cross-posted from: https://lemmy.world/post/31859998
Please see the cross-post as it is updated.
As a security-conscious user, I’ve used NoScript since Firefox’s early days, but its restrictive nature has become frustrating. I’m often forced to go unprotected just to access websites with multiple scripts running on different domains, which defeats the purpose of using NoScript and balances security and usability that it once provided.
Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?
greatly appreciate any insight
cross-posted from: https://lemmy.world/post/31859998
Please see the cross-post as it is updated.
I’ve been using ublock origin for the longest time. Set it up in advanced mode and block all 3rd party domains by default. I know it can block individual line items during the js interpretation stage based on matches to plugins like anti-malware scripts. I tend to whitelist some domains I trust on all domains and I’ll even blacklist some domains I don’t ever trust on other domains (like facebook and anything with px in the name).
Ultimately - the more protection you put in place, the more likely you will stand out to fingerprinting. They don’t give a shit about user agent descriptions. They look at things like how does your browser render a semi-transparent pixel when aliased ontop of something else. What HTML5 Canvas features does your browser support. Attempt to run this list of scripts and see which ones fail. All of that helps make a non-unique print of your browser that hints at an identity even without your Windows Device ID.
Would you recommend disabling canvas?
No, not really. I just take an opt-in to js approach to the internet. It won’t perfectly hide me from databroker fingerprinting - but that’s hard to do unless you want to just use TOR for your everyday browser experience and that’s too paranoid for me.