JavaScript Restrictor is an open s0urce cross-browser extension designed to improved user privacy by limiting access to APIs of web browsers that websites may use when running JavaScript. The extension is developed by Libor Pol?ák and several contributors, including Giorgio Maone, who is known for the NoScript extension. Development is supported by the European Commission's Next Generation Internet program.
The main goal of the project is to give back some control to users of web browsers when it comes to web browser APIs that may be abused by sites for user tracking and other invasive activities. The extension may block access to APIs that it supports outright, or manipulate the data that is provided to sites.
Various websites collect information about users without their awareness. The collected information is used to track users. Malicious websites can fingerprint user browsers or computers. JavaScript Restrictor protects the user by restricting or modifying several web browser APIs used to create side-channels and identify the user, the browser or the computer. JavaScript Restrictor can block access to JavaScript objects, functions and properties or provide a less precise implementation of their functionality, for example, by modifying or spoofing values returned by the JS calls. The goal is to mislead websites by providing false data or no data at all.
The extension modifies and restricts access to web browser APIs. The list of supported APIs is available on the project's GitHub webpage. It includes HTMLCanvasElement, XMLHTTPRequest, ArrayBuffer, Geolocation API, WebWorker, window.name, navigator.sendBeacon, WebGLRenderingContext and others.
JavaScript Restrictor
JavaScript Restrictor is available for Mozilla Firefox, Google Chrome and Opera, and it works in other Chromium-based browsers such as Brave, Vivaldi or Microsoft Edge as well.
Protection is divided into different levels, with level 2 being the default option for all visited websites. Options to set different levels for sites are provided.
- Level 0 -- no protection
- Level 1 -- minimal protection. Only non-functionality breaking changes are applied
- Level 2 -- recommended protection. More protections are applied. Some sites may break.
- Level 3 -- high level of protection. Full protections are applied.
The full list of protections of the levels is found on the project's GitHub page. Network Boundary Shield is enabled by default. It prevents web pages from using the browser "as a proxy between local network and the public Internet".
The protection encapsulates the WebRequest API, so it captures all outgoing requests including all elements created by JavaScript.
The JavaScript Restrictor extension adds an icon the browser's main toolbar after installation. It displays the current level of protection on the site, and acts as a menu to change the level for that site on activation.
Just switch the level to another value to set a different protection level for the active site. The Network boundary shield may be disabled for the site as well using the action menu.
Closing words
JavaScript Restrictor works in most modern web browsers. It improves user privacy by limiting access to certain browser APIs, which may be abused by sites for tracking and other forms of attacks. Check out the project's website to find out more about it.
Thank you for being a Ghacks reader. The post JavaScript Restrictor: improve privacy by limiting web browser APIs appeared first on gHacks Technology News.
0 Commentaires