Follow

In other news, Google just decided to ban people from signing in if they have JavaScript disabled in their browser.

security.googleblog.com/2018/1

So people who use email clients are bad guys too ?

@bobstechsite Not as bad as sites refusing to sign you in for blocking the Goog's "sightseeing"
CRAPTCHAs.

@bobstechsite It's not a ban, it's a declaration of compatibility.

Complaining about this would be like saying Google "banned" Internet Explorer 6 users because their browser can't sign in anymore.

All modern browsers support JavaScript and while JavaScript /can/ be exploited maliciously, I think it's a little absurd for someone to say they don't want Google running JavaScript in their browser while simultaneously letting them own all of your email.

@smeg @bobstechsite That would be fine as long as they made this feature optional.

@smeg to avoid getting bogged down in semantics, here's a correction: "Google deprecated support for users who've made a legitimate security decision to disable JavaScript, citing security as a justification."

Imho individuals have the right to choose what data they share with a company, and which scripts and programs run on their computer.

This looks to be a non-optional change.

@bobstechsite "We here at Google want to make sure you're safe from malicious scripts, so please make sure your scripts are enabled."

What kind of circular fucking logic...?

@KitsuneAlicia @bobstechsite coincidentally it also lets them include more user tracking and advertising. Funny how that goes.

@bobstechsite Weird as hell. I mean, I have google's main domains whitelisted in NoScript anyway, but I don't see how having JS on could possibly be more secure than having it off...

@bobstechsite "a tiny minority of our users (0.1%) choose to keep [Javascript] off"—1 in 1000 is a minority for sure, but not tiny. That's a surprisingly large number. I'm heartened by that.

@bobstechsite I predict this will be 0% useful at stopping attackers who know what they are doing and 100% useful at improving Google's ad metrics.

@bobstechsite hasn't google require JavaScript for authentication and captcha for a long time?

uMatrix makes it easy to only turn it on when you need it

granted, I mostly leave it off and just don't go back to sites that need 3rd party Javascript

@lufthans Google normally requires captcha if you get your password wrong, so it can verify you as a human/collect training data for its self-driving cars.

I suspect for most people this will be a case of temporarily whitelisting a Google URL they'd rather not in the "NoScript" extension they rely on.

@bobstechsite move to uMatrix, it allows easy per site rules and defaults to temporary for both cookies and JavaScript

I don't authenticate much with Google for non-phone, and those services ( G+, G Docs ) require JS just to function

Sign in to participate in the conversation
Bobadon

bobadon.rocks is one server in the network