You are absolutely right that configurability is a sign of laziness, the opposite of hard work. But removing configurability is _not_ the sign of hard work. Hard work means addressing the interests of all parties, and Mozilla did not do that.
Assuming you're correct (which I'm not convinced you are), when you then continue, "I have a checkbox that will make it so they don't track you, but it will also break those sites. Is that ok?" They will also respond "hello no".
Right, because you can easily say that a non-user-triggered window.open() is almost always unwanted. I can't think of any other cases where it's so clear-cut and related to JS, or that disabling a particular facet of JS always would be a net win.
If you're going to claim that there's something like that, provide examples. How do you know people at Mozilla haven't already thought hard about this problem and decided there isn't much more they can do? I bet they have.
> "I have a checkbox that will make it so they don't track you, but it will also break those sites. Is that ok?" They will also respond "hello no".
This overstates the case most of the time because doing this generally breaks relatively little for those domains listed, and to the extent it doesn't, making that decision on a domain-by-domain basis seems to work pretty well (ask any Noscript user)
Perhaps, but Mozilla should do it anyways.
Make no mistake: advertisers believe that they have a right to know what links you click and sites you visit across the whole web, and even a right to enlist your browser to aid in informing them. And Mozilla is complicit!
(And why not? Recall who pays Mozilla’s bills.)
As far as blowing off your leg, sometimes you just really hate tennis elbow, you know?
At this point, with your reply taken into consideration, I'm confused. Feel free to elaborate.
> If ... you are doing Internet wrong
Well, my first sentence was actually asking you, since I wasn't sure.
JS has more features than it deserves for learning about and (critically) sharing information about the host platform. Yes, you can still learn some things as a website operator by watching what browsers load/don't load, and what they put in their requests.
Edit: I should hasten to add that there are other concerns beyond privacy, like accessibility and the fact that a web page has no bloody business deciding that I'm likely running an iPad and therefor I shouldn't have access to X or Y. This is dumb, and contrary to the idea of the open internet. It's the same thing that's wrong with this EME nonsense.
I can get behind most of what you say - as long as we are talking about simple, presentation based websites.
Where I think there's a breakdown in this view is when you consider complex web applications, including games. At that point, I believe some level of inspection capabilities are required, if we desire to have complex web apps delivered through the internet. I'm by no means sold that on-demand web delivered code is necessarily a good thing though. There's far too large a surface area to adequately secure while still making it useful, IMHO.