Removal of "Enable JavaScript" and "Load images automatically" in Firefox 23

Gavin Sharp gavin at gavinsharp.com
Thu Aug 8 20:46:37 UTC 2013


Hi klasse,

Thanks for the feedback. I think most of your arguments rest on a
false premise: that the motivation behind this change was to
accommodate lazy or malicious web developers. As I mentioned in the
bug, the primary motivation was to simplify our preference pane to
remove options that are not relevant to the vast majority of our
users, and that produce a negative experience for the vast majority of
Web use cases.

It's great that you've been able to make use of NoScript and live
without JavaScript on the web, but I don't think your experience is
reflective of our user base in general.

Thankfully, given Firefox's strong add-on ecosystem and built-in
configurability (including about:config), the small set of users who
need to address these use cases can continue to do so.

Gavin

On Thu, Aug 8, 2013 at 1:19 PM,  <klasse at partyheld.de> wrote:
> Folks, I have to express my strong objection to the removal of the "Enable
> JavaScript" and also the "Load images automatically" settings from the
> easily accessible "Configuration" dialog in Firefox 23. (And yes, I do know
> that they are still present in "about:config".)
>
>
> Reasons:
> 1) "Enable JavaScript": The much-quoted ( see e.g.
> https://bugzilla.mozilla.org/show_bug.cgi?id=873709 ) point of view at
> http://limi.net/checkboxes-that-kill/ is a point of view of a web developer,
> not a consumer. And not a very good web developer either - the good ones
> will place a warning inside tag <noscript>, letting the visitor know they
> need to enable JS for the site to work properly, instead of letting their
> website fail silently/disgracefully.
>
> The given reason to remove that setting has been to not let "nontechnical"
> users disable JS based on an uninformed decision. In my experience, though,
> the "nontechnical" users don't ever open the "Configuration" dialog, let
> alone change anything there - they are rightfully afraid of changes breaking
> their browsing experience. So, the "Enable JavaScript" option was actually
> something for the "techie" users using a quick way to disable JS, without
> the need to go to about:config and having to remember the name of the
> affected parameter. (And possibly having to search the web to make sure that
> "javascript.enabled" is actually the one needed, or how about, e.g.,
> "pref.advanced.javascript.disable_button.advanced" and friends? And which
> one is it in the current version of Firefox, or the version I'm currently
> using at a PC which is not mine?)
>
> I do agree that the NoScript add-on is a better way for disabling JS, and I
> am, in fact, its long-term happy user. (Including forcing HTTPS for certain
> sites, its "Application Boundary Enforcer", etc.) But I only use NoScript on
> my main Firefox profile, on my main non-administrator Windows account. On
> the other hand, I keep the number of installed Firefox add-ons on my Windows
> administrator account at zero, for security reasons. And, for the same
> reasons, I also have JS disabled on it most of the time, using the Firefox
> "Configuration" window.
>
> Also, I sometimes use a Linux LiveCD which does not have the NoScript add-on
> installed. And the Firefox "Configuration" window offers a quick way to
> disable JS there, for security and privacy reasons. Instead of having to
> waste time and RAM (that's where a LiveCD runs) for NoScript.
>
> Unlike what some web developers claim, JavaScript is not needed for most of
> the sites I visit. I don't need it for most of my web activities, such as
> reading news and forums, looking up words in online dictionaries (their
> forms work without JS), etc. And I don't even need JS for my banking website
> ( https://banking.dkb.de/portal/portal/ ) - only their auto-log-out
> countdown won't show - that's what I call "good" developers. And if ever,
> very rarely, I come across a web site failing entirely without JS, it
> usually warns me about it using the <noscript> tag. (And they sometimes show
> the warning while still working good enough for just reading them.) And a
> growing number of sites use HTML5 and CSS animation for many things anyway.
>
> I understand website owners being upset about disabled JavaScript, as it
> limits their ability to track and advertise, but I am the browser user, not
> them. And forcing their point of view down "technical" users' throats is not
> the way to go - it will just annoy them. And there are quite a few of those
> with Firefox. While the "non-technical" ones are not affected - they don't
> know what JS is or how it can be disabled in the FF "Configuration" window
> in the first place.
>
>
> 2) "Load images automatically": There are remarkably few voices against
> removing of this one from the "Configuration" window. I found its easy
> disabling an advantage, too. I travel a lot, to different countries. And
> don't always have WiFi nearby and then use the GSM tethering instead, which
> often has speeds comparable to the good old modem dial-up. Having been able
> to quickly disable image loading when on such connections (sometimes along
> with JS), and then re-enable it again when on WiFi, has been a great
> advantage. (Even my mobile browser offers that, also great when on GSM.) It
> greatly limits load times and money spent on data download. While, again, I
> don't need images to browse news, forums, dictionaries, etc. They are "nice
> to have", but one can easily do without for a while. (Although advertisers
> would disagree, I am sure.)
>
> That, again, is a setting a "technical" user would use, while others don't
> know it exists.
>
> Now, with the setting only present in "about:config", I face the same issues
> as with "javascript.enabled": which parameter is it (in the FF version I
> use)? Do I have to remember that? For all browsers I use?
>
>
> Oh wait, I just accidentally changed another "about:config" parameter, which
> sounded similar, and forgot to re-set it back - so why does my browser
> behave differently now while "syncing"? Is it a Firefox bug? I think I need
> to report it in Bugzilla. (Just an example.)
>
>
> -> There is a reason for that big fat warning when opening "about:config" -
> it is not meant to be changed frequently. No matter how "technical" one is.
>
>
> So, please, bring both those settings back to the "Configuration" UI. Their
> easy and safe access has been one of the advantages of Firefox.
>
> Code/UI clean-ups are a generally a good thing, but this one went too far.
> Configurability is a big advantage of Firefox. Also, it's a bit
> hypocritical: the "technical" users are advised to use the "NoScript" add-on
> (again, others don't know it exists), but each new version brings additional
> "Developer Tools" (I'm not complaining, I like it, actually), despite the
> also existing "Firebug" add-on.
>
> And to close with an anecdote, referring to the "Google broken with disabled
> images" argument in http://limi.net/checkboxes-that-kill/:
> My completely "non-technical" sister asked me recently why I had configured
> Google search as her home page, shown on browser start-up. Her argument to
> change it (to her mail/news provider's page) was: "Why do I need that Google
> search page - isn't that what that search bar in the top right corner is
> for?"
> So much to the "we just broke the internet" claim. And Firefox better be
> fixed if disabled images prevent displaying of forms on it. Unless it's
> Googles intention, as advertiser. (Unfortunately, I can't test that claim
> now with FF 23, as don't know which "about:config" parameter disables images
> loading :), but on Opera Mobile 12 the Google search field is present with
> images disabled. And no need to go to "opera:config" to do it there, by the
> way.)
>
>
> Thank you!
>
>
> P.S.: I sincerely hope that the other "killing" configurations mentioned in
> http://limi.net/checkboxes-that-kill/ (concerning SSL/TLS, etc.) won't be
> removed in future Firefox versions, or it would, indeed, have "disastrous
> effects" on its users.
>
> If someone is looking for meaningful improvements affecting all users: How
> about the long overdue implementation TLS 1.1 and 1.2 (hopefully
> configurable as now with TLS 1.0), and also "certificate pinning" as done by
> the "Certificate Patrol" extension (
> https://addons.mozilla.org/en-us/firefox/addon/certificate-patrol/ )? (Or
> "key pinning" as Chrome does it?) The latter would require some UI design
> too, but would be a major improvement. As "techie", I like the
> configurability of "Certificate Patrol" in its UI, not "about:config". It
> can easily be made as unobtrusive or "panicy" as one likes, even if it's
> just a once-and-for-ever configuration step.
>
> For "non-techies", it seems that the Firefox "reset to default" button is
> all they'll ever need. Maybe it should be moved out of its current hiding
> somewhere easier findable by them, e.g. an own menu item under "Help" (with
> an appropriate big fat warning)? (I personally have never used it so far,
> but I might need to in future, if I manage to mess up "about:config"
> parameters, deejaying the JS and image settings above in future. So far, I
> have used "about:config" for some "once-and-for-ever" configuration only,
> e.g. some security and privacy related hardening.)
>
> Please don't take this as critic of any future UI changes. Normally, I
> consider Firefox changes to be improvements - e.g. the new "selected search
> engine applies to the whole browser" (i.e. also the address bar), new
> development tools, etc. Neither will I complain about the missing
> "blinking". (It's not in specs, with FF the only one having supported it,
> and there are other specified ways to make things blink. But UI is not
> covered by specs.) This is the first time I consider the change a change for
> the worse. So much as to send my first e-mail to "firefox-dev".
> _______________________________________________
> firefox-dev mailing list
> firefox-dev at mozilla.org
> https://mail.mozilla.org/listinfo/firefox-dev



More information about the firefox-dev mailing list