1. 28 May, 2018 1 commit
  2. 14 May, 2018 1 commit
  3. 06 Mar, 2018 1 commit
    • Raymond Hill's avatar
      Guard web accessible resources from direct access by outside world · e6a5de16
      Raymond Hill authored
      With Chromium-based browsers, web pages can access directly
      Decentraleyes' web accessible resources, and thus detect
      whether Decentraleyes is used by a visitor.
      
      This potentially adds one bit of information to fingerprinting.
      
      See: "Discovering Browser Extensions via Web Accessible Resources"
      www.cse.chalmers.se/~andrei/codaspy17.pdf
      
      Proof-of-concept: https://jsfiddle.net/fuqrudcs/
      
      The change here is to use a secret when accessing a web accessible
      resource. If the secret is not present when the resource is fetched
      by the browser, the behavior will be the same as if the resource
      is not web accessible.
      
      When Decentraleyes redirects a request to one of its web
      accessible resources, the secret is appended at the end of the
      local URL as a query parameter.
      
      The secret is generated at runtime when Decentraleyes is launched.
      e6a5de16
  4. 21 Feb, 2018 2 commits
  5. 09 Jan, 2018 3 commits
  6. 08 Jan, 2018 1 commit
  7. 20 Nov, 2017 2 commits
  8. 10 Nov, 2017 1 commit
  9. 07 Nov, 2017 2 commits
  10. 04 Nov, 2017 1 commit
  11. 31 Oct, 2017 2 commits
  12. 29 Oct, 2017 3 commits
  13. 09 Aug, 2017 1 commit
  14. 03 May, 2017 1 commit
  15. 30 Apr, 2017 3 commits
  16. 24 Apr, 2017 1 commit
  17. 17 Mar, 2017 1 commit
  18. 16 Mar, 2017 4 commits
  19. 15 Mar, 2017 1 commit
  20. 14 Mar, 2017 5 commits
  21. 13 Mar, 2017 3 commits