As a security-conscious user, I've used NoScript since Firefox's early days, but its restrictive nature has become frustrating. I'm often forced to go unprotected just to access websites with multiple scripts running on different domains, which defeats the purpose of using NoScript and balances security and usability that it once provided.

Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?

greatly appreciate any insight

cross-posted from: https://lemmy.world/post/31859998

Please see the cross-post as it is updated.

you are viewing a single comment's thread
view the rest of the comments

[–] fubarx@lemmy.world 2 points 14 hours ago

A lot of the Javascript attributes used for fingerprinting are used to decide WHAT to render and to cache settings so things work smoothly the next time you come back.

For example, the amount of RAM, your WebGL settings and version, presence of audio, mic, and camera, and screen dimensions are all relevant to a game, a browser-based video-conferencing app, or WebASM based tools like Figma.

And unless you want an app to do a full check each time it returns to foreground, it will likely cache those settings in a local store so it can quickly look it up.

If the app needs to send some of this data to the cloud so the server changes what it sends up, they now also have your IP address, rough reverse IP coordinates via ISP, and time. You can use VPN or Tor to obfuscate IP addresses, but you have to remember to turn that on each time you use the app, and in the case of VPN, to disconnect/reconnect to a random server to semi-randomize your IP (or use Tor, which does this for you).

But to answer the first question, changing or disabling those settings could break a bunch of features, especially Single-Page Applications, those using embedded analytics, or any amount of on-device graphics.