Skip to content
Snippets Groups Projects
  1. Nov 24, 2018
  2. Nov 23, 2018
  3. Jul 02, 2018
  4. Jun 29, 2018
  5. May 28, 2018
  6. May 14, 2018
  7. Mar 06, 2018
    • Raymond Hill's avatar
      Guard web accessible resources from direct access by outside world · e6a5de16
      Raymond Hill authored
      With Chromium-based browsers, web pages can access directly
      Decentraleyes' web accessible resources, and thus detect
      whether Decentraleyes is used by a visitor.
      
      This potentially adds one bit of information to fingerprinting.
      
      See: "Discovering Browser Extensions via Web Accessible Resources"
      www.cse.chalmers.se/~andrei/codaspy17.pdf
      
      Proof-of-concept: https://jsfiddle.net/fuqrudcs/
      
      The change here is to use a secret when accessing a web accessible
      resource. If the secret is not present when the resource is fetched
      by the browser, the behavior will be the same as if the resource
      is not web accessible.
      
      When Decentraleyes redirects a request to one of its web
      accessible resources, the secret is appended at the end of the
      local URL as a query parameter.
      
      The secret is generated at runtime when Decentraleyes is launched.
  8. Feb 21, 2018
  9. Jan 09, 2018
  10. Jan 08, 2018
  11. Nov 20, 2017
  12. Nov 10, 2017
  13. Nov 07, 2017
  14. Nov 04, 2017
  15. Oct 31, 2017
  16. Oct 29, 2017
  17. Aug 09, 2017
  18. May 03, 2017
  19. Apr 30, 2017
  20. Apr 24, 2017
  21. Mar 17, 2017
  22. Mar 16, 2017
Loading