$('body').append('<noscript>Please enable javascript in your browser to enjoy all web features.</noscript>');

A saw it this morning. Now i can die.

Alright, I just wanna start off by saying that I'm a huge privacy guy. I hate all kinds of data collection companies like Google/Facebook/Amazon and all that. Yet I'm forced to have a Google account for certain reasons.

But the thing that I want to say is that I often talk to people to express my concerns about privacy. And most people agree and say that "yeah sure that's some scary shit" but don't actually do much about it.

And the thing is. If you just browse through all of the options in your Google account. You can turn off and remove almost all data collection/ad serving and identification options entirely.

And yet purple complain about that Google sees what you buy and shit. Turn everything off. Get and adblocker and get noscript. The single best browser add-on out there. It's almost that easy to get at least acceptable amounts of Internet privacy.

Please, don't ever ignore the significance of in Internet privacy. And the potential issue of net neutrality. Don't be ignorant. Don't be the client.

I fucking hate Angular. I don't know man I've been using NoScript since my balls dropped and I feel like JavaScript is fucking useless (I like Typescript syntactically though).

What drives me nuts is all the frameworks: Think of a word, add .js, search it up... it's theeeeere.

I know I'm not the only one who fucking hate JS, and I don't think there are many people who genuinely love it. Sorry I just wanted to rant and it's 5 a.m.

Today I learned in a cafe why (some) users think that Facebook doesn't allow them data control. Due to drunkness I'm paraphrasing here, but it went something like this:

- I don't trust Facebook, because my posts that I make are visible to people that I didn't want to have it be seen to.

> Audience controls. Use them.

- This guy in town sent me a friend request, why would he be able to??1!1

> He and you share hometown. So probably friend suggestions based on you both explicitly sharing location, or he just visited your profile on name and wanted to get in touch with you. Socializing on the internet, it exists.

That's the kind of user that's roaming the facebooks on the internets and the googles I guess? The type of user that's surprised that their Facebook games and nametests expose information that they explicitly consent to? Give me a break. I care deeply about privacy, but this is just ridiculous.

On a different note, why the fuck is not a single one of those very same fucking Facebook users worried about 25-ish% of websites running their JavaScript (which you can check and block using NoScript and co.), which is the *actual* privacy threat? But muh nametests!!!

Fuck ignorant users!!!

Oh boy, this is gonna be good:

TL;DR: Digital bailiffs are vulnerable as fuck

So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:

The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.

So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!

This is a clusterfuck of javascript files that do horrible things, i'm no expert in frontend but nothing from the homebrewn stuff i inspect seems to be proper coding... Okay... Anyways, we keep pretending we're dumbasses and let's move on.

I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.

Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!

Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...

The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.

But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.

So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)

So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"

So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones

<noscript>
<script>
alert('buenos dias fuckboy')
</script>
</noscript>

So I decided to start using NoScript in Firefox recently, and it's been the most wonderful and annoying experience.

Wonderful - Easy to use whitelist on a domain basis makes it easy to un-break websites I trust while keeping potential malicious JS from other domains out.'

Annoying - Now I get why all the graybeards on Hacker News hate what the modern web has become

Because I am very interested in cyber security and plan on doing my masters in it security I always try to stay up to date with the latest news and tools. However sometimes its a good idea to ask similar-minded people on how they approach these things, - and maybe I can learn a couple of things. So maybe people like @linuxxx have some advice :D Let's discuss :D

1) What's your goto OS? I currently use Antergos x64 and a Win10 Dualboot. Most likely you guys will recommend Linux, but if so what ditro, and why? I know that people like Snowden use QubesOS. What makes it much better then other distro? Would you use it for everyday tasks or is it overkill? What about Kali or Parrot-OS?

2) Your go-to privacy/security tools? Personally, I am always conencted to a VPN with openvpn (Killswitch on). In my browser (Firefox) I use UBlock and HttpsEverywhere. Used NoScript for a while but had more trouble then actual use with it (blocked too much). Search engine is DDG. All of my data is stored in VeraCrypt containers, so even if the system is compromised nobody is able to access any private data. Passwords are stored in KeePass. What other tools would you recommend?

3) What websites are you browsing for competent news reports in the it security scene? What websites can you recommend to find academic writeups/white papers about certain topics?

4) Google. Yeah a hate-love relationship, but its hard to completely avoid it. I do actually have a Google-Home device (dont kill me), which I use for calender entries, timers, alarms, reminders, and weather updates as well as IOT stuff such as turning my LED lights on and off. I wouldn"t mind switching to an open source solution which is equally good, however so far I couldnt find anything that would a good option. Suggestions?

5) What actions do you take to secure your phone and prevent things such as being tracked/spyed? Personally so far I havent really done much except for installing AdAway on my rooted device aswell as the same Firefox plugins I use on my desktop PC.

6) Are there ways to create mirror images of my entire linux system? Every now and then stuff breaks, that is tedious to fix and reinstalling the system takes a couple of hours. I remember from Windows that software such as Acronis or Paragon can create a full image of your system that you can backup and restore at any point to get a stable, healthy system back (without the need to install everything by hand).

7) Would you encrypt the boot partition of your system, even tho all data is already stored in encrypted containers?

8) Any other advice you can give :P ?

A customer specialising in identification and security solutions called today, claiming "they" found malware on their website. Then they provided a weird link to some shady malware scanner, and the "malware" turned to be a <noscript> tag which adds ?noscript to the page url, so we can serve no-JS optimised content. As a bonus, the scanner only detected it on two URLs, even though every single page on the site contains that same line of code.

Joke's on them, have fun paying for priority support outside of the business hours for nothing.

I'm trying to update my addon-list, what are (firefox-)addons you say are a must have? (My focus is on privacy, anti-tracking and shitloads of open tabs)

As of now my addons are:
Adblock plus
DDG privacy essentials
Greasemonkey
Https everywhere
Noscript
Onetab
Privacy badger
Self destroying cookies
Tab suspender

A question to all web devs here: Do you think that the <noscript> tag is necessary nowadays?

Had to add some affiliate JS with a fallback pixel. Put it between noscript tags since thats what the fallback is meant for.

Affiliate Guy: did you implement the fallback?
Me: Did you turn of javascript?
AG: I've just talked to our developers, they say we can't turn of javascript or something
Me: <headdesk>

Are these people retarded

Is client side rendering really that bad? Do you prefer sites without any JavaScript or are you ok with it?

To me it's very convenient to have JS in very dynamic pages. For things like documentation I think server side rendered pages are good enough. I mean it's 2017, right? Do we really need to care for those who deactivate JS? I mean I really like it to separate the front end backend.

What do you think?

How can I use eval() in php to Java scripting ??

I want website noscript slider, possible???

How much should I try to cater to noscript users? Some situations are just not practical without some js (Ajax and friends can sometimes be the only practical option).