I highly recommend disabling JavaScript by default in your browser and then whitelisting the websites that you use frequently and need JavaScript to function.

The privacy benefit of this is that when you read articles online or visit new websites, most of the time it will not need JavaScript to function which will stop loading a lot of ads and tracking scripts.

The security benefit here is massive, first if you visited a bad link that contains a malware that is dependent on JavaScript it would not work, secondly if you visited a link for a service that you use and JavaScript did not work there, then you can see in real time that this is a fake page and not the real websitewebsite you intended to visit.

Bonus tip: try to replace the unnecessary websites that can’t work without JavaScript and you need by JavaScript free websites or open source apps.

Disclaimer: Stay cautious. This recommendation will improve your privacy and security, but it does not protect you from everything.

  • moonpiedumplings@programming.dev
    link
    fedilink
    arrow-up
    7
    ·
    5 months ago

    Disabling javascript increases security, and offers a little bit of privacy. Those are both separate from anonymity, but people conflate the three often.

    For example, javascript can be made to do arbitrary websoccket or http connections to any ip/hostname your computer has access to — even local networks or localhost.

    I use the browser extension Port authority to block it.

    Of course, port scanning is used by ebay to scan users computers, and discord.

    Disabling javascript prevents websites from tracking exactly what you do on each site, or what local ports you have open. This is definitely an increase in privacy, as it relates to hiding what you’re doing. However, you noted it comes at the cost of anonymity, as you become uniquely identifiable.

    • refalo@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      5 months ago

      Of course if you’re not blocking js entirely but using something like port authority, then that can potentially be detected and used against you just like I mentioned, so yeah it’s a tradeoff you just have to decide on based on your own individual threat model.