New Update JShelter - JavaScript Restrictor

Add-on/Extension Page
https://jshelter.org/

oldschool

Level 80
Verified
Top Poster
Well-known
Mar 29, 2018
6,965
Update to 0.15.2
JShelter: Release history

Still using this at default settings in Chrome/Edge browsers with no problems whatsoever.
 

oldschool

Level 80
Verified
Top Poster
Well-known
Mar 29, 2018
6,965
JShelter: Release history Updated to v0.16
  • Remove Workers in Recommended JSS level to make JShelter compatible with some pages. This change might be reverted when Pagure issue 80 is solved.
  • FPD: Add possibility to learn the calling stack of functions that lead to the tracked APIs (Pagure issue 52). This information can be used to create block list or to study the calling code and its effects.
  • FPD: Fix browser overloading by FPD messages by HTMLElement.prototype.offsetHeight and offsetWidth wrappers that might have crashed browsers.
  • FPD: code cleanup
 
F

ForgottenSeer 97327

@ oldschool
Yes, seems they geared the default/recommended towards usability (y) Although I am uncertain about the "network boundery shield". Lately uBO dropped that filter (protect network). Also I cheched an adult website and a news website which both triggered warnings in the past. Now they stay at 3 (adult) and 4 blocks (news website). I have tested JShelter in the past and think to remember that 5 warnings triggered a red alert and a value above three made JShelter color yellow (with the warning that this website likely fingerprinted you). JShelter still triggers a warning for browserleaks.com (r.g. canvas fingerprint), indicating that they have improved userability. (y)
 
Last edited by a moderator:

oldschool

Level 80
Verified
Top Poster
Well-known
Mar 29, 2018
6,965
they have improved userability. (y)
That's their main objective with updates, aside from adaptation to changes in browser code, APIs, etc.
At the same time, we are aware of several JShelter bugs and issues. We are working on making JShelter bug-free. We do not want to break benign pages. Fixing some issues takes time. Other issues need balancing between several options. JShelter is meant to be used with (ad)blockers like uBlock Origin. Using a blocker will make your online activities considerably safer. At the same time, it will make JShelter break fewer sites.


Right now, JShelter will need more interaction from you than we would prefer. Some protection needs improvements. Some functionality needs to be included. When we achieve the state of fixing the bugs and making JShelter easy to manage, we will release version 1.0. If you are unwilling to tweak JShelter occasionally, consider returning once we release version 1.0. Otherwise, try other options.
 
F

ForgottenSeer 97327

I believe you are correct sir, but I can't remember ATM.
The pop-up screen now also mentions how many API's are misused. Seems they have redesigned and improved the blocking/warning logic.

1697962017007.png
 
Last edited by a moderator:
F

ForgottenSeer 97327

Its not very popular extension thats why im considering of using it, feels like its like trace used to be ( trace discontinued in 2021) Atleast the extension is recommended on the chrome store
There are a few reasons why it is/was not popular:
1. When JShelter started, they set the defaults to tight (e.g. blocking third-party XMLHTTPrequest) which sort of made it a hard to use extension.
2. Although it is hyped a lot (fingerprinting), it is not much used in daily practice (advertisers have enough other means to track you).
3. Some of their API-wraps were relatively CPU expensive, negatively influencing the cost (relatively high CPU) - benefit (few websites use fingerprinting) decision

As Oldschool confirmed, they have balanced their settings (in favor of usability) and have improved in API-wrapping effectiveness (less CPU), so it gradually becomes a feasible option for most (even on my medium-low spec PC it runs fine now). In short with JShelter you get 90% of Brave fingerprinting protections and a bit more than Firefox resist fingerprinting on Chromium based browsers with the benefit of using the mode of operation you like best (e.g. default with website whitelist exceptions or default off with strict or default protection on selected/blacklisted 'murky' websites).

So thank you to the MT-members for keeping this thread alive (@oldschool, @n8chavez, @Kongo, @Jan Willy, @Moonhorse, @simmerskool).
 
Last edited by a moderator:

oldschool

Level 80
Verified
Top Poster
Well-known
Mar 29, 2018
6,965
Its not very popular extension thats why im considering of using it, feels like its like trace used to be ( trace discontinued in 2021) Atleast the extension is recommended on the chrome store
JShelter is not a one-man show like Trace. It grew out of the graduate studies of quite a few people but of course anyone interested may contribute to the project as its open-source, unlike Trace. They also continue to update the site with blog posts, etc.
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310 as JavaScript Restrictor and JShelter projects. This project was supported by the MV CR VI20172020062 project.
JShelter: Credits
Are there any compatibility problems with Av?
I can't see any reason why there would be. AFAIK AVs don't interfere with browser extensions, at least that I've heard of.
 

oldschool

Level 80
Verified
Top Poster
Well-known
Mar 29, 2018
6,965
Updated to v. 0.17 JShelter: Release history

Release history

0.17
  • Added support for built-in tweaks for specific domains. The goal is to list several domains that break unnecessarily. Typically, an addition to the list should be well explained and must not lower protection. A nice candidate is WebWorker and the protection of Strict (break) and Remove.
  • Updated translations
  • Improved FPD report based on user feedback:
  • Do not refresh report automatically when tracking callers but introduce an update button so that users refresh when convenient (prevent glitches in the interfaces)
  • Add buttons to hide/show details and fold/unfold groups
  • Do not show traces in bold to better differentiate between API names and traces.
  • Add possibility to forget current traces. Useful when there is a fingerprinting script that activates after some action. The button allows the user to hide the traces triggered in the past and later load only new traces.
  • Add support for signing for Android on AMO, so we needed to increase minimal supported version
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top