Blocking JavaScript seems like a good idea

Tags

, , , ,

My fancy new website is broken due to a script blocking extension. I found this out when I showed a friend the Radial Blitz website. He complained that something was lacking. He turned on screen sharing to show me and sure enough my large screenshot slider was nowhere to be seen.

Turns out a script blocking extension was causing the problem. Obviously I didn’t expect the slide show to function, but I expected at least a static image. The theme designer likely never even considered that somebody would have JavaScript disabled. Should they, or is JavaScript a critical web technology?

I don’t think it’s useful to argue for JavaScript, it’s features are well known and I find it invaluable. Instead I’d like to consider why somebody would disable it. To my own chagrin, my list seems to support their position.

Garbage and bloat

A reason to dislike JavaScript is the unnecessary bloat it causes. It takes longer to download a page, often causes the page to render slower, and often provides no user advantage, or even any developer gain.

I’ll take Twitter here as an example. I have the standard follow button on my blog (well, had, since I’ve replaced it now). This is a button which you can simply click to follow me on twitter. With the button in place I see a lot of data being loaded from twitter.com: ~100K in JS and ~150K in HTML. Half of that HTML looks like it’s a defect, as it appears to be the same resource loaded twice.

That’s 250K of data to transfer just to have a follow button!

I know that Facebook has a similar overload problem with their button. On PuzzlePuzzle.net I had to disable the Facebook widget because it was taking too long to load. These two simple social buttons were the primary reason the site was loading slowly. No wonder people want to disable this crap.

Tracking

A lot of the JavaScript loaded for a page isn’t visible to the user at all. It merely tracks the user on third party sites, like Google Analytics or Chart Beat. This information is valuable to the site owners, but let’s be honest, it is mostly of no value to our users.

On my own projects I’ve noticed that these external requests slow down loading. I’ve seen the sites responding slowly, or not responding at all, including Google.

What bothers me the most is that it should be totally unnecessary. This is something that could be done entirely server-side. There’s no reason why my server couldn’t talk to Google Analytics and Chart Beat — aside from it not being an option in those services.

As a user, having slower page performance just so an advertiser can create a profile of me doesn’t sound appealing. Disabling JavaScript at least partially solves that problem (though an ad-blocker is also effective here).

Nefarious injection

Some sites are just downright tacky with their ad systems. Sometimes you have a hovering popup, other times a wacky animation. Clever use of JavaScript can often defeat the user’s ad-blocker and display some poorly targeted ad to the user.

I recently read that some ISPs are also injecting ads into sites. It’s essentially a man-in-the-middle attack which hijacks a webpage and adds some JavaScript to the end. Site owners aren’t even aware of this issue. It is a point against JavaScript, but of course these corrupt ISPs could equally well attach HTML advertisements if they wanted.

The proper solution here is of course for everybody to start using HTTPS.

Security

Browser vendors have done a terrible job of providing website security. Exploits using JavaScript are very common. Improved security is one of the key promoted features for the script blockers I’ve looked at.

The current approach to site security is to continually patch on ad hoc rules, restrictions, exceptions, and other nonsense. Clearly this will never work, and it’s just making it harder to write websites. CORs is a good example of this nonsense; I mentioned this in a previous article.

Until vendors provide a properly designed sandbox model the security problems are not going away. It’s not like it’d be very hard to build this model, it just happens to break the web. Well, it really only breaks the web for advertising and tracking networks, so our user wouldn’t likely be too upset.

Or, you could just disable JavaScript. It’s overkill, but it’s the safest option.

Disable it?

When I started writing this article I was firmly convinced that disabling JavaScript was not a good idea. It is a critical web technology and a lot of standard features just can’t work without it. I was going to be fair though, and decided to think of the reasons why somebody would want to disable JavaScript. Unfortunately, reading my list now, disabling JavaScript doesn’t seem like such a silly concept anymore.

Disabling JavaScript removes the vast majority of crud polluting pages and hurting privacy. I can totally sympathise with users that want to disable it.

As a website designer it’s a big problem for me though. HTML and CSS are simply not adequate for doing a lot of basic presentation. Used correctly, simple interactive features can provide a huge benefit to user experience. From simple hiding and revealing of information, to providing interactive forms that guide the user, or presenting voting and rating buttons for articles. I don’t imagine I’d much enjoy a web without these features.

I do consider the problems I listed to be significant. But I don’t consider disabling JavaScript to be the correct solution.

About these ads
Follow

Get every new post delivered to your Inbox.

Join 283 other followers