copygirl

most of the the Arch cult forget to mention that

The “Arch cult’s” holy book, the ArchWiki, states the following pretty clearly:

Warning: AUR packages are user-produced content. These PKGBUILDs are completely unofficial and have not been thoroughly vetted. Any use of the provided files is at your own risk.

Mention of one’s use of the AUR for their needs doesn’t need to come with a disclaimer.
People who don’t read or don’t use their brain are going to keep not doing so, regardless.

JavaScript is already sandboxed. You can only execute functions where there is an actual API defined by the browser to do so, for example Date.getTime(). There is / should be no way to get, say, your device ID. (With the exception of unpatched exploits that allow executing arbitrary code. But keep in mind browsers are likely one of the if not the most security tested software.)

What you linked to here appears to specific to Google Tag Manager in a way that I don’t fully understand, but is not related to how websites usually execute JavaScript code.

Can you link to a source that confirms this information can be collected with JavaScript (with browser comparison, ideally)? That seems outrageous if it was actually possible.

What is meant by “sensitive information” here? Browsers can’t just willy-nilly access your local files or something like that. The one thing I can think of is using JavaScript to collect information that can be used to identify you. (Is that “sensitive”? I’d put that in “identifying information”.) My honest suggestion is to keep using NoScript and just allow as few domains as possible. The next best option is to stop using websites that break without JavaScript when there’s no reason why they’d need it.

I can imagine there being a plugin that spoofs some common ways that allow sites to identify you cross-sessions / browser / websites without your consent, but blocking JavaScript (by default) is likely one of the best ways to reduce the amount of information collected about you. When you do find such a plugin, check out one of the “browser fingerprint” testing sites to see how unique your fingerprint is.

(That is, if I even understood the request properly in regards to the “sensitive information” bit.)

There is something called “local storage” that allows applications to store more information than just a cookie. Cookies are sent to the server, while local storage, as the name implies, stays local. (That doesn’t mean that this data can’t be sent to the server via JavaScript.) But local storage makes it possible to make 100% offline applications if the whole webpage is cached / downloaded (assuming no online functionality is required).

edit: As for deleting this, if I click on the lock icon in the address bar in Firefox, I have an option to clear cookies and site data for the current site. I assume the “site data” is the local storage I mentioned. If you’re using a Chrome based browser, you can probably google how to do the same thing.