Skip to content, sitemap or skip to search.

Personal tools
Join now
You are here: Home Bulletins 2018 Fall Escaping the JavaScript trap with LibreJS

Escaping the JavaScript trap with LibreJS

by Ian Kelling Contributions Published on Nov 12, 2018 12:07 PM
Most Web pages contain nonfree JavaScript programs that, like other nonfree programs, deny you freedom. The primary functionality of many sites won't work without running JavaScript. This includes almost all online shopping.

Why is JavaScript so prevalent? Without it, Web sites are written solely in HTML and similar markup languages that intentionally lack the features of a programming language, and are limited to a specific set of behaviors. JavaScript can accomplish much more, and is often used to enhance HTML. Because JavaScript is so easy to download and works almost the same on every browser, it has become one of the most popular programming languages, and many complex programs have been created with it, including Google Docs.

The dark side of JavaScript, however, includes many of the standard abuses that can come with nonfree software: for instance, one common function of nonfree JavaScript is to record your actions while looking at a Web page, often used to identify and profile you. An ethical Web site does not know who you are until you tell them. Identifying and profiling users without their consent is a huge violation of your privacy, but it is unfortunately very common.

The program GNU LibreJS detects nonfree JavaScript in pages you visit and blocks it, preventing it from running and thus saving you from giving up your freedom. LibreJS is included in the GNU IceCat browser, and is available as an add-on for Firefox and Abrowser.

Blocking JavaScript is already more common than you think – adblockers often block JavaScript programs coming from domains that serve ads, since these programs are usually malware or unnecessary. But just blocking ad-related JavaScript is not good enough. We need the freedom to run, edit, contribute to, and share the software we use. You can find out more about our Free JavaScript campaign at https://fsf.org/campaigns/freejs.

This issue desperately needs more action. Here are some things you can do:

  • Install and use LibreJS.

  • Ask Web site owners to stop including nonfree JavaScript. In most cases, a Web site should not require running any JavaScript at all in order to use it, as the functionality of the Web site does not justify requiring you to run a program. Any JavaScript that is included should be made free and validated with LibreJS.

  • When someone recommends you go to a site with nonfree JavaScript, make sure they know about this issue.

  • Make free replacement programs for nonfree JavaScript. Sometimes this includes reverse engineering the existing JavaScript so the replacement will work with a specific Web site. IceCat includes some extensions that are free JavaScript replacements for specific Web sites. The FSF, with the help of an intern, Alyssa Rosenzweig, is close to recommending a replacement for nonfree JavaScript for making payments with PayPal called Pagamigo.

  • Improve JavaScript tools so they facilitate creating LibreJS-validated sites. For instance, JavaScript tools which compact source code should be improved so they automatically provide the location of the source code to LibreJS.

  • General JavaScript development learning resources also need contributions to include teaching developers how to make their code free for users.

Firefox 57, released in November 2017, switched to a new API for extensions called WebExtensions. For LibreJS to work with this new API, it required an almost complete rewrite. As I write this, LibreJS 7.18.0 was recently released. It has major improvements and is even better than before the rewrite, including a more intuitive interface and much faster source code checking.

Our contractor, Giorgio Maone, the author of NoScript, has been helping us with a lot of improvements to LibreJS. The new versions are compatible with modern Mozilla-based browsers that use the WebExtensions API, including the recently released GNU IceCat 60. LibreJS is now much faster and more robust, and we are working on further improvements to make licensing-tagging easier for Web developers.

LibreJS has one core developer and is improving quickly, but it could use help with further development, including features such as internationalization of the user interface, support for running on Android and Chromium, and better documentation, more testing, and debugging. If you want to help with this tasks, please subscribe and write to the mailing list at https://u.fsf.org/fb9.

Document Actions

The FSF is a charity with a worldwide mission to advance software freedom — learn about our history and work.

fsf.org is powered by:

 

Send your feedback on our translations and new translations of pages to campaigns@fsf.org.