On 2018年02月22日 21:50, bill-auger wrote:
so its not really accurate to say that libreJS is inherently ineffective
- it is just not widely adopted enough to realize its potential - if it
becomes significantly popular enough for people to start gaming and
cheating it then surely it would also become more robust over time as
there would be more effort put into its development and maintenance
(e.g. a volunteer team of license checking monkeys)
I think this is wishful thinking. What could you possibly do, maintain a
giant list of websites that are mislabeling their proprietary scripts as
And ultimately, that's not the real problem. The real problem is that
LibreJS solves nothing. It's blocking some scripts, but not all. As I
still, from a practical standpoint, impossible for the user to
reasonably exercise freedom 1. You can't make any Web browser that
convert it to user script code, which is a different syntax), and while
you can audit the script, the server is able to change to another script
*fundamentally*, incompatible with software freedom.
can *ever* be acceptable is with a fundamental rehaul of the way our
lot of work. So I really think it would be easier to just fight against
Create a browser that shows the merits of a scriptless Web. Advertise it
as non-exploitable, because if it doesn't run scripts from random
untrusted sources, it is. Show people that this world, where just
navigating to the wrong Web page can potentially screw up your entire
system, is a world we don't have to live in. Show them that Web pages
don't have to take centuries to load. Show them that we don't have to
deal with annoying pop-up messages and bizarre, unexpected behavior when
clicking on a link.
And what's more, show them that we don't have to live in a world where
not updating your Web browser every week leaves you vulnerable.
I truly believe we can change the Web in this way. Many websites are
already there. But we need to actually be working toward it, as a group,
being executed is merely a distraction. Let's band together and solve
the real problem, right here and now.
Some time ago, I offered a bounty to anyone who would write a certain
extension. I think it was $50? I don't remember for sure. But I am still
offering that bounty, so either $50, or if it was larger, what I said
back then. The extension I am offering a bounty for is one that does the
for the current page,* for a very short period of time (e.g. 5 minutes),
and then reloads the page.
3. (Optional, +$10) Adds a "super danger button" which allows all
remainder of the session. A second click on this button would revert this.
4. (Optional, +$15) Offers LibreJS's complaint feature, with the default
dependencies from their website.
* Note that this would be based on what the current page's source is,
completely different from what NoScript does. For example, if
foo.com/example.html uses scripts from its own domain but also scripts
from bar.com and baz.net, *all* of these scripts would execute normally
with the "danger button", but *only* if the user is on foo.com/example.html.
very well because it would be a browser people would actually use (it is
not terribly inconvenient; all websites are still usable), but it would
extension by the fact that it keeps your browser secure, and they would
be won over by the fact that most pages work *better* without pressing
the "danger button". Watching a lot of YouTube videos? Applying for a
job? Shopping at Ebay? No worries; press the "Super Danger Button" and
be on your way.
With both optional features, that would be $75 for anyone willing to