Hacker Newsnew | comments | show | ask | jobs | submit login

I have to say that this article is actually quite terrible, as is the opinion that any option that might ever be confusing to a user is an option that shouldn't ship with the product. The thesis of the article is:

"Well, we have met the enemy, and he is us.* In the currently shipping version, Firefox ships with many options that will render the browser unusable to most people, right in the main settings ui."

The solutions offered? Kill it all with fire. I'm paraphrasing, of course.

Problem: People today change some feature then have a "broken" browser (basically, they forgot to turn it back to the default, or they didn't realize they changed it in the first place).

Solution: reset button, also notification to the user that "this page might not work correctly", some sort of an extension of how Chrome shows you that a popup and/or a cookie was blocked, based on your settings. Don't treat your users like idiots, just provide information that clears up certain odd states by explicitly informing them of something like:

"The webpage you are viewing may not work correctly because the following options differ from their default values:

1. Enable automatic loading of images. 2. Enable JavaScript.

These features of Firefox are essential for most webpages to run properly. If the webpage you are trying to access is behaving strangely or appears to be working incorrectly, <click here> to load the page with the default browser configuration."

Done, and done. No removing useful features from the browser, no treating users like morons, but now I have a new, useful, awesome, self-debugging feature which is user friendly, and doesn't require a pesky IT guru's assistance navigating the sea of 10 trillion options.




This was true 10 years ago. These days, every additional setting the application has is a liability. There is a growing group of people, who are scared to have conversation with their browser and make any informed decisions. They ignore such messages. Other people will change any setting they can find and then forget about it. Then they will be surprised and angry at the application that it is not working.

My experience shows that the more options an application has, the lazier the author was. What do you do as a software developer when there are two ways how to solve a problem? Ask the user which way to use? That is the wrong approach these days. The computer should not ask the user stupid questions. "Do you want to enable JavaScript?" is a stupid question for more than 98% of browser users. Instead of asking questions, software developers should invest the work to come with answers and "read the user's mind". Successful apps can do just that.

-----


"Do you want to disable JavaScript?" is a stupid question, as you say. "Do you want your browser to tell Google, Facebook, Twitter, Omniture, DoubleClick, and six other companies you have never heard of, that you visited this site?" is not a dumb question. Given that option, 98% of users would say "hell no."

You are absolutely right that configurability is a sign of laziness, the opposite of hard work. But removing configurability is _not_ the sign of hard work. Hard work means addressing the interests of all parties, and Mozilla did not do that.

Why do those 2% of users disable JavaScript? It's in reaction to how JavaScript is used: it enables popups, enables distracting advertisements, lets all sorts of companies track me, makes sites load more slowly, etc. For this 2%, these uses are so odious as to outweigh the beneficial uses of JavaScript. So the hard work would be finding a way to distinguish between the user-friendly and user-hostile uses of JavaScript, and just disable the user-hostile ones, so that the interests of both classes of users would be satisfied.

This would not be new: Firefox's popup blocker is enabled by default, which demonstrates that JavaScript is already disabled for a particular use case, because it proved to be annoying to users. Why not take that a step further? If Mozilla wants to force JavaScript on, they should also address the reasons why that 2% of users go out of their way to disable it today. If those 2% say "I used to disable JavaScript, but now I don't have to" then Mozilla will have done their job.

-----


"Do you want to disable JavaScript?" is a stupid question, as you say. "Do you want your browser to tell Google, Facebook, Twitter, Omniture, DoubleClick, and six other companies you have never heard of, that you visited this site?" is not a dumb question. Given that option, 98% of users would say "hell no."

Assuming you're correct (which I'm not convinced you are), when you then continue, "I have a checkbox that will make it so they don't track you, but it will also break those sites. Is that ok?" They will also respond "hello no".

Firefox's popup blocker is enabled by default, which demonstrates that JavaScript is already disabled for a particular use case, because it proved to be annoying to users. Why not take that a step further?

Right, because you can easily say that a non-user-triggered window.open() is almost always unwanted. I can't think of any other cases where it's so clear-cut and related to JS, or that disabling a particular facet of JS always would be a net win.

If you're going to claim that there's something like that, provide examples. How do you know people at Mozilla haven't already thought hard about this problem and decided there isn't much more they can do? I bet they have.

-----


> "Do you want to disable JavaScript?" is a stupid question, as you say. "Do you want your browser to tell Google, Facebook, Twitter, Omniture, DoubleClick, and six other companies you have never heard of, that you visited this site?" is not a dumb question. Given that option, 98% of users would say "hell no." -> This overstates the case, because you'd still presumably load the 1x1 tracking png with ?resid=<X>&uid=<Y>.

> "I have a checkbox that will make it so they don't track you, but it will also break those sites. Is that ok?" They will also respond "hello no".

This overstates the case most of the time because doing this generally breaks relatively little for those domains listed, and to the extent it doesn't, making that decision on a domain-by-domain basis seems to work pretty well (ask any Noscript user)

-----


Sending browsing statistics to something like Google is already happening regardless of if you have Javascript enabled. When you are on Google search and you click on a link it's tracked that you went to that link.

But besides that and besides that your usage statistics are being logged on the server itself regardless of what you do. Expecting Mozilla or any company to figure out how to block a javascript put request sent to Facebook, but not other put requests which are there by design of the site will only result in Facebook finding a workaround.

It's unfortunate that some people use Javascript in ways that slow down their site. For example with horrendous 'sharing' widgets. You can use plugins to disable those items from loading but it wouldn't be Mozilla's place to decide that on everyone's behalf.

These days Javascript is as much a part of websites as the HTML itself.

-----


> When you are on Google search and you click on a link it's tracked that you went to that link.

Google also tracks the links I click when I am on CNN, ABC News, Fox News, MSN, LinkedIn, and the majority of sites I visit (with the important exceptions of Wikipedia and BBC News - thanks guys!). Advertisers track me when I am not even on their properties! That is what is objectionable, and what is defeated by disabling JavaScript.

> Expecting Mozilla or any company to figure out how to block a javascript put request sent to Facebook, but not other put requests which are there by design of the site will only result in Facebook finding a workaround.

Perhaps, but Mozilla should do it anyways.

Remember the ruckus over IE 10 enabling Do Not Track by default? Advertisers and ad brokers were “very concerned”[1] by even the whiff of a browser maker acting in the interest of users over advertisers. Do Not Track is only tolerable if it is off by default, wholly unenforceable, and just as buried as the “Enable JavaScript” option.

Make no mistake: advertisers believe that they have a right to know what links you click and sites you visit across the whole web, and even a right to enlist your browser to aid in informing them. And Mozilla is complicit!

(And why not? Recall who pays Mozilla’s bills.)

> These days Javascript is as much a part of websites as the HTML itself.

Yes, which means that those few who disable JavaScript pay a significant price for that decision. Nobody disables JavaScript because they hate the language. They do it to escape user-hostile JavaScript programs.

[1] http://www.businesswire.com/news/home/20120531006914/en/Digi...

-----


Disabling Javascript for privacy reasons is like blowing off your leg to prevent tennis elbow: it's overkill, and it's rather ineffective at best.

-----


It's ineffective in the sense that it doesn't stop all of the evil. It IS effective in the sense that running no javascript really limits the amount of information people can learn about your system. Like, why should a website be able to learn about the size of my screen, the complete enumeration of all of my plugins and fonts, etc?

As far as blowing off your leg, sometimes you just really hate tennis elbow, you know?

-----


Is that sarcasm? You should know, that doesn't really work here unless explicitly noted as such. See Poe's law.

-----


If you arrived faster at a citation of Poe's Law than actually reading and considering the things I said, you are doing Internet wrong.

-----


I did read them, and I did consider them. After thinking up a reply as why you think basic client display capability querying mechanisms are inappropriate, I decided you were most likely being sarcastic.

On (multiple) repeated readings, I'm not really sure you were intending to make a point one way or the other. If I attribute the second sentence of It IS effective in the sense that running no javascript really limits the amount of information people can learn about your system. Like, why should a website be able to learn about the size of my screen, the complete enumeration of all of my plugins and fonts, etc? to your voice, then it seems you are. If that's to be taken as the user's voice as rationale as to why JS doesn't need to be enabled, then it's fairly neutral.

At this point, with your reply taken into consideration, I'm confused. Feel free to elaborate.

> If ... you are doing Internet wrong

Well, my first sentence was actually asking you, since I wasn't sure.

-----


Correct. I'm being completely serious, with the exception of the remark about exploding limbs (obviously).

Broad enumeration capabilities of this sort don't make sense. You don't need me to tell you why, because the moment you considered these features not existing, you immediately thought up alternatives that didn't involve running javascript, some of which require changes in the way people think about building web-pages, some of which may require changes in various specifications.

JS has more features than it deserves for learning about and (critically) sharing information about the host platform. Yes, you can still learn some things as a website operator by watching what browsers load/don't load, and what they put in their requests.

That does not mean that disabling javascript doesn't have value w/r to privacy concerns. Compare panopticlick.eff.org w/, w/o javascript enabled.

Edit: I should hasten to add that there are other concerns beyond privacy, like accessibility and the fact that a web page has no bloody business deciding that I'm likely running an iPad and therefor I shouldn't have access to X or Y. This is dumb, and contrary to the idea of the open internet. It's the same thing that's wrong with this EME nonsense.

-----


Ah, I took your position as being able to determine screen size (or have it determined automatically through CSS or some other hands-off mechanism) itself was also unneeded, not just that JS should not have this capability.

I can get behind most of what you say - as long as we are talking about simple, presentation based websites.

Where I think there's a breakdown in this view is when you consider complex web applications, including games. At that point, I believe some level of inspection capabilities are required, if we desire to have complex web apps delivered through the internet. I'm by no means sold that on-demand web delivered code is necessarily a good thing though. There's far too large a surface area to adequately secure while still making it useful, IMHO.

-----


Ghostery is a much better option for blocking trackers without breaking websites. If you're really paranoid, RequestPolicy lets you specify a whitelist of OK domains, and disable everything else. Both of those still allow javascript and do a 8better* job protecting your privacy, from tracking pixels etc.

-----


"These days, every additional setting the application has is a liability."

If we follow this thinking too far, we end up with a closed console like device, or Gnome 4 as parodied last April [1].

Surely there is a case for progressive revealing/enabling of advanced functions?

In the UK, the Blackberry phones are very popular with teenagers because of BBM. This desire to access BBM even extends to students carrying two phones, one an old blackberry handset on wifi and the other an iPhone or whatever. You will find small groups in corners at lunchtime exploring the features of the handsets. Experts will coach those who know less. If I could get that level of peer tutoring going in Maths, I'd have my OBE in the bag quite soon! Users can increase their knowledge provided the unfolding of extra features is managed.

[1] http://distrowatch.com/weekly.php?issue=20120402

-----


I don't think Gnome is a relevant example. They don't support adding functionality back that they've taken out, whereas Firefox users are encouraged to add all the functions they want via extensions.

The downside of progressive functions in the base install is that the core Firefox team would have to support all the functions.

-----


Removing options is NOT the way to go. If anything, there should be more options, until computers understand natural language.

To be most intuitive to use, computers should converse like a human. Humans have LOTS of options, and everyone understands that. E.g. if I ask a human to make a sandwich, I can specify all the ingredients I want, how and when I want it, and so on.

The ideal computer, too, would adjust its software to my preference. E.g. if I can, using natural language, explain the computer that I want JavaScript disabled, it can figure out what that means and what in the source code or flags of Firefox it has to change for me to have that disabled. Or if I tell it I want a big refresh button in the center of the screen, it can improvise and render one for me.

Far future of course, but that is the most intuitive end goal of computers: you ask them what you want in natural language, they understand and provide it.

For now, because the above does not yet work, please provide options. Fortunately Firefox provides many options for those who need them: about:config. I find it really awesome if you can adjust an application to your needs at such fine grained level.

-----


I think your sandwich analogy is spot on in the sense that I can also just ask a human "please make me a sandwich" without specifying anything, and (most) humans could proceed to do so without more details. There should be more options, and a good "default" mode for people who don't want to fiddle with them. To my knowledge this is why most wizards have basic configuration options and a "advanced" button to click for the detailed configuration, and I don't see why Firefox can't just have the same thing.

-----


The wizards can use about:config or download the addons that do this already.

Adding more in the way you prescribe isn't just adding more, but officially supporting more at the code level and user level.

-----


<i> can also just ask a human "please make me a sandwich" without specifying anything, and (most) humans could proceed to do so without more details</i>

Depends who you ask. My mate and a few close friends would know to make me a sandwich without bread, but hardly anyone else would get that right.

-----


I would give you a plate with ham, cheese, salad, egg, tomato and mayonnaise. Does that sound about right?

-----


> There is a growing group of people, who are scared to have conversation with their browser and make any informed decisions.

Why would scared people even open the settings dialog?

-----


Because some help desk told them to. The other day chase manhattan was down with a full on 500 server fucked up. Their twitter account responded to me telling me to clear my cache and delete my cookies. Classic.

A naive user would then open settings in an emotional and annoyed state and would turn off anything that caused an emotional response of fear. JavaScript, Ive heard of that and I don't like it so kill it stupid thing computers are so frustrating they never work. Click

And now your browser is broken.

-----


Sorry to be blunt, but it's clear you have never had to design or support a user-facing product. Anyone who has done either of these things will disagree with your base assumptions, ie. that users care about understanding their software, that they read warning texts, and that they don't mindlessly flip switches when trying to achieve unrelated goals.

-----


Those are terrible solutions, though. If a user has turned off JavaScript, there are basically two possibilities: if they turned it off accidentally, your solution will (in the best case scenario, where they understand the popup and realise they should click the reset button) temporarily break their browser and then fix it again; better then breaking it permanently, but not as good as not breaking it in the first place. On the other hand, if they turned JavaScript off intentionally, your solution will continually bother them asking them whether they want to turn JavaScript back on again. So your proposed solution actually works for no users at all.

-----


Why not just put it in the about:config page for FF? Casual users are unlikely to accidentially access this page as there is no GUI navigation to it.

Though most casual users I know avoid GUI configuration all the same, so I don't really see the issue here.

-----


It is, but the bug report in the OP is raging against it being there.

-----


UI discussion aside, changing the option on upgrade seems a little... impolite, to say the least.

-----


That's the point that seems to be missed in the discussion: sure, let Mozilla shuffle options where they want, hopefully with some thought; but don't change the user's configuration. If you feel that it's absolutely necessary to do so, then pop up a big banner saying "We want to change your settings. May we?" To do otherwise is bordering-on-crapware-tactics rude.

-----


> Don't treat your users like idiots, just provide information that clears up certain odd states by explicitly informing them of something like

you assume that users actually read dialogs presented by the software. This is unfortunately not a correct assumption.

-----


I am not planning on implementing that, but let's pretend I want to. When would that dialog come up?

Attempt #1: show that dialog as soon as a page tries to load some JavaScript. Result (I'm guessing): dialog shows up on 99.9% of all web pages one visits (even for the nerdiest of nerds)

Attempt #2: silently download the JavaScript to figure out whether it is 'benign' or 'evil'. Result: users complain that they pay for downloading stuff they do not want.

Attempt #3: make that dialog less intrusive; do not require acknowledgment. Result: users get trained to overlook it; users who accidentally enable the mode will never figure out what happened to their browser.

Attempt #4: a whitelist of allowed scripts. Problem: users will disagree about what should make it into the whitelist.

Attempt #5: the JSBlock extension. This may have merit. So, if you want this feature, download it, or write it if it doesn't exist yet. If the API does not allow writing it, bicker Mozilla.

-----


Understand that no dialog is necessary for such an idea to be implemented at all.

Observe:

  <noscript>
    The webpage you are viewing may 
    not work correctly because the following 
    options differ from their default values:

    1. Enable automatic loading of images. 
    2. Enable JavaScript.

    These features of Firefox are essential 
    for most webpages to run properly. If the 
    webpage you are trying to access is behaving 
    strangely or appears to be working incorrectly, 
    <a href="">click here</a> to load the page 
    with the default browser configuration.
  </noscript>

-----


1. who would insert that fragment in a page (and where, but let's ignore that)? I don't think you can expect sites to do it to make their site work with users who have JavaScript disabled (target audience is too small), so the browser must do it. How is the browser going to figure out whether to insert it?

Also: how is that not a dialog? It presents a message to the user, and waits for a reply.

I still think 'no JavaScript' is a niche feature that is best delegated to an extension that sports a whitelist or a blacklist of scripts to allow/forbid. A variation on Adblock would work fine (maybe, Adblock already can be used to blacklist JavaScript. If so, it is a matter of tweaking its UI)

-----


> Problem: People today change some feature then have a "broken" browser They forgot what is changed, how to return back, no reset is not a solution. Solution: Educate users, provide "Undo" and "Redo" buttons, highlight changed controls

-----


> Don't treat your users like idiots That is exactly what Mozilla is doing , pushing down Javascript on everybody's throat. And marketing teams and advertisers are loving it. So much for their "dont track" stunt.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: