Skip to content
Snippets Groups Projects
Select Git revision
  • pale-moon
  • master default protected
  • experimental
  • legacy
  • v2.0.10
  • v2.0.9
  • v2.0.8
  • v2.0.7
  • v1.4.2
  • v2.0.6
  • v2.0.5
  • v1.4.1
  • v2.0.4
  • v2.0.3
  • v2.0.2
  • v2.0.1
  • v2.0.0
  • v2.0.0beta3
  • v2.0.0beta2
  • v2.0.0beta1
  • v1.3.10
  • v1.3.8
  • v1.3.7
  • v1.3.6
24 results
Compare
Forked from Thomas Rientjes / decentraleyes
291 commits behind, 41 commits ahead of the upstream repository.
user avatar
Guard web accessible resources from direct access by outside world
Raymond Hill authored 
With Chromium-based browsers, web pages can access directly
Decentraleyes' web accessible resources, and thus detect
whether Decentraleyes is used by a visitor.

This potentially adds one bit of information to fingerprinting.

See: "Discovering Browser Extensions via Web Accessible Resources"
www.cse.chalmers.se/~andrei/codaspy17.pdf

Proof-of-concept: https://jsfiddle.net/fuqrudcs/

The change here is to use a secret when accessing a web accessible
resource. If the secret is not present when the resource is fetched
by the browser, the behavior will be the same as if the resource
is not web accessible.

When Decentraleyes redirects a request to one of its web
accessible resources, the secret is appended at the end of the
local URL as a query parameter.

The secret is generated at runtime when Decentraleyes is launched.
e6a5de16
History
user avatar e6a5de16
History
Name Last commit Last update
_locales
audit
core
icons
modules
pages
resources
.eslintignore
.eslintrc
.gitignore
LICENSE.txt
README.md
crowdin.yaml
manifest.json
README.md

Decentraleyes (Experimental)

A reimplementation of current features of Decentraleyes. This project will help bring Decentraleyes to WebExtensions (Firefox 57 and higher), as well as Chromium-based browsers, Opera, and possibly even Edge.

Changelog

Below is a list of all notable changes made to the reimplementation project to date. This includes, but is most certainly not limited to, records of changes such as bug fixes, and new, removed, and updated features.

v1.3.7.5

  • Fix Subresource Integrity (SRI) validation issues.
  • Implement context stripping for allowed CDN requests.
  • Implement request filters to improve performance.

v1.3.7.4

  • Fix rare injection counter issue.

v1.3.7.3

  • Improve injection state management (requires a new permission).
  • Implement injection overview and icon badge.

v1.3.7.2

  • Fix popup icon display issue.

v1.3.7.1

  • Improve compatibility with HTTPS Everywhere.

v1.3.7

  • Initial release.