JavaScript Restrictor
Increasing Security and Privacy of JavaScript APIs
A JavaScript-enabled web page can access any of the APIs that a web browser provides. The user has only a limited control, and some APIs cannot be restricted by the user easily. JShelter (previously also known as JavaScript Restrictor) aims to improve the user control of the web browser. Similarly to a firewall that controls the network traffic, Jshelter controls the APIs provided by the browser. This project has several goals: (1) the analysis of fingerprinting scripts deployed on the web; based on the study, we want to improve the anti-fingerprinting techniques deployed in the JShelter, (2) improvements in the integration, functional, and unit testing, (3) usability and documentation.
- The project's own website: https://jshelter.org
Why does this actually matter to end users?
As you fire up your computer, laptop or smartphone and click your browser icon to connect to your favorite site, do you know what happens behind the scenes? Modern websites offer their users a ton of functionalities, but it is becoming increasingly difficult to know just how all these slick graphics, popups and interactive elements actually work, and what they do precisely. This is very true for most users, but even those more technically inclined may not be entirely sure what happens on their browsers exactly. Not because they lack the knowledge or tools, but because a lot of these little bits of software that come with visiting particular websites are not transparent.
Simply put, you open a site, your browser is sent some programs that immediately run on your computer and you do not and cannot know what is going on. This poses many problems, not just for user agency and freedom, but also for privacy and security when we have some unrecognizable piece of software from some unknown source run on our system, that might hold sensitive personal data or run vital services. Your browser may know how to protect you from harm, but would it not be better to go straight to the source and decide for yourself what you want to run?
JShelter is a browser extension that helps you regain control by doing exactly what its title suggests: restricting unnecessary and potentially harmful programs from running. When a website tries to find out some information about you or fingerprint your browser or computer, JShelter will make sure only false or if possible, no data at all is sent. The best thing is that the tool will try to do this without breaking the website you visit. That way you can continue to browse as you are used to while being sure you are not tracked or profiled.
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.
