Skip to content
Snippets Groups Projects
  1. May 28, 2018
  2. May 14, 2018
  3. Mar 06, 2018
    • Raymond Hill's avatar
      Guard web accessible resources from direct access by outside world · e6a5de16
      Raymond Hill authored
      With Chromium-based browsers, web pages can access directly
      Decentraleyes' web accessible resources, and thus detect
      whether Decentraleyes is used by a visitor.
      
      This potentially adds one bit of information to fingerprinting.
      
      See: "Discovering Browser Extensions via Web Accessible Resources"
      www.cse.chalmers.se/~andrei/codaspy17.pdf
      
      Proof-of-concept: https://jsfiddle.net/fuqrudcs/
      
      The change here is to use a secret when accessing a web accessible
      resource. If the secret is not present when the resource is fetched
      by the browser, the behavior will be the same as if the resource
      is not web accessible.
      
      When Decentraleyes redirects a request to one of its web
      accessible resources, the secret is appended at the end of the
      local URL as a query parameter.
      
      The secret is generated at runtime when Decentraleyes is launched.
      e6a5de16
  4. Feb 21, 2018
  5. Jan 09, 2018
  6. Jan 08, 2018
  7. Nov 20, 2017
  8. Nov 10, 2017
  9. Nov 07, 2017
  10. Nov 04, 2017
  11. Oct 31, 2017
  12. Oct 29, 2017
  13. Aug 09, 2017
  14. May 03, 2017
  15. Apr 30, 2017
  16. Apr 24, 2017
  17. Mar 17, 2017
  18. Mar 16, 2017
  19. Mar 15, 2017
  20. Mar 14, 2017
  21. Mar 13, 2017
Loading