Re: Requesting comments on draft-cheney-safe-02.txt

[Hector Santos <hsantos@santronics.com>]

Hector Santos wrote:

> Well, all bets are off.  That is why I think you may be blowing against 
> the wind here.  WEB 2.0+ direction is too strong. The market is 
> certainly caring less for Web 1.0 only support and would rather (because 
> it is less costly) just spit out a message:
> 
>     Sorry, Javascript is enabled to use this site.


I meant that to say:

     Sorry, Javascript is REQUIRED to use this site.

> Today, if a user is concern about reaching a site with hidden cross 
> domain operations, they can use the browser's No Scripting options like 
> newer IE and FireFoxes with the most excellent NoScript plugin.
> 
> At the end of the day, either you allow the site to run as it was 
> designed if you want to be part of it, or just ignore it if you are 
> concern about its cross domain behavior.   i.e, FACEBOOK - either you 
> want to be part of it or you don't because it relies are strong 
> interactive behavior and TONS of cross domain communications.


Let me illustrate how BAD it has gotten.

I have all the browsers installed on my machine for testing purposes 
against our hosting products.

For personal usage, I use Firefox with NoScript. With NoScript, if I 
trust the web site I am hopping to I will click the bottom right 
status bar NoScript ICON and it will list the main site and other 
cross domains it is trying to reach. It offers me to permanently or 
temporarily white list the main and/or the others.  In general I just 
white list the main site, not the cross domain sites.

For all these years that worked great. The sites I most visited still 
were 95% WEB 1.0 compatibility - I could web hop with javascript off 
by default and only enabled the ones I want to get the job done.

Within the last year, more and more sites are saying the above:

       "Javascript is required."

Now, if I care or needed to continue, I will enable it. Otherwise, 
forget them.

Today, more and more of the newer sites are completely Web 2.0+ and 
unless I completely white list them, I mean everything, even the cross 
site AD request and tracking domains, they will not work.  Even with 
me telling NoScript to opening it up.

Its gotten so bad, I have to use Google Chrome when I want complete 
unrestricted access to a particular site.

The point?

Google Chrome is the first browser to make it 100% known they do not 
want users to control their tracking and usage of Javascript to do 
background communications in a cloud or with their main HQ.  Typing 
at the address bar is now DYNAMIC. It records everything you do. Its 
part of their model of the future.  So I use it when I want full web 
2.0 experience and I don't worry about what it is doing (even though I 
showed how to stop its tracking here):

http://santronics.blogspot.com/2008/09/removing-chrome-spying-activity.html

Other browsers are watching and following suite and overall, its no 
longer what the user wants but rather trying to convince them there is 
no harm, "TRUST ME - THE BROWSER" and to change the mindset by having 
them ignore the idea that they is tons of communications going on. 
Most user don't even know it is going on and certainly not the new 
generation - the vendors are betting on it.


-- 
Sincerely

Hector Santos
http://www.santronics.com