Hacker News new | past | comments | ask | show | jobs | submit login

Saying JavaScript is unsafe is like saying driving a car is unsafe. If you intentionally run into a wall sure, it's unsafe.

If you don't trust a site enough to let them use JS do you really trust them enough to send them your leaked data?




JavaScript just adds another thing that could go wrong, in exchange for a potential increase in usability. On a site like this, it's almost certainly not worth it.


Usability is the entire focus of what they are doing. They aim to make it possible for non-programmers/non-sysadmins/non-security geeks to set up their own whistleblowing framework. Think journalists, volunteer orgs, activists, dissenters...


I think the word here is accessibility, not usability. Every step of the process can be made usable without the need for JavaScript.

From a security stand-point, I don't trust whatever JavaScript engine is running, even more when considering non tech-savvy people.

An activist could find himself in a delicate position and discover that many CPU cycles ate away whatever battery was left in their mobile devices, just to display three Canvas elements in a row, with the text "Tulip", "not", "found" in a cool font.

Now the browser can crash due to a flaky HTML5 Canvas implementation in addition to the JS engine.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: