If I now find a way to give every domain I visit a completely separated context (cookie store, browser cache, local storage, flash storage, etc., basically like using a separate browser profile for every page I'm using) I'd be at a point where I would feel safe to turn javascript back on as a default.
In my opinion this is by far not enough. I think by default a browser should refuse any 3rd party content. (subdomains of same company don't count as 3rd party, there are public-suffix-lists to determine these) Not images and especially not javascripts. Just give the user a visual hint that the page tried to include stuff from non-trusted domains and give the user the possibility to allow some 3rd-party domains for the page he's currently using.
This is not meant as a way to prevent online advertisement. It would still be possible for web-hosters to point a subdomain or proxy-path to an adprovider. But if they do so this means explicitly hosting and taking responsibility for all scripts and tracking pixels they include in their pages. And also that the ads would not be in the same cookie-context.
Slashdot Mirror
Nice. I'll have to try this asap.
If I now find a way to give every domain I visit a completely separated context (cookie store, browser cache, local storage, flash storage, etc., basically like using a separate browser profile for every page I'm using) I'd be at a point where I would feel safe to turn javascript back on as a default.
In my opinion this is by far not enough. I think by default a browser should refuse any 3rd party content. (subdomains of same company don't count as 3rd party, there are public-suffix-lists to determine these) Not images and especially not javascripts.
Just give the user a visual hint that the page tried to include stuff from non-trusted domains and give the user the possibility to allow some 3rd-party domains for the page he's currently using.
This is not meant as a way to prevent online advertisement. It would still be possible for web-hosters to point a subdomain or proxy-path to an adprovider. But if they do so this means explicitly hosting and taking responsibility for all scripts and tracking pixels they include in their pages. And also that the ads would not be in the same cookie-context.
for i in {1..10}; do (while true; do wget https://poor.server; done)& done
A dedicated tool may be even more efficient, but bash and wget do the trick too.