InformAction Forums

I have been researching spywaye, principally iesnare.
A study (which I can link if need be) claims it can read our hardware details, such as “driver enumeration” and “device identifiers” and they can read the hard drive data from a plugin only.

More specifically;
“The client may also be delivered through a stand-alone application, imbedded within a common software product like a web browser, or even imbedded in hardware or memory, any of which would be required to be running when a connection to a network is authenticated by a network service provider protected by this system. The client could also be delivered on demand, through a JavaScript, ActiveX control, or similar technology as a user connects to a network service provider through their favorite web browser.”

My (newbie) guess would be that if I “allow” the site trying to run this code then they can obtain details of my hardware?

Yeah, active content is required to collect that info. So in that sense NoScript does offer some protection against this.

However don't rely on NS for complete protection against this stuff - it's a security tool, not a privacy tool - so make sure you also have some sort of privacy-oriented addon like uBlock Origin and configured to block tracking.

Thanks!

So the only way hardware details can be obtained is if I allow the bad site and thus they can use active content?

And the filtered lists on uBlock origin give me extra protection because if I decide to allow a bad site they will override this choice and block it anyway?

freakedman wrote:So the only way hardware details can be obtained is if I allow the bad site and thus they can use active content?

Yes... well, unless your browser does something truly daft like voluntarily sends your hardware details in request headers or some such thing. (And that really happens. I've seen systems that has VERY detailed hardware info tagged on the end of the UA string! )

freakedman wrote:And the filtered lists on uBlock origin give me extra protection because if I decide to allow a bad site they will override this choice and block it anyway?

Yes, if the bad site is blocked by your uBlock Origin subscriptions (no blacklist is 100% perfect).
NoScript and uBlock Origin are independent of one another in that requests blocked by one won't get allowed through by the other.

If you are advanced user you can also add µMatrix as a 3rd layer of protection (it will get at a slightly different angle than you're looking for here, but can't hurt here).