Arc Forumnew | comments | leaders | submitlogin
2 points by hjek 2550 days ago | link | parent

You do have a point there, as probably most people on the web run non-free JS.

I'd of course argue that this doesn't mean that most people don't care -- because plenty people I know get real pissed off about video ads, anti-adblockers, pop-up forms, and all that jazz -- but they don't know that this is almost always non-free JS.

So, even if we were to assume that the non-free Stripe JS code is trustable, and ask people to run it, then I'd never recommend anyone to use a browser that runs non-free JS.

Yes, people can use adblockers, but there's plenty more nasty stuff non-free JS code can do, and does[1][2][3][4], so I wouldn't ask anyone to do that.

Yes, there could be free/libre JS malware, but like who'd ever do

   <script> /* Code to log users' keystrokes before they send their message */ </script>
[1] https://stallman.org/archives/2017-sep-dec.html#18_November_...

[2] https://stallman.org/archives/2017-jul-oct.html#18_September...

[3] https://arstechnica.com/information-technology/2013/12/faceb...

[4] https://arstechnica.com/information-technology/2013/10/faceb...

Also, I'm a bit sad that HN was changed to disallow voting w/o JS, but that's mainly because it means you can't vote from Links or Emacs :-)



3 points by i4cu 2549 days ago | link

> this doesn't mean that most people don't care -- because plenty people I know get real pissed off...

Those people you know who get pissed are either A: not representative of 'the web' or B: not caring enough to stop doing what they are doing. So I will stand by "most of the web does not care" (and yes I am inferring you have to care enough).

> I'd never recommend anyone to use a browser that runs non-free JS.

   "most of the web does not care"
Unfortunately this is the world we live in and trust is currently a staple of the internet even as scary as that is to some people.

I have to trust that stripe.js is secure - that's what I'm paying them for and if they get a bad reputation like Paypal has then people, including myself, will stop using them and stop paying them. Frankly for a cc payment type script I think their code should be audited by professionals that can see more than just keystroke loggers and if there are any vulnerabilites then the auditors should have the power to shut them down.

If at all you think I'm not on your side I'll suggest you're wrong as:

    * I deleted my facebook account 10 years ago.
    * I deleted my minimal Linked-in account 2 years ago.
    * I don't use an ad-blocker, but I: 
        * make mental notes not to buy their products because the ad pop'd up.
        * don't revisit websites that have ad pop up.
	* avoid sites that have ads.
		
Using an ad-blocker is admitting defeat and I'm not there yet!

-----

3 points by hjek 2548 days ago | link

First, congrats with getting of Facebook and Linked-In!

Yes, most of the web doesn't care about non-free JS.

However, for me, it's higher priority to do what I think is right, rather than what is popular. If I didn't care about free software, I'd just put stuff on Ebay instead.

That's also why I coded this new event calendar in Arc -- that you can check out in the Anarki repository -- because I'm part of this art collective where everyone have been publishing events exclusively on Facebook, which is super annoying when you don't want to be used by Facebook.

I wanted to make something that was as easy to use but free, because many artists can't be bothered to use FTP to edit plain text files, and all the PHP calendars I looked at were overengineered overcomplex piles of drupal.

Anyway, I might look into Paypals Python SDK, because Hy makes Python acceptable.

-----