diff options
Diffstat (limited to 'talermerchantdemos/blog/articles/en/javascript-trap.html')
| -rw-r--r-- | talermerchantdemos/blog/articles/en/javascript-trap.html | 83 |
1 files changed, 52 insertions, 31 deletions
diff --git a/talermerchantdemos/blog/articles/en/javascript-trap.html b/talermerchantdemos/blog/articles/en/javascript-trap.html index 591af5c..b369ea9 100644 --- a/talermerchantdemos/blog/articles/en/javascript-trap.html +++ b/talermerchantdemos/blog/articles/en/javascript-trap.html @@ -1,12 +1,19 @@ <!--#include virtual="/server/header.html" --> -<!-- Parent-Version: 1.90 --> -<title>The JavaScript Trap</title> +<!-- Parent-Version: 1.96 --> +<!-- This page is derived from /server/standards/boilerplate.html --> +<!--#set var="TAGS" value="essays licensing traps" --> +<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" --> +<title>The JavaScript Trap - GNU Project - Free Software Foundation</title> <!--#include virtual="/philosophy/po/javascript-trap.translist" --> <!--#include virtual="/server/banner.html" --> - +<!--#include virtual="/philosophy/ph-breadcrumb.html" --> +<!--GNUN: OUT-OF-DATE NOTICE--> +<!--#include virtual="/server/top-addendum.html" --> +<div class="article reduced-width"> <h2>The JavaScript Trap</h2> -<p>by <a href="http://www.stallman.org/">Richard Stallman</a></p> +<address class="byline">by <a href="https://www.stallman.org/">Richard +Stallman</a></address> <p><strong>You may be running nonfree programs on your computer every day without realizing it—through your web browser.</strong></p> @@ -14,11 +21,13 @@ day without realizing it—through your web browser.</strong></p> <!-- any links that used to point to the appendices should point to free-your-javascript.html instead. --> -<blockquote> +<div class="announcement"> +<hr class="no-display" /> <p>Webmasters: there are <a href="/software/librejs/free-your-javascript.html">several ways</a> to indicate the license of JavaScript programs in a web site.</p> -</blockquote> +<hr class="no-display" /> +</div> <p>In the free software community, the idea that <a href="/philosophy/free-software-even-more-important.html"> @@ -61,7 +70,7 @@ the programs are nonfree.</p> <p>In addition to being nonfree, many of these programs are <em>malware</em> because -they <a href="http://github.com/w3c/fingerprinting-guidance/issues/8">snoop +they <a href="https://github.com/w3c/fingerprinting-guidance/issues/8">snoop on the user</a>. Even nastier, some sites use services which record <a href="https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/">all the user's actions while looking at the page</a>. The services @@ -77,29 +86,38 @@ trouble to identify the nontrivial nonfree programs and block them. However, even in the free software community most users are not aware of this issue; the browsers' silence tends to conceal it.</p> -<p>It is possible to release a JavaScript program as free software, by +<p>To be clear, the language JavaScript is not inherently better or worse +for users' freedom than any other language. +It is possible to release a JavaScript program as free software, by distributing the source code under a free software license. If the program is self-contained—if its functioning and purpose are independent of the page it came in—that is fine; you can copy it to a file on your machine, modify it, and visit that file with a -browser to run it. But that is an unusual case.</p> - -<p>In the usual case, JavaScript programs are meant to work with a +browser to run it. It's even possible to package it for installation +just like other free programs and invocation with a shell command. +These programs present no special moral issue different from those +of C programs.</p> + +<p>The issue of the JavaScript trap applies when the JavaScript +program comes along with a web page that users visit. +Those JavaScript programs are written to work with a particular page or site, and the page or site depends on them to -function. Then another problem arises: even if the program's source +function.</p> + +<p>Suppose you copy and modify the page's JavaScript code. +Then another problem arises: even if the program's source is available, browsers do not offer a way to run your modified version instead of the original when visiting that page or site. The effect is comparable to tivoization, although in principle not quite so hard to overcome.</p> <p>JavaScript is not the only language web sites use for programs sent -to the user. Flash supports programming through an extended variant -of JavaScript; if we ever have a sufficiently complete free Flash -player, we will need to deal with the issue of nonfree Flash programs. -Silverlight seems likely to create a problem similar to Flash, except -worse, since Microsoft uses it as a platform for nonfree codecs. A -free replacement for Silverlight does not do the job for the free -world unless it normally comes with free replacement codecs.</p> +to the user. Flash supported programming through an extended variant +of JavaScript, but that is a thing of the past. Microsoft Silverlight +seems likely to create a problem similar to Flash, except worse, since +Microsoft uses it as a platform for nonfree codecs. A free +replacement for Silverlight does not do the job adequately for the +free world unless it normally comes with free replacement codecs.</p> <p>Java applets also run in the browser, and raise similar issues. In general, any sort of applet system poses this sort of problem. Having @@ -114,7 +132,7 @@ free, but CSS is not a serious problem for users' freedom as of <p>A strong movement has developed that calls for web sites to communicate only through formats and protocols that are free (some say -"open"); that is to say, whose documentation is published and which +“open”); that is to say, whose documentation is published and which anyone is free to implement. However, the presence of JavaScript programs in web pages makes that criterion insufficient. The JavaScript language itself, as a format, is free, and use of JavaScript in a web site is @@ -127,8 +145,8 @@ programs to the user” must become part of the criterion for an ethical web site.</p> <p>Silently loading and running nonfree programs is one among several -issues raised by "web applications". The term "web -application" was designed to disregard the fundamental +issues raised by “web applications.” The term “web +application” was designed to disregard the fundamental distinction between software delivered to users and software running on a server. It can refer to a specialized client program running in a browser; it can refer to specialized server software; it can @@ -143,7 +161,7 @@ server issue separately.</p> JavaScript programs in web sites? The first step is to avoid running it.</p> -<p>What do we mean by "nontrivial"? It is a matter of +<p>What do we mean by “nontrivial”? It is a matter of degree, so this is a matter of designing a simple criterion that gives good results, rather than finding the one correct answer.</p> <p> @@ -224,20 +242,23 @@ that—but remember to disable it again afterwards.</p> <!-- any links that used to point to the appendices should point to free-your-javascript.html instead. --> -<blockquote> +<div class="announcement"> +<hr class="no-display" /> <p>Webmasters: there are <a href="/software/librejs/free-your-javascript.html">several ways</a> to indicate the license of JavaScript programs in a web site.</p> -</blockquote> +<hr class="no-display" /> +</div> <p><strong>Acknowledgements:</strong> I thank <a href="/people/people.html#mattlee">Matt Lee</a> -and <a href="http://ejohn.org">John Resig</a> for their help in +and <a href="https://johnresig.com/">John Resig</a> for their help in defining our proposed criterion, and David Parunakian for bringing the problem to my attention.</p> +</div> </div><!-- for id="content", starts in the include above --> <!--#include virtual="/server/footer.html" --> -<div id="footer"> +<div id="footer" role="contentinfo"> <div class="unprintable"> <p>Please send general FSF & GNU inquiries to @@ -255,13 +276,13 @@ to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p> to <a href="mailto:web-translators@gnu.org"> <web-translators@gnu.org></a>.</p> - <p>For information on coordinating and submitting translations of + <p>For information on coordinating and contributing translations of our web pages, see <a href="/server/standards/README.translations.html">Translations README</a>. --> Please see the <a href="/server/standards/README.translations.html">Translations -README</a> for information on coordinating and submitting translations +README</a> for information on coordinating and contributing translations of this article.</p> </div> @@ -282,7 +303,7 @@ of this article.</p> There is more detail about copyright years in the GNU Maintainers Information document, www.gnu.org/prep/maintain. --> -<p>Copyright © 2009-2013, 2016, 2017, 2018, 2019 Richard Stallman</p> +<p>Copyright © 2009-2013, 2016-2019, 2021 Richard Stallman</p> <p>This page is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-nd/4.0/">Creative @@ -292,7 +313,7 @@ Commons Attribution-NoDerivatives 4.0 International License</a>.</p> <p class="unprintable">Updated: <!-- timestamp start --> -$Date: 2019/12/30 11:28:30 $ +$Date: 2021/10/11 08:59:13 $ <!-- timestamp end --> </p> </div> |