As a security-conscious user, I’ve used NoScript since Firefox’s early days, but its restrictive nature has become frustrating. I’m often forced to go unprotected just to access websites with multiple scripts running on different domains, which defeats the purpose of using NoScript and balances security and usability that it once provided.
Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?
by sensitive information I’m referring to
- local machine time
- local machine ram
- local machine operating system + version
- local machine hardware
- Serial Number
- Hardware ID
- UUID
- Windows Device ID
- Windows Product ID
- …
greatly appreciate any insight
Javascript can’t generally access your local machine directly, but scoped local data like cookies are available. What in particular are you nervous about? You could run your browser in a virtual machine?
by sensitive information I’m referring to
Can I prevent javascript from running specific command that retrieve these information?
You could monkeypatch some javascript functions like the constructor Date types, but there will always be things not thought of that will leak date info. Hardware identifiers are quite difficult to get in javascript and several browsers already obfuscate that info.
Honestly if you’re very concerned, I really do think a virtual machine is your absolute safest approach, obviously the browsing experience is worse.
Check out amiunique.org to see what fingerprinting is generally available in your current browser