Disclaimer: This is a research project under development, see the issue page and the webextension home page for more details about the current status.
- Various Navigator object data and HTTP web requests, which can be queried for information about the user’s User Agent, platform, browser version etc.,
- document.referrer and Referrer HTTP web request gives the URI of the page that linked to the current page,
- navigator.language and Accept-Language HTTP web request can reveal user’s preferred language and the language of the browser UI,
- navigator.doNotTrack gives browser’s Do Not Track setting,
- window.Date object and window.performance.now() function provide high-resolution timestamps that can be used to idenfity the user or can be used for microarchitectural attacks,
- HTMLCanvasElement.toDataURL() function can be used to fingerprint user’s device. Canvas element provides access to HW acceleration which may reveal the card and consequently be used as a fingerprinting source,
- Geolocation data can reveal the physical location of the device,
- navigator.deviceMemory or navigator.hardwareConcurrency can reveal hardware specification of the device,
- navigator.cookieEnabled, experimental only (available only in the Custom level) to determine if the client web browser has cookies enabled,
- XMLHttpRequest (XHR), experimental only (available only in the Custom level) issues requests to the server after the page is displayed and gathered information available through other APIs. Such information might carry identification data,
- 1 - the minimal level of protection. The timestamp values and geolocation data are modified. Also hardware spoofing is enabled.
- 2 - improved level of protection. On this level User Agent, platform and hardware information as well as referrer are spoofed. Protection against canvas fingerprinting is enabled. The timestamp values and geolocation data are even more restricted.
- 3 - maximal level of protection. User Agent, platrofm, hardware and also browser’s language is spoofed. Protection against canvas fingerprinting is enabled. Timestamp values are even more restricted and geolocation data is nullified.
- Custom - your level of protection. If desired, you can set your own level of protection.
For more accurate description of the restrictions see levels of protection page.
Note that the spoofing and rounding actions performed by the extension can break the functionality of a website (e.g. Netflix). Please report to us any malfunction websites that do not track users.
The default level of protection can be set by a popup (clicking on JSR icon) or through options of the extension. Specific level of protection for specific domains can be set in options by adding them to the list of websites with specific level of protection. This can be done also by a popup during a visit of the website.
If you have any questions or you’ve spotted a bug, please let us know.
If you would like to give us feedback, we would really appreciate it.
Once you install the extension, see the test page for the working demo on how the extension can help in restricting JS capabilities.