Data-harvesting, spam bots, targeted advertising, website hacking. What do all these things have in common? Scripts, malicious ones. Since scripts are being used to do such damage to our online privacy and security, it can be easy to think that all scripts are bad and not to be trusted. However, is this the case? What even is a script anyway? In this article, we’ll be answering these questions, as well as providing some tips for how you can better protect yourself from malicious actors while online.
What is a Script?
A script is just the technical term for a piece of code that lives in the browser or on a server, rather than in an operating system. While operating system code has a deep relationship with the CPU, script code has a deep relationship with the user, and is used to perform or automate commands that they receive from the user.
Are All Scripts Bad?
Scripts have undoubtedly been used for nefarious purposes. Hackers can use scripts to steal data, corrupt databases, and even reroute a bank transfer to send money that was originally meant for someone else into their account . Companies are no better, as they use scripts to collect and sell our data, even going as far as to profile users in order to better fine-tune their targeted advertising campaigns. However, despite these alarming truths, not all scripts are malicious or unsafe. Much like how a knife can be used to do both good and bad things – i.e. murder and gastronomy, scripts can also be used for noble purposes. In fact, it’s nearly impossible to find a modern website that don’t use scripts to even the tiniest of capacity.
So, what can scripts be used to do? They can be used to make web pages more interactive and interesting. They does this by performing actions whenever a user clicks the screen or moves the mouse. For example, scripts are used to make the navigation menu appear and then disappear whenever you click the hamburger icon located in the top corner of the screen on a mobile device. They can also be used to dynamically show and hide error messages when filling in a contact form. This interactivity is most necessary and ubiquitous on web applications. Here, scripts help us rate an item 4.5 out of 5 stars instead of 4, scroll through an image carousel, and immediately display our comment on a post without needing to refresh the page.
Tips
As seen from the above examples, a script is only as good or bad as the task it’s meant to achieve. While we embrace the good, what can be done to better protect ourselves from the bad? Below are three easy tips that anybody, no matter their technical acumen, can do.
Switch Your Browser
Instead of using a browser like Chrome or Safari, opt to use a browser such as Firefox or Brave that blocks most harmful scripts right out of the box. If you decide to tinker with the settings and increase the script-blocking power, please keep in mind that it’s not advisable to fully block scripts, as this will disable the harmless ones, rendering many sites either greatly unusable or completely broken.
Install Script-Blocking Plugins
For an additional layer of security, install script-blocking plugins such as uBlock Origin and AdGuard. They can be downloaded from here if using Firefox, and here if using Brave. After clicking on the link, simply search for the above plugins and download them. The link for Brave can also be used to download the same plugins for Chrome, if you decide to not switch browsers.
Avoid Http
Never visit a site that doesn’t have "https" in it’s url and a lock icon in the url bar. The ‘s’ in https stands for secure, signifying that an encryption certificate meant to protect personal user data has been installed on the website.
Takeaway
I hope that this article has helped you better understand website scripts, as well as given you a firm foundation to protect yourself online. If you’d like to know how we at Random Forest Web protect our clients’ websites from malicious script attacks, or what scripts we employ to make our clients’ websites more interesting, please reach out and drop us a line.
Thank you for reading.
