browser-core icon indicating copy to clipboard operation
browser-core copied to clipboard
verified publisher icon cliqz-oss

Log about:transparancy to console/file

Open da2x opened this issue 5 years ago • 6 comments

Hi, can I somehow output a log of what goes on in about:transparency? There are delays before activity shows up, and things disappear before I get a chance to look at it.

da2x avatar Jan 30 '20 05:01 da2x

Hi,

The transparency page just shows a summary of outgoing requests from the browser. Depending on how much detail you want, you can also just monitor the HTTP traffic directly.

The easiest way to do this is via the extension debugger: visit about:devtools-toolbox?type=extension&id=cliqz%40cliqz.com to open a browser debugger for the browser-core extension, then go to the 'Network tab'. There you can analyse all outgoing requests from the extension, just as with a web page.

Screenshot 2020-01-30 at 09 50 27

From the dev tools you can export to HAR format for further analysis.

sammacbeth avatar Jan 30 '20 08:01 sammacbeth

I did have a look there. However, all the data in the network debugger is encrypted. Not just HTTPS encapsulation — which the network debugger handles — but the payload is encrypted separately. This behavior matches what is described in Cliqz’s browser privacy policy.

screenshot

da2x avatar Jan 30 '20 20:01 da2x

Ah, true. For these messages, I think @philipp-classen may be able to advise on how to see the original content on these messages.

I'll also take this issue on-board as a feature request for an 'audit' mode for exporting all communicate with Cliqz' backend. The current dashboard is somewhat limited.

sammacbeth avatar Jan 31 '20 07:01 sammacbeth

I'll also take this issue on-board as a feature request for an 'audit' mode for exporting all communicate with Cliqz' backend.

Logging to a file or stdout when an environmental variable is set would suffice. Or logging to the browser console while the about:transparancy is open.

The current dashboard is somewhat limited.

Displaying the last 10 minutes of data instead of the single last data point would be an enormous improvement. Maybe show the last by default but with an expander toggle to show last ten minutes? Instructions on how to log to a file would also suffice.

da2x avatar Jan 31 '20 08:01 da2x

@da2x You can make log outputs visible to print the unencrypted messages before they are sent. The steps are described in our blog post on Human Web (at the end):

https://0x65.dev/blog/2019-12-03/human-web-collecting-data-in-a-socially-responsible-manner.html#fn10

There is also a pref, which you can flip to turn off encryption at all. However, that means the proxy can also see (or could modify) your traffic, so reserve that option only for testing.

philipp-classen avatar Jan 31 '20 10:01 philipp-classen

grimm jr.

Krahe65 avatar Feb 01 '20 11:02 Krahe65