untitled design

Does this transparent extension turn off surveillance? Introducing JavaScript Restrictor

Browsers provide sites with different APIs through which they can receive important metrics and then use them to compose a “portrait” of the user. For example, recently Idle Detection API appeared in Google Chrome – now web pages will know when you are using a PC (recently an article about this was published on the site). This is clearly not the kind of information that should fall into the wrong hands.

The free JavaScript Restrictor extension is built to prevent this. It blocks potentially vulnerable APIs or replaces values ​​with less precise ones (as is the case with location).

How does it work

The extension is supported by popular browsers: Google Chrome and other Chromium-based browsers (Edge, Brave), Firefox and Opera. It is enough to install JavaScript Restrictor from the official store for your browser.

There are four levels of protection to choose from, each with a different filtering severity. So, the zero mode disables all the functionality of the extension altogether. The other three are more complicated.

1st level

Includes minimal protection. According to the developer, this mode makes only those changes that will not “break” the sites. With it, the time values ​​of events are rounded, the accuracy of geolocation is reduced to several hundred meters, the Battery Status API is disabled, which allows sites to receive information about the battery charge level.

2nd level

Most balanced – does not break most sites, but disables many more vulnerable functions. For example, the time of events is rounded up even more, and the location accuracy is already several kilometers.

The operation of rendering graphics and images using JavaScript can be performed differently depending on the device. Thanks to this, the site can create a unique “portrait” of the computer. This tracking method is called Canvas Fingerprinting. The second layer of protection in JavaScript Restrictor protects against this.

The second level of protection (left) and the first (right) – the gamepad is not recognized due to the disabled Gamepad API

In addition, some APIs are disabled: Mixed reality API, Gamepad API, WebVR API. It is worth considering that this will “break” sites where a gamepad or VR headset is actually used. But if this is not so important, then JavaScript Restrictor will save you from creating a detailed “fingerprint” of the browser.

Level 3

Provides maximum protection, but in practice makes the job very difficult. It not only rounds up the time of events, but also produces random values. Like the second level, protects against Canvas Fingerprinting. In addition to gamepads and VR helmets, it blocks the detection of microphones and cameras. Here JavaScript Restrictor enables additional mechanisms to protect memory and disables the geolocation API.

In Google Maps, a similar notification appears every time you move around the map.

As I mentioned above, in this mode it is difficult to comfortably use the browser: every time the site requests the server from JavaScript, a notification appears to approve the action. Such requests are used to update part of the page content without reloading it. The problem is that many sites are actively using it, which is why you have to constantly confirm the action in the pop-up window.

The third level of protection is useful only in some cases, the rest of the second will be enough.

Does the extension protect against surveillance?

Only partially. Disabling some APIs can reduce the number of vulnerabilities, reducing data accuracy increases privacy. However, the extension will not be able to completely protect against the creation of a unique “fingerprint”. There are other ways to obtain personal data from users. And blocking a set of specific APIs can only make it easier to get a browser fingerprint.

You may also like

Get the latest

Stay Informed: Get the Latest Updates and Insights

 

Most popular