ideas icon indicating copy to clipboard operation
ideas copied to clipboard

Published 20 hours ago • verified publisher icon open-source-ideas

Privacy Cloak - Privacy-hardening your browser

Open aschrijver opened this issue 5 years ago • 9 comments

Project description

I volunteer as community facilitator for the non-profit Center for Humane Technology and maintain the awesome-humane-tech list. The list focuses on (mostly) OSS projects, and has categories for 'Privacy' and 'Trackers'.

Personal data has become the 'new gold', and as a result we see unprecedented levels of privacy invasion in new software products and services. Our privacy is rapidly disappearing. Luckily - because of some recent scandals - public awareness about privacy is growing as well.

While working on the awesome list I found plenty of cool browser extensions that help improve privacy of the user, and new ones are being created. But there are some important issues, I think, that will hinder adoption of these tools:

  1. Fragmentation. Each project only addresses a small, single privacy issue. I'd have to install and manage a ton of plugins to be properly protected.

  2. Target audience and ease-of-use. Most projects are targeted at technical people. They do not explain in layman's terms why it is important to install the software, the implications of not protecting yourself.

Here are some examples that demonstrate these points (there are more in the awesome list):

  • Smart Referer | github - Manage referer URL's
  • Canvas Blocker | github - Prevenst Canvas API fingerprinting
  • Tracking Token Stripper - Strips Googe Analytics query params
  • projects offering URL blocklists / whitelists
  • projects detailing about:config settings that increase privacy (only for advanced users)

Just like you have nice websites that bring together privacy-related tools, like privacytools.io there should be software that brings together privacy-related protection features. For this idea I'd like to limit the project to browser extensions for the most popular browsers.

Ideally some of the project maintainers of the aforementioned projects can be convinced to join forces, and merge their codebases. Instead of having many separate extensions, you'll have only a single one.

Privacy Cloak - Privacy-hardening your browser

The project should provide:

  • One-stop shop for adding privacy features that are missing in your browser
  • Extensions for Chrome, Firefox, and maybe Safari and other popular browsers
  • Extensions for the mobile versions of these browsers (if possible / supported)
  • Clear and easy-to-use UI's for managing configuration, handling reporting, etc.
  • Clear and concise documentation: explanations / user manuals, well-suited for non-technical people

Relevant Technology

The software should be developed using the existing extension mechanism of the browsers involved and may vary per platform as well. The best technology framework and languages to use should be further investigated per browser/platform.

Complexity and required time

I'll tick the 'Advanced' checkbox below, because the extension should be very stable and secure before they can be added to a browser, and comply to the guidelines of the browser vendor as well. But in this project there is also a place for intermediate and beginner programmers, and even non-programmers (i.e. in writing clear documentation)

All-in-all there is a lot of work involved, though the project might start with a MVP targeting only a single browser, and a small subset of features.

Complexity

  • [ ] Beginner - This project requires no or little prior knowledge of the technolog(y|ies) specified to contribute to the project
  • [ ] Intermediate - The user should have some prior knowledge of the technolog(y|ies) to the point where they know how to use it, but not necessarily all the nooks and crannies of the technology
  • [x] Advanced - The project requires the user to have a good understanding of all components of the project to contribute

Required time (ETA)

  • [ ] Little work - A couple of days
  • [ ] Medium work - A week or two
  • [x] Much work - The project will take more than a couple of weeks and serious planning is required

aschrijver avatar Sep 24 '18 11:09 aschrijver

It makes no sense to bundle extensions. 1 Each extension has own release cycle and they are constantly updated. Bundling means shipping an outdated version. 2 The extensions are controversal. For example canvas blocker is unneeded (Firefox has privacy.resistFingerprinting pref) and contained a vulnr allowing detection of it. Usually users should install the extensions manually.

I have a better idea, which I will describe in a separate issue.

KOLANICH avatar Sep 24 '18 19:09 KOLANICH

Maybe the title I chose isn't too clear. I will change it. I do not mean bundling the actual projects into a single release, but creating a new project, with a single codebase that has all of the features that these extensions provide separately. So no separate release cycles, but a single project that builds extensions with a single UI.

The plugins listed are just examples. If canvas blocker is not needed then it is not included, or when only valuable for some, then it should be made configurable. There are others, like block WebRTC that you might only enable when you are using a VPN, etc.

aschrijver avatar Sep 24 '18 19:09 aschrijver

You may want to take a look on https://github.com/arkenfox/user.js, TorBrowser and Brave. TorBrowser implements some protections (and enables some built into Firefox ones). Brave has some fingerprinting-detection code, though ultraslow.

KOLANICH avatar Sep 24 '18 21:09 KOLANICH

Thanks for ghacks-user, I might add to my awesome list :slightly_smiling_face: I know of Tor and Brave. I hear rave reviews on the latter. Problem is, both are either not for the wider public, or not widely used. What I have in mind is an easy-to-use extension for the popular browsers to be used by the masses (so it should be bone easy to install and configure). Us techies can find our way to all kinds of solutions already, so we are not the target audience.

aschrijver avatar Sep 24 '18 22:09 aschrijver

both are either not for the wider public

~~Tor Browser~~ no longer ~~can be used without Tor, the main problem here is that it is based on ESR, which is usually is delayed, so no new standards support, so the sites using recently introduced API may break.~~ If you want a browser for everyone you just need to setup the infrastructure automatically applying some of TB patches to release versions of Firefox, building and testing the result, and notifying humans about errors, so they can fix them.

KOLANICH avatar Sep 25 '18 06:09 KOLANICH

Why was this closed @aschrijver?

FredrikAugust avatar Jan 08 '20 17:01 FredrikAugust

Oops, accidentally.. thx for the heads up!

aschrijver avatar Jan 11 '20 16:01 aschrijver

https://www.whatican.org/privacy.html

^ Something similar perhaps?

sbutler-gh avatar Sep 06 '21 19:09 sbutler-gh

Here's my review of this website :

  • I'm using Kiwi on mobile, which it does not detect as a privacy-friendly browser
  • It recommends HTTPS Everywhere, while Smart HTTPS is better since not whitelist-based
  • "Cookie Auto Delete" links to HTTPS Everywhere on Brave
  • "Terms of Service; Didn't Read" redirects to Mozilla's store on Brave
  • It recommends LastPass as password manager, while KeeWeb (and other KeePass-based softs) is FLOSS
  • It recommends Apple systems instead of FLOSS Linux desktops and Android mobile systems.

KaKi87 avatar Sep 10 '21 09:09 KaKi87