The web is used daily by billions. Even so, users are not protected from many threats by default. This position paper builds on previous web privacy and security research and introduces JShelter, a webextension that fights to return the browser to users. Moreover, we introduce a library helping with common webextension development tasks and fixing loopholes misused by previous research. JShelter focuses on fingerprinting prevention, limitations of rich web APIs, prevention of attacks connected to timing, and learning information about the device, the browser, the user, and surrounding physical environment and location. We discovered a loophole in the sensor timestamps that lets any page observe the device boot time if sensor APIs are enabled in Chromium-based browsers. JShelter provides a fingerprinting report and other feedback that can be used by future security research and data protection authorities. Thousands of users around the world use the webextension every day.

翻译：网络每日被数十亿人使用。即便如此，用户默认情况下仍无法免受多种威胁。本文基于先前的web隐私与安全研究，介绍了JShelter这一网页扩展，旨在将浏览器控制权交还给用户。此外，我们引入了一个库，用于辅助常见的网页扩展开发任务，并修复先前研究被滥用的漏洞。JShelter专注于指纹防护、丰富web API的限制、时间相关攻击的预防，以及设备、浏览器、用户及其周围物理环境与位置信息的获取。我们发现传感器时间戳中存在一个漏洞，若基于Chromium的浏览器启用了传感器API，任何页面均可通过该漏洞观察设备启动时间。JShelter提供指纹报告及其他反馈，可供未来安全研究与数据保护机构使用。全球数千用户每日使用该网页扩展。