The WWWorst App Store

From LinuxReviews
Jump to navigationJump to search

The modern World Wide Web, and specifically all the non-free JavaScript code used to power it, may be the worst kind of "App Store" since end-users have no control over what software is temporarily installed and executed on their computers.

Original story by Alexandre Oliva. Published 2020-03-18, Originally published 2020-03-18.
This work is available under the Creative Commons Attribution-ShareAlike license.

Javascript spying.jpg
JavaScript. It's not always a good thing to have running on your computer.

Picture the most abusive app store.

Programs in it are meant to run on your own computer.

However, you have to be online to run them.

Every time you start them, they contact the app store.

If there is an updated version, it's installed automatically, no questions asked. You'd rather run the earlier version? Tough.

If the app store decides you're no longer welcome, the program won't start any more.

If the app store servers are offline, or if you are, it won't start either.

Programs in this app store must also hold your data in the app store's servers.

If the program won't start, you can't get to the data on the servers any more.

You may have downloaded backups of your data, but you'd have to figure out how to decode them without the program.

Sounds like a nightmare? It is. But it's also very real.

Well-known app stores are approaching this level of nastiness.

But they are just catching up with the real thing.

The most abusive app store is the business-driven perversion of the old user-empowering distributed hypertext system called "the Web".

Users have been encouraged to adopt "web apps" for much of their computing, paving the way for other app stores to follow suit.

"Web apps" are most often distributed as JavaScript (though Java and Flash have served similar purposes), automatically installed and executed on your browser.

But the problem is not that they're in JavaScript, or that it's your browser that runs them. It's that:

  • you don't have control over what the program does;
  • you don't have control over when you can run it;
  • you don't have control over your own data.

The app store owner takes all that control away from you, thereby gaining control over you.

You lose when the JavaScript code is nonfree software.

But you also lose when it is (nominally) free software!

When the app / web site has so much control over what runs on your computer, the effect "is equivalent to using a nonfree program with surveillance features and a universal back door."

The owner gets all the freedom, and you, the user, get none.

That's not a self-respectful way to do your computing.

It invades your privacy, it keeps you and your data hostage, it takes away your agency and your freedom when it comes to your digital life.

The web used to be a wonderful way to share information.

Web apps and mandatory JavaScript have turned it into the worst app store.

It is time to separate the WWWonderful from the WWWorst practices.

Here are some ways to help:

More generally:

Now, if you wish your site to give its users a taste of how the WWWorst app store feels to us, add to web pages you control the following JavaScriptlet:

    document.body.textContent = 'Please disable JavaScript to view this site.'

If you wish, make "disable JavaScript" a link to this article.

Thanks to Richard Stallman for the inspiration to write about this issue, and for the encouragement to publish it.

Copyright 2021 Alexandre Oliva

Permission is granted to make and distribute verbatim copies of this entire document worldwide without royalty, provided the copyright notice, the document's official URL, and this permission notice are preserved.

(2 votes)



23 days ago
Score 0++

This page claims

> This work is available under the Creative Commons Attribution (CC BY) license.

But the original article was *NOT* published under any CC license. In fact, the license terms (which I'm not allowed to copy-paste here) are very restrictive, only full publication is allowed with no changes and a few extra requirements.

Even quoting parts of the article requires you to invoke fair use. In fact, one could argue that the syntax highlighting of the code block on LinuxReviews does not constitute "verbatim copy" and thus is not allowed. Ironic, coming from someone who claims to be a free software proponent. :)


23 days ago
Score 0++

Huh... The sidebar on the article, through fairly contrived language, suggests that it may also be licensed under CC-BY. But I'm not a lawyer and don't pretend to understand if that language applies to this concrete article or not.

In any case, why bother with this restrictive custom license if it's covered by CC-BY? Seems like pointless obfuscation to me.


23 days ago
Score 0++
His blogs sidebar says it can be used under CC-BY-SA (Attribution ShareAlike) so that's what I used. I could have cared about the more restrictive terms but the "official URL" listed returned 404 for days after he published it in his blog which is why I didn't include it when I re-posted it here (it works now).

Anonymous user #1

23 days ago
Score 0++

There aren't immediately obvious places for comments at or so I'll just leave this here:

Thank You.

I feel like throwing in...

The WWW is a terrible platform for user applications. The bulk of the popular English-speaking WWW itself is independently, uniquely terrible in the 21st century, because everyone has taught and is even more vigorously still teaching each other to do terrible things with it. Dressing up and locking down plain vanilla information by deployment of these so-called applications is a terrible way to pretend to communicate, but "everyone is doing it." Yesterday I was reading another blog post about getting some legitimate Free Software to work, and right at the top of the article is this:

"Table of Contents

activate Javascript to have a table of contents here

Introduction" they decided it was a good idea to run some JS on *everyone else's* machines, presumably to look for all the anchors and produce a list of links to them, instead of doing it once in the software that generated the page or was used to compose it. What the hell happened-- why is anyone doing this? I got a bit more serious in my ranting about it all, just a few weeks ago. If I ever decide put it online, I'll submit a link here. Here's some kerosene, in the meantime:

"We're *all* using the wrong tool for the job, but who cares? Here's how to convince yourself that you still care about your users while you cover their web client in duct tape and hot glue!" https://medi...2b00267b37ac
Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.