I'd argue a more subtle point: JS is fine, it's phoning home with all sorts of personal info siphoned off my PC that is the problem. JS is used to do this usually, but isn't the only way as seen in tracking pixels in JS-less HTML emails.
> I'd argue a more subtle point: JS is fine, it's phoning home with all sorts of personal info siphoned off my PC that is the problem.
No, I think that this case demonstrates that it's JavaScript which is the ultimate problem: cryptomining is a code-execution problem (although there is a network-access component to it, since the mining code needs to get block information & submit block results somehow).
I like to imagine that in a few decades we'll wonder how we ever thought it was a good idea to grant frictionless full-execute privileges to all the code everywhere, but honestly I'm far too pessimistic to believe that we'll ever wake up.
We got rid of Flash, for the most part. But people seem to be in denial of JS being an issue even though it's been used time and time again to bypass security.
Personally, my JS has been disabled since Meltdown/Spectre. There are sites that don't work and some of the big ones that I have more trust in I'll whitelist. But for the most part it stays off.
Exactly. Auto-executing third party code that has network access privileges seems like a massively bad idea, surely? Especially as it's virtually invisible to most users.
