Project

General

Profile

Why not merge DOM storage into JS toggle ?

Added by ask low 6 days ago

I don't seem to get the gist of DOM apart from JS. Most of the times, the web scripts are often stored as a part of DOM storage. i.e, Most websites these days simply don't run without DOM even if JS is enabled. Such sites spit a blank webpage.

When I use uBO or NoScript, the extension seems to block DOM file system too, because they're somehow interconnected. Why not do the same with Privacy Browser too ? Are there any privacy benefits of separating them ?


Replies (5)

RE: Why not merge DOM storage into JS toggle ? - Added by Soren Stoutner 6 days ago

That is an interesting question. I have thought about doing so in the past. However, there still are a number of pages that work with JavaScript enabled but DOM storage disabled, at least for what I use them for. For example (just looking through my domain settings):

  • youtube.com
  • openwrt.org
  • the OpenWrt web interface (on devices running OpenWrt)
  • archive.org
  • coveryourtracks.eff.org
  • liberapay.com
  • minecraft.fandom.com
  • relativefinder.org
  • wickenburgsun.com
  • androidpolice.com
  • businessinsider.com
  • instagram.com
  • josephsmithpapers.org
  • monoprice.com
  • politico.com
  • reddit.com
  • signupgenius.com
  • washingtonexaminer.com
  • azdor.gov
  • bugs.chromium.org
  • f-droid.org
  • forum.f-droid.org
  • fosstodon
  • nm.debian.org
  • redmine.stoutner.com (on desktop, but not on mobile)
  • speeches.byu.edu
  • patreon.org

Because JavaScript is so invasive, there probably isn't much additional privacy benefit to having DOM storage disabled when JavaScript is enabled, but I still like to be able to turn it off when it isn't needed.

RE: Why not merge DOM storage into JS toggle ? - Added by ask low 5 days ago

DOM is like a storage shelf where the invasive JS code might utilise data in it to achieve it's expected results.
For instance, let's say a webscript tries to cryptojack by hogging computing resources such as CPU, GPU, memory, etc. It might need certain files in DOM in order to achieve cryptojacking. Obviously many users keep the tabs open in the background (I certainly do it, even for shady sites such as public blogposts, crypto exchange web clients, etc.).
I believe there are more chances of script hijacks with DOM support, than without it.

RE: Why not merge DOM storage into JS toggle ? - Added by Soren Stoutner 5 days ago

That's true. There might be malware concerns that go beyond privacy concerns.

RE: Why not merge DOM storage into JS toggle ? - Added by ask low 5 days ago

I've just found out that resource highjacking is still possible without DOM. Through fileless embedded malware script.
It's also possible to stenograph malware in the form of media files such as images & videos, which totally doesn't need DOM storage either.
Seems like merging dom into js is less of an issue than running js itself.

RE: Why not merge DOM storage into JS toggle ? - Added by Soren Stoutner 5 days ago

Everything is less of an issue than running JavaScript.

The above statement is not an exaggeration.

    (1-5/5)