Original question by @[email protected]

As a security-conscious user, I’ve used NoScript since Firefox’s early days, but its restrictive nature has become frustrating. I’m often forced to go unprotected just to access websites with multiple scripts running on different domains, which defeats the purpose of using NoScript and balances security and usability that it once provided.

Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?

by sensitive information I’m referring to

  • local machine time
  • local machine ram
  • local machine operating system + version
  • local machine hardware
  • Serial Number
  • Hardware ID
  • UUID
  • Windows Device ID
  • Windows Product ID

greatly appreciate any insight

  • NaibofTabr@infosec.pubEnglish
    4·
    11 days ago

    I’ve been using JShelter which provides a few different options for handling page load failures. It also works on Firefox mobile.

    A couple notes:

    • You can be fingerprinted by the extensions you have installed in your browser. This is really difficult to circumvent, because if certain pieces of a website’s code never load on your system and never send expected responses to the server then the server definitely knows that. The more uncommon extensions you have installed, the more identifiable you are - and you’re already in a minority as a Firefox user.
    • More and more websites are behind Cloudflare (mostly because of DDoS attacks) and JShelter will typically break Cloudflare’s filter which attempts to block bots. I’ve found that disabling just the fingerprint detector usually allows access to sites that have this protection.