cross-posted from: https://lemmy.world/post/31859998
Please see the cross-post as it is updated.
As a security-conscious user, I’ve used NoScript since Firefox’s early days, but its restrictive nature has become frustrating. I’m often forced to go unprotected just to access websites with multiple scripts running on different domains, which defeats the purpose of using NoScript and balances security and usability that it once provided.
Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?
greatly appreciate any insight
cross-posted from: https://lemmy.world/post/31859998
Please see the cross-post as it is updated.
by sensitive information I’m referring to
Can I prevent javascript from running specific command that retrieve these information?
I found chameleon which spoof local machine operating system + version and browser information. But I’m not sure about other information
Can you link to a source that confirms this information can be collected with JavaScript (with browser comparison, ideally)? That seems outrageous if it was actually possible.
https://amiunique.org/fingerprint
deleted by creator
JavaScript is already sandboxed. You can only execute functions where there is an actual API defined by the browser to do so, for example
Date.getTime(). There is / should be no way to get, say, your device ID. (With the exception of unpatched exploits that allow executing arbitrary code. But keep in mind browsers are likely one of the if not the most security tested software.)What you linked to here appears to specific to Google Tag Manager in a way that I don’t fully understand, but is not related to how websites usually execute JavaScript code.
thank you for the clarification