Bugfix: Do not try to redefine undefined objects. The exceptions thrown in injected code used to
prevent application of all the wrapping code.
Add an option to clear
window.name with each page reload.
Rewrite the NBS for Chromium-based browsers with custom DNS cache build with resolved data available in onResponseStartedListener()
Fix the amount of saved data through pop-up (for a specific domain), it is much harder to reach
Re-introduced Geolocation API wrapping (several settings available).
Bugfix: Set up domain-specific levels from storage correctly
Wrap PerformanceEntry instead of performance.getEntries*() - prevents a known leak of precise
time stamps in Chromium-based browsers.
Add note on the effectivity of time randomization
Firefox fix background and content scripts synchronization, use correct naming (improves speed)
Time wrappers in Firefox affected by the
Fiefox CSP bug should work better. However, the precise timers are not wrapped, see also #25. NBS message for Chromium-based browsers reworded.
Improve compatibility with Chromium based browsers
Major code rewrite - make the code more modular, remove duplications
Add wrappings inspired by
ide-Channel Attacks Network boundary shield prevents web pages to use the browser as a proxy between local network and the public Internet. See the
Force Point report for an example of the attack. The protection encapsulates the WebRequest API, so it captures all outgoing requests. Allow multiple custom levels
Do not modify DOM of displayed pages (the modifications were detectable by the page scripts and may
reveal that the user is running JSR)
Canvas fingerprinting: originally, only
toDataURL was blocked. The extension now blocks
Block additionaly methods to get performance data.
Unfortunately, we do not migrate old settings as the levels were redesigned and several features
were removed. We expect to migrate previous settings in the future.
Initial attempt to deal with a bug
https://bugzilla.mozilla.org/show_bug.cgi?id=1267027 but it
does not work completely as expected, yet. Make sure that calling toString on the wrapped function does not leak the wrapping code.
Fix original canvas method leaks through iframes
Do not allow page scripts to delete wrappers
Do not open the main page after browser or extension update as it is irritating and may send a
signal that the user is tracked.
Removed feature Do not change request HTTP headers. See the paper
FP-Scanner: The privacy implications of browser
fingerprint inconsistencies and pages like
Removed feature GPS/location is not blocked anymore, we expect to reintroduce this feature in the future. 0.2.1
Date wrapping that used to break some pages;
Date wrapping code improved
Additional APIs that can be wrapped:
View the source code at
project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support
from the European Commission's Next Generation Internet programme, under the aegis of DG
Communications Networks, Content and Technology under grant agreement No 825310 as
project was supported by the MV CR VI20172020062 project.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either
version 3 of the License, or
(at your option) any later version.