Original question by @happeningtofry99158@lemmy.world

As a security-conscious user, I’ve used NoScript since Firefox’s early days, but its restrictive nature has become frustrating. I’m often forced to go unprotected just to access websites with multiple scripts running on different domains, which defeats the purpose of using NoScript and balances security and usability that it once provided.

Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?

by sensitive information I’m referring to

  • local machine time
  • local machine ram
  • local machine operating system + version
  • local machine hardware
  • Serial Number
  • Hardware ID
  • UUID
  • Windows Device ID
  • Windows Product ID

greatly appreciate any insight

  • Vivi@slrpnk.netEnglish
    3·
    8 days ago

    Well, undiscovered vulnerabilities are kind of a special case. You can’t do anything about those except turn off your pc entirely. Using NoScript isn’t necessarily going to help with those.

    • Lucy :3@feddit.org
      2·
      7 days ago

      Depends. I mean stuff like undocumented/hidden properties of Objects leaking more infos than it should, which NoScript does help against. Or creative thinking, like timing certain actions (eg. drawing a canvas) to get a fingerprint and vague information about your system.

      Of course, actual RCE/leaking (eg. arbitrary (process) memory reading) in the JS engine itself is another story.