Love & Hate: JavaScript

With Oracle’s purchase of Sun Labs, the Java and JavaScript programming languages have exploded off the charts. The great news is that Oracle’s direction really cleaned up and optimized the efficiency of Java and JavaScript code. However, that made it a rather superior programming language with a lot of design bells and whistles to use globally… and that’s not necessarily a good thing for anyone who appreciates privacy.

But let’s go back to my first annoyance with JavaScript, which is the code that can be executed on your computer or device instead of taxing the server. It FAILS to work well on iOS devices. Right out of the gate, that’s a horrible user experience for iOS users visiting a website that relies on JavaScript to deliver their content (and so many do!).

Then, if you dare to have JavaScript turned to “off” in your web browser settings, get ready to no longer access a ton of websites (from suddenly entire blank web sites to seeing major content blocks empty, or simply not being able to click a critical action button… all rendering those web sites useless.). But you ask why anyone would turn JavaScript enable to “off” in their settings…

There are plenty of reasons. Let’s start with the fact that JavaScript can turn on your microphone and webcam without you knowing, without any webcam “on” light or any hot mic warning. Your webcam and microphone can be turned on without you knowing even if you have minimized the website doing the snooping. Though, there are other data points they can reach (depending on the programmer’s skill), including browser session history and owner “profile” data.

Add to that, all your keystrokes can also be recorded by JavaScript even without you ever hitting a “Submit” or “Post” or “Login” button. Quite literally, anything YOU type can be captured even without sending it.

With all the beautiful things JavaScript can do to the user interface of a website (really, so many great interactive things), I think the harms it can allow far outweigh its benefits. I wish every website would be sure to include a no JavaScript user experience for their site because some of us do enjoy protecting our data [i.e. your Intel chip serial ID number which is attached to you (thanks to yet another G.W. legislative initiative)], our keystrokes, our device microphones and webcams from strangers and crooks.

Anything and Everything Online Is Hackable

Despite allusions any corporation or government might offer you to convince you that it is okay to type in your personal information on their website, you must remember (please) that anything and everything on the internet is hackable–even the DoD was hacked (by Lulsec).

There are entire armies of hackers (some working for the government and others for organized crime groups) in China, Russia, and (don’t ask me why) Malaysia launching constant attacks against every North American website they can find. I know, because I’m constantly fighting these pests off.

But for you to see how very ‘public’ anything you put online can be, just look to the following:

- December 2013 – Facebook captured posts never posted… http://www.latimes.com/business/technology/la-fi-tn-facebook-can-track-users-unpublished-posts-20131217,0,7847582.story#axzz2nzUmM0fy

- December 2013 – Nearly half a million Chase cardholders compromised by a hack… http://thehackernews.com/2013/12/JPMorgan-Chase-bank-card-hacked_5.html and a little more juice at… http://articles.latimes.com/2013/jun/13/business/la-fi-mo-banks-allegedly-hacked-in-cyberheist-20130613

- November 2013 – 40 Million in-store customers’ credit card data hacked online… http://wtop.com/628/3527975/Target-40M-accounts-may-be-involved-in-breach

- September 2013 – Barclays Bank accounts hacked and money stolen… http://www.telegraph.co.uk/news/uknews/crime/10322536/Barclays-hacking-attack-gang-stole-1.3-million-police-say.html

- 2011 – Sony PlayStation network hacked, not once but twice a lady: http://www.wired.com/gamelife/2011/05/sony-online-entertainment-hack/

This is far from a comprehensive list… but sufficient to show that even the biggest and “safest” corporations have been hacked on a massive scale. Except, the security breaches in the past two years have also included government entities, including student loan accounts. Do you really think it’s safe to have medical records stored online?

Even people not participating in ObamaCare have their records stored online thanks to a George W. Bush digital medical records initiative law… to HELP you get your info hacked. Much more a fool for putting any information into the national health care website since many, many hackers have pointed out there is no real security mechanism in place for that website.

The web is not always your friend, even with a “secure” connection: anything you type on a webpage (even if you do not “submit” it) should be forever considered “public” (including inappropriate photos). Typing financial, medical, or otherwise personally sensitive information should NEVER happen online.

If you choose to make an account or your medical records, address, social security number, date of birth, and any of that available online, then you get what you deserve. You now know you can never trust a website to fully protect it (just read their terms of service because no website or web transaction can ever be fully secure.). That’s the truth… and we all need to stop being willing victims.

Hello World

Making changes to this website, including its purpose and content mission. No rush. Allowing ample time to test concepts and development in sandbox environments. The jack-of-all-trades narrows focus.