1. 29 Jun, 2018 2 commits
  2. 28 May, 2018 2 commits
  3. 14 May, 2018 1 commit
  4. 06 Mar, 2018 1 commit
    • Raymond Hill's avatar
      Guard web accessible resources from direct access by outside world · e6a5de16
      Raymond Hill authored
      With Chromium-based browsers, web pages can access directly
      Decentraleyes' web accessible resources, and thus detect
      whether Decentraleyes is used by a visitor.
      
      This potentially adds one bit of information to fingerprinting.
      
      See: "Discovering Browser Extensions via Web Accessible Resources"
      www.cse.chalmers.se/~andrei/codaspy17.pdf
      
      Proof-of-concept: https://jsfiddle.net/fuqrudcs/
      
      The change here is to use a secret when accessing a web accessible
      resource. If the secret is not present when the resource is fetched
      by the browser, the behavior will be the same as if the resource
      is not web accessible.
      
      When Decentraleyes redirects a request to one of its web
      accessible resources, the secret is appended at the end of the
      local URL as a query parameter.
      
      The secret is generated at runtime when Decentraleyes is launched.
      e6a5de16
  5. 21 Feb, 2018 2 commits
  6. 09 Jan, 2018 3 commits
  7. 08 Jan, 2018 1 commit
  8. 20 Nov, 2017 2 commits
  9. 10 Nov, 2017 1 commit
  10. 07 Nov, 2017 2 commits
  11. 04 Nov, 2017 1 commit
  12. 31 Oct, 2017 2 commits
  13. 29 Oct, 2017 3 commits
  14. 09 Aug, 2017 1 commit
  15. 03 May, 2017 1 commit
  16. 30 Apr, 2017 3 commits
  17. 24 Apr, 2017 1 commit
  18. 17 Mar, 2017 1 commit
  19. 16 Mar, 2017 4 commits
  20. 15 Mar, 2017 1 commit
  21. 14 Mar, 2017 5 commits