chameleon icon indicating copy to clipboard operation
chameleon copied to clipboard
verified publisher icon ghostwords

Add whitelist controls

Open Grabsteinschubser opened this issue 11 years ago • 8 comments

It would be nice to have a whitelist function. E.g. intranet sites are broken with chameleon activated (because of "Window.innerHeight")

Maybe it can look like this chameleon_whitelist

Grabsteinschubser avatar Jul 23 '14 15:07 Grabsteinschubser

Hi Grabsteinschubser, thanks for the suggestion!

I think Chameleon's functionality needs to evolve a bit more before we start updating the UI/providing more controls. Please see issues #1 and #2 for more context.

ghostwords avatar Jul 23 '14 16:07 ghostwords

Yes, of course ;) Just an idea for the future.

Grabsteinschubser avatar Jul 24 '14 07:07 Grabsteinschubser

I was actually going to create a new thread to discuss this. It's fairly easy to implement and should work the µBlock way, in my opinion:

-Click (disable): disable/enable µBlock for this site. -Ctrl+Click: disable/enable µBlock for this page only.

Little did I know the issue had already been submitted over 5 months ago.

0xBRM avatar Dec 05 '14 18:12 0xBRM

I changed the global toggle to a sticky toggle for the current page's host name. Let me know what you guys think.

ghostwords avatar Dec 08 '14 20:12 ghostwords

@ghostwords That's very convenient, works globally whilst maintaining full anti fingerprinting functionality. Do you think it'd be possible to implement a similar domain wide toggle but specifically for a page element (say a flash object, since it's related to the most prominent issue)? Or better yet, a text based whitelist with syntax similar to µMatrix's.

0xBRM avatar Dec 08 '14 21:12 0xBRM

Yes, but please take a look at issue #1. Trying to blend in with Tor Browser works for simple fingerprinters, but might not be good enough for the real world.

ghostwords avatar Dec 08 '14 22:12 ghostwords

Oh, I forgot, to mail you something. I recently emailed gorhill about this but totally forgot about you even though I mentioned your extension to the EFF:

Hello,

I have recently contacted the EFF and asked them to disclose the top 10 UA strings and HTTP_ACCEPT headers. I was told the following:

Hi Cris, Thanks for contacting the EFF! I will talk to our staff about whether or not we can make this happen. thanks, Amul Kalia Electronic Frontier Foundation (415) 436-9333 [email protected] Become a Member! https://www.eff.org/support​

So we might get them soon and then you won't have to work in blind mode.

Cheers, Cris​

So this might actually work in your favour as well, since I think we can all agree that blending in whilst randomising your browser is the superior approach. Regarding intercepting fingerprinting scripts, I'm afraid it will be very hard to do this effectively (meaning, working OOTB for the common user) without breaking a lot of website functionality. What I do right now is use µMatrix in a Block all/Allow exceptionally (1st party images and css is allowed for convenience) configuration and it seems to work very well, whilst obviously requiring some micromanagement. Which is why I think Chameleon could benefit from its syntax

0xBRM avatar Dec 09 '14 00:12 0xBRM

Unfortunately, whitelisting has been disabled in the master branch pending https://crbug.com/377978. Note that master is currently undergoing major changes: Tor masquerading has already been removed, too.

ghostwords avatar Apr 21 '15 16:04 ghostwords