Embedded Linux
Solutions

FAQ -- IDzap.com's Javascript and Security FAQ

  1. What is Javascript?
  2. Is Javascript and Java the same thing?
  3. Javascript sounds great. Anything to worry about?
  4. Should I allow Javascript?
  5. Can you show me examples why Javascript is dangerous to privacy?
  6. Can Javascript be turned off from IDzap.com?
  7. How do I change the Javascript setting using the IDzap.com service?
  8. Can Javascript be turned off from my browser?
  9. How do I turn off Javascript from my browser?

What is Javascript?

Javascript is a scripting language developed by Netscape. It is supported by Netscape Navigator versions 2.0 or later, as well as Internet Explorer versions 3.0 or higher. This is an extension to HTML that provides advanced features such as roll over graphics, validation of data entered in text input boxes, controlling the opening and closing of windows, and so on. It is also an interpretive language in that the web browser interprets line by line when the page is loaded.

Is Javascript and Java the same thing?

No, Java and Javascript are two different languages.

Java was developed by Sun Microsystems, and was meant to be used as a cross-platform language. Java code is typically compiled into an intermediate language called the byte code. To execute the byte code, one needs a Java Virtual Machine that is available for many computing platforms. A Java program can be compiled into an Applet, which can then be incorporated into web pages. When a web page containing an applet is downloaded, the applet code is also downloaded into the browser and then executed at the client machine.

A lot of people think of Java as a subset of C++. Indeed, there is a great deal of similarities between Java and C++. Certain features in C++, e.g. pointers, that can be dangerous in cross-platform applications are not available in Java.

As described in the previous section, Javascript is an interpretative language that is directly written into HTML pages just like HTML tags and commands.

Javascript sounds great. Anything to worry about?

It is true that Javascript greatly enhances the capability of web pages. Many commercial web sites today use Javascript one way or another. However, there are also some security problems in Javascript that the web surfer will want to be aware of.

A number of the security holes with Javascript are described on the W3C World Wide Web Security FAQ. Many of these are privacy related, such as allowing a web page (i.e. the web site) to read files from the user's machine. Fixes of some (but not all) of these security holes are available for download from the browser manufacturers' web sites. The next two questions give additional insight on the problems that can arise with Javascript.

Should I allow Javascript?

This is certainly a personal choice. It is essentially a trade-off between the enhanced web surfing experience due to the advanced features of Javascript, and the potential exposure of personal information due to the security holes.

Although many security holes are already fixed by the browser manufacturers, there are still serious open issues. New security holes are also continuing to come up. One possible compromise could be to turn off Javascript when visiting some unknown and/or obscure sites, and let Javascript to execute for sites coming from well known and respected companies and individuals.

Because of the potential security and privacy risk, we use "disallow Javascript" as the default setting when you use IDzap.com to surf the web. In this case, all Javascript code are commented out, and hence the Javascript code will not execute regardless of the Javascript setting on your browser. You can change the IDzap.com settings very easily by clicking on the "Change settings" button near the top of the web page.

Can you show me examples why Javascript is dangerous to privacy?

It is extremely easy to create Javascript code so that a user is sent to a new web site on certain actions, or on no action at all. The only solution that we are aware of is to turn off Javascript.

To view this example, please leave the Javascript setting of your browser to "on":

  • This example demonstrates that Javascript can route a user to a new site based on mouse movement.

Can Javascript be turned off from IDzap.com?

Absolutely. This is actually the default setting.

If you use IDzap.com as a proxy for browsing, you can select IDzap.com to enable or disable Javascript for you. If you choose to disable Javascript, IDzap.com will comment out all the Javascript code before sending a web page to you from the destination site. If you use IDzap.com to disable Javascript, no Javascript will execute on your browser regardless of your browser setting. Hence, IDzap.com can act as a very effective control gate for you.

Please see the next question on how to change the Javascript settings using IDzap.com.

How do I change the Javascript setting using the IDzap.com service?

The Javascript settings at IDzap.com can be changed as follows:

For the free service,

  1. Click the "Setting" button near the top of a web page delivered by IDzap.com.
  2. You will be shown a new page with buttons denoting "yes" or "no" for Javascript. Click on the desired button.
  3. Click the apply button.
For the IDsecure service, click the "User Preference" button on the top of an IDsecure delivered web page, then configure javascript with the other security parameters.

Can Javascript be turned off from my browser?

Sure, it can be. Please see the next question on how it is done in the popular browsers.

How do I turn off Javascript from my browser?

For Netscape Communicator:

  1. Click on the "Edit" menu.
  2. Click "Preferences..."
  3. Click "Advanced" in the Category box.
  4. In the top box on the right hand side, click the "Enable Javascript" button to alternate between allowing and disallowing Javascript.
  5. Click the "OK" button.

For Netscape Navigator 3.x

  1. Click the "Options" menu.
  2. Click the "Language Tab".
  3. Click the check box "Enable Javascript" to toggle between allowing and disallowing Javascript.
  4. Click the "OK" button.

For Internet Explorer:

  1. Click the "View" menu.
  2. Click "Internet Options..."
  3. Click the "Security" tab.
  4. Click the "Custom (for expert users)" button and then click the "Settings..." button.
  5. Scroll down to the "Active Scripting" section and click the "Disable" button.
  6. Click the "OK" button.
  7. Click the "Apply" button.

IDseal Secure Email Users | IDsecure Subscribers | Subscribe IDseal / IDsecure | Free anonymous surfing | Free Registration
Home | Services | Privacy Statement | Site policy | FAQ | Books | Links | Contact

Copyright of pages retrieved through IDzap resides with the originator of those pages.
IDzap LLC owns the copyright of the IDzap created portion.
Copyright © 1999, 2002, IDzap, LLC. All rights reserved.