Symfony Profiler

{
    "@context": [
        "https:\/\/join-lemmy.org\/context.json",
        "https:\/\/www.w3.org\/ns\/activitystreams"
    ],
    "actor": "https:\/\/lemmy.ml\/c\/privacy",
    "to": [
        "https:\/\/www.w3.org\/ns\/activitystreams#Public"
    ],
    "object": {
        "id": "https:\/\/lemmy.world\/activities\/update\/d3a16b26-daa0-4355-82ed-20dbe86cece9",
        "actor": "https:\/\/lemmy.world\/u\/happeningtofry99158",
        "@context": [
            "https:\/\/join-lemmy.org\/context.json",
            "https:\/\/www.w3.org\/ns\/activitystreams"
        ],
        "to": [
            "https:\/\/www.w3.org\/ns\/activitystreams#Public"
        ],
        "object": {
            "type": "Page",
            "id": "https:\/\/lemmy.world\/post\/31859998",
            "attributedTo": "https:\/\/lemmy.world\/u\/happeningtofry99158",
            "to": [
                "https:\/\/lemmy.ml\/c\/privacy",
                "https:\/\/www.w3.org\/ns\/activitystreams#Public"
            ],
            "name": "Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?",
            "cc": [],
            "content": "<p>As a security-conscious user, I\u2019ve used NoScript since Firefox\u2019s early days, but its restrictive nature has become frustrating. I\u2019m often forced to go unprotected just to access websites with multiple scripts running on different domains, which defeats the purpose of using NoScript and balances security and usability that it once provided.<\/p>\n<p>Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?<\/p>\n<p>by sensitive information I\u2019m referring to<\/p>\n<ul>\n<li>local machine time<\/li>\n<li>local machine ram<\/li>\n<li>local machine operating system + version<\/li>\n<li>local machine hardware<\/li>\n<li>Serial Number<\/li>\n<li>Hardware ID<\/li>\n<li>UUID<\/li>\n<li>Windows Device ID<\/li>\n<li>Windows Product ID<\/li>\n<li>\u2026<\/li>\n<\/ul>\n<p>greatly appreciate any insight<\/p>\n<hr \/>\n<p>EDIT:<\/p>\n<p>could be possible solution<\/p>\n<p><a href=\"https:\/\/discuss.grapheneos.org\/d\/16025-vanadium-and-what-to-use-on-desktop\/19\">discuss.grapheneos.org\/d\/\u2026\/19<\/a><\/p>\n<ul>\n<li><s>LibreJS: GNU LibreJS aims to address the JavaScript problem described in Richard Stallman\u2019s article The JavaScript Trap.<\/s><\/li>\n<li><a href=\"https:\/\/jshelter.org\/\" rel=\"nofollow\">JShelter<\/a>: Mitigates potential threats from JavaScript, including fingerprinting, tracking, and data collection. Slightly modifies the results of API calls, differently on different domains, so that the cross-site fingerprint is not stable. Applies security counter-measures that are likely not to break web pages. Allows fine-grained control over the restrictions and counter-measures applied to each domain.<\/li>\n<\/ul>\n<hr \/>\n<p><a href=\"https:\/\/swg-empire.de\/u\/bjoern_tantau\" rel=\"nofollow\">@bjoern_tantau@swg-empire.de<\/a><\/p>\n<blockquote>\n<p>Most of those things cannot be collected through JavaScript.<\/p>\n<p>Local time can.<\/p>\n<p>RAM can only be approximated to protect user privacy. Edit: And it\u2019s not available on Firefox.<\/p>\n<p>OS+version are already in your browser\u2019s user-agent string that is sent out with every request you make.<\/p>\n<p>Machine hardware cannot be enumerated. JavaScript can try to guess your GPU based on what it can do with WebGL.<\/p>\n<p>There is no way to get a serial number or similar.<\/p>\n<\/blockquote>\n<p>To spoof timezone\/OS+version\/browser+version \u2026 and disable WebGL, use <a href=\"https:\/\/sereneblue.github.io\/chameleon\/\">sereneblue.github.io\/chameleon\/<\/a><\/p>\n<ul>\n<li><a href=\"https:\/\/lemmy.world\/post\/31885153\">lemmy.world\/post\/31885153<\/a><\/li>\n<\/ul>\n",
            "mediaType": "text\/html",
            "source": {
                "content": "As a security-conscious user, I've used NoScript since Firefox's early days, but its restrictive nature has become frustrating. I'm often forced to go unprotected just to access websites with multiple scripts running on different domains, which defeats the purpose of using NoScript and balances security and usability that it once provided.\n\nIs there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?\n\nby sensitive information I'm referring to\n- local machine time\n- local machine ram\n- local machine operating system + version\n- local machine hardware\n- Serial Number\n- Hardware ID\n- UUID\n- Windows Device ID\n- Windows Product ID\n- ...\n\ngreatly appreciate any insight\n\n---\n\nEDIT: \n\ncould be possible solution\n\nhttps:\/\/discuss.grapheneos.org\/d\/16025-vanadium-and-what-to-use-on-desktop\/19\n- ~~LibreJS: GNU LibreJS aims to address the JavaScript problem described in Richard Stallman's article The JavaScript Trap.~~\n- [JShelter](https:\/\/jshelter.org\/\n): Mitigates potential threats from JavaScript, including fingerprinting, tracking, and data collection. Slightly modifies the results of API calls, differently on different domains, so that the cross-site fingerprint is not stable. Applies security counter-measures that are likely not to break web pages. Allows fine-grained control over the restrictions and counter-measures applied to each domain.\n\n---\n\n[@bjoern_tantau@swg-empire.de](https:\/\/swg-empire.de\/u\/bjoern_tantau) \n> Most of those things cannot be collected through JavaScript.\n> \n> Local time can.\n> \n> RAM can only be approximated to protect user privacy. Edit: And it\u2019s not available on Firefox.\n> \n> OS+version are already in your browser\u2019s user-agent string that is sent out with every request you make.\n> \n> Machine hardware cannot be enumerated. JavaScript can try to guess your GPU based on what it can do with WebGL.\n> \n> There is no way to get a serial number or similar.\n\nTo spoof timezone\/OS+version\/browser+version ... and disable WebGL, use https:\/\/sereneblue.github.io\/chameleon\/\n- https:\/\/lemmy.world\/post\/31885153\n",
                "mediaType": "text\/markdown"
            },
            "attachment": [],
            "sensitive": false,
            "published": "2025-06-23T12:28:02.039590Z",
            "updated": "2025-06-23T21:26:25.399410Z",
            "audience": "https:\/\/lemmy.ml\/c\/privacy",
            "tag": [
                {
                    "href": "https:\/\/lemmy.world\/post\/31859998",
                    "name": "#privacy",
                    "type": "Hashtag"
                }
            ]
        },
        "cc": [
            "https:\/\/lemmy.ml\/c\/privacy"
        ],
        "type": "Update",
        "audience": "https:\/\/lemmy.ml\/c\/privacy"
    },
    "cc": [
        "https:\/\/lemmy.ml\/c\/privacy\/followers"
    ],
    "type": "Announce",
    "id": "https:\/\/lemmy.ml\/activities\/announce\/update\/b35808a8-d3dc-422a-a6cd-3232833e8d7d"
}

{"@context":["https://join-lemmy.org/context.json","https://www.w3.org/ns/activitystreams"],"actor":"https://lemmy.ml/c/privacy","to":["https://www.w3.org/ns/activitystreams#Public"],"object":{"id":"https://lemmy.world/activities/update/d3a16b26-daa0-4355-82ed-20dbe86cece9","actor":"https://lemmy.world/u/happeningtofry99158","@context":["https://join-lemmy.org/context.json","https://www.w3.org/ns/activitystreams"],"to":["https://www.w3.org/ns/activitystreams#Public"],"object":{"type":"Page","id":"https://lemmy.world/post/31859998","attributedTo":"https://lemmy.world/u/happeningtofry99158","to":["https://lemmy.ml/c/privacy","https://www.w3.org/ns/activitystreams#Public"],"name":"Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?","cc":[],"content":"<p>As a security-conscious user, I’ve used NoScript since Firefox’s early days, but its restrictive nature has become frustrating. I’m often forced to go unprotected just to access websites with multiple scripts running on different domains, which defeats the purpose of using NoScript and balances security and usability that it once provided.</p>\n<p>Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?</p>\n<p>by sensitive information I’m referring to</p>\n<ul>\n<li>local machine time</li>\n<li>local machine ram</li>\n<li>local machine operating system + version</li>\n<li>local machine hardware</li>\n<li>Serial Number</li>\n<li>Hardware ID</li>\n<li>UUID</li>\n<li>Windows Device ID</li>\n<li>Windows Product ID</li>\n<li>…</li>\n</ul>\n<p>greatly appreciate any insight</p>\n<hr />\n<p>EDIT:</p>\n<p>could be possible solution</p>\n<p><a href=\"https://discuss.grapheneos.org/d/16025-vanadium-and-what-to-use-on-desktop/19\">discuss.grapheneos.org/d/…/19</a></p>\n<ul>\n<li><s>LibreJS: GNU LibreJS aims to address the JavaScript problem described in Richard Stallman’s article The JavaScript Trap.</s></li>\n<li><a href=\"https://jshelter.org/\" rel=\"nofollow\">JShelter</a>: Mitigates potential threats from JavaScript, including fingerprinting, tracking, and data collection. Slightly modifies the results of API calls, differently on different domains, so that the cross-site fingerprint is not stable. Applies security counter-measures that are likely not to break web pages. Allows fine-grained control over the restrictions and counter-measures applied to each domain.</li>\n</ul>\n<hr />\n<p><a href=\"https://swg-empire.de/u/bjoern_tantau\" rel=\"nofollow\">@bjoern_tantau@swg-empire.de</a></p>\n<blockquote>\n<p>Most of those things cannot be collected through JavaScript.</p>\n<p>Local time can.</p>\n<p>RAM can only be approximated to protect user privacy. Edit: And it’s not available on Firefox.</p>\n<p>OS+version are already in your browser’s user-agent string that is sent out with every request you make.</p>\n<p>Machine hardware cannot be enumerated. JavaScript can try to guess your GPU based on what it can do with WebGL.</p>\n<p>There is no way to get a serial number or similar.</p>\n</blockquote>\n<p>To spoof timezone/OS+version/browser+version … and disable WebGL, use <a href=\"https://sereneblue.github.io/chameleon/\">sereneblue.github.io/chameleon/</a></p>\n<ul>\n<li><a href=\"https://lemmy.world/post/31885153\">lemmy.world/post/31885153</a></li>\n</ul>\n","mediaType":"text/html","source":{"content":"As a security-conscious user, I've used NoScript since Firefox's early days, but its restrictive nature has become frustrating. I'm often forced to go unprotected just to access websites with multiple scripts running on different domains, which defeats the purpose of using NoScript and balances security and usability that it once provided.\n\nIs there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?\n\nby sensitive information I'm referring to\n- local machine time\n- local machine ram\n- local machine operating system + version\n- local machine hardware\n- Serial Number\n- Hardware ID\n- UUID\n- Windows Device ID\n- Windows Product ID\n- ...\n\ngreatly appreciate any insight\n\n---\n\nEDIT: \n\ncould be possible solution\n\nhttps://discuss.grapheneos.org/d/16025-vanadium-and-what-to-use-on-desktop/19\n- ~~LibreJS: GNU LibreJS aims to address the JavaScript problem described in Richard Stallman's article The JavaScript Trap.~~\n- [JShelter](https://jshelter.org/\n): Mitigates potential threats from JavaScript, including fingerprinting, tracking, and data collection. Slightly modifies the results of API calls, differently on different domains, so that the cross-site fingerprint is not stable. Applies security counter-measures that are likely not to break web pages. Allows fine-grained control over the restrictions and counter-measures applied to each domain.\n\n---\n\n[@bjoern_tantau@swg-empire.de](https://swg-empire.de/u/bjoern_tantau) \n> Most of those things cannot be collected through JavaScript.\n> \n> Local time can.\n> \n> RAM can only be approximated to protect user privacy. Edit: And it’s not available on Firefox.\n> \n> OS+version are already in your browser’s user-agent string that is sent out with every request you make.\n> \n> Machine hardware cannot be enumerated. JavaScript can try to guess your GPU based on what it can do with WebGL.\n> \n> There is no way to get a serial number or similar.\n\nTo spoof timezone/OS+version/browser+version ... and disable WebGL, use https://sereneblue.github.io/chameleon/\n- https://lemmy.world/post/31885153\n","mediaType":"text/markdown"},"attachment":[],"sensitive":false,"published":"2025-06-23T12:28:02.039590Z","updated":"2025-06-23T21:26:25.399410Z","audience":"https://lemmy.ml/c/privacy","tag":[{"href":"https://lemmy.world/post/31859998","name":"#privacy","type":"Hashtag"}]},"cc":["https://lemmy.ml/c/privacy"],"type":"Update","audience":"https://lemmy.ml/c/privacy"},"cc":["https://lemmy.ml/c/privacy/followers"],"type":"Announce","id":"https://lemmy.ml/activities/announce/update/b35808a8-d3dc-422a-a6cd-3232833e8d7d"}