HACKER Q&A
📣 claudedopplr

Do you browse without JavaScript?


I have been obsessed with browser fingerprinting for some time now, and came to the conclusion that the only way to be serious about it is to disable Javascript by default, and enabling it when the website doesn't render. When I started with this obsession, I was always "unique" at https://amiunique.org/. You can quickly realize that, with only "32 bits of randomness" (~3B humans using the internet in the world) the version of the browser you use, the language as transferred in the Accept-Language header, quality settings (Accept), and a few more bits are almost enough to uniquely identify you (and the chances increase a lot for every new dimension), but at least you still have a chance. Javascript provides an enormous variety of dimensions, and probably the only way that two different humans have the same fingerprint is if they have both just bought a new device and did not deviate from the stock configuration, in which case scroll behavior or similar telemetry profiling probably can differentiate between them.

As a consequence of dropping Javascript by default, I also have been pleasently surprised by how much data I save browsing, how my battery life improved, and how usable the internet is without Javascript (and ads).

Have you had a similar experience?

  👤 Comevius Accepted Answer ✓
A better approach is faking data, which Firefox is good at, because of how much work went into the Tor Browser. Just enable privacy.resistfingerprinting and use containers to browse. I also recommend privacy.resistfingerprinting.letterboxing if you can manage to live with it. Suddenly you are like everyone else, unique, but fake, and only the same for the given session.
👤 demindiro
I browse without JS by default (using uMatrix), not to resist fingerprinting but because it is:

- More secure, especially if the website doesn't use TLS.

- Faster. Many websites work well enough even without JS or only some of it.

Disabling JS to resist fingerprinting may be counterproductive as only a minority of people disable it. My current approach is to use LibRedirect[1] et al to avoid using big websites such as YouTube directly.

In Firefox I also disable network.http.sendRefererHeader. It breaks some websites which rely on it for "security" though.

[1] https://github.com/libredirect/LibRedirect

EDIT: I just found out on the amiunique website that over 12% of browsers disable it. Does this include bots?

👤 Nasreddin_Hodja
I don't disable JS but block all 3rd party requests by default. This also blocks all scripts loaded not from current domain.
👤 Am4TIfIsER0ppos
Disabled javascript by default for years with NoScript, through something else, and finally with uMatrix. Disabling it might put you into a smaller group but it prevents so many other details from leaking, which I remember from a similar sounding site from the EFF, you probably still gain.

So many ads require javascript to load and even some news paywalls fail to operate without it. Little happens automatically without it which is what you would expect from a web of interlinked documents.

Aside from the security and privacy benefits you discover how shit web designers are. They make things hidden with attributes like "display:none" "visibility:hidden" "opacity:0" "overflow:none" and expect the RCE to toggle them off. All the content I want is transmitted to me ans present in the page but for some godforsaken reason they thing it should be obscured.

👤 jaclaz
Personally I only use QTweb with javascript disabled on Hacker News (and try to access the linked pages with it).

The good thing is that for many sites I don't get stupid "accept cookies" popups and/or paywalls and - as you say - navigation is much faster because so much less data is retrieved.

On many sites - even if the actual text is visualized correctly - dynamically loaded images are obviously missing, but often that is not even a bad thing.

Of course an increasingly number of sites simply don't show anything (blank page) or just the header and footer.

All in all it is not a bad method to sort of preview sites, in many cases you can see all that is relevant, and in many other cases from the little you can view you can decide if it is worth the hassle to access them with another browser with javascript enabled or skip them altohether.