Comment by Animats
8 months ago
Blocking Google Tag Manager script injection seems to have few side effects. Blocking third party cookies also seems to have few side effects. Turning off Javascript breaks too much.
8 months ago
Blocking Google Tag Manager script injection seems to have few side effects. Blocking third party cookies also seems to have few side effects. Turning off Javascript breaks too much.
Use a whitelist-based extension such as NoScript:
https://noscript.net
You can then enable just enough JS to make sites work, slowly building a list of just what is necessary. It can also block fonts, webgl, prefetch, ping and all those other supercookie-enabling techniques.
The same with traditional cookies. I use Cookie AutoDelete to remove _all_ cookies as soon as I close the tab. I can then whitelist the ones I notice impact on authentication.
Also, you should disable JavaScript JIT, so the scripts that eventually load are less effective at exploiting potential vulnerabilities that could expose your data.
Why would JIT be more likely to have such a vulnerability than a JavaScript engine without JIT?
I honestly don't know. I just noticed a lot of CVEs related to JS JIT in different browsers.