• ThaNookLmao@lemmy.zip
    link
    fedilink
    English
    arrow-up
    31
    ·
    edit-2
    1 year ago

    I think the FBI recommends the use of ad blockers for personal safety, let me find that link real quick…

    Edit: FOUND IT, Third point under “Tips to Protect Yourself”

    • CallumWells@lemmy.ml
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Let’s just go back to the good old days when the web worked without JS. That would remove a massive amount of attack surface. Might seem a bit shit without the interactivity, though.

      • Thepolack@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Is there any way to make JS safer? E.g. limiting the scope of its access to specific functions (e.g. visual/DOM changes, posting/querying a server only but no local function), or is it just inherently unsafe?

        • CallumWells@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          There’s always possibilities to make things safer, but that often comes at a cost of features, features that many web developers (or possibly more likely their employer) would hate to see removed or be inaccessible. At least Firefox has done some great things to keep websites separated so a tracking cookie from tracking service A on site B and site C doesn’t quite get the same possibilities to track you as before (IIRC, take it with a grain of salt). But in general I would lean more towards JS sort of being inherently “unsafe”.

          You can always make yourself a lot more secure by browsing the web through a browser confined to a virtual machine, but most people won’t do that. And as with IOT, the S in World Wide Web stands for Security.

      • Thepolack@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Is there any way to make JS safer? E.g. limiting the scope of its access to specific functions (e.g. visual/DOM changes, posting/querying a server only but no local function), or is it just inherently unsafe?