Hacker News new | comments | show | ask | jobs | submit login

Is there any empirical evidence that the use of AdBlock + Ghostery or WOT or whatever privacy addons you're already using are any less secure than disabling JavaScript outright?

Disabling JavaScript has a few MAJOR disadvantages to proper web usage:

1. As the blog post has said, many web sites will fail in mysterious and unexpected ways. Some web apps may be rendered completely useless. In fact, you might as well just say goodbye to the modern web if you're gonna totally disable JS.

2. Since it's a "blanket fix", disabling JavaScript is a silly way to protect yourself from data miners. Instead, why not use an extension that has been proven to work, is actually available cross-browser, and gives you MUCH finer-grained control over what is displayed?

3. Since JavaScript is not the only thing that could potentially fuck up your web experience, disabling JavaScript doesn't even fix every problem related to privacy! You'd really have to disable JS, disable all plugins (Flash, Silverlight, Java, etc.), and pretty much block yourself out from a lot of the modern web just to be truly secure. At that point, you're really isolating yourself from a lot of the web's rich media, and doing so in spite of the plethora of tools available to combat the stealth data mining practices that these companies use.

Use AdBlock. Use Web Of Trust (WOT). Use Ghostery. At least know when sites are tracking you, and disable those tracking bugs when you see them. You don't need to turn off JavaScript and isolate yourself from an entire ecosystem of awesome, just to maintain control over what data you're sending out about yourself. The idea of turning off JavaScript has always been a silly concept to me, and I felt was simply there to please the more paranoid of us. But there has to be a time to face reality: It just doesn't work.

Ghostery has recently been found to be selling user data. ISTR there was a similar incident with AdBlock? I don't want to have to trust some random extension author to have got these things right.

I hadn't heard about Ghostery selling data. I read about the story at Mashable [1].

[1] http://mashable.com/2013/06/17/ad-blocker-helps-ad-industry/

AdBlock Plus started allowing some advertising they deemed "non-intrusive". This was a default setting and easily toggled in the settings, but there was still a big backlash.

I run with Javascript off, via no-script. Most of the stuff that requires Javascript is tracking based and/or from third party domains.

tbh a global Javascript toggle is a bit useless. You really need the fine grain per-domain settings of No-script to navigate the modern web.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact