This sounds like a knee-jerk reaction that doesn't take into consideration the ramifactions of the suggested policy. It won't stop DDoS attacks, because those exist _because the internet exists_ and unless you dismantle the very concept of interconnected "everyone can reach everyone" networking, all you're doing is locking down access to more and more people until only technical experts or the people with enough money to hire those experts get to use it.
Advocate the other direction: more freedom, including the freedom to say "thank you, browser, for being locked down by default, but I trust this website and I am okay with everything it wants to do".
Instead of locking the web down, let's give users the freedom to put on or remove as many locks as they want to live with. And letting make mistakes with that, too: you don't make things better by taking away important life lessons, either.
This, on the other end of the spectrum, seems overly and naively liberal, when not being paired with a workable solution to the massive body of education required to provide adequate technical sophistication to (what has to be most of) 8 billion people.
>> a workable solution to the massive body of education required to provide adequate technical sophistication
The problem doesn't have to be one of education if it is tackled as a legitimate UI/UX problem and served by a WC3 that supports the needs of end users over corporate partners.
I have NoScript installed on FireFox, and when I visit sites, I individually grant temporary permission to anywhere from one to more than twenty javascript sources. I suspect that I am among the 1% of those willing to make that effort.
I haven't noticed NoScript distinguish between http and https sources for javascript, but perhaps I don't visit sites that pull in javascript via http.
I did this last summer and managed maybe 1-1.5 months until it drove me crazy having to fiddle to get (way too many) sites to work with a minimal amount of accepted JS. Which is a shame, because it's quite a fool proof method of rendering most malicious actors helpless.
Advocate the other direction: more freedom, including the freedom to say "thank you, browser, for being locked down by default, but I trust this website and I am okay with everything it wants to do".
Instead of locking the web down, let's give users the freedom to put on or remove as many locks as they want to live with. And letting make mistakes with that, too: you don't make things better by taking away important life lessons, either.