This forum is not really functional without javascript. Javascript is a major vector for browser fingerprinting. It is also a vector for malware. Turning off javascript is especially recommended when using Tor browser, based on firefox, which is allegedly less systemically secure than chromium-based browsers.
But this forum uses Discourse, which has heavy reliance on javascript!
Why did you not decide to use different forum software, like phpBB? phpBB can use javascript but is perfectly functional without using javascript.
Discourse is the industry standard for online forums like this. It has a lot of great features and functionality that is needed for an online discussion space.
This is a non issue for the vast majority of people if not everyone. If JS is your issue, then web browsing is almost impossible and just a handful of folks will actually find it a dealbreaker.
But thatās as far as I know. I could be wrong if thereās another rationale.
I canāt speak on behalf of Techloreāand I would also be interested to hear what factors led to the selection of Discourse and what other platforms were consideredābut the reason I personally would probably choose Discourse or another modern take on forum software (beyond the fact that it is open source) is it feels like it has a lot of quality of life and usability improvements and features, that make it a lot nicer to use, compared to the older forum software from the 90s and Y2K era.
Also consider that: Tor Project, Whonix, Qubes, GrapheneOS all use Discourse for their community forums as well. In my opinion, Techlore is much much further down on the spectrum of severity with respect to the average memberās threat model and risk compared to these other communities. If it is secure enough for them, it seems like it should be reasonably considered secure enough for us.
Are you aware of any other forum software that doesnāt rely on JS and feels both modern and featureful and is also open source?
edit: FWIW, Iām sympathetic to your concerns, and I am one of the tiny āhandful of folksā that @anon52464727 alluded to that blocks most JS by default (actually only 3rd party JS which is a lot less extreme than blocking JS outrightā¦ but stillāon the spectrum)
I feel like you are not thinking rationally. It is a common misbelief that JavaScript is the big bad, and I blame uninformed and often paranoid people for brainwashing uninformed people into believing this. It is not, but people can undoubtedly be! As any technology, it can be misused. JavaScript is a great programming language, especially when used for the sake of good, and I believe that the software this forum runs on is trustworthy, i.e. quite reputable, and is also widely used by also trustworthy and reputable projects.
I donāt share @concerneduser 's concern about JS for this forum in particular but I think you may be unintentionally being (or at least coming across as) somewhat overly reductive/dismissive (and black & white) in your characterization of their concerns.
While others elsewhere may have made extreme blanket statements about the ābadnessā of JS, I donāt think that @concerneduser did that here. They didnāt proclaim āJavascript BAD, Techlore BAD for using JSā, they asked a (mildly loaded) question, based on two specific assumptions they have about JS:
Do you disagree with either of those specific assertions?
As far as I understand it, neither of those statements is especially controversial.
Well, I am sorry you got such an impression.
I am absolutely not trying to minimize their concerns, and frankly, I have a concern of my own about the forum. I noticed that not all scripts are served directly from the forum, e.g. the Stripe scripts.
I feel like that is bad practice and that the user should be questioned whether to allow loading them or not, since they are unnecessary for the forum to work.
I would worry less about the scripts coming directly from the forum and scripts required for functionality of the forum because Discourse is free and open-source software. But indeed, if the forum somehow gets compromised, its scripts could be modified to implement some kind of user tracking or deanonymization techniques in such a scenario.
In all honesty, I am not quite sure what to respond with. I am neutral.
I do not deny the fact that JavaScript is being used for fingerprinting, however. Which you may take as an answer to your question, i.e. I do not disagree. But when it comes to malware, it is being written in other programming languages too, and perhaps much more than using JavaScript.
Just fyi when I have noscript on and I try to log in in Firefox (blocking stripe) the website stops responding and on occasions it also bork the browser so that I have to restart it. Other discourse forums do not have this issueā¦
Iām not techlore staff but I suspect that the stripe scripts are for the Techlorian subscription stuff. Either the purchase of it or checking if a user has purchased it.
I also want to add that, to my knowledge. Firefox does not implement a sandbox on mobile. So tor browser also does not implement a sandbox on mobile. Therefore, if I want to use tor browser on mobile, I should stick to using the safest security level, which disables javascript. But if I do that, I cannot read this forum on tor browser on mobile.