Google sign-ins will require JavaScript soon - gHacks Tech News

Google sign-ins will require JavaScript soon

Google users who have disabled JavaScript in the browsers that they are using to browse the Internet won't be able to sign-in to their Google accounts anymore soon unless they enable JavaScript for the login process.

Google announced yesterday that it will make JavaScript mandatory on sign-in pages and that it will display a "couldn't sign you in" message to users who have it disabled.

couldnt sign-you in

Internet users disable JavaScript for a number of reasons and most are well aware of the issues associated with that. A browser extension like NoScript blocks JavaScript execution by default to improve user privacy and security on the Internet.

Scripts don't run without JavaScript which reduces or even eliminates tracking, advertisement and malicious attacks.

Websites may load faster and users may save bandwidth if JavaScript is disabled or blocked in the browser. Some sites, however, will break if JavaScript is disabled as they use scripts for some or even all functionality provided.

Google explains that it wants to run a risk assessment during sign-in to Google accounts and that it requires JavaScript for that.

When your username and password are entered on Google’s sign-in page, we’ll run a risk assessment and only allow the sign-in if nothing looks suspicious. We’re always working to improve this analysis, and we’ll now require that JavaScript is enabled on the Google sign-in page, without which we can’t run this assessment.

The company goes on to explain that only 0.01% of Internet users run browsers in which JavaScript is disabled. While Google does not mention it explicitly, most bots on the Internet run with JavaScript disabled to improve performance and avoid detection mechanisms.

Google announced the launch of reCAPTCHA version 3 recently which promises to do away with annoying captchas by running risk assessments and giving sites control over what happens when scores below a set threshold are given.

Google changed the sign-in process in 2013 from the traditional username and password form to a multi-page form. The company enabled a link between sign-ins in its Chrome web browser and Google services on the Internet in 2018.

Closing Words

Some may suggest that Google's motivation for making JavaScript a requirement for account sign-ins is not based entirely on the desire to better protect Google accounts from login-related attacks. Google is an advertisement company first and foremost, and the bulk of advertisement on the Internet relies on JavaScript.

Now You: what is your take on the change?

Summary
Google sign-ins will require JavaScript soon
Article Name
Google sign-ins will require JavaScript soon
Description
Google users who have disabled JavaScript in the browsers that they are using to browse the Internet won't be able to sign-in to their Google accounts anymore soon.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Anonymous said on November 1, 2018 at 6:34 am
    Reply

    Next: Gmail will only usable with JavaScript soon

  2. Anonymous said on November 1, 2018 at 6:53 am
    Reply

    One reason more Google services consistently not to use and block wherever possible.

    https://en.wikipedia.org/wiki/Unobtrusive_JavaScript

  3. Jojo said on November 1, 2018 at 8:11 am
    Reply

    NoScript allows you to choose the specific scripts that you need to run to sign-in.

  4. Anonymous said on November 1, 2018 at 10:25 am
    Reply

    “Some may suggest that Google’s motivation for making JavaScript a requirement for account sign-ins is not based entirely on the desire to better protect Google accounts from login-related attacks. Google is an advertisement company first and foremost, and the bulk of advertisement on the Internet relies on JavaScript.”

    Indeed.

  5. Steve said on November 1, 2018 at 11:21 am
    Reply

    I accept we should always question their motivation but I accept Google’s explanation here.

    As you say Martin only a low percentage block Javascript and I am one of those so it will affect me but I can easily allow Javascript or toggle it.

    I rely on the security of Google and I appreciate them locking their browser down.

  6. John said on November 1, 2018 at 11:25 am
    Reply

    Google’s revenue break down is 86% ad revenue last quarter. Google most likely wants to protect that revenue at all costs. If script blockers affect that then Google will find ways to try and stop it.
    But if you use Google products you shouldn’t expect Google to embrace anything that hurts their bottom line.

  7. John Fenderson said on November 1, 2018 at 4:22 pm
    Reply

    I am very, very picky about what Javascript I allow to run, and I don’t trust any from Google, so I won’t be logging into Google stuff. Fortunately, I only use Google services at work, and only because it’s required there — so I’ll only be exposing my employer’s machines, not mine. Let them take the risk.

  8. ilev said on November 1, 2018 at 5:42 pm
    Reply

    Google is teaming with iRobot to map your home. Google “will not” use the data to sell you ads.
    Remember, some home cleaning robots have cameras.

    1. manouche said on November 2, 2018 at 6:58 am
      Reply

      Some home cleaning robots have secret elephant’s trunk and sniff around for stash. They report live to your local Drug Enforcement Administration.

  9. walton37 said on November 1, 2018 at 5:52 pm
    Reply

    JAVASCRIPT defeats the anonymity of Proxys and VPNs

    GOOGLE always wants to know your real IP Address … to track & catalog you (plus all else it can discover about you)

    You cannot maintain your personal privacy with GOOGLE — JAVASCRIPT is a powerful weapon against your online privacy

  10. Anonymous said on November 1, 2018 at 8:54 pm
    Reply

    “we’ll run a risk assessment and only allow the sign-in if nothing looks suspicious”

    Oh boy, are the going to run reCAPTCHA v3 each time someone logs in? A lot of people, from what I’ve seen, who don’t use Chrome have been getting 0.1 AKA Google thinks they are a bot, but they are not. A phone number is already needed to make an account. Things are getting out of hand in my opinion, at least, for those who care about privacy or who don’t use Chrome (often overlap).

  11. Kevin said on November 1, 2018 at 9:56 pm
    Reply

    As a blind person, Javascript plays all kinds of havoc with screen reading software, not that anyone cares about us, other than to charge us $900 for a screen reading program; which is literally the cost of three budget laptops!

  12. Anonymous said on November 2, 2018 at 2:36 am
    Reply

    Run half a dozen browsers and devices, keep Google, Microsoft and the rest of the social spies off of all but one.

    Furthermore, Google and Microsoft are in blatant violation of the GDPR, they should be fined daily until they comply, or at least be required to disclose all the data they collect so people realize what they’re using. Mainstream users still do not comprehend what these state-controlled surveillance companies are doing.

  13. Sharon said on November 2, 2018 at 5:20 am
    Reply

    The thief requires your key to run a risk assessment of your front door lock.

  14. Antonio Rinaldi said on November 2, 2018 at 8:53 am
    Reply

    Google justification about “risk assessment” is ridiculous.
    No Javascript, no risk. At all. For the user. The only risk is that Google cannot spy enough.

    1. manouche said on November 2, 2018 at 1:33 pm
      Reply

      “No Javascript, no risk.”

      No JavaScript, no commenting eather!

      Alongside HTML and CSS, JavaScript is one of the three core technologies of the World Wide Web. All major web browsers have a dedicted JavaScript engine to execute it.

      Don’t blame the programming language, blame the abuse of JavaSript by a bunch of shady programmers.

      1. John Fenderson said on November 5, 2018 at 5:54 pm
        Reply

        @manouche:

        “Alongside HTML and CSS, JavaScript is one of the three core technologies of the World Wide Web. All major web browsers have a dedicted JavaScript engine to execute it.”

        So what? Almost all website work without enabling Javascript (and I avoid those that don’t). Just because it’s a “core technology” doesn’t mean that we should have to be exposed the the risk that comes from allowing it.

        “Don’t blame the programming language, blame the abuse of JavaSript by a bunch of shady programmers.”

        Define “shady”. An awful lot of objectionable Javascript comes from non-criminal programmers (tracking scripts, for example).

        A don’t actually blame Javascript itself. I blame the very concept of allowing websites to run code in the browser at all. The language used is irrelevant.

  15. ruth mark said on November 3, 2018 at 12:30 pm
    Reply

    Yup, that’s how they will track you. Remember google is, after all, a advertisement company.

  16. SocialMediaGrandpa said on November 3, 2018 at 10:35 pm
    Reply

    In order to run risk assessment we need you to turn on a feature that’s super risky and exposes you to lots of risks and also please remember that by using our service you accept all responsibility for all risk that you risk risking by risking the usa of our risky business.

  17. Steve said on November 7, 2018 at 6:03 am
    Reply

    Most importantly, what happens if the risk assesment gets you wrong and you cannot login? Because it will happen, maybe to a few people, but still. And I will take it further: imagine the day somebody in distress needs to log to a service to send a request for help and the “risk assesment” gets in the middle and trying to validate their identity they die. I know it is extreme, but this kind of unilateral i-do-what-want sh*t some services are pulling, at some point it will be too much.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.