of calculator app. How am I supposed to run that without js? Granted I've made similar things that run outside the browser that certainly don't require javascript.

Even so, I try to avoid making anything Truly js dependent within reason. Most of the time, the feature set I'm most interested in supporting is Gemini, so normally I don't even use most HTML features unless they're in the service of displaying Gemtext. But I'll use javascript for that (and if you turn it off, you can still access the Gemtext via View Page Source if reading the text and having access to the links is all you care about).

But I don't go to that level out of a moral obligation, I do it because I like the idea.

[ValyceNegative]

Wow, I was about to reply how Javascript slows down websites and hinders their performance if used too much, but @arcus  has already given the definite response to this thread. I didn't even know some of that info, and now I'm even more cautious towards Js use!

I agree that a lot of what Js does can be achieved with CSS instead. The slowest (and weirdly loading) page on my current site is the Affiliates where it has to load the Js webrings have provided when I joined. There's quite some alternatives on how to do webring code including ones that use simple HTML links only, so I wish the Js-based webrings would provide alternative static codes and let people choose!

[larvapuppy]

This is the kind of thread I really like to see on Melonland. Educational threads like this are the most valuable thing on the forum imo. Before this, I saw a lot of people saying they disable all JavaScript / dislike it but none gave any explanation as to why one would block it (other than slowing down performance which I always thought was a little dramatic if you're not using retro hardware). I also saw JavaScript warnings on people's sites... I even had one on my own for a bit, without knowing their purpose.   Now that I've read this thread I realize that it's actually probably a wise decision to disable JavaScript on unfamiliar sites. Context actually helps a lot to sway people to your opinion believe it or not . I'm glad to have my bias challenged. I think I will start adding the noscript tag to the few spots on my site that do use JavaScript.

What does everyone use to disable JavaScript? I have UBlock Origin already installed on Waterfox, which I know does disable some scripts and ads automatically, but I'm curious to know what other people's setups are. Is there a way to permanently whitelist certain sites, etc.

[lakes]

Even though I used Javascript for my website and I already know some of the problems with Javascript, this thread convinced me to install NoScript for daily browsing. Most of the sites I use nowadays don't need it except for stuff like stuff with a video player like Peertube & for Youtube, I already use a separate program.