"I believe there are two reasons why some people want to disable JavaScript: the feeling of extra privacy and improving page speeds."
I normally get along with Armin, but I feel that he left out a key thing here: Some people disable JS because they feel that JS obfuscates and degrades the Web-browsing experience. Sadly, we are no longer catering to these people: viewing a website without JS enabled should not render the fundamental content of the website unavailable, and we have forsaken that ideal in favor of fancy bells and whistles on our pages.
There's a fourth reason, as well: JS should not be required on grounds of security, not just privacy. Sites should not have to run what is essentially unsafe, privileged, arbitrary code in order to do their daily business. A company might claim that their JS is harmless because it only animates a title bar or powers a dropdown menu, but proving that requires a manual audit of all JS on the page, which amounts to thousands of lines of JS on a modern site. (Have you read through the copy of jQuery being served to you? Probably not.) Common repositories of JS ameliorate the problem somewhat, but it can't be eliminated.
This is not okay, by the way. Requiring JS to read a news article, or upload an image, or view a forum thread, is insane and we should not tolerate it.
> JS should not be required on grounds of security, not just privacy. Sites should not have to run what is essentially unsafe, privileged, arbitrary code
JavaScript is by far the most heavily sandboxed, restricted code in common use. If you think it's harmful to have JS running on someone's site you need to learn more about web security.
If I can inject JavaScript into the page I can also inject HTML with a big “Win a free iPad click here!” link. JavaScript is the symptom, not the disease.
I normally get along with Armin, but I feel that he left out a key thing here: Some people disable JS because they feel that JS obfuscates and degrades the Web-browsing experience. Sadly, we are no longer catering to these people: viewing a website without JS enabled should not render the fundamental content of the website unavailable, and we have forsaken that ideal in favor of fancy bells and whistles on our pages.
There's a fourth reason, as well: JS should not be required on grounds of security, not just privacy. Sites should not have to run what is essentially unsafe, privileged, arbitrary code in order to do their daily business. A company might claim that their JS is harmless because it only animates a title bar or powers a dropdown menu, but proving that requires a manual audit of all JS on the page, which amounts to thousands of lines of JS on a modern site. (Have you read through the copy of jQuery being served to you? Probably not.) Common repositories of JS ameliorate the problem somewhat, but it can't be eliminated.
This is not okay, by the way. Requiring JS to read a news article, or upload an image, or view a forum thread, is insane and we should not tolerate it.