this extension could help me use extensions that I don’t trust but need their funcitonality

as you didn’t answer my question so I will ask you again

If you dont even care why paste your comment under my other cross post?

The downvotes say otherwise.

The downvotes means nothing without coherent logic

The onus is on you to provide Apple is worse for privacy than android.

I don’t have the responsibility to show you why you are wrong

good luck

Sincere thanks

Thank you very much for the e

thank you you seem to understand very much about windows and computer. May I ask

How to run something you don’t trust without performance lost?

How to restrict software permission with open source software?

If you don’t want to type please provide videos and articles you read before that address my question

I’m keen to read

Thank you

thanks

does this mean software with admin privilege only have access to user folder not root folder of C drive?

thank you for your information, would you say JShelter does everything Chameleon do (including spoofing) so that if I use JShelter I don’t have to use Chameleon?

trustworthy personal firewall

what do you use?

Programs can be restricted by filesystem permissions and the OS firewall, and not running them as admin

can you explain how to do this?

steam games for example are nearly impossible to run without admin, can I restrict filesystem permissions for these software?

what about other program?

@Rikudou_Sage@lemmy.world

this is absolutely horrorstruck

is there a way to prevent this?

for instance is there a way to run steam on windows without giving it access to any of access it shouldn’t have?

I think there might be a bit of misunderstanding about what those permissions mean. The extensions just need to be able to “see” the contents of a web page in order to be able to hide ads, change font & background colors, edit URLs, or redirect resource requests. There is no other way for them to perform those functions unless they have permission to read the original data presented by websites you visit.

Thanks a lot

Answered by @listless@lemmy.cringecollective.io

Web pages are not allowed to list your extensions. They can indirectly surmise you have certain extensions based on how your requests differ from expectations. For example, if they have advertisements, but your browser never actually makes any requests to load the images, CSS, JS or HTML for the advertisements, they can deduce you have an ad-blocker. That’s a datapoint they now have to ID you: “has an ad-blocker”

Now let’s say they have an ad they know AdBlockPlus allows, but uBlock Origin doesn’t. They see your browser doesn’t load that ad. Another datapoint: “Not using AdBlockPlus”.

Based on what requests go back and forth between your browser and their servers, they map out a unique fingerprint.

Do you have a real need to prevent this data from being collected

maybe

or are you investigating just for best practice advice?

yes

There are a lot of posts like this where people overestimate the threat model they have and insist on needing to block things that are nearly impossible to, or at least have significant tradeoffs like you are dealing with now

could you explain why it is nealy impossible from only blocking javascript from attaining "local machine operating system + version "? I don’t think this kind of information is relevant for webpage displaying. I dont think webpage will break if we ban js from doing so

I would assume you could technically fork localCDN (replaces remote javascript libraries with local copies) and then manually edit the local javascript library copies to remove the calls you are concerned about.

that could work I guess when I have enough js knowledge

There’s also options like uBlock Origin’s methods of only whitelisting specific scripts. Much more flexible than NoScript. You can block scripts that are third party and only allow site specific ones fairly easily, without digging deep into the settings.

is it possible to adjust uBlock Origin whitelisting and disallow js that retrieve "local machine operating system + version " from running?

Bear in mind that your specific combination of installed extensions can also be a unique identifier though.

Does this mean website can see all the extensions I installed?

I see, could you link to an article or video that explains more about how this is achieved? Is there a browser extension to disable a website from accessiing localhost connection?

Use a socksv5 proxy with your browser so it can’t connect to localhost

Website is able to get info of localhost?

Does this mean they are able to see what docker container I’m hosting?

from my understanding it is a dns blocker, not sure how it is related though, could you elaborate?

Personally I think a websites requires machine architecture is dubious and necessary, webpage should be functional without those info