@celesteh @pettter I beg to differ, outsourcing javascript to Google _is_ evil and generally dangerous/insecure.

If javascript or remote resource fetching was defaulted to OFF, it could be ok. Also if websites worked reasonably well without javascript (though, vanilla Wordpress has done so at lrast in the past), it might be excusable.

But opt-out surveillance and benefiting an ad company with a bad track record is in most definitions something evil.