[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Reverting firefox-esr upgrade in Buster

On 09/11/2018 03:53, Cindy-Sue Causey wrote:
But... bank account STILL does not work...
It yelled javascript was not enabled and basically*almost*  KICKED me
out IMMEDIATELY because it wasn't available.
Which led to me sitting here thinking... I THOUGHT javascript was
security issue prone to the point folks are trying to wipe it from the
Net. So WHY is a bank so dependent on it that my bank's website almost
seemed to freak that javascript wasn't available???

I use and recommend Firefox with NoScript. Recent NoScript supports WebExtensions, with a new user interface. NoScript blocks JavaScript by default and protects you from a range of threats even for origins from which JavaScript is permitted. With NoScript, you can selectively enable JavaScript for those sites that you trust.

I also use Adblock Plus because ads are a known delivery mechanism for malicious content. The combination of NoScript and Adblock Plus has the side benefit of making we browsing much faster.

If you are paranoid, you can use a dedicated Firefox profile for your internet banking. If you are super-paranoid, you can run Firefox on a dedicated virtual machine. A freshly booted non-writeable live image for each banking session will prevent malicious state from being persisted on the client VM. As long as the host machine has not been compromised, in which case all bets are off.

I like web sites that fail gracefully when JavaScript is disabled. Unfortunately, JavaScript Single Page Applications (SPA) are a plague on the internet. I prefer RESTful architectures.

Kind regards,

Ben Caradoc-Davies <ben@transient.nz>
Transient Software Limited <https://transient.nz/>
New Zealand

Reply to: