Jump to content

JavaScript: Difference between revisions

From Consumer Rights Wiki
← Older editNewer edit →
VisualWikitext
Rudxain (talk | contribs)
confirmed, superconfirmed
891 edits
m fix broken bold format
Rudxain (talk | contribs)
confirmed, superconfirmed
891 edits
Line 44: Line 44:


===Scraping===
===Scraping===
Since the rise of big LLM's many brokers have started offering scraping services for companies that want more training data for their AI. and to that end a lot of headless browser agents have begun to scrape (collect a sites information provided) even with the users robots.txt provided as a common standard to tell agents not to do so. this has lead to many forums and websites that had not used JS before to start implementing CAPCHAS or Anubis to prevent increased overhead and bandwidth costs.
{{Main|Artificial intelligence/training}}
Since the rise of big LLM's many brokers<!-- link to data brokers? --> have started offering scraping services for companies that want more training data for their AI. And to that end, a lot of [[wikipedia:Headless_browser|headless browser]] agents have begun to scrape (collect a sites information provided) even with the site's <code>robots.txt</code> provided as a common standard to tell agents not to do so. This has lead to many forums and websites that had not used JS before to start implementing [[CAPTCHA|CAPTCHAS]] (or [[wikipedia:Anubis_(software)|Anubis]]), to prevent increased overhead and bandwidth costs.


==Incidents==
==Incidents==

Revision as of 04:00, 13 April 2026

🧽🫧Article Status Notice: This Article needs to be cleaned up

This article contains sources and content, but is lacking proper format and needs more development to meet the wiki's Content Guidelines and provide a high quality and consistent experience for readers. Learn more ▼

Article Status Notice: Inappropriate Tone/Word Usage

This article needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Specifically it uses wording throughout that is non-compliant with the Editorial guidelines of this wiki.

Learn more ▼

JavaScript
Basic Information
Release Year 1995
Product Type Software
In Production Yes
Official Website https://openjsf.org/


JavaScript (JS), not to be confused with ECMAScript (ES), is a programming language and core technology of the Web, alongside HTML and CSS. It was created by Brendan Eich in 1995.[1] As of 2025, the overwhelming majority of websites (98.9%) uses JS for client-side webpage behavior.[2] It's even used on the server-side (see Node.js). JS is also known to enhance the user-experience (UX). The World Wide Web Consortium (W3C) provides comprehensive guidelines for such purposes.[3]

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to Web APIs" or "ES+WebAPI" for short.

Consumer impact summary

  • Degraded accessibility: Dynamic and/or active content is well-known to have poor accessibility for users with visual and/or cognitive impairments. While standards such as WAI-ARIA were created to mitigate this, it's no silver bullet, especially when developers aren't aware of ARIA.
  • Lack of transparency: To optimize network bandwidth, JS code is typically served in minified form, which makes it harder to understand for humans. This is particularly problematic if the original source is not publicly available, which is typically the case of proprietary software.[4]
  • Excessive tracking: JS is much more capable than HTML and CSS combined to track user behavior.[5] JS can communicate with almost any server (only limited by CORS) at any time (limited by connection availability), using a plethora of protocols. JS can get hardware information and compute a fingerprint of the device, user, or both.[6][7][8][9]
  • Market control: JS is built into almost every web-browser and user-agent (UA), including "light-weight" ones (such as w3m), incentivizing companies to use it for everything, since "there's no need to worry about compatibility or portability".[10] John Gruber says that JS shouldn't be part of browsers;[11][12] one way that would work is by turning JS into an extension or plug-in that the user willingly installs.
  • Security risks: It is well-known that JS is poorly-designed,[13][14][15] even tc39 acknowledges that[citation needed]. This leads to programmers and even experienced software-devs to accidentally add vulnerabilities to their code. That, and the fact that ES is Turing-complete (both in practice and in theory), makes debugging and reverse-engineering impractical in big code-bases. It's worth noting that tooling, such as TypeScript and ESLint, exist to substantially minimize the likelihood of bugs.

How it works

Whenever a user visits a webpage, an average web-browser will execute the JS code it finds in <script> tags. This code could do anything from updating part of the DOM-tree only when the user requests it, to showing a popup/popunder.

When JS tries to access a "privacy-sensitive" API (such as the microphone) the browser pauses it until the user has granted access for the first time. This is typically done on a per-domain basis. However, as mentioned earlier, many other APIs don't need to ask permission before fetching data.

It's worth noting that JS has a privileged position, relative to Wasm, because of its first-class access to Web APIs.

Why it is a problem

Tracking

Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. CSS stylesheets combined with HTMLshould be fine with most basic websites or webpages that do not need complex client side interaction.

JS makes it harder for ad-blockers to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve personalized ads, even across unrelated sites. Some sites collect so much data that they are indistinguishable from spyware (see also key-logging).[16]

Security

Browser-engine developers (such as Google and Mozilla) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via sandboxing. Unfortunately, since modern browsers compile JS to native CPU code (see JIT) to improve performance, this introduces a higher risk of sandbox-escape.[17] Some examples of this are as follows:

Scraping

Main article: Artificial intelligence/training

Since the rise of big LLM's many brokers have started offering scraping services for companies that want more training data for their AI. And to that end, a lot of headless browser agents have begun to scrape (collect a sites information provided) even with the site's robots.txt provided as a common standard to tell agents not to do so. This has lead to many forums and websites that had not used JS before to start implementing CAPTCHAS (or Anubis), to prevent increased overhead and bandwidth costs.

Incidents

This is a list of all consumer-protection incidents related to this technology. Any incidents not mentioned here can be found in the JavaScript category.

Google Search requires JS (2025)

In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also Deceptive language frequently used against consumers).[18][19][20] However, some people claim that it's an invalid justification.[21]

See also

References

  1. https://exploringjs.com/es5/ch04.html
  2. "Usage Statistics of JavaScript as Client-side Programming Language on Websites". W3Techs. Retrieved 2024-02-27.
  3. https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript
  4. Gross, Carson (2023-09-21). "The #ViewSource Affordance". </> htmx ~ Essays. Archived from the original on 2026-02-28. Retrieved 2026-03-24.
  5. https://clickclickclick.click/
  6. https://privacycheck.sec.lrz.de/
  7. https://abrahamjuliot.github.io/creepjs
  8. https://www.deviceinfo.me/
  9. "Learn how identifiable you are on the Internet". Am I Unique ?. Retrieved 2026-03-19.
  10. "Everyone has JavaScript, right?". Kryogenix Consulting. Archived from the original on 2026-03-16. Retrieved 2026-03-19.
  11. Gruber, John (2017-06-22). "Gizmodo Investigation Exposes Websites Collecting Form Data Before You Hit 'Submit'". Daring Fireball. Archived from the original on 2026-03-19. Retrieved 2026-03-20.
  12. Gruber, John (2017-06-27). "Using Today's Web Without JavaScript". Daring Fireball. Archived from the original on 2026-03-19. Retrieved 2026-03-20.
  13. https://github.com/denysdovhan/wtfjs
  14. https://github.com/brianleroux/wtfjs
  15. https://github.com/Rudxain/ideas/blob/aa9a80252a4b7c9c51f32eda5c716e96220ed96e/software/evar/with_bf.js
  16. Hill, Kashmir (2017-06-20). "Before You Hit 'Submit,' This Company Has Already Logged Your Personal Data". Gizmodo. Archived from the original on 2026-02-20. Retrieved 2026-03-19.
  17. Norman, Johnathan (2021-08-04). "Super Duper Secure Mode". Microsoft Browser Vulnerability Research. Archived from the original on 2026-02-18. Retrieved 2026-03-19.
  18. https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/
  19. https://daringfireball.net/linked/2025/01/18/google-search-javascript
  20. https://serpapi.com/blog/google-now-requires-javascript/
  21. https://blog.jim-nielsen.com/2025/javascript-required/
Retrieved from "https://consumerrights.wiki/index.php?title=JavaScript&oldid=51002"