this post was submitted on 23 Jun 2025
26 points (96.4% liked)

Privacy

3100 readers
172 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 8 months ago
MODERATORS
fxomt
[email protected]
shaytan
[email protected]
26
Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages? (lemmy.world)
submitted 2 weeks ago by [email protected] to c/privacy
11 comments fedilink hide all child comments
 

Original question by @[email protected]

As a security-conscious user, I've used NoScript since Firefox's early days, but its restrictive nature has become frustrating. I'm often forced to go unprotected just to access websites with multiple scripts running on different domains, which defeats the purpose of using NoScript and balances security and usability that it once provided.

Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?

by sensitive information I'm referring to

  • local machine time
  • local machine ram
  • local machine operating system + version
  • local machine hardware
  • Serial Number
  • Hardware ID
  • UUID
  • Windows Device ID
  • Windows Product ID
  • ...

greatly appreciate any insight

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 2 weeks ago (3 children)

local machine time

local machine ram

I'd venture the only way to block those is to either recompile the browser or somehow use a separate Javascript engine that doesn't provide that info, as it's pretty foundational (as some people mention, localtime is accessible simply by constructing a Date object).

[–] outhouseperilous 1 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

Qubes? Every window its own vm?

[–] [email protected] 1 points 2 weeks ago (1 children)

I feel that would be incredibly wasteful (and a browsing session can be several windows, too) for marginal zero or even negative net gain. Browsing would also need to set isolation profiles, because for some tabs, sites or windows you'd certainly want to have access to your localtime (plus it be precise enough). Ditto for each and every potential variable.

The truth is, not everything needs to be containerized.

[–] outhouseperilous 1 points 2 weeks ago

You're right. Wall of pi's and a kvm switch.