As a security-conscious user, I’ve used NoScript since Firefox’s early days, but its restrictive nature has become frustrating. I’m often forced to go unprotected just to access websites with multiple scripts running on different domains, which defeats the purpose of using NoScript and balances security and usability that it once provided.
Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?
by sensitive information I’m referring to
- local machine time
- local machine ram
- local machine operating system + version
- local machine hardware
- Serial Number
- Hardware ID
- UUID
- Windows Device ID
- Windows Product ID
- …
greatly appreciate any insight
If any of that information is critical, you should not be running JavaScript. You should remote into a virtual machine and then browse from there.
Even the tor browser bundle gives away machine architecture
Personally I think a websites requires machine architecture is dubious and necessary, webpage should be functional without those info
your not wrong, but every browser exposes it via javascript. so if that is part of your threat model you can’t use a local browser.