Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Do you browse the web with JavaScript disabled?
38 points by diceduckmonk 44 days ago | hide | past | favorite | 70 comments
We have two versions of our product: (1) SPA-like experience and (2) <14kb, <200 lines of css, <30 lines of JavaScript.

We are debating whether to maintain the LiteMode (the SPA is actually SSR, we've decoupled our MVC well, so maintaining the LiteMode is only 20% more work). This got me thinking. What if we made the LiteMode entirely text-only, maybe with some optional CSS. No JavaScript.

I tested HN and it degrades fairly well. Some things such as the comment toggle doesn't work. There's actually a HTML <details> element nowadays provides this toggability out of the box without JavaScript. At any rate, is it worth voiding the LiteMode of any and all JavaScript? Do people browse the internet with JavaScript disabled?




No, and to be frank, I’ve never known anyone who has disabled JavaScript in my personal and professional lives.

I recently gave it a shot on an old, sluggish iPad. I was blown away at how many websites just…don’t work, or only partially render.

It’s part of the modern web stack, and catering to those who disable JS is like catering to those who run FreeBSD - they exist, and they’re smart people, but their numbers are so small that catering to them makes no sense from a business perspective (unless they are a target demo).

With that said, removing the interpreted JavaScript runtime from your site is a laudable goal and things should be smoother, faster, and lighter.


I'm pretty sure if NoScript had a default that allowed *.domain and domain, most sites would render quite ok. That's my experience from using it for years and years. There are sites that require a few extra things, however many of those are repeated across sites: google fonts, jquery etc.

To be honest, I feel like there is a user-friendlier version of NoScript that should make us feel mostly unhindered. I don't know the consequences of always allowing the sites domain, though. Many trackers have their own domains.


I would pay for a curated whitelist of things (domains?) to be whitelisted in NoScript. As I'm typing this I am realizing that I have never looked for such a whitelist. Maybe there is some community maintained thing?

Is there an established AV product that has this feature?

Right now I am slowly and painfully building my own whitelist because everything is blocked by default and I allow as needed.


> I would pay for a curated whitelist of things (domains?) to be whitelisted in NoScript.

However much you would pay, advertisers would pay more.

It seems unlikely that you the value you assign to a whitelist would be more than the value advertisers assign to being seen... by all NoScript users. You would be out-bid by corruption.


You are probably right. Also I suspect the choice to whitelist or not can be hard to agree on. Maybe block all advertising things. Maybe only some of it. Maybe allow everything that isn't straight up malicious. And so on.


There used to be assets maintained by a particular person for uMatrix that had decent defaults for services, with only non-essential stuff blocked. I can't remember what it was called for the life of me.


Some HN audience are big on disabling javascript or other web features, but they are a vocal minority.

The vast vast vast amount of average web users will not disable JavaScript. And those that do likely understand that they are crippling their own browsing experience, and so are more willing to accept if the site doesn't function properly under those constraints.

I wouldn't go out of my way to make a site work without JavaScript, unless it was a personal project I was passionate about operating in that manner. Lite mode sounds like something that might benefit a larger chunk of users.

Maybe you should do some small testing and see how much of your audience uses "LiteMode", and how many disable scripts completely, to inform your strategy.


I came here to say no, I don't for the silent majority. There's a large amount of pain coming with being so vigilant about security. I'd rather spend my time and energy else where.


You do it, saying 'no', to speak for the silent majority?

Or you don't disable JS because of the majority?


I think he left out a word

"I don't [speak] for the silent majority"

I am assuming because this is a standard turn of phrase


I don't think so, I parsed it as, since the vocal minority especially on HN would say yes, they came here to say "no, I don't" for the silent majority. They're speaking for the majority.


ah right, that makes more sense, so something like: 'I came here to say "no, I don't"; for the silent majority'


This isn't going to be a very useful survey since the headline here will only attract the attention of people (like myself) that have JS disabled.

That said, we're normally undercounted because JS itself is used to do the counting so I guess this balances things out.

If a site doesn't display without JS then my first move is to toggle off CSS and see if I can read it. If I can't I check source to see if I can read it. If I can't I close the tab.


I use ff+uBO with js disabled by default, and then I peace-out when I see blank white pages that don't even render using reader view, temporarily allow if I think it'll be worthwhile, and whitelist for sites I either use regularly or deem trustworthy enough. I have surprisingly few websites whitelisted, and I don't usually toggle it. Things like Nitter and Teddit work just fine. Wikipedia and HN don't need it. Many news sites don't really break without it, and if they do then that is my peace-out territory. And some even offer text-only, like Lite CNN and text.npr.org to name a couple.

What do I actually need javascript for? It actually is really easy to do without for the majority of what I use the web for anyway. YMMV.


Disabling JS works for document based websites. How do you use web apps however, like banking sites, email, travel sites, etc?

I use uBO too with FF but I found that disabling JS globally is too annoying for many sites that are not documents. I use Twitter and Reddit (and not their alternatives you listed) because I have accounts that I want to use to comment on things for example.


I am one of the few exceptions not the rule so take what I say with a grain of salt. I browse the web with JavaScript and external fonts disabled. I also force every site to use the same font and font size.

I enable JavaScript if I know who is running a site and where their company is located and/or if I have a binding contract with them. Even then I use disposable containers [1] for those sites and run bleachbit before/after visiting such sites and use sqlite3 to clear visit_time from places.sqlite. I launch Firefox from firejail [2] with AppArmor enforcement.

[1] - https://addons.mozilla.org/en-US/firefox/addon/temporary-con...

[2] - https://github.com/netblue30/firejail


Out of curiosity - why are you so keen on hardening your browser? Because of the standard trackers / ads / data siphoning / etc., or something more?


I suppose I am cynical from a lifetime of people trying to do devious things to my machine. It is just my personal preference to be a less obvious target and have some ability to detect when a website is trying to do something shady. There is a chance I can get their domain added to the uBlock lists if I have evidence.


At the risk of sounding rude, you're not building this for yourselves. You're building this for your users. If your users are truly the type of people that frequently turn off Javascript in their browsers then by all means; go ahead and do that. But you're going to have to deal with quite a bit of a maintenance burden by making this assumption. Every new feature you add will be "what happens if JS is turned off?". Just leave it on. Assume it's on. If you lose any $ because it's off, compare that to the cost of building and maintaining a JS free application.


Mostly yes: I use JS-blocking browser extensions, which (mostly) offer domain-by-domain control over JS loading. And only enable JS when the risk/reward ratio seems low enough.

Between the browser security issues & resource usage, anti-improved speed & UX, etc. - enabling JS is mostly not worth it to me.

(Yes, doing this kinda rules out a fair number of web sites for me. But with ~10,000x more content on the web than I could view in my remaining mortal years anyway...ruling out a lot of sites is a feature, not a bug.)


Which one? I used NoScript but on Firefox it always reblocked all allowed domains after reopening the browser.

It used to work fine years ago, and some people say that's not normal behaviour, but I've stuck with it for a few versions and got sick of it.

Honestly, just an ad blocker is enough.


At the moment, NoScript on FF actually. With how few domains I load the JS from, the "reblock after reopen" behavior is 60/40 feature/bug for me.


Yes, where possible.

What I really want is a CPU budget for websites, you can run 2M operations or something, and then you're put to sleep.


Not a bad idea


I use uMatrix with a relatively strict set of blocks. By default, I allow first-party JS, and a handful of 3rd party CDNs. This is _even worse_ than browsing with JS off for most sites, as the <noscript> fallbacks don't work, but usually things are broken in one way or another because everybody depends on a ton of external libraries and services. I mostly do this to keep myself aware of the relationships between sites, and to disable the annoying "give us your email" popups that so many sites have these days.


I do browse with JS off by default (usually FF with noscript, though occasionally with simpler web browsers), often leaving pages if they require JS while they shouldn't and I can avoid those, and I know others who do the same.

Maybe a poll would be more suitable for this kind of a question though, and I guess there must be some already collected statistics around.

Edit: Speaking of "LiteMode" and accessibility in general, I think it's also nice to not go too heavy on CSS or assumptions about fonts. I used to override CSS (browsed quite a lot in the dark, so enforced a light-on-dark theme), to use textual browsers, and still disabling web fonts and setting a minimal font size, which occasionally leads to slightly messed up markup and related issues. Though those sorts of things tend to be covered in various accessibility guidelines.


Yes, I browse with JS switched off (Chromium). However, I do enable it for some sites where the risk/reward ratio is worth it. I also have a hosts file block list. The combination means I see hardly any adverts at all. I also have Consent-O-Matic installed, which takes care of the cookie blocking on those occasions where I do enable JS.

I generally find the experience browsing the web is by far better like this than with JS switched on. Web pages load quickly and use less CPU and RAM. I don't get a load of popovers asking me to sign up to spam, asking me to allow cookies, or advertise random products. Some web site that don't allow non-subscribers to view the whole article (like New York Times) do with JS switched off. I don't have my mouse movements tracked so that they can detect when I'm about to close the tab. I worry very much less about security. I have confidence that those idle tabs aren't making my CPU busy and draining my battery.

The trade-off is that some web pages don't work. These can be broadly categorised. Some web pages don't work (as far as I can tell) out of pure spite - the JS is completely unnecessary, but the page just shows a blank white page without it. This is usually a simple fix like inspecting the source and toggling the CSS display: block attribute. That kind of page is just user-hostile in its approach - they go against all accessibility requirements, and I consider that if they're dastardly enough to pull that sort of trick, they're probably nasty enough to use JS to do really horrible things, and they will never have JS enabled by me. Then there are those cool demo pages that get posted on HN every now and again, where the content is JS. These usually get enabled - they pass the risk/reward test. Other pages are the generic large corporate web sites where I can see that JS should enhance the page, but shouldn't be necessary.

In my view, the burden of deciding whether to enable JS on a non-working site or dig into the source is much less than the burden of dealing with all those popovers, adverts, anti-patterns, and privacy risks. That's why I do it.


Yes! Finally got back to noscript (for firefox) after a break and I think the "enable js from this domain" is the lesser burden compared to all the other nag that just seem to disappear.

Also, it's a positive feedback loop for your web paranoia... seeing all the crap that gets loaded.


I use NoScript and whitelist JS on a site by site basis (usually temporarily). For an app/product that I'm using regularly I'll whitelist likely looking domains until it works, and save those settings.


Yes, I block JavaScript very aggressively with NoScript. I cannot in good conscience browse the web with JavaScript enabled anymore because of the insane amount of ads, trackers, and just poorly written site scripts slowing down my browser.

The main reason I do it is because of speed. Sites load an order of magnitude faster, they are not able to “scroll jack” or automatically play videos, and another huge bonus is ad blocking, since most ads are implemented using JavaScript.

Whenever I come across a website that has a great non-JS fallback (Google, NPR’s text-only, Apple’s marketing pages, HN), I think it’s a sign that the website developer really cares about their users. It’s not just for crazy people like me, it’s also paramount for users with disabilities who need to rely on screen readers (they prefer non interactive versions of websites). There are also folks who use old computers for financial or ideological reasons (i.e., opposition to e-waste or environmental concerns) who must disable JavaScript in order to make browsing modern websites pleasurable.

I applaud your efforts to maintain the lite mode for your site! It’s such a big deal to me.


While I agree with most of what you just said, I'd like to pick out NPR as a bad example. When I visit a link to NPR from (for example) HN, I first get a demand to hand over the keys to my kingdom, then on refusal I get a passive-aggressive whinge about countries that like to protect their citizens, and then I get thrown a small collection of articles in text - but not the one was interested in. That's not my definition of a good experience.


I use NoScript + uBlock Origin (in Firefox). At beginning (around 2018, when I switched from Chrome) it was hard to have NoScript. With NS if you want to see something on majority of web, you need to enable JS at least for the domain you're currently browsing. Then once that is done, the JS from 3rd party start to unravel in the NS listing.

Eventually I found my pace. I would enable JS for current domain only temporary (I think NS will do that for 24h then back to being disabled) and if it has fewer than 5 external domains I will start reading the page and see what else might I be needing. Most of the time I don't mind that I have images missing as example of what I'm reading so that is the only one that gets temporary unrestricted.

In the beginning of doing this it felt that I was a slave, to always needing to enable JS when need it. But nowadays is mostly muscle memory and I don't even notice it. However I am the only one with NS in my household. Rest of my family and my clients only get uBlock Origin as I recognize NS is not an easy extension to use as daily driver.


As much as I can weather, yes. Sometimes things become so broken I allow more to run than I'd prefer, when really I should just go elsewhere


Self-reply/tangent/rant -- I really miss the lighter web of the 90s/early 2000s.

My picture of the ideal internet is surely boring. This is probably an overshooting response to being absolutely desensitized by the current internet


I use uMatrix and set javascript to off by default. I also set _all access_ off by default. Direct access, cookies, CSS, images, media, javascript, cross-site requests, frames, "other" such as webgl. They're all off-by-default.

The direct connection prevents me from going to a site with a homonym url (such as g00gle.com).

I turn each thing on one-at-a-time until the site works enough for me.

80% of the time, _nothing_ is needed other than the connection to download html. Plenty of sites' text show up just fine and is perfectly legible without any CSS, images, or javascript.

Sometimes a site will talk about image content. Then I'll enable images and CSS. 95% of sites work like that just fine.

The last 5%? Usually they work with javascript and without cookies. I rarely go that far. Those last 5% sites rarely bring true value with their use of javascript.

Then there's the last .1% of sites that "need" the whole shebang. Those shites are rarely encountered.


Yes, I keep JS disabled by default. For most websites, I will simply not allow it to be executed at all. If this breaks the website, I don't use the website.

For the small set of sites that are actually important to me, I selectively allow the minimum number of scripts required to make the site function well enough to do what I need it to do.


Yes. I block JS on all sites in my default (general browsing) browser profile (separate firefox profiles for banking, shopping, etc.).

Reader mode or viewing with CSS disabled (view -> page style -> no style) often reveal the content of sites that show a blank page or just "loading..." when JS is disabled.

uBlock Origin element blocker gets rid of garbage occluding content too.

To view sites that do not degrade gracefully, the Redirector extension is useful to rewrite urls. E.g., for twitter and reddit:

(https?://)twitter.com(/.) -> $1nitter.net$2\?theme=Twitter

(https?://)www(.reddit.com/.) -> $1i$2

Blocking JS is good for the environment :) A low-end machine can still provide a pleasant experience browsing the web. And, a more capable machine doesn't waste energy running useless scripts (also good for battery life).

Disabling JS also substantially reduces attack surface.


I'll echo other comments, cater your users first, don't worry about HN (unless this demographic is your userbase ofc). That said, I do block JS on mobile (FF+UBo or Bromite for the sites requiring chrome) and on desktop I go even further by using temporary containers As a web dev I've seen first hand (and being guilty sometimes) of the exessive tracking + unneeded JS bloat


I block 3rd party scripts by default but allow 1st party, aka uBlock medium mode:

https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium...


Largely, yes. I'm a heavy user of uMatrix, so I can toggle JS and other resources by domain. By default, JS is off, but if I trust a site enough (which is a low bar), I'll turn it on for the domain and most CDNs, but not for any GTM/FB domains.


I'm not in anyone's target demographic for making money on SAAS, but I do run Tor with javascript disabled for my at-home personal browsing whenever I can. A surprising number of things work. I would say there are more things broken by just using Tor, than with javascript turned off. Reddit for one, runs just fine for browsing. Plenty of blogs are readable without javascript. A lot of e-commerce sites you can still see prices, etc. If I want video or something, then I do turn on javascript. There is an unbounded amount of stuff to see on the web, so most of the time I just move on from a new site that I come across that doesn't work from tor.


I used to, with uMatrix, but it was too annoying after a while so I stopped blocking JS. At the most, I'll use uBlock Origin to block tracking scripts and certain annoying parts on the page like sticky headers, but that's it.


Weirdly, there are a few sites that don't work unless I disable javascript. Most specific one is the BBC news website - poking about the web, it's a not uncommon complaint that images there don't appear, and experimentally it seems disabling Javascript makes the images appear (fortunately stories on the BBC news website render pretty much flawlessy with JS disabled).

I suspect it's something to do with Chrome-specific features being inadvertently used (possibly someone here will know what's going on, google just gives a few pages of people complaining about the problem but no solutions).


Yes, I usually disable JavaScripts. Sometimes I also disable CSS, too (and sometimes this allows web pages to be displayed that aren't displayed if JavaScripts are disabled).

You should make a version without JavaScripts and minimal (if at all) CSS.

Occasionally some things are going to require JavaScripts; in the case that they really do, you should ensure that documentation, links with other protocols/file-formats (if any), etc, should be visible and accessible even without JavaScripts, too.


Nope. I use an adblocker sure (uBlock Origin in my case), but JavaScript is too useful to disable completely. Why break web apps and tools when I can just remove the ads/tracking and call it a day?

I'd still personally make sure your site works well without JavaScript, though that's less of a statistical thing and more of a 'I feel sites should always be backwards compatible and not rely on scripting where not necessary' one.


Yes, I do, with partial whitelisting of sites I use frequently via uMatrix and uBlock. I also use Cookie Autodelete and containers to keep everything separate.

Out of all people I know outside of HN, I'm the only person who does even one of the things I do. If I like your product and your product requires javascript, I'll whitelist you. Realistically, consider if the effort you'd be spending on this could not be spent elsewhere.


Always!

My main browser, with about 200 tabs and 3 windows open, is seamonkey. With javascript and cookies disabled.

Quite frankly, I find that many technical sites work just fine with JS and cookies disabled.

Pretty much anything that requires login, needs both. When this is the case (such as posting this comment) I launch a firefox instance, make my post, then logout and close the browser.

But seamonkey with all those tabs is on at all times...


I want to be able to browse without JS, but too much breaks without it, so I don't. I could make some sort of whitelist, but I have more important things to do.

The reason I want to do it is to stop tracking and bloat. Your "< 30 lines of JavaScript" wouldn't bother me at all (assuming it isn't for tracking or downloading large amounts of data).


I have it disabled by default, but just about every time a website doesn't function without it, I reenable it.

The exception has been some clickbait-y/social media sites that I wish I spent less time on anyway, e.g. Facebook. The fact that they don't work is a nice reminder of what I don't like about them in the first place :)


I used to do this, but realized after a while I had to click the button for every website I used, so it wasn't doing much for me.


I read a few years ago an article of someone who disabled JS for a week. This was more or less equivalent to disconnecting from Internet.

No sane users who actually use the web would disable JS everywhere, it is pretty much unuseable. I disabled it on a few sites with an interesting content but really messy and it helped - but it was a miracle.


It is hopeless to disable javascript. However, I want to have a middle ground: Disable the ability of javascript to make network calls. From privacy's perspective, it should be as good as javascript disabled. With local only javascript, the bit of interactivity that we took for granted can still be achieved.


I am in the whitelist camp.

But reading this thread sparked a thought: could browsers handle server side handling (e.g. submit buttons) in the way React and alike frameworks work: instead of rebuilding the page from scratch diff the current DOM and the DOM for the new page and apply the diff in a smooth transition with animations?


> Do people browse the internet with JavaScript disabled?

Some people do (and you'll get a disproportionate number of them here), but unless yours is a niche product particularly aimed at such people, they're an insignificant number in comparison to the billions who've never even heard of such a thing.


For the most part, yes.

I usually leave, and if I can't find what I need somewhere else, I may come back and fiddle either with CSS or even enable JS during that session only.

Rarely does a website make it to the list were it's always enabled. This is true for personal and work.


I believe it is important to support non-JS user agents.

For example entire Kagi Search runs with no JavaScript enabled in the browser. We see JavaScript as a way to enhance client experience, not create it. So bascially Kagi is in 'lite' mode by default.


Yes, I have JS blocked everywhere with ublock - some sites get a pass (the 2 sites I use most frequently).

For times when I need to use a JS function (like twitter / HN search), I enable it temporarily.


Lots of people who want to protect their security do. I usually do unless a site won't work without it, the site is open source and I really want to see it.


I use multiple browsers on both mobile and desktop and usually keep js off on safari. So whenever I need to disable js I’ll just open up the url in safari


I did when I was unhappy with my phone’s battery life, but within a week honestly I found enough problems with sites that I had to enable it.


I don't, no, because it's just not practical to do so in 2022, but I do love sites that ditch it, on principal.


No. It is an ever increasingly esoteric practice.

That 20% more work could be put in to improving the main product instead.


YES.

I have it enabled for certain sites I frequently use, otherwise it's disabled by default.

It makes browsing much smoother IMO.


Nah, I use a browser to get shit done. If I want javascript disabled, I don't open a browser.


The vast majority of internet users don't even know what JavaScript is.


No and it's not worth you maintaining it.


Most times on mobile at least

My phone is not the most recent so web with JavaScript and without a blocker is just unresponsive especially news sites

Without JS for example old.reddit.com/XYZ... loads 10x faster, with 10x more content, than the regular page. Some websites don't work but is manageable. Sometimes paywalls disappear and probably saves battery


Yes.


No


No




Applications are open for YC Winter 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: