←back to thread

Aspects of modern HTML/CSS you may not be familiar with

(lyra.horse)
451 points todsacerdoti | 6 comments | 28 Aug 25 20:49 UTC | HN request time: 0.001s | source | bottom
Show context
keeganpoppen ◴[28 Aug 25 23:12 UTC] No.45058084[source]
i will say that though i am predisposed to appreciate and agree with an article like this, any sort of value proposition around "some users don't want javascript" just doesn't... hit for me. and, mind you: i am a card-carrying arch user and have spent more time messing with browser scripting and web crawling, and am more of a True Believer than most. it's just such a niche user preference that i think it should largely be simply ignored. yes, i would love the world to be better for the "noscript" universe, no, i don't think that any individual "grassroots" effort should stake itself on "no javascript" being any part of its utility. i think there are a million other reasons why CSS should win out that are more compelling than an appeal to what feels, extremely ironically, like a callback to the "but 10% of your users use IE6" days... all in all, yes: this is somewhat of a minor point wrt. to the article (which btw i think is great), but i am just calling the "trend", such as it is / has been, for what (i think) it is.
replies(5): >>45058205 #>>45058259 #>>45058381 #>>45058464 #>>45059079 #
rebane2001 ◴[28 Aug 25 23:39 UTC] No.45058259[source]
fwiw, i've been using the internet with noscript and i find it perfectly usable

for any sites that do need js, i simply enable it for them from the extension, so it never gets in the way with sites i use regularly

it's pretty nice for performance/battery and security

have you ever tried living with noscript for over a week? i feel like your perspective could be a bit mislead, because i felt the exact same way as you before i started using noscript

disclaimer: i'm the author of the blogpost

replies(5): >>45058494 #>>45059123 #>>45059657 #>>45059996 #>>45060150 #
ajross ◴[29 Aug 25 01:49 UTC] No.45059123[source]
> fwiw, i've been using the internet with noscript and i find it perfectly usable

Genuine question though: you just run a ton of apps instead, right? Windows apps, iOS apps, whatever. Right? Because you still want to use (and not just "look at") Facebook or WhatsApp or BSky or Drive or CoD:BO6 or... everything. And all that stuff runs in an environment with the same privacy-compromising power (generally much more dangerous, frankly).

I just don't see a situation where "use noscript" doesn't really just mean "use your phone so you don't have to use your browser". I mean, why bother? You're not winning anything.

(Quite frankly most of the people I see in this argument eventually admit this straight up: "no javascript" really means "no Google" to them, and their goal isn't privacy at all except as a proxy thing; it's the destruction of the World Wide Web as a platform in favor of Apple's offerings.)

replies(3): >>45059179 #>>45059461 #>>45060596 #
1. rebane2001 ◴[29 Aug 25 01:57 UTC] No.45059179[source]
i have js enabled for webapps such as discord and bluesky - having js disabled by default for sites i haven't visited is very good for limiting attack surface

for sites such as facebook, i don't really use them that often, so i only run js on them when i feel like consenting to it

yes, i use programs/apps, but attack surface and threat models aren't binary, so it's still better to make things more secure

replies(1): >>45059354 #
2. ajross ◴[29 Aug 25 02:22 UTC] No.45059354[source]
> yes, i use programs/apps, but attack surface and threat models aren't binary, so it's still better to make things more secure

But again, the point is that market decisions aren't microeconomic. The world where everyone uses noscript by default is a world where no one builds web apps anymore (because the platform sucks by default) and everyone uses native apps from whoever the dominant vendor happens to be. And that's worse (much worse, by basically every metric, including privacy and security) and not better.

Your logic only works if you're a parasite: you can use noscript to "protect" yourself only if most people don't.

replies(2): >>45059616 #>>45059629 #
3. Jach ◴[29 Aug 25 02:55 UTC] No.45059616[source]
Worse for whom? Not the end user, where again they just permanently enable the app once if they are going to use it often. This makes it little different to the consent for browser permissions, like notifications or access to a microphone or camera, which everyone does use. If everyone used noscript you might even see a change to the default interface to make it more like the permissions flow.

Separately, we already live in a world where people tend to pick "native" apps (e.g. Discord, Slack) that are just wrappers around the webapp, and on the phone you have similar behavior where people often prefer the "native" app (e.g. twitter/X) over the mobile web version. Despite this asymmetry, web apps continue to be built, and they would continue even if everyone used noscript.

4. rebane2001 ◴[29 Aug 25 02:57 UTC] No.45059629[source]
i'm not a "parasite" for having a personal threat model - i'm a person with a double digit number of browser CVEs, and i think it makes sense to take extra precautions because of that

and like, noscript doesn't mean you can't run javascript - it just means you have to consent to it, just like it was in the past with flash and java applets

your argument kind of assumes noscript users never run javascript, which is false

replies(1): >>45064352 #
5. ajross ◴[29 Aug 25 14:08 UTC] No.45064352{3}[source]
> i'm not a "parasite" for having a personal threat model

Of course not. You're a parasite because if everyone had your "personal threat model"[1] it would kill the platform you're using and you wouldn't even have the option of noscript. I think the metaphor is apt and I stand by it.

[1] FWIW, this conflation of legitimate security jargon with what amounts to wanting more settings tunables in your app is sort of a bad smell. It seems insincere, honestly.

replies(1): >>45082268 #
6. floydnoel ◴[31 Aug 25 11:09 UTC] No.45082268{4}[source]
i guess we can all tell who works for ad-tech!

seriously though, some of us have been using the web longer than JS has existed, and it works fine without it.

i personally just updated my purpose-built (for SEO and other non-JS contexts) router for React, which now lets one curl a page and you can see all the text contents you want and even has low quality image placeholders. so you can view the whole page with no-JS. it really isn't very hard to support!