Wesbites and Javascript

How are websites that require javascript capable of finding you? If I'm behind a reputable VPN and sock, can an exploit still get my real IP? I'm talking about when using big clearnet sites like paypal, not sketchy onions.

Like say LE is trying to find me through paypal and I have js enabled, can they put a malicious script inside the account that can execute once logged in and get me? I know they'd need to get paypal involved but still, is this how it works? Or would they only be able to get the VPN/sock.

This is a question for firefox use.


Comments


[2 Points] MDMangel:

As long as you have your Lv.5 tinfoil battle armour and helmet equiped, you are UNSTOPPABLE. Tinfoil socks are just silly.


[1 Points] pinochetHA:

A vpn makes absolutely no difference when it comes to Javascript. Javascript is a client-side script, so it is active in your browser. It doesn't care about your vpn.

JS isn't necessarily a threat, but can become one when bad actors are involved. There are a lot of security problems with it. If it's used to install malware on your machine or collect information that uniquely identifies your computer then in most cases you will be deanoned. Of course there has to be a prexisting vulnerbility, and if you keep your browser up to date then you should be well protected.

One thing to note about Firefox: It does not have good sandboxing, or at least did not have in the past. I am not sure if that has been added. I know they planned to move more towards Chromes model of sandboxing. The problem for you is that without sandboxing malware that is effective is not contained to the browser. If this worries you run firefox in a virtual machine.

As for paypal yes the fbi could figure out that you are using an outdated browser and plant an exploit to deanon you. However they probably won't do this as fucking with popular clearnet sites is going to make a lot of people angry at them and will only catch petty criminals. There would also be a lot of other legal issues.


[0 Points] None:

I work in web development. I think morons here confuse Java and Javascript. Java is a problem and should be uninstalled immediately.