[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DRAFT of PR publication from FSF
|
From: |
Ruben |
|
Subject: |
Re: DRAFT of PR publication from FSF |
|
Date: |
Tue, 27 Apr 2021 20:48:22 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Icedove/68.10.0 |
It seems like I didn't share the last version of the text. The last
version is mostly a rewrite of paragraphs 2-3 and some reorganizing:
BOSTON, Massachusetts, USA -- FIXME DAY, DATE -- The Free Software
Foundation (FSF) today announced the start of development on JavaScript
Shield, an anti-malware Web browser extension to mitigate potential
threats from JavaScript, including fingerprinting, tracking, and data
collection. The project is supported by NLnet Foundation's NGI Zero
Privacy & Trust Enhancing Technologies fund. Collaborators include Libor
Polčák and Bednář Martin (Brno University of Technology), Giorgio Maone
(NoScript), and Ana Isabel Carvalho and Ricardo Lafuente (Manufactura
Independente). The JavaScript Shield extension is projected for release
in the third quarter of 2021.
Most modern websites contain a growing number of programs that the
user's browser download and run automatically as each new page is
loaded. While these JavaScript programs can provide functionality to a
site, they also carry issues of software freedom (due to their licenses)
and of privacy and security (due to the actions those programs could
take). The FSF addressed the licensing side of those issues with the
"Free JavaScript Campaign[]" to encourage web developers to publish
their scripts as free software, and the GNU LibreJS [footnote 1] browser
extension which allows the user to run only free scripts. Now the FSF is
targeting the other side of the problem by introducing the JavaScript
Shield browser extension, aimed to limit the potential for JavaScript to
do harmful actions.
Accessing cookies, performing fingerprinting to track users across
multiple sites, revealing the local network address, or capturing the
user's input before they submit a form are some examples of JavaScript's
capabilities that can be used in harmful ways. JavaScript Shield adds a
safety layer that allows the user to choose if a certain action should
be forbidden on a site, or if it should be allowed with restrictions,
such as reducing the precision of geolocation to the city area. This
layer can also aid as a countermeasure against attacks targeting the
browser, operating system or hardware levels.
The JavaScript Shield project is a freely licensed, anti-malware browser
extension to combat, and protect against, potential threats from
JavaScript, either in combination with the previously developed GNU
LibreJS and other script blockers, or on its own. The project's
repository is at https://pagure.io/JS-Shield/JS-Shield. It will ask --
globally or per site -- if specific native functions provided by the
JavaScript engine and the Document Object Model (DOM) are allowed by the
user. It will also link to an explanatory page for each function, to
raise awareness of related threats. Depending on the function being
addressed, the user will have the option to allow it, block it, or have
it return a custom value. This extension will help protect users from
critical threats now, and contribute significantly to progress on the
necessary longer-term cultural shift of moving away from nonfree JavaScript.
"This is a project I've been looking forward to for years, tired of
dealing with all kinds of potential antifeatures in the browsers I use
and distribute, and having to figure out some countermeasure for them
with configuration changes, patches or extensions," shared Ruben
Rodriguez, FSF chief technology officer. "Being able to wrap the
JavaScript engine in a layer of protection is a game changer."
FSF executive director, John Sullivan: "Besides providing much-needed
protection for users, this extension will help the FSF demonstrate the
power and usefulness of free 'as in freedom' software, serving as a
conversation starter about the importance of all free software and the
dangers of nonfree software while using the Web. We thank NLnet
Foundation for recognizing the importance of free software and investing
in the FSF's strategy for free JavaScript on the Web."
FIXME -- NLNET QUOTE
The FSF has been campaigning to free all JavaScript on the Web since
2013, and as part of this effort continues to support the development of
GNU LibreJS, in addition to outreach to users and developers about the
issue of freedom on the Web. Once developed, JavaScript Shield will form
a core part of the FSF's general recommendations for how to use the Web
without ethical compromise. In conjunction with a fully free
distribution of the GNU/Linux operating system and a free BIOS, it will
help users move toward the FSF's vision of a world where computing
upholds, rather than diminishes, their individual rights.
The GNU LibreJS extension, sponsored by the Free Software
Foundation, detects JavaScript and allows you to choose to run only
JavaScript distributed under a free software license, thus enabling
users to browse the Web in full freedom. However, that extension only
works to identify nonfree licensing and does not address the
functionality of those scripts.
About the Free Software Foundation
[...]
On 4/9/21 5:09 PM, Ruben Rodriguez wrote:
> This is a work-in-progress document. Still pending a better project
> name, and a specific call for contributors.
>
> --
>
> Free Software Foundation announces start of development on JavaScript
> Shield browser extension
>
> BOSTON, Massachusetts, USA -- FIXME DAY, DATE -- The Free Software
> Foundation (FSF) today announced the start of development on JavaScript
> Shield, an anti-malware Web browser extension to mitigate potential
> threats from proprietary nonfree JavaScript, including fingerprinting,
> tracking, and data collection. The project is supported by NLnet
> Foundation's NGI Zero Privacy & Trust Enhancing Technologies fund.
> Collaborators include Libor Polčák and Bednář Martin (Brno University of
> Technology), Giorgio Maone (NoScript), and Ana Isabel Carvalho and
> Ricardo Lafuente (Manufactura Independente). The JavaScript Shield
> extension is projected for release in the third quarter of 2021.
>
> Detecting and blocking nonfree JavaScript is of increasing importance
> because nearly all Web pages use it, meaning that merely loading these
> sites causes nonfree software to be automatically downloaded and
> executed by your Web browser, without your explicit consent or
> knowledge. These programs also pose significant threats to user freedom
> and privacy: JavaScript can be exploited to obtain information about the
> user by fingerprinting or reading what you type in a form even without
> submitting it, or JavaScript can affect browser functionality like
> disabling copying text or images.
>
> The GNU LibreJS extension, sponsored by the Free Software Foundation,
> detects JavaScript and allows you to choose to run only JavaScript
> distributed under a free software license, thus enabling users to browse
> the Web in full freedom. However, that extension only works to identify
> nonfree licensing and does not address the functionality of those scripts.
>
> The JavaScript Shield project is a freely licensed, anti-malware browser
> extension to combat, and protect against, potential threats from
> proprietary JavaScript, either in combination with the previously
> developed GNU LibreJS and other script blockers, or on its own. The
> project's repository is at https://pagure.io/JS-Shield/JS-Shield. It
> will ask -- globally or per site -- if specific native functions
> provided by the JavaScript engine and the Document Object Model (DOM)
> are allowed by the user. It will also link to an explanatory page for
> each function, to raise awareness of related threats. Depending on the
> function being addressed, the user will have the option to allow it,
> block it, or have it return a spoofed value. This extension will help
> protect users from critical threats now, and contribute significantly to
> progress on the necessary longer-term cultural shift of moving away from
> nonfree JavaScript.
>
> One overall, eventual goal of the FSF is to have all JavaScript on the
> Web be free, so that users will be fully able to determine what
> functions are taking place and freely change or disable programs as needed.
>
> "This is a project I've been looking forward to for years, tired of
> dealing with all kinds of potential antifeatures in the browsers I use
> and distribute, and having to figure out some countermeasure for them
> with configuration changes, patches or extensions," shared Ruben
> Rodriguez, FSF chief technology officer. "Being able to wrap the
> JavaScript engine in a layer of protection is a game changer."
>
> FSF executive director, John Sullivan: "Besides providing much-needed
> protection for users, this extension will help the FSF demonstrate the
> power and usefulness of free 'as in freedom' software, serving as a
> conversation starter about the importance of all free software and the
> dangers of nonfree software while using the Web. We thank NLnet
> Foundation for recognizing the importance of free software and investing
> in the FSF's strategy for free JavaScript on the Web."
>
> FIXME -- NLNET QUOTE
>
> The FSF has been campaigning to free all JavaScript on the Web since
> 2013, and as part of this effort continues to support the development of
> GNU LibreJS, in addition to outreach to users and developers about the
> issue of freedom on the Web. Once developed, JavaScript Shield will form
> a core part of the FSF's general recommendations for how to use the Web
> without ethical compromise. In conjunction with a fully free
> distribution of the GNU/Linux operating system and a free BIOS, it will
> help users move toward the FSF's vision of a world where computing
> upholds, rather than diminishes, their individual rights.
> About the Free Software Foundation
>
> The Free Software Foundation, founded in 1985, is dedicated to promoting
> computer users' right to use, study, copy, modify, and redistribute
> computer programs. The FSF promotes the development and use of free (as
> in freedom) software -- particularly the GNU operating system and its
> GNU/Linux variants -- and free documentation for free software. The FSF
> also helps to spread awareness of the ethical and political issues of
> freedom in the use of software, and its Web sites, located at
> https://fsf.org and https://gnu.org, are an important source of
> information about GNU/Linux. Donations to support the FSF's work can be
> made at https://donate.fsf.org. Its headquarters are in Boston, MA, USA.
>
> More information about the FSF, as well as important information for
> journalists and publishers, is at https://www.fsf.org/press.
> About the NLnet Foundation
>
> Started in 1989, Stichting NLnet is an independent, recognized
> philanthropic nonprofit foundation that stimulates network research and
> development in the domain of Internet technology. The articles of
> association for the NLnet foundation state: "to promote the exchange of
> electronic information and all that is related or beneficial to that
> purpose." The foundation actively engages with the global internet
> community in many ways, with a joint goal to create a better, safer, and
> more secure Internet for tomorrow. More information about Stichting
> NLnet can be found at https://nlnet.nl/foundation/.
>
--
Ruben Rodriguez | Chief Technology Officer, Free Software Foundation
GPG Key: 05EF 1D2F FE61 747D 1FC8 27C3 7FAC 7D26 472F 4409
https://fsf.org | https://gnu.org