> Lets be real, you need to be using JavaScript for the internet to be functional,

Nonsense. I use w3m for browsing and much more than 90 percent of the web works fine. Fully 100 percemt of "the internet" works fine, because that has nothing to do with JavaScript. Please stop over-dramatising and catastrophising as a way to throw cold water on what is a very good security practice. More than one medium security environment I've worked in recently don't allow js (although admittedly the sites we are allowed to access from there are limited).

Wow, talk about proving the parent's point.

I just read the top 100 website list and went to some of the top 20, like Yahoo, YouTube, Twitter, Instagram, Amazon, and Live.com (Microsoft).

YouTube, Twitter and Instagram don't work at all. Live.com wouldn't let me log in without JS. Amazon worked until checkout. Yahoo worked until login.

I think you are incorrect with your "nonsense" judgement, as this top-10 sampling is pretty sensible.

EDIT: `ewzimm` makes a good criticism of my analysis: these aren't necessarily the top sites used by Tor. However, how many Tor users (in authoritarian countries or just regular users) don't use it to visit the banned sites on the Top-100 list?

If I told you I don’t listen to the Billboard top 100 songs, would you say “nonsense, you don’t listen to music?”

I also prefer w3m and find most of the web much better as text only, switching over to another browser when I want video or some other JS feature. Or I can use something like youtube-dl to fetch a video. And there’s much more out there than the top 100 websites.

> If I told you I don’t listen to the Billboard top 100 songs, would you say “nonsense, you don’t listen to music?”

No, but the reponse is more like: I only listen to Indie, Billboard isn't music.

The vast majority of internet traffic, e.g., the most popular sites, mostly require JS. If you only visit obscure indie-rock sites, then fine, but we're talking about the masses, not the small niche exceptions.

It’s true that most people will likely stick to the most popular websites, but how likely are they to use Tor, especially self-configured outside the Tor browser? I’d bet the people who would do that are much more likely to spend more time outside the most popular websites.

That's a good point: this discussion is in the context of TOR, so that does self-select to some extent. It would make more sense for my argument if I knew what are the top-20 sites used by TOR and their JS requirements. I know people use Tor for Twitter in Turkey, so there's a problem right there!

To be fair, the websites you listed are extremely difficult to use anonymously with or without JS enabled. Most of the popular sites go pretty far out of their way to attach you to an identity that can be used to identify you outside their website.

If you’re using Tor to do your Amazon shopping - I wouldn’t recommend using the same environment to do anything where your anonymity being compromised could put you in danger since you just gave Amazon your credit card and mailing address.

With firefox and NoScript, you can whitelist the specific JS you need to make those sites work. You do it one time for a site you know you'll come back to often, and then you're done. In my case for example I whitelisted the scripts at old.reddit.com and redditstatic.com, and leave everything else blocked by default and it works fine for my needs (reading comments).

The fact that there are a handful of very frequently used websites that use JS doesn't make it impossible or overly burdensome to take sensible steps to limit which scripts you allow.

I use amazon in firefox with NoScript without issue, and while amazon gets to run some scripts, none of the JS at amazon-adsystem.com ever runs in my browser.

Youtube wants to load JS from over a dozen different places, but you only need to allow a couple to get videos to play (I personally prefer to just download yt videos to disk and watch them in VLC avoiding that issue entirely)

If you just want to read comments, libreddit & teddit are fantastic. Libreddit has some onion instances too.

> YouTube, Twitter and Instagram

We clearly have very different lifestyles and values. For me that's the dank basement of the internet,

That's perfectly fine.

It however does not matter for the large majority of people who use those top 100 or even top 100,000 websites or even top 1,000,000 websites, and do not have the education, skill or time to learn about all the alternatives, if there are even any. It doesn't matter for the people living under repressive regimes who want to inform themselves on foreign news sites, access foreign NGO sites, or even watch things on youtube or look and/or participate in social media. And so on...

A large part of the web is not functional without js, and just because you chose to not use that part of the web (much) doesn't invalidate that point.

So I'd politely suggest you may tone it down a little when it comes to calling "nonsense".

> and do not have the education, skill or time to learn about all the alternatives,

With respect, this is hacker news. When I converse with people here I do so with a different expectation of intellect and curiosity. There are voices here who excuse technological abuses by appeal to the ignorance of "the masses" - completely missing that there is a different spirit going on in the sub-text of innovation and entrepreneurialism here. If, as you claim, the majority are using defective technologies, then that is a bigger problem, not something to be celebrated. They deserve better and it's our job to help them get that.

There are alternatives that will work without JS though.. obviously the majority of people use it by default, but if you don't want to have it enabled there is plenty of other options.

This is mostly the fault of lazy and ignorant front end developers.

I doubt that. Monetization is a goal of most of these platforms, which makes the JS and privacy-hostile stuff absolutely intentional and implemented with malice aforethought. There's no reason to require client-side computing for the vast majority of sites, and the remainder are relatively niche webapps. Media-viewing sites aren't niche, and have good UX reasons, but I'd bet the vast majority of use is outside of the web interface anyways (ie. on mobile).

you're not using the web like 90% of other users though (which is facebook, tiktok, twitter, big news sites, instagram, etc)

And those other 90% of users aren't using Tor.

For everyday browsing I use NoScript, and rarely allow JS to run (I don't have JS right now!). With Tor, JS is always disabled, 100% of the time.

Tor is a niche use case, and not running JS is a cost that comes with the increased anonymity. I'm not using Tor to watch my "How to cook rice" videos or funny cat videos.

Which major sites still work just fine without JS? Which ones do you have to avoid?

I mean, I don't have JS enabled for HN, although I don't know if you count that as "major".

But I'm not really keeping track, honestly. If I come across a website that isn't working with JS, I make the decision "is this worth allowing JS?". Sometimes the answer is yes, sometimes it is no. Often it means enabling the first-party domain to run JS but no others.

Conveniently, some of the paywalls on various news sites don't work with JS, but you can still read the article. So that'd be some of them that arguably work better without JS.

I don't use Tor for everyday browsing, only for the times I need/want it. In those cases, the equation always equals "no JS" -- that's the reason Im using Tor in the first place.

It's a balancing act, as all security always is.

Most important of all porn doesn’t work

I wouldn't be surprised if pornhub-dl exists. ;-)

    wc -l yt-dlp/*/*/*porn*
       75 yt-dlp/yt_dlp/extractor/alphaporno.py
      127 yt-dlp/yt_dlp/extractor/eporner.py
       73 yt-dlp/yt_dlp/extractor/hellporno.py
       33 yt-dlp/yt_dlp/extractor/lovehomeporn.py
       60 yt-dlp/yt_dlp/extractor/porn91.py
      101 yt-dlp/yt_dlp/extractor/porncom.py
       41 yt-dlp/yt_dlp/extractor/pornez.py
       78 yt-dlp/yt_dlp/extractor/pornflip.py
      117 yt-dlp/yt_dlp/extractor/pornhd.py
      814 yt-dlp/yt_dlp/extractor/pornhub.py
       83 yt-dlp/yt_dlp/extractor/pornotube.py
      103 yt-dlp/yt_dlp/extractor/pornovoisines.py
       54 yt-dlp/yt_dlp/extractor/pornoxo.py
       76 yt-dlp/yt_dlp/extractor/sunporno.py
       65 yt-dlp/yt_dlp/extractor/watchindianporn.py
      182 yt-dlp/yt_dlp/extractor/youporn.py
       65 yt-dlp/yt_dlp/extractor/yourporn.py

That appears to be a thing on yt-dlp [1]

[1] - https://github.com/yt-dlp/yt-dlp.git

I'm sure youtube-dl works, but one google away is https://github.com/Nukesor/pornhub-dl which seems to have site specific features.

> Lets be real, you need to be using JavaScript for the internet to be functional, even within Tor

That's incorrect, especially the last part. Dark services work very hard to design their websites to work without JS, due to these exact vulnerabilities. Nobody on the dark web trusts JS, at all.

Actually some DNMs heavily encourage you or even force you to turn off Javascript before they let you log in/interact with the website. So while I think that JS is probably necessary for most of the regular web, that's not really the case here. It's only true if you use Tor to browse the clear net, which is probably not recommended anyways.

Hm, this is probably a joke, but I do vast majority of my browsing without javascript (noscript+umatrix or w3m). It's especially pleasant on news sites which are crammed with junk the few times I carelessly open them on the JS-only profile I reserve for Google's app suite.

I use brave and browse with JS disabled by default. Some sites don't work, some do. I regularly decide the info I'm looking for can be found somewhere else and back out of a broken site because of it. Some sites I enable and proceed with.

> I use brave and browse with JS disabled by default.

That’s hilarious given the founder of Brave (Brendan Eich) literally invented JavaScript.

I mean I'm not arguing JavaScript's utility.

Its a tool with a time and place for proper usage.

I'm not arguing, it's just amusing / ironic.

> Anybody claiming they regularly use the internet with JS disabled is just lying for some sort of feel of superiority.

Nope. I do, and I'm not lying. I started because it was required for my work and I just got used to it and now do it everywhere. The internet with NoScript is the best way to browse 90% of the time.

Even today, the vast majority of the sites I visit (including the one linked to in this post) work just fine (for what I want) without JS. That means the text I clicked to read is displayed and is readable, the images I clicked to view are displayed, etc. Other parts of the site may not work (menus for example), but if I'm just following a link to an article I want to read and I can read it without javascript why do I care if the menus on the site are broken or if i can't leave a comment?

For the sites I regularly visit that really do need JS I enable only the JS files needed to accomplish the things that I want and that's only necessary to do one time for each site. NoScript remembers my preferences on each domain.

For those rare occasions I actually need to enable JS to get the functionality I want on a site I'm visiting only once I can just temp allow only the scripts I need to get the content I want and the next time I close my browser (or clear those temp permissions by hand) that site is no longer allowed to use JS. Ill admit that for some random sites I wasn't that interested in in the first place, there are times where I'll still just close the tab and move on.

I really don't understand why people think it's so hard to use the web with NoScript. Overall, websites load much faster and look cleaner without JS and I'm much much more secure. Most of the time, it's really not a problem.

I will say, I do have an add-on called NukeAnything that lets you right click and remove whatever you want from webpages (only until the page is reloaded) and that occasionally does help fix some issues for sites that don't handle the lack of JS gracefully. If somebody's poorly designed JS heavy menu is spewed all over the page and covering the content I want to see, I can just right click and remove it. Same with obnoxious "we use cookies" banners that I refuse to interact with.

Honesty it's the other things I've done to harden the browser (disabling redirects, service workers, WebGL, WebRTC, Wasm, location sharing, DRM, plugins, cookies, web storage, etc.) that cause the most problems with sites, and I do keep another unhardened browser around (brave atm) to handle the sites I absolutely need to access that depend on that junk.

Ed Snowden said to turn off the fucking scripts.

So I did.

Most of the web works fine.

If a hidden service doesn't work without JS it's probably run by feds.

I use a text-only browser that has no suport for JS or CSS. I use it to read and comment on HN and to read every website submitted to HN. I have no idea what these websites look like in graphical browsers, but I can read 100% of them. I do not see fonts, images, layout, etc. I just read text and download files. For searching and downloading video from YouTube, I do not even use a text-only browser. I do everything from the command line. The only time I use a graphical browser that runs Javascript is for online shopping, banking and so forth. That is a very small percentage of overall internet use for me.

I regularly browse internet via Lynx, which does not support JavaScript. A lot of sites appear to be actively hostile toward Lynx but there are some sites that are very functional and even enjoyable.

Pffft. Even JavaScript is now letting script kiddies make persistent JS things of dubious nature, now that you can write JS to store files.

I just thought no js just made the internet work better sometimes, and now you're telling me I can be smug about it too?

Now how much would you pay? :)

uBlock Origin allows most of those things when it's opted in: https://github.com/gorhill/uBlock/wiki/Dynamic-filtering

Right, and uMatrix is actually not maintained anymore, so this is a better idea than installing uMatrix. :D

Is uMatrix being maintained again?

Oops. It isn't, thank you for the notice. So better don't install uMatrix and use uBlock, which has a similar feature. ^^

Wikipedia does not require Javascript to be "functional". Also, the "internet" is much more than the www. The majority of protocols used on the internet do not rely on Javascript to be functional.

No one said it's possible to design a site without JavaScript, just that for the vast majority of the internet, including sites user's rely on, it's unusable without it enabled.

I was replying to a poster claiming JS is needed "even within tor"

I understand. And if anyone wants to use one of the sites that requires JavaScript within tor, then JS is needed within tor for them. Just because some random forum was developed to work without JS doesn't help if they want to use a site that wasn't developed to work without JS.

You say that on a website where you don't need JavaScript either.

Rumor is that there are dozens of websites that work without JavaScript.