Re: [Trisquel-users] non-free sw on websites
Thanks guys, all your responses are very helpful.
Re: [Trisquel-users] non-free sw on websites
Obviously the worst thing about proprietary JavaScript is that it's proprietary. You don't have the 4 freedoms. Besides that JavaScript can be used for snooping various things, some listed at https://panopticlick.eff.org/ Also, the JavaScript sandboxes on many applications are not too good and there are quite a few exploits that take advantage of JS. E.g. https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
Re: [Trisquel-users] non-free sw on websites
I posted my IMO on harmful effects of non-free JavaScript here: https://trisquel.info/en/forum/harmful-effects-non-free-javascript tl;dr: tricking users, unnecessarily tracking of user actions on pages, obfuscation or primitive digital restrictions management (hard to tell, not sure what reCAPTCHA and YouTube use now). Andrew
Re: [Trisquel-users] non-free sw on websites
I think of it this way, Facebook and I presume Google track users when they're logged out and not even on their sites through all sorts of code that we can't see or opt out of. http://www.cnet.com/news/facebook-we-do-track-logged-out-users-but-trust-us/#!
Re: [Trisquel-users] non-free sw on websites
Thanks for the great essay- I'm now convinced that I should keep LibreJS enabled.
Re: [Trisquel-users] non-free sw on websites
A great amount of websites. From the top of my head, pretty much everything Google.
Re: [Trisquel-users] non-free sw on websites
I mean, in what ways can third parties control the non-free website software, that a user may not agree with if fully informed? For example: can non-free website software access and report on information in users' web browsers? How about local home folders?
Re: [Trisquel-users] non-free sw on websites
It's kind of an odd thing, because in the name of security, JavaScript tends to be a somewhat castrated language, at least when it's loaded on the request of a web page. You have all these settings in a browser for what it can and cannot do, and JavaScript's ability is usually crippled by default. Then you have NoScript, which blocks even more of JavaScript's ability to do what it wants. However, it's still a programming language, and you simply can't design a decent programming language that makes all malicious functionality impossible. One basic example of malicious use of JavaScript code is fingerprinting, and this is quite common. For instance, HTML5 introduced the canvas element, allowing JavaScript to be used to draw things, a useful thing for games. But by taking advantage of slight differences in the way browsers handle this, it's possible to retrieve canvas data and use it to uniquely identify you. This is one particular thing that Web browser developers (but especially the Tor Project) have been trying to crack down on, but it's a difficult, ongoing battle. I'm sure there are other examples of malicious functionality observed in JavaScript programs, but I can't think of any right now.
Re: [Trisquel-users] non-free sw on websites
I'm not really an expert on the matter, but from what I understand it is a significant risk. The Wikipedia article on Cross-site scripting (XSS) might be an interesting read.[0] [0]https://en.wikipedia.org/wiki/Cross-site_scripting
