Disable plugin enumeration using NoScript surrogates?

Proposals for new surrogate scripts, updates/bug fixes to existing ones, tips and tricks to work around the lazy web.
Post Reply
johnscript
Junior Member
Posts: 49
Joined: Wed Feb 20, 2013 1:49 pm

Disable plugin enumeration using NoScript surrogates?

Post by johnscript »

Somewhere along the line Mozilla removed the preference that allowed to disable plugin enumeration (claiming it "broke too many sites", which still has to be proved) in their usual way, meaning they could have left it there with a "safe" value or even turned it into an hidden one, but no, they just got rid of it.

But I digress : looking around I've found this interesting workaround: [Talk]alternative to plugins.enumerable_names which apparently exploits script surrogates to do the same task: my question is, how does this work?

Code: Select all

noscript.surrogate.noplugin.exceptions =
noscript.surrogate.noplugin.replacement = Object.defineProperty(navigator, "plugins", {value: []});
noscript.surrogate.noplugin.sources = @^https?://
What is this code actually doing, and is it the same thing (or possibly even better) than the original feature?
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Disable plugin enumeration using NoScript surrogates?

Post by barbaz »

*Always* check the changelogs BEFORE updating that important software!
-
johnscript
Junior Member
Posts: 49
Joined: Wed Feb 20, 2013 1:49 pm

Re: Disable plugin enumeration using NoScript surrogates?

Post by johnscript »

Ok, but could you explain in layman's terms if this feature could be considered a drop-in replacement for the original (removed) Firefox feature?

Furthermore, the code looks a bit different to me:

Code: Select all

noscript.surrogate.noplugin.exceptions =
noscript.surrogate.noplugin.replacement = Object.defineProperty(navigator, "plugins", {value: []});
noscript.surrogate.noplugin.sources = @^https?://

Code: Select all

for(let propName of ['plugins','mimeTypes']){Object.defineProperty(window.navigator, propName, {configurable: true, enumerable: true, value:{}})}
Are these two ways to achieve the same goal?
If I were to choose the method in your link, should a also set the value of noscript.surrogate.ihasnoplugins.sources to {} to blacklist all sites?

BTW, I reckon that users not able to understand this stuff should probably leave it alone - but OTOH, if Mozilla keeps axing privacy features leaving users more exposed than they need to be...
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Disable plugin enumeration using NoScript surrogates?

Post by barbaz »

johnscript wrote:Ok, but could you explain in layman's terms if this feature could be considered a drop-in replacement for the original (removed) Firefox feature?
I've never used it and didn't even realize it existed, sorry.
johnscript wrote:Furthermore, the code looks a bit different to me:


[...]

Are these two ways to achieve the same goal?
No. The first set of code is not only incomplete but overwriting the properties with the wrong type of JavaScript object, and as such will make you stand out more to fingerprint-hungry websites.
johnscript wrote:If I were to choose the method in your link, should a also set the value of noscript.surrogate.ihasnoplugins.sources to {} to blacklist all sites?
See the third post, use @* for the sources value to enable it by default. The prefix of @ is the most important, see this link on surrogate script for more information.
I don't think {} will match anything useful.
*Always* check the changelogs BEFORE updating that important software!
-
johnscript
Junior Member
Posts: 49
Joined: Wed Feb 20, 2013 1:49 pm

Re: Disable plugin enumeration using NoScript surrogates?

Post by johnscript »

OK, thank you very much.
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Disable plugin enumeration using NoScript surrogates?

Post by barbaz »

You're welcome Image
*Always* check the changelogs BEFORE updating that important software!
-
Post Reply