Don't forget to mention the handy (FOSS) decentraleyes addon. Helps with more than just remote fonts too.
https://reddit.com/r/privacy/comments/71abka/what_does_the_addon_decentraleyes_do_exactly/
> A lot of pages just show you a blank screen or have a completely broken page if you don't allow scripts to load from some external website (like nodejs, googleapis or most of the time some other website).
Decentraleyes somewhat fixes that for the case of external scripts being loaded via a CDN.
It's pretty much trivial to put those files on your own static file server. As a few links down there(thanks /u/_ahrs!) notes, the browser cache gets the file and checks when it expires. (It checks if it is the same file?)
I did once feature-request that firefox pushed for javascript libraries. Anyone could serve, checksums can check, people can use signatures to vouch for it, etcetera. But didn't get much response. Seems pretty clear to me that it is a good idea? (edit: to be fair, pretty much someone who handled regular user issues was responding, not necessarily a dev or anything)
(Could even have a system where things are "provided" and there is a choice of libraries. But not sure how practical it is. Only if the interface is clean enough. Maybe some of the code-highlighting stuff?)
This is great, but I hope browser devs make their settings tweakable like HTTPSE is. The Chromium version of Decentraleyes needs "force encrypted connections" disabled on their supported CDNs to prevent conflicts.
Hijacking in hope of getting a response ;)
Thanks for the addon, CDNs tracking has been a long concern of mine, and other web devs not giving a shit certainly doesn't help – Whereas this addon does. :)
I managed to get it fixed. Looks like decentraleyes addon for firefox was causing problems with doc.rs
I disabled decentraleyes for doc.rs and it fixed all the formatting issues.
>Protects you against tracking through "free", centralized, content delivery. It prevents a lot of requests from reaching networks like Google Hosted Libraries, and serves local files to keep sites from breaking. Complements regular content blockers.
This is the best way, right! It is open source and works fine. It is available for Firefox, Firefox ESR, Chrome, Opera and Pale Moon.
Direct download links for these browsers can be found here: https://decentraleyes.org/
Decentraleyes is a great addon to keep content like this cached locally so you don't need to be talking to google apis everytime you visit 90% of the internet:
https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/
You can see if it is working correctly here after you install it:
In addition to a pihole I would install ublock origin and decentraleyes. Pihole can't block certain ads if they are hosted on the same domain, ublock will. And decentraleyes keeps local copies of some common scripts for you. Both should help save a little more bandwidth.
Don't use Opera, especially the VPN. You're literally filtering through china since a Chinese company owns them now. (Remember that free means you're the product regarding the "free" VPN.) Firefox or Waterfox are fine.
Don't use AdBlockPlus. Advertisers pay them to unblock their ads so it's useless especially if you're already using uBlock Origin, so stick with uBlock Origin.
HTTPS Everywhere is fine. I've heard some things about Privacy Badger sending browsing data, but I need to find that source again. If you get Firefox/Waterfox you can install "Self-Destructing Cookies."
Decentraleyes is a good extension to have as well.
Use DNSCrypt which has Open DNS options.
> I'm afraid this is a harbinger of things to come
Sadly, yes. Personally, I'm sick to death of the massive over reliance of Javascript in modern web development - it should be optional, and used to enhance features of an existing site opposed to being used as a crutch to do basic tasks like loading a page of text. It drastically increases load times, and is designed in a way to allow you to be tracked across the web.
Testing this website on my PC with Scriptsafe and uBlock Origin plugins disabled from the Chromium UI, I could see f.cl.ly
and pagead2.googlesyndication.com
are being blocked. If you try and unblock the latter, you come across CNAME hell - all the aliases of Google Syndication that are also blocked by various block lists, thereby exposing you to ads on an extremely large portion of sites on the web. Even when the site loads, it lets you scroll for a bit before doing a giant "bugger off" popup that you can't do anything about. (Though oddly, I don't get the bugger off popup consistently on my phone - it pops up every few pages and lets me back in when I say that I've disabled it)
If I were in your position, I'd choose to never use that site again, let the site know via social media that their brute force anti-adblocking solution prevents security concious users from browsing their site, and that they should consider alternative revenue streams.
Sadly, I know that good Hackintosh resources are hard to come by - you may need to consider a VPN type solution that lets you have a browser session of your choice not protected by Pi-hole.
> Big fan of your work in the community.
Thank you :)
This answer is awesome.
If I can simplify - using the Privacy Tools about:config tweaks, uBlock Origin in Medium mode is largely sufficient? Also Decentraleyes.
Read https://github.com/Synzvato/decentraleyes/wiki/Frequently-Asked-Questions for how to do that.
There's also https://decentraleyes.org/configure-https-everywhere/ which is supposedly Chromium-only but I've done anyway because FF57 may be different.
If you're also using the Decentraleyes extension, it's better to use the HTTPS Everywhere extension instead and disable 'Upgrade connections to HTTPS' in the shields, so you can configure HTTPS Everywhere to avoid conflicts with Decentraleyes.
https://decentraleyes.org/configure-https-everywhere/ > Disabling HTTPS Everywhere for supported CDNs prevents conflicts. Decentraleyes will attempt to set up secure connections when forced to let intercepted requests through, so this will not negatively impact security.
While I don't have the misfortune of being shackled to Comcast I am well aware of how, to sickening degree, commonplace JS injection has become. That's I have Decentraleyes, uBlock Origin, ScriptSafe, and HTTPS Everywhere installed in my browser.
Developer of Decentraleyes here. Local CDN is a fork of Decentraleyes, but it lacks quite a few recent features. If you need compatibility with HTTPS Everywhere, you could switch over to the original extension, and follow this guide.
See this statement for more information on the implementation. I hope this helps!
Yes, using privacy badger and ublock origin will not prevent you from connecting to centralized cdns as they do not cache stuff like that locally whatsoever. Like ajax.googleapis.com, you can test that here. Decentraleyes will cache this data locally so you don't need to be connecting to google (and others) servers for nearly every webpage you visit
I think you might be confusing decentraleyes with disconnect, decentraleyes =/= disconnect.
Privacy badger is always a good idea, but blocking Facebook/Google/etc is best done at the router or in your hosts file on top of using plugins like Privacy Badger, uBlock, etc.
Another useful plugin to prevent tracking from CDN-loaded resources, without breaking functionality..
You could try installing the plug-in Decentraleyes, then allow it in uBO. I believe it will cache jquery stuff.
It will then load the resources from a local source which (helps) prevents tracking and such.
Gotcha, I glanced at it and the website is scant of information. It wasn't clear it stores the library and serves it from the browser.
The Google infobox says:
>Its primary task is to block connections to major CDNs such as Cloudflare and Google, and serve popular web libraries locally on the users machine
Didn't say that it saves them, I assumed it was something you had to handle manually.
> You may still find yourself white listing jQuery, et al. CDNs and Cloudfront.
You can also limit that even more by using something like DecentralEyes which acts like a local CDN for providing those common web libraries.
si infatti, non capisco ora sta moda di guardare i tracker.. i quali ci sono sempre stati e ci saranno sempre di più. E riguardo a google siamo arrivati a un punto nel quale google è talmente radicato in profondità nella rete che se domani dovesse essere "spento" una buona parte di internet non funzionerebbe. L'anno scorso mi era preso il pallino di tagliare google da tutto e moltissimi siti che usano le js di google non funzionavano più o comunque non erano fruibili. A quel punto avevo installato una estensione per ff o chrome che (se non ho capito male) fa una specie di proxy cache per tutte quelle librerie js che fornisce google e altri siti.
PS. decentraleyes la sto usando tutt'ora.
I know it's an add-on. I was talking about the Testing utility page. It was blocked at BKNIX. I might have been a temporary problem, as it's not blocked today. Who knows.
Requests are seen and then get redirected to load the local resource file which is packed inside the extension. That's the whole point of installing Decentraleyes.
Test -- https://decentraleyes.org/test/
They are redundant as mentioned by others. Brave's built-in HTTPS upgrade feature also uses HTTPS Everywhere's ruleset.
However, if you're also using the Decentraleyes extension, it's better to use the HTTPS Everywhere extension instead and disable 'Upgrade connections to HTTPS' in the shields, so you can configure HTTPS Everywhere to avoid conflicts with Decentraleyes.
https://decentraleyes.org/configure-https-everywhere/ > Disabling HTTPS Everywhere for supported CDNs prevents conflicts. Decentraleyes will attempt to set up secure connections when forced to let intercepted requests through, so this will not negatively impact security.
Not an answer but a small tip:
Install Decentraleyes, it doesn't support that site yet but it might in the future.
You can also take a look at Decentraleyes addon, which is
> A web browser extension that emulates Content Delivery Networks to improve your online privacy. It intercepts traffic, finds supported resources locally, and injects them into the environment.
I use it in combination with uBlock/uMatrix and works flawlessly
Decentraleyes: https://decentraleyes.org/ Gitlab Repository: https://git.synz.io/Synzvato/decentraleyes
If you're also using the Decentraleyes extension, it's better to use the HTTPS Everywhere extension instead and disable 'Upgrade connections to HTTPS' in the shields, so you can configure HTTPS Everywhere to avoid conflicts with Decentraleyes.
https://decentraleyes.org/configure-https-everywhere/ > Disabling HTTPS Everywhere for supported CDNs prevents conflicts. Decentraleyes will attempt to set up secure connections when forced to let intercepted requests through, so this will not negatively impact security.
Otherwise, they have the same functionality and are using the same ruleset, so no need to also install HTTPS Everywhere.
>A web browser extension that emulates Content Delivery Networks to improve your online privacy. It intercepts traffic, finds supported resources locally, and injects them into the environment. All of this happens automatically, so no prior configuration is required.
Basically, many sites are built using common frameworks, libraries and resources like fonts, user interface toolkits, styles etc. To reduce strain/cost on the website's hosting, these resources can be pulled from centralized CDNs instead.
It is possible for them to follow you around the web based on this activity.
Most useful G domains:
www.google.com
- captcha
www.gstatic.com
- captcha
ajax.googleapis.com
- jQuery via CDN. can be blocked in favor of Decentraleyes (not 100% coverage)
Other G domains should be blocked. That's for desktop.
​
For stock Android phone there are some malicious domains:
time, captive portal and A-GPS supplicant (the repo is mine)
​
Yalp /MicroG uses:
*.play.google.com
*.play.googleapis.com
​
Note: Android list may be incomplete.
AFAIK it simply caches a local copy of the latest versions of each supported library. It's the querying of the CDN for the library that can lead to tracking (i.e. 'user x wants library y for site abc.com... then def.com etc). To get a real answer, just email the devs or open an issue/ticket on GitHub.
$ sudo apt install apertium-eng-spa $ echo my hovercraft is full of eels|apertium eng-spa Mi aerodeslizador es lleno de anguilas
No network requests done.
(Also, if you don't like CDN's, you should be running https://decentraleyes.org/ – then you can use www.apertium.org without any requests to google etc.)
Just ignore all the files folders when you're looking at the Github page.
Any project that's ready for installation will have links somewhere in their description. CTRL+F search for "Firefox" or "Chrome" and you'll see the links right there.
The Decentraleyes link I posted didn't have installation links. It has been corrected. You can also find them here.
Decentraleyes (FF, Chrome) is a local CDN. While the chrome version is probably auto-approved, the FF reviewers use a script to confirm the hashes match the official ones.
Go with Firefox if you’re the type who likes customizing your browser with extensions and tweaks, Brave if you want something simple with convenience settings, Brave is basically an all in one solution.
Hooktube is a Youtube video redirector site that doesn’t have some of the tracking elements that YouTube uses, it’s basically a lightweight version of YouTube.
Don’t install anything you’re not sure of, same goes for watching videos from HookTube…just copy and paste the two video titles I shared previously and play the videos directly from YouTube if that’s more comfortable for you.
Regarding Decentraleyes -
Regarding DuckDuckGo Privacy and Firefox Focus Browsers, I linked you to the Google Play Store versions, have a look there for more information.
One more recommendation I forgot about that’s indispensable from the F-Droid depository for playing YouTube videos in privacy is NewPipe, a must have.
These recommendations should be enough to get you moving towards a more private online experience. That’s all I got, have a good night.
You should try Decentraleyes (https://decentraleyes.org/). It does not actually solve your problem but I think it can help you.
From the add-on's page:
>[...]
>
>It prevents a lot of requests from reaching networks like Google Hosted Libraries, and serves local files to keep sites from breaking.
>
>[...]
>
>The aim of this add-on is to cut-out the middleman by providing lightning speed delivery of local (bundled) files to improve online privacy.
>
>[...]
>
>Note: Decentraleyes is no silver bullet, but it does prevent a lot of websites from making you send these kinds of requests. Ultimately, you can make Decentraleyes block requests for any missing CDN resources, too.
>
>[...]
Piggybacking off this comment - please note Decentraleyes can break when using uBO Medium mode.