The better advice is imo to keep your browser up-to-date. JS exploits have been come increasingly rare these days, mostly due to Chrome's excellent example of patching quickly and paying good money for exploits (e.g. Pwn2Own). JS 0days are imo far too valuable now to waste them on normal users. So no, disabling JS wouldn't make much sense, if your have an evergreen browser. Disable Flash & Java and try to minimize downloads is the security advice I give nowadays. Also don't install anything unless you absolutely have to (there are plenty of good in-browser options for programs we used to install, e.g. for file conversion).

What do the JS 0days get used for nowadays?

Attacking high-value dissidents: https://blog.lookout.com/blog/2016/08/25/trident-pegasus/

JS is not the only attack surface in a browser. There have been exploitable bugs in image parsers, font renderers, etc. Tracking is possible without JS as well.

Maybe try lynx?

I'd assume Chrome is safer than Lynx these days, to be honest.

Not to mention the fact that using Lynx makes you unique enough for it to be a useful tracking indicator.

> Maybe try lynx?

Or just use VPS when surfing the web.

Or surf from a VM on your machine.

I used to do this on linux, as I had copies of my windows VM and I would just browse from the windows box on another screen and then work from the linux one on the main screen

Yes! I meant VM. I was just setting up some VPS and mistyped it.

Or better still noScript blocks all js by default and you only whitelist the sites you trust. Throw in a Ghostery for cookies and you are reasonably good to go.

And make sure your browser is updated as well ^^