JShelter, the FSF plugin for restricting the JavaScript API

The Free Software Foundation presented the JShelter project, which develops a browser plugin to protect against threats posed by JavaScript on the websites, including hidden identification, movement tracking and collection of user data.

The project code It is distributed under the GPLv3 license. The plugin is ready for Firefox, Google Chrome, Opera, Brave, Microsoft Edge and other browsers based on the Chromium engine.

The project it is being developed as a joint initiative funded by the NLnet Foundation. JShelter has also joined Giorgio Maone, the creator of the NoScript plugin, as well as the founders of the J ++ project and the authors of the JS-Shield and Restricted JavaScript plugins. The JavaScript Restrictor plugin is used as the basis for the new project.

Most modern websites contain an increasing number of programs that the user's web browser automatically downloads and runs as the pages load. While these JavaScript programs can provide functionality to a site in conjunction with native browser features, they are also an important responsibility from both a security and privacy perspective. Additionally, software is generally licensed under unethical terms under FSF standards, disempowering users and hampering learning and security.

JShelter can be thought of as a firewall for JavaScript APIs available for web sites and applications. The complement provides four levels of protection, as well as a flexible configuration mode for API access. The zero level fully allows access to all APIs, the first includes minimal locks that do not interrupt the work of the pages, the second level balances between locks and compatibility, and the fourth level includes strict blocking of everything unnecessary.

The API lock settings can be linked to individual sitesFor example, for one site you can strengthen protection and for another, disable it.

Accessing cookies, making fingerprints to track users across multiple sites, revealing the local network address, or capturing user input before submitting a form are some examples of JavaScript capabilities that can be used in harmful ways. JShelter adds a layer of security that allows the user to choose whether a certain action should be prohibited on a site or if it should be allowed with restrictions, such as reducing geolocation accuracy in the city area. This layer can also help as a countermeasure against attacks targeting the browser, operating system, or hardware levels.

The JShelter project is a free licensed anti-malware browser extension to mitigate potential JavaScript threats. The project website is at https://jshelter.org/. It will ask, globally or by site, if the user allows specific native functions provided by the JavaScript engine and the Document Object Model (DOM). 

As well can selectively lock certain methods, objects, properties and functions JavaScript, or falsify return values ​​(for example, provide false information about the system). Separately, the NBS (network boundary shield) mode is highlighted, which does not allow pages to use the browser as a proxy between external and local networks (all outgoing requests are intercepted and analyzed).

“JShelter will help protect users from critical threats now and will contribute significantly to progress on the necessary long-term culture shift away from unfree JavaScript. This is a project that I have been waiting for years, tired of dealing with all kinds of possible antifeatures in the browsers that I use and distribute, and having to find some countermeasure for them with configuration changes, patches or extensions «, shared Rubén Rodríguez, former FSF chief technology officer. "Being able to wrap the JavaScript engine in a layer of protection is a game changer."

Finally if you are interested in knowing more about it, you can check the details In the following link.

As for those who are interested in being able to install the extension in their browsers, they can obtain it from the following link


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.