Or, once in a while, you can launch Settings, tap to the Safari page, and tap Clear Cookies and Data.
And tap Clear History while you're at it.
Better yet, slide the Private Browsing switch to ON.
No. JavaScript can allow for immediate tracking. That is, JavaScript can send details of your browsing immediately back to the server. Clearing cookies and history does nothing if a script has already sent a whole bunch of information back to the server. Yes, it will be harder to find you again without a cookie, but the stuff they wanted from you they've probably already got as soon as you're on their site.
After the previous furore about JavaScript I turned it off on my Mac. Went to my favourite forum to submit a post and the clickable links to allow me to contribute had disappeared. I was all ready to notify them of the 'bug' that had appeared on their website when I realised that disabling Java had removed the functionality of the site! It's all very well being secure but if you can no longer interact with web pages it's pretty pointless going online!
"The latter two are bug ridden and can be seen as one big security hole," You, well not you, someone will find that all operating systems are far more bug ridden than feature apps. Best abandon them all? People turn JS on and off for many reasons. Its just a tool, so use it. But whatever you do, best not to do what some tool tells you.
Hey, aBeliefSystem, if you have a real argument, just say it.
Calling someone a 'tool' (and thinking your clever about it) isn't very nice and absolutely wrong in this case.
As you should know if you read this forum all my comments are based on real knowledge and experience (and mostly right I might add), as this one was.
So the 'tool', is you.
Java is scary. JavaScript is not. Yes, this is a bug that should be fixed, and yes desktop browsers have better anti-tracking controls, but treating this as a security concern is overblown. If JavaScript has a security flaw, then THAT is a BIG issue. If it doesn’t, then enabling it (like 99.99% of people need anyway) then this is a small one.
I'm James, the one who reported this bug to AppleInsider. I'd like to address some of the comments in this thread, especially those stating that this is a non-issue.
Firstly, as the article states, this is not a security vulnerability in itself; it is a trust issue.
I typically disable JavaScript for normal browsing and only enable it when required for specific sessions, say, when shopping online or playing a game.
However, starting about a week ago I noticed a bunch of ads and pop-up boxes with all sorts of blinky and animated crap that I normally don't see in the sites I typically visit. When I checked my JavaScript settings, I discovered to my surprise that it was enabled!
Sure, I could turn it back off, and indeed I did; but that's not the point. The point is that my browser settings were changed without my knowledge or consent. Moreover, the change was acted upon request from an external source in the Internet. Wouldn't that concern any of you?
It is thus a trust issue: If JavaScript settings are magically changed without my knowledge, what else can a web site cause my device to do without my permission?
Secondly, the fact that JavaScript is automatically enabled is not in and of itself a vulnerability. However, it has the potential of being exploited. If external sources can trigger a change in the browser settings, it could also trigger additional changes. It also invalidates any confidence a user could have visiting dubious sites thinking that his JavaScript option is disabled.
Lastly, as to why would anybody turn off JavaScript? Well, for one thing, to avoid most advertisements. Another is to prevent web tracking to some degree. Disabling JavaScript offers a modicum of privacy and piece of mind, and prevents the display of intrusive ads in every page. You'll be surprised how many sites work perfectly well without JavaScript including this very one). I don't need the blinky and interactive widgets, the text content is fine for me.
At the end of the day, it doesn't matter if you agree with me or not, what matters is trust and personal control. At most, this is a potential security vulnerability, and violates a user's explicit configurations. At the very least, it's a user experience nuisance I'm sure you'd be annoyed if your browser decided to turn it's JavaScript settings "off" on its whim, and forced you to have a "1993 experience" while browsing the web. Why should you have to put up with that?
Comments
You, well not you, someone will find that all operating systems are far more bug ridden than feature apps.
Best abandon them all?
People turn JS on and off for many reasons.
Its just a tool, so use it. But whatever you do, best not to do what some tool tells you.
No. JavaScript can allow for immediate tracking. That is, JavaScript can send details of your browsing immediately back to the server. Clearing cookies and history does nothing if a script has already sent a whole bunch of information back to the server. Yes, it will be harder to find you again without a cookie, but the stuff they wanted from you they've probably already got as soon as you're on their site.
Hey, aBeliefSystem, if you have a real argument, just say it.
Calling someone a 'tool' (and thinking your clever about it) isn't very nice and absolutely wrong in this case.
As you should know if you read this forum all my comments are based on real knowledge and experience (and mostly right I might add), as this one was.
So the 'tool', is you.
J.
J.
Firstly, as the article states, this is not a security vulnerability in itself; it is a trust issue.
I typically disable JavaScript for normal browsing and only enable it when required for specific sessions, say, when shopping online or playing a game.
However, starting about a week ago I noticed a bunch of ads and pop-up boxes with all sorts of blinky and animated crap that I normally don't see in the sites I typically visit. When I checked my JavaScript settings, I discovered to my surprise that it was enabled!
Sure, I could turn it back off, and indeed I did; but that's not the point. The point is that my browser settings were changed without my knowledge or consent. Moreover, the change was acted upon request from an external source in the Internet. Wouldn't that concern any of you?
It is thus a trust issue: If JavaScript settings are magically changed without my knowledge, what else can a web site cause my device to do without my permission?
Secondly, the fact that JavaScript is automatically enabled is not in and of itself a vulnerability. However, it has the potential of being exploited. If external sources can trigger a change in the browser settings, it could also trigger additional changes. It also invalidates any confidence a user could have visiting dubious sites thinking that his JavaScript option is disabled.
Lastly, as to why would anybody turn off JavaScript? Well, for one thing, to avoid most advertisements. Another is to prevent web tracking to some degree. Disabling JavaScript offers a modicum of privacy and piece of mind, and prevents the display of intrusive ads in every page. You'll be surprised how many sites work perfectly well without JavaScript including this very one). I don't need the blinky and interactive widgets, the text content is fine for me.
At the end of the day, it doesn't matter if you agree with me or not, what matters is trust and personal control. At most, this is a potential security vulnerability, and violates a user's explicit configurations. At the very least, it's a user experience nuisance I'm sure you'd be annoyed if your browser decided to turn it's JavaScript settings "off" on its whim, and forced you to have a "1993 experience" while browsing the web. Why should you have to put up with that?
Thanks for reading.
-dZ.