‪Just found a news site (they’re usually the worst) loading javascript from 93 different third-party domains. NINETY-THREE. ‬

‪Most of those scripts are from ad networks, 9 of them are ad networks that begin with the word “ad.”‬

alcohol, oh noes the CW gives away the joke Show more

@laura This is why I love browsing the web without Javascript :)

@fatboy but don’t you find that most sites break?! Surely Mastodon breaks?!

@laura @fatboy

Another NoScripter here. The majority of sites work fine without Javascript. Layouts break often, but it's still better than running arbitrary code. The biggest issues come from e-commerce sites.

For something like Mastodon, which I trust, I enable scripts.

@laura yes! Most definitely breaks most pages.
This is why I use two browsers, one for browsing/reading, second for logins of sites I trust.

@laura Don't worry, ad networks would *never* track which articles you read to profile you, and they would never be abused to deliver malware into your browser.

Oh, wait...

@kellerfuchs @laura Sounds like the perfect use case for disposable containers for each site (Mozilla has added this in newer Firefox as a feature), plus uMatrix.

Ran into over a dozen random and questionable 3rd party domains being pulled in on a merchant processors backend. There is no good reason to be running Facebook's javascript on a page that solely takes credit card info, but IMO this First Data reseller is inept...

@bikecurious @laura Yes, that's pretty much what I do: I taught myself to use Alt-C (which opens a fresh, temporary tab container) instead of Ctrl-T, and I have services I log into (Github, ...) pinned to specific, persistent containers.

It's not a replacement for blocking JavaScript entirely, and ressources from random third-party domains (JavaScript-free tracking is a thing), but that greatly limits advertiser's ability to track me across sites

@kellerfuchs @bikecurious seems like fingerprinting would probably render this ineffective though?

@laura @bikecurious Yeah, browser fingerprinting is a problem, though it is in many cases (but not all) mitigated by disabling JS.

Generally, the only browser that makes a serious effort at being fingerprinting-resistant is Tor Browser; a number of its privacy features are making it upstream into Firefox, but they aren't always enabled by default.

@laura how many of them are using SRI?

I'm guessing between 0 and 0.

@ben @laura 9 of them are ad networks that begin with the word “ad.”
at least the are hones.

Sign in to participate in the conversation

Little updates, posts, and toot-able things by Laura Kalbag. Leave your surveillance capitalism shackles behind and come join me in the fediverse! Want to know why I’m here? Read my post on ‘What is Mastodon and why should I use it?’