this post was submitted on 29 Jun 2024
23 points (87.1% liked)
Firefox
17695 readers
982 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
once the javascript gets that information from the browser it's kinda impossible to prevent it from being included in a request without just blocking all requests. It could be anywhere in arbitrarily structured data and/or encrypted
But couldn't the JS runtime track which objects and variables interact with such information, so if they make any HTTP requests with the info after getting it and maybe processing it then it could be rejected?
Taint analysis is a real thing that several papers have been published about, but the implementations aren’t in a state where they could be run in real time without massively hampering performance. Also they’re mostly focused on findings bugs in native applications rather than privacy on the web.