Javascript blocking

For the last year or so I have been running with JavaScript mostly turned off, and what I have learned is this:

  1. Almost nothing works. 95% of the web just shows you a blank page.

  2. Most sites start working again if you allow one or two JavaScript URLs to load and block all of the others.

  3. Those others are the ones that are super annoying trackers and popups and selection-interceptors and shit.

  4. Most sites host their "render the page" JS locally, but load the "annoy and surveil" JS from outside domains.

  5. Blocking ".js" URLs is better than turning it off entirely, because the <noscript> tag typically just does a table-flip and tells you to fuck off.

Well, Safari 13 kneecapped content filtering by removing Safari Extensions entirely, so JS-Blocker doesn't work any more (it was not very good, but I had a hand-hacked version that I could mostly live with). But now I'm back in an ad-tracking sign-up-popup "let's keep the conversation going" hell again.

Did Apple replace Safari Extensions with anything useful? Does there exist, or can I write, a content filter that blacklists any URL ending in ".js" with whitelisting based on the domain of the parent URL?

This latest indignity is almost enough to make me try out Firefox again -- almost -- but since I am also a heavy iOS user, that's a fucking nightmare. Using a non-Safari browser on iOS is basically impossible (all URLs open in Safari, all app embeds are Safari, all share menus are Safari, etc.) and so using something else on desktop would mean no synchronization of browser history, bookmarks or Reading List between desktop and mobile.

Previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , , , , ,

23 Responses:

  1. Carl W says:

    Have you considered using third party tools for bookmarks and Reading List? Pinboard is really good, IMHO. Pocket is not so bad.

    • jwz says:

      No I have not, because there's no way to make the "Add to Reading List" menu item in literally every application do something different than add to the Safari reading list.

  2. Dave Polaschek says:

    I got tired of futzing with continually fiddling with extensions and blockers and tigers and bears, oh my, so I bought a Pi-Hole and dropped it on my network. Blackholing the trackers and such via DNS works pretty well for me.

    I’m now iOS and RPi only. Intel-free-ish (I’m sure there’s a chip somewhere on my network) feels pretty good.

    • J. Peterson says:

      No longer running Photoshop?

      • Dave Polaschek says:

        Haven’t run Photoshop at home for almost four years. The 10.11.something update borked my Mac, and it was stuck on that OS. I eventually gave up on it and put my 4K monitor on my RPi.

        Last time I powered up the Mac (in March or April) was to rip a CD so I could put it on my iPad.

  3. andr00 says:

    Safari Extensions has been replaced with Safari App Extensions. Instead of Safari Extensions JS, you now have the Safari App Extensions API.

    I used an Apple support incident to ask how to port my tab sorting extension to the new thing and Apple said “hehe cant.” So no more tab sorting extension for Safari.

    They do have a special content blocker API that might do what you want. good luck.

  4. Michael says:

    I have not seen anything in the “App Store” that would do the same thing for Safari. My solution on the Desktop has been to use LittleSnitch and liberally block stuff on first loading. It’s annoying and I have broken some sites that way, but by and large it works well. On iOS of course that does not work.

    • jwz says:

      Little Snitch is great, but it (and Pi Hole) can only block by IP address (or, if you're lucky, by domain name). To match the URL pattern, you need to run in-browser, pre-TLS. There are many domains where you want to block the JS but not the pages themselves. There are many domains where you want to block the JS only when it is loaded by a 3rd-party site but not when you are visiting them directly.

      • Michael says:

        Yeah, it’s not ideal, but in absence of anything like NoScript it’s the best approach I found.

  5. Brennan says:

    Got to see a pitch for this privacy blocker through a friends work event. Seemed pretty on the up an up from an ex-AdGuru guy who was against the advertising tracking JS invasion.

  6. Matt M says:

    If I look at what you want correctly, you want to block all third party .js files. It looks like has a solution in the "Blocking scripts and images outside a domain" section. Just remove the image part.

  7. badc0ffee says:

    This is new to macOS 10.15, but previously existed on iOS. Basically it lets you write a user land process that intercepts and optionally blocks network traffic. Anything that uses WebKit will send URLs (including HTTPS) through your filter.

  8. jgt says:

    I have been using 1Blocker X on desktop and iOS and have had success, even under the new regime of no extensions. It’s $5 IIRC.

    • David K. says:

      1Blocker is supposed to be the best replacement, but it's $10, and it doesn't seem to do anything with YouTube ads or Facebook trackers. I'm manually copy-pasting YT links over to FF, when the need arises. This situation sucks, and it seems like a golden opportunity for someone to make a better mousetrap.

  9. Rich says:

    Is it worth me suggesting a proxy autoconfig file or did you guys mean to leave it stillborn? :-p

  10. grp says:

    On iOS, the app Refine lets you block URLs by regex:

    I don’t know if an equivalent exists for macOS but it should be equally possible since content blockers are also available there.

  11. neuralshock says:

    I'm using Ghostery Lite on Mac + Firefox Focus on iOS, with the Safari integration turned on.

    Unfortunately, both blockers have predefined lists, and I'm not sure whether Ghostery allows custom rules. Focus doesn't.

    • jwz says:

      Also Ghostery's mission is specifically trackers only, not ads and signup dialogs and other toxins.

  12. llcamp says:

    I'm a bit out of my depth here, so apologies if this isn't what you're looking for. AdGuard for Safari under this new extension regime has a custom filter. Will that work?

  13. Warren says:

    I've got Safari 13.0.2

    And there are extensions available

    What do you think has been "kneecapped"?

    Screenshot of my current install of Safari with the App Store view of some available extensions:

    • jwz says:

      Apple removed support for "Safari Extensions". They invented some new, less powerful thing that requires many more App Store hoops before you can make it go. If you still have "Show Extension Builder" on your "Develop" menu you are not running Safari 13. If you want a list of the thousands of extensions that they caused to stop working overnight, LMGTFY.

  14. PDP says:

    Turns out that the CADT model is better than CADM (Clusterfuck of Advertising-Dependent Megacorps).

  • Previously