Add LibreJS in browser extentions section

Website

Short description

LibreJS is a free add-on for GNU IceCat and other Mozilla-based browsers. It blocks nonfree nontrivial JavaScript while allowing JavaScript that is free and/or trivial.

Why I think this tool should be added

Many websites run nontrivial JavaScript on your computer. Some use it for complex tasks; many use it gratuitously for minor jobs that could be done easily with plain HTML. Sometimes this JavaScript code is malicious. Either way, the JavaScript code is often nonfree. For explanation of the issue, see “The JavaScript Trap”(The JavaScript Trap - GNU Project - Free Software Foundation).

I think allowing every script to run in the browser unless it is in a blocklist is very insecure. This puts the security practitioner in an endless arms-race with the security crackers. I think allow by default should be replaced with deny by default.

Section on Privacy Guides

Browser Extentions

Also read “Default Permit” in The Six Dumbest Ideas in Computer Security

I’m a big free software advocate, but unfortunately I don’t think LibreJS fits as a Privacy Guides recommendation. I’m definitely in the camp that software will always be more trustworthy if it’s FOSS, but the GNU Project/FSF does overstate the misconception that free software is always inherently (more) secure or that proprietary software is always inherently totally unsafe for anyone to use in any scenario. Another downside is that it’s exclusively for Firefox, which itself may be considered for removal from Privacy Guides.

I’d say NoScript would be a better option for what you’re suggesting as it can block all scripts and is available for both Firefox and Chromium, however all current recommendations allow the user to block scripts with uBlock Origin, NoScript, or Brave Shields depending on the browser they chose.