Hi, I’ve read a lot about different browsers for both PC and android but I just can’t seem to find whether disabling JavaScript on firefox (in my case ironfox on grapheneos) actually makes firefox’s security acceptable/good compared to chromium based browsers (in my case vanadium) I don’t want to support google’s browser dominance nor do I trust them to make the browser without intentional privacy risks. (I’m sure the GOS team will or have removed any obvious privacy invasive features if any exist.)
I assume vanadium without JavaScript would be safer than ironfox without JavaScript but is ironfox without JavaScript actually safe enough for daily use and random website visits?
PS: my threat model is that I’m probably not in danger but want to limit all data collection as much as possible. I don’t have anything to necessarily hide but I still care about privacy.
Well, first off, seems like you’re mixing software-security (Phone not updated anymore) and privacy (security as in a threat model) together. Secondly, yes, disabling JS helps with both. To do that, either use uBlock Origin and check the mark in settings or google the about:confg key to do the same natively.
Is it “safer”? Sure. In the same way that not using a browser is safer. I think you would need to have a very concrete reason to disable JavaScript imo. Most websites will be a borked mess.
An addition to the other comment, I think sand boxing is an example of the issues I’m referring to.
My biggest reason for disabling JavaScript is fingerprinting and on android (theoretically, I’ve yet to begin using it, security). I, as a naive tech hobbyist have not heard anything about a non JavaScript fingerprinting system being widely used. So I thought I’d disable it since I don’t really need it, I prefer the web without it anyways. I mostly use privacy front ends anyways so I don’t lose access to valuable sources of information.
I also find that most websites I use work fine without JavaScript, so I mainly avoid websites that require JavaScript as I don’t really need those websites nor care about them. In the rare chance I really need it for a website I want to use I simply toggle it on temporarily so I don’t belive I lose anything by disabling it.
Would you still say firefox suffers from any of the huge problems all the chromium enthusiasts say android firefox have if you disable JavaScript? (Can’t give examples as I don’t remember them, simply that firefox is “very insecure” compared to chromium.)
monocles browser by default opens sites without enabling JavaScript or cookies, unless they are added to trusted sites. It also has a button to enable JavaScript temporarily per site.
U can disable JavaScript entrely only in about:config otherwise use mix of ublock origin + umatrix
Thanks, but do you think it stops issues firefox in android have that chromium based android browsers supposedly fix? (My wording isn’t meant to negate chromium security, simply show my lack of knowledge.)
I think one example was sandboxing? Is that a problem if there’s no JavaScript to let the browser run code that can abuse it?
