I'd disagree entirely. I'd argue that I'm aware of how much effort has gone into making the web much, Much, MUCH more convenient and less risky for the average, day to day user.
It's frankly stunning how much the ecosystem has changed just over the last 5-10 years. And I mean that as a developer who works in the security industry with a focus on browsers/extensions. It's ludicrous how much more secure the web of today is over the web of the past.
That said, it's not yet secure. There's always a risk/reward decision for using the web, especially around HOW you - the user - uses the web.
So to make an analogy: The infrastructure in place between root authorities, the IETF, browser vendors, ISRG (Let's Encrypt is just one), and website developers has done a DAMN good job in making the web less vulnerable than it was.
It's a nicely paved two lane road that goes nearly everywhere.
That said, you are interacting with the entity hosting the site you visit, NOT THOSE GROUPS, when you visit a site.
It's your responsibility to make sure you trust that entity, and do your due diligence.
Just like I wouldn't try to drive my crappy 1998 Mazda Protege offroad - It's dangerous and I would be unprepared.
Its your responsibility to make decisions for yourself (or at least I fucking hope it is... that's a fundamental aspect of a democratic society that I STRONGLY believe in). That means living with the consequences.
It can also mean choosing different service providers that are less convenient if you deem the easy ones too risky. If you're not willing to do that (aka: switch away from gmail if you want js disabled everywhere) and you still want to complain... I find it hard to treat you seriously.
> It's your responsibility to make sure you trust that entity, and do your due diligence.
What does this entail? I mean, ask the average person if they trust the New York Times, the London Stock Exchange, or Spotify. Those are well-known names - sure we trust them. We trust that, as an organization, they are not plotting to steal our identities.
But trusting them means trusting their business people, their IT people, and their advertising partners, not only to be moral but also to be competent. And whoops, all of them have served malvertising in the past.
Nobody has the time and expertise to evaluate every site's JavaScript every time they visit. The "due diligence" you describe would be a very specialized full-time job.
Whereas turning off JavaScript in the browser takes about 10 seconds.
> It's your responsibility to make sure you trust that entity, and do your due diligence.
> What does this entail?
My whole point is that that's up to you to decide. No one else can make that choice for you.
The VAST majority of people have decided that the risks they face today are worth it, and continue to use the web with js enabled.
If you're not one of them, I absolutely respect that decision, but it means you'll have to accept that companies are making financial and security based decisions based on the behaviors of normal people.
That means that when spotify (and lets be honest, every other streaming service) doesn't work without js, you go somewhere else, and use something different.
That's the whole point I'm making. You can make any decision you'd like with regards to your own security, you can make any decision you'd like with regards to the sites you visit. But that site is free to act in it's own interests, including adding features and services that target the majority of their uses.
It's frankly stunning how much the ecosystem has changed just over the last 5-10 years. And I mean that as a developer who works in the security industry with a focus on browsers/extensions. It's ludicrous how much more secure the web of today is over the web of the past.
That said, it's not yet secure. There's always a risk/reward decision for using the web, especially around HOW you - the user - uses the web.
So to make an analogy: The infrastructure in place between root authorities, the IETF, browser vendors, ISRG (Let's Encrypt is just one), and website developers has done a DAMN good job in making the web less vulnerable than it was.
It's a nicely paved two lane road that goes nearly everywhere.
That said, you are interacting with the entity hosting the site you visit, NOT THOSE GROUPS, when you visit a site.
It's your responsibility to make sure you trust that entity, and do your due diligence.
Just like I wouldn't try to drive my crappy 1998 Mazda Protege offroad - It's dangerous and I would be unprepared.
Its your responsibility to make decisions for yourself (or at least I fucking hope it is... that's a fundamental aspect of a democratic society that I STRONGLY believe in). That means living with the consequences.
It can also mean choosing different service providers that are less convenient if you deem the easy ones too risky. If you're not willing to do that (aka: switch away from gmail if you want js disabled everywhere) and you still want to complain... I find it hard to treat you seriously.