I think the fundamental problem is that most regular people who use the Web don't really care about security. They'll only care about security if they're personally affected in a serious way by a breach. So far, this has not affected enough people in a serious enough way for it to really matter to most regular computer and internet users.
Because of this, there isn't much pressure on browser developers to radically re-imagine browser security. There's a lot more pressure on them to make things convenient and easy.
most regular people who use the Web don't really care about security.
[...]
Because of this, there isn't much pressure on browser developers to radically re-imagine browser security.
True.
Most people do not understand networking enough to ponder the risks.
But why we setup SSL certificates? Why we teach them to not execute programs they receive in email?
There's a lot more pressure on them to make things convenient and easy.
This cannot be a justification, however.
And a safer JavaScript that people opt-in on a web site basis wouldn't make the web worse, but better: easier to use and more convenient to most people.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I think the fundamental problem is that most regular people who use the Web don't really care about security. They'll only care about security if they're personally affected in a serious way by a breach. So far, this has not affected enough people in a serious enough way for it to really matter to most regular computer and internet users.
Because of this, there isn't much pressure on browser developers to radically re-imagine browser security. There's a lot more pressure on them to make things convenient and easy.
True.
Most people do not understand networking enough to ponder the risks.
But why we setup SSL certificates?
Why we teach them to not execute programs they receive in email?
We try to protect them.
To some, it's just a matter of empty marketing.
Others do that as part of a strategy toward centralization or for fear of Law.
Others do that because... they cannot do otherwise.
This cannot be a justification, however.
And a safer JavaScript that people opt-in on a web site basis wouldn't make the web worse, but better: easier to use and more convenient to most people.