They were so much worse. They’d basically “corrupt” your system state. They were often self replicating and so you’d have to quit the whole browser to make it stop. Sometimes even that wasn’t enough. Sometimes it would grind your PC to a halt and you’d have to reboot.
Isn’t this mostly because browsers in that era didn’t have process isolation (and if you were on a classic Mac, there wasn’t even preemptive multitasking)?
I was also blaming the OS for not having preemptive multi-tasking? And once we've blamed the OS and the browser... not sure who else is in this equation.
The web developer is not in this equation, because I have no way to know their server hasn't been hacked, and hence even if I trust them personally, anything they send me is explicitly untrusted
