[LINK] Study shows pop-up warnings are ineffective

Craig Sanders cas at taz.net.au
Tue Sep 30 10:40:08 AEST 2008 

On Tue, Sep 30, 2008 at 10:08:04AM +1000, Ivan Trundle wrote:
> 
> On 30/09/2008, at 9:58 AM, Rick Welykochy wrote:
> 
> > Given the prevalence of "Web 2.0" sites, is it even practical these  
> > days
> > to disable JS? Web coders seem addicted to it, and use it often in  
> > place
> > of Good Ole HTML constructs.
> 
> Only the diehards turn off js these days...

"only diehards"(*).  right.

that explains the enormous popularity of the NoScript plugin for firefox.

the default setting for which is reasonably safe for most uses -
javascript disabled for all sites until the user chooses to allow js for
a particular site, and they can choose to enable it temporarily (just
for the current browser session) or permanently.



and you know what? most sites that claim they need javascript or flash
or whatever actually work quite well (sometimes even perfectly well)
with scripting disabled. the only thing that the user is missing out on
from their "web experience" is being spied upon and click-tracked across
the internet by google or doubleclick or any one of hundreds of other
marketing scumbags.





(*) if that's what it takes to be a "diehard", then anyone who would
think that injecting a dirty syringe of unknown contents is WAY TOO
HIGH a *requirement* for entry into a shop, house, office, government
building, etc also qualifies as a "diehard".

and that the contents of the syringe are not only unknown, they are also
of unknown origin because any visitor can add whatever they like to it
via the convenient funnel next to the bulletin board at the entrance (or
by the unlocked and unguarded back door)

that's EXACTLY what sites that require scripting are demanding of users
visiting their site - run whatever unknown stuff we want to put on our
site, or that anyone who wants to misuse our system or exploit our
security holes can put on the site.



> I code by hand, too - but increasingly, I find that users/owners/etc  
> want more from the sites that they work and play in which html on its  
> own cannot deliver. Where possible, I look for simple alternatives,  
> but King Canute would have an easier job of stemming the tide than  
> stopping the Web 2.0 tsunami.

and that kind of web2.0 coding may be perfectly appropriate for an
intranet application, but it is extremely risky (for the user) for an
internet application.

it is the job of EVERY web developer to explain to their client
or employer that a scripting-required site will be unusable by a
significant percentage of visitors because they have disabled scripting
for perfectly valid and sensible reasons, and that a well designed site
works without scripting even if it offers scripting-based enhancements.

more than that, it's not just the developer's JOB to do that, it's
their ethical obligation and failure to do so constitutes professional
negligence.


craig

-- 
craig sanders <cas at taz.net.au>

More information about the Link mailing list