Sampei.Nihira Posted January 9 Posted January 9 Understand. Would you like me to give you an example of a (very well-known) website using Google-Analytics and G-A blocking done in my browsers with two simple images? Indirect control through uBlock Origin would also be possible, a control I have not used. Obviously, in Edge, G-A is not detected by the extension because it is blocked at the browser level. Whereas in Firefox it is present and therefore blocked by the extension.
D.Draker Posted January 9 Posted January 9 11 hours ago, NotHereToPlayGames said: No surprise here! I'm not a fan of anything being "internal". The browser should "render" and nothing more! I'm not sure if it is "allowed" to (publicly) discuss how to break/modify Tampermonkey's telemetry. Does doing so break MSFN Forum Rules? It sounds very racist! You, yes you, without any shred of shame, discussed, and made a gazillion of topics on how to remove the telemetry from the Chinese-made Extreme Explorer 360! So, how discussing how to break/modify Tampermonkey's telemetry is any different? Oh, those famous double standards! 4
NotHereToPlayGames Posted January 9 Author Posted January 9 Not sure if the two are the same. Gray area. Admins/Moderators could have shut down the 360Chrome discussions (which I did not "start", I simply expanded upon and carried over to version-specific threads) at any point. None did. So fair enough. We can let the Admins/Moderators erase the next post if we "crossed the line" (it's always been a very fine line).
NotHereToPlayGames Posted January 9 Author Posted January 9 (edited) How to remove Google Analytics telemetry in Tampermonkey. Also some GUI-related items of telemetric intent. First - be warned, Tampermonkey also has a "time bomb" (contribution solicitation) and a "the version you are using has been tampered with, please uninstall and reinstall from official sources" embedded 'checks' which are reported via automated visits to the "home page". So those should also be "defused" (and are in the below mods). I cite the changes for v4.13 as that is the version that I use. In extension.js, make the following mods (before line is first line, modified line is second line): },i=$('<iframe src="ht tps://www.tampermonkey.net/contrib.php?embedded=2'+(t?"&locale="+t:"")+"&src="+(e||"e")+rea.runtime.short_id+'" class="contrib_iframe"></iframe>'),s=[$('<button [IGNORE SPACE IN HTTPS] },i=$(''),s=[$('<button l=i("div","head_container","opt","head_container"),c=i("div","tv_container_fit","opt","tv_container"),A=s("a","head_link","heads","head_link");A.href="https://www.tampermonkey.net",A.target="_blank";const l=i("div","head_container","opt","head_container"),c=i("div","tv_container_fit","opt","tv_container"),A=s("a","head_link","heads","head_link");const r=i("div","head_container","ask","head_container"),o=i("div","tv_container_fit","ask","tv_container"),a=s("a","head_link","ask","head_link");a.href="https://www.tampermonkey.net",a.target="_blank";const r=i("div","head_container","ask","head_container"),o=i("div","tv_container_fit","ask","tv_container"),a=s("a","head_link","ask","head_link");const In background.js, make the following mods (before line is first line, modified line is second line): sub_menu_item:!0,pos:"bottom",items:[]};A.items.push({name:M.I18N.getMessage("Dashboard"),image:"utilities",url:rea.extension.getURL("options.html")+"#"+ sub_menu_item:!0,pos:"bottom-disabled",items:[]};A.items.push({name:M.I18N.getMessage("Dashboard"),image:"utilities",url:rea.extension.getURL("options.html")+"#"+ e;h.length?(e={name:"scripts_new",id:"scripts_new",sub_menu_item:!0,pos:"center",items:[]},s.push(e)):e=l;const e;h.length?(e={name:"scripts_new",id:"scripts_new",sub_menu_item:!0,pos:"center-disabled",items:[]},s.push(e)):e=l;const e=[],r=M.I18N.getLocale(),n={name:"commands",id:"commands",sub_menu_item:!0,pos:"left",items:[] e=[],r=M.I18N.getLocale(),n={name:"commands",id:"commands",sub_menu_item:!0,pos:"left-disabled",items:[] e=12096e5;let (this is the "time bomb", 12096e5 milliseconds = 14 days, this and the next mod are related, there are other ways to defuse, this is just what I did as the "easiest" to defuse) e=0;let r=Date.now(),n=!t.first_run||t.first_run.ts+e<r,s=!t.hide,o=!t.contributed,a=!t.later||t.later.ts+e<r;if(!Ne.RUNTIME.SAFARI&&!Ne.RUNTIME.DOLPHIN&&n&&s&&o&&a)return r=Date.now(),n=!t.first_run||t.first_run.ts+e<e,s=!t.hide,o=!t.contributed,a=!t.later||t.later.ts+e<e;if(!Ne.RUNTIME.SAFARI&&!Ne.RUNTIME.DOLPHIN&&n&&s&&o&&a)return newV:rea.extension.manifest.version,oldV:null,first_run:!1,active:!1},r=()=>{if(!kt.late)return (disables "first run" Mickey Mouse Crap, ie, disables auto-visit to home page [which has also been seen to launch a HUNDRED chrome.exe's in Supermium!]) newV:rea.extension.manifest.version,oldV:null,first_run:!1,active:!1},r=()=>{if(!kt-disabled.late)return URL("ht tps://www.tampermonkey.net/uninstall.php?ext="+rea.runtime.short_id),_t.init(()=>{Ye.finalize()}),Object(ie.init) (disables "dumb" 'why did you uninstall me' auto-visit Mickey Mouse Crap) [IGNORE SPACE IN HTTPS] URL("disabled-ht tps://www.tampermonkey.net/uninstall.php?ext="+rea.runtime.short_id),_t.init(()=>{Ye.finalize()}),Object(ie.init) In style.css, make the following mods (I wouldn't call them telemetric, I'm only including since I am listing my mods): sup{font-size:small} sup{display:none} .noborder{border-collapse:collapse;border-spacing:0;border:0}.float{float:left} .noborder{border-collapse:collapse;border-spacing:0;border:0}.float{cursor:default;float:left} .contrib_button{padding:10px;margin:0 10px} .contrib_button{display:none} .social{font-size:.5em;display:inline;vertical-align:bottom} .social{display:none} Hmm, I think that's all of my v4.13 changes. Google Analytics does not seem to be one of my v4.13 changes. Telling me that Google Analytics was added with LATER VERSIONS. One moment, I'll do a little more digging... Edited January 9 by NotHereToPlayGames 1
NotHereToPlayGames Posted January 9 Author Posted January 9 My apologies! I make so many extension mods that I (temporarily) lost track. The Google Analytics that I had to "defuse" last week was when I was testing audio EQ extensions. Since we are embarking on this journey, I'll walk through that extension's modifications. It is the EQ extension that makes a Google Analytics connection with each and every browser launch. It is this extension - https://chromewebstore.google.com/detail/ears-bass-boost-eq-any-au/nfdfiepdkbnoanddpianalelglmfooik?hl=en In manifest.json, make this mod to defuse the Google Analytics telemetry: "content_security_policy": "script-src 'self' https://ssl.google-analytics.com; object-src 'self'" "content_security_policy": "script-src 'self' hxxps://ssl.google-analytics.com; object-src 'self'" In popup.js, make this mod to defuse the Google Analytics telemetry: e.src="https://ssl.google-analytics.com/ga.js"; e.src="hxxps://ssl.google-analytics.com/ga.js"; 1
Sampei.Nihira Posted January 10 Posted January 10 (edited) Everything is clearer now. I note that that extension will be removed from the CWS as of June 2025. Edited January 10 by Sampei.Nihira
NotHereToPlayGames Posted January 10 Author Posted January 10 23 minutes ago, Sampei.Nihira said: extension will be removed from the CWS as of June 2025 Personally, "don't care". The sky is not falling!
D.Draker Posted January 10 Posted January 10 On 1/9/2025 at 3:18 PM, NotHereToPlayGames said: In popup.js, make this mod to defuse the Google Analytics telemetry: e.src="https://ssl.google-analytics.com/ga.js"; e.src="hxxps://ssl.google-analytics.com/ga.js"; This is what you saw how the not-so-clever russian 360chrome repackers did it, and aped it, but it's wrong and silly, the browser will still broadcast rubbish and/or try to connect to it wasting the precious CPU cycles. You need to replace e.src="https://ssl.google-analytics.com/ga.js"; with "0.0.0.0" Like they do it in the HOST file. Or with the loop "127.0.0.0", but it's SLOWER. @Sampei.Nihira, this is only for @NotHereToPlayGames, so don't read, you just don't and never appreciated advice from me. 3
NotHereToPlayGames Posted January 10 Author Posted January 10 17 minutes ago, D.Draker said: This is what you saw how the not-so-clever russian 360chrome repackers did it Well yes but no... The tt -> xx has been COMMON PRACTICE since the 90s. So no, I did not learn this from 360Chrome repackers. But yes, a few CPU cycles are consumed. But so are they with 0.0.0.0 ???
D.Draker Posted January 10 Posted January 10 11 hours ago, NotHereToPlayGames said: Well yes but no... The tt -> xx has been COMMON PRACTICE since the 90s. So no, I did not learn this from 360Chrome repackers. But yes, a few CPU cycles are consumed. But so are they with 0.0.0.0 ??? Well, then sorry for the assumption, but 90's aren't around anymore, are they? And 0000 consumes nothing, it's a general recommendation since the day Vista came out. 2
D.Draker Posted January 10 Posted January 10 11 hours ago, NotHereToPlayGames said: yes, a few CPU cycles are consumed. If you run several extensions, it obviously will make sense to remake them with zeroes. 3
NotHereToPlayGames Posted January 10 Author Posted January 10 Perhaps. But not all extensions can have telemetry removed in this "simplistic" manner. More often then not, it requires tracking down a variable (ie, the *time bomb* was particularly interesting to isolate) or removing lines (plural) of javascript code. In fact, if you remove the URL below entirely or even replace the tt with xx, then Tampermonkey's GUI will not even load! For this one, replacing http with ftp may have worked just as well as prefixing with disabled-. URL("disabled-ht tps://www.tampermonkey.net/uninstall.php?ext="+rea.runtime.short_id),_t.init(()=>{Ye.finalize()}),Object(ie.init)
D.Draker Posted January 10 Posted January 10 11 hours ago, NotHereToPlayGames said: Perhaps. But not all extensions can have telemetry removed in this "simplistic" manner. More often then not, it requires tracking down a variable (ie, the *time bomb* was particularly interesting to isolate) or removing lines (plural) of javascript code. In fact, if you remove the URL below entirely or even replace the tt with xx, then Tampermonkey's GUI will not even load! For this one, replacing http with ftp may have worked just as well as prefixing with disabled-. URL("disabled-ht tps://www.tampermonkey.net/uninstall.php?ext="+rea.runtime.short_id),_t.init(()=>{Ye.finalize()}),Object(ie.init) Then listen to D'Darker's raving wisdom and replace with https://0.0.0.0 3
Sampei.Nihira Posted January 10 Posted January 10 (edited) 54 minutes ago, NotHereToPlayGames said: Perhaps. But not all extensions can have telemetry removed in this "simplistic" manner. More often then not, it requires tracking down a variable (ie, the *time bomb* was particularly interesting to isolate) or removing lines (plural) of javascript code. In fact, if you remove the URL below entirely or even replace the tt with xx, then Tampermonkey's GUI will not even load! For this one, replacing http with ftp may have worked just as well as prefixing with disabled-. URL("disabled-ht tps://www.tampermonkey.net/uninstall.php?ext="+rea.runtime.short_id),_t.init(()=>{Ye.finalize()}),Object(ie.init) I would not do that,especially at the level of extensions: https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser I seem to remember that the full implementation of the fix in Chrome will happen at version 133 and you are using an earlier version. And some AVs and probably websites take that change as compromising the OS of client. I have been using it for years to stop CCleaner telemetry,but as you see HP detects it (but I know how to handle it). Just because it is faster. But of course you act as you see fit................... Edited January 10 by Sampei.Nihira 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now