msfntor Posted April 17, 2023 Author Share Posted April 17, 2023 I only have two privacy extensions left: Browser Fingerprint Protector, and Reject Service Worker. All other are removed. To see your Service Workers (before clearing browser data) look on this chrome page: chrome://serviceworker-internals/ Service Worker test: https://simple-push-demo.vercel.app/ - if you have, on this Simple Push Demo test page: "Unable to Register SW Sorry this demo requires a service worker to work and it failed to install - sorry " - so all is good for you... Read: Service Worker Security FAQ: https://www.chromium.org/Home/chromium-security/security-faq/service-worker-security-faq/ Link to comment Share on other sites More sharing options...
msfntor Posted April 17, 2023 Author Share Posted April 17, 2023 (edited) Hmm @Sampei.Nihira - why I have on this defo.ie ECH check page: https://defo.ie/ech-check.php SSL_ECH_STATUS: not attempted x - in my all Chrome forks?.. EDIT: From stats page of: https://defo.ie/ "OpenSSL with ECH ECH not attempted TLS Session details: This TLS version forbids renegotiation. --- no client certificate available" - From support.netsweeper.com article: https://support.netsweeper.com/hc/en-us/articles/7115508502804-Encrypted-Client-Hello-ECH- "What is ECH? TLS Encrypted ClientHello (ECH) is an experimental mechanism for Transport Layer Security version 1.3 (TLS 1.3) that is designed for encrypting ClientHello messages under a server public key. The intent of ECH is to protect the privacy of users by preventing someone who is monitoring network traffic to able to determine the domain name of a website that a user is browsing to. What major browsers support ECH? ECH is currently available In Mozilla's Firefox browser as an experimental feature that can only be enabled in about:config. For more information about Mozilla's ECH implementation, visit the Mozilla Security Blog. For Edge Version 105 and above, ECH can only be enabled for test purposes with the following option for the command. edge.exe --enable-features=EncryptedClientHello For more information about ECH in Edge : You can now Enable Encrypted Client Hello (Encrypted SNI or ESNI/ECH) in Microsoft Edge - Microsoft Tech Community For Chrome ECH is not currently available." Chrome Platform Status: Feature: TLS Encrypted Client Hello (ECH): https://chromestatus.com/feature/6196703843581952 - From the windowsclub.com article: Enable Encrypted Client Hello in Microsoft Edge to improve privacy: https://www.thewindowsclub.com/enable-encrypted-client-hello-in-microsoft-edge "Microsoft is always looking for new ways to improve Edge browser, and the latest is all about adding support for Encrypted Client Hello or ECH. For those who are not fully aware, Encrypted Client Hello is a mechanism found in Transport Layer Security protocol, or TLS, that improves privacy by encrypting every privacy-sensitive factor of the TLS connection." - so (for now...) it's implemented for new browser called Edge, not for our Chrome forks... CheckMyHTTPS extensions for Firefox, Chrome, Edge: https://checkmyhttps.net/index.php?language=en TEST page on tls-ech.dev: https://tls-ech.dev/ says: "You are not using ECH. " Manually check an HTTPS connection: https://checkmyhttps.net/check.php?language=en Not important to me, these padlock stories... Edited April 18, 2023 by msfntor EDIT addition Link to comment Share on other sites More sharing options...
msfntor Posted April 18, 2023 Author Share Posted April 18, 2023 EDIT added in the post above... Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted April 18, 2023 Share Posted April 18, 2023 More test to verify ECH: https://tls-ech.dev/ If it works in Edge,it also works in Chrome. 1 Link to comment Share on other sites More sharing options...
msfntor Posted April 18, 2023 Author Share Posted April 18, 2023 Posted already in my precedent/precedent post: "TEST page on tls-ech.dev: https://tls-ech.dev/ says: "You are not using ECH. " " Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted April 18, 2023 Share Posted April 18, 2023 (edited) In Chrome they tell me that ECH activation works. So you don't enter the command line parameter in the correct way. P.S. Or you have not enabled the necessary flags. Edited April 18, 2023 by Sampei.Nihira 1 Link to comment Share on other sites More sharing options...
msfntor Posted April 18, 2023 Author Share Posted April 18, 2023 Why not focus on the benefits of the Reject Service Worker extension instead of that annoying ECH that I can't implement (and you should know this), please? Have you read the first post on this page? Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted April 18, 2023 Share Posted April 18, 2023 (edited) Because you don't need a browser extension, moreover outdated,to block SW. A simple rule in uBlock Origin is enough: ||$csp=worker-src 'none',domain=~whitelistthisdomain.com But the biggest problem is understanding when a malfunctioning website needs Service Workers. It is difficult especially if you have subjected the browser to considerable customization. Edited April 18, 2023 by Sampei.Nihira Link to comment Share on other sites More sharing options...
msfntor Posted April 18, 2023 Author Share Posted April 18, 2023 2 hours ago, Sampei.Nihira said: Because you don't need a browser extension, moreover outdated,to block SW. A simple rule in uBlock Origin is enough: This Reject Service Worker extension: https://chrome.google.com/webstore/detail/reject-service-worker/falajmifjcihbmlokgomiklbfmgmnopd?hl=en-US - works very good: blocks service workers on ALL domains ... Your rule example is for one domain only. Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted April 19, 2023 Share Posted April 19, 2023 I have a question. Why do you question (mistakenly) my expertise in security/privacy? You get the opposite purpose. I understand (well) the degree of expertise of others. It would probably be more useful to ask for explanations or to do research on the net. Having clarified the above,the explanation that should not be necessary, the rule I wrote has general validity. Only the rule for whitelisting is obviously specific. Every website that needs a consent rule,then,must be added with the exact same syntax. Link to comment Share on other sites More sharing options...
msfntor Posted April 19, 2023 Author Share Posted April 19, 2023 (edited) 3 hours ago, Sampei.Nihira said: I have a question. Why do you question (mistakenly) my expertise in security/privacy? You get the opposite purpose. WHY you think this? NO, I don't question nothing. I don't use Windows 10 (or 11), I don't use Edge browser... 3 hours ago, Sampei.Nihira said: the rule I wrote has general validity. Only the rule for whitelisting is obviously specific. Every website that needs a consent rule,then,must be added with the exact same syntax. So each website has its time to add consent rule, with your rule above? My extension work silently, for all websites, without unnecessary changes... Edited April 19, 2023 by msfntor I don't use Windows 10 (or 11), I don't use Edge browser... Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted April 19, 2023 Share Posted April 19, 2023 For all websites considered 2 years ago. The extension is stopped in its development in April 2021. In this matter,as you know,2 years almost corresponds to the Jurassic period....... Link to comment Share on other sites More sharing options...
msfntor Posted April 19, 2023 Author Share Posted April 19, 2023 (edited) In DCBrowser, MiniBrowser, 360Chrome: Is it really blocked or not by the extension? I begin to have doubts, passing the other HTML5 workers test: https://www.w3schools.com/HTML/html5_webworkers.asp - or better: https://www.w3schools.com/HTML/tryit.asp?filename=tryhtml5_webworker - this number counter is still shown, with extension enabled... Why? But my first test, from the first post on this page: https://simple-push-demo.vercel.app/ - says that "Unable to Register SW Sorry this demo requires a service worker to work and it failed to install - sorry " - so says that service worker is not here... thanks to my extension. So web worker is here or not ?... Which test is the most effective? -and what are these "Service worker demo" image examples: https://mdn.github.io/dom-examples/service-worker/simple-service-worker/ EDIT: In uBlock, after add this to the "My filters" tab: ||$csp=worker-src 'none' *$csp=worker-src 'none' ##$csp=worker-src 'none' - none of these works. Worker is here.... Edited April 19, 2023 by msfntor EDIT added Link to comment Share on other sites More sharing options...
msfntor Posted April 19, 2023 Author Share Posted April 19, 2023 (edited) Another WORKER TEST! Web Push Notifications Demo: https://webpushdemo.azurewebsites.net/ Without extension, "Initiate push" button is here, and after click on it, has blue frame... and nothing happens here... maybe because I don't enabled in chrome://flags experimental-web-platform-features With extension enabled, this button is called: "Initiating..." - and nothing happens. So my Reject Service Worker extension works! Another test (which don't work here): HTML5 worker test: https://nolanlawson.github.io/html5workertest/ Read this article: Using Service Workers: https://reference.codeproject.com/dom/service_worker_api/using_service_workers Read: Disable Service Worker: https://www.bugbugnow.net/2022/01/disable-service-worker.html "Disable ServiceWorker in browser settings. Chrome (cannot be disabled) We have not found a way to disable ServiceWorker in Chrome. If you want to disable ServiceWorker in Chrome, it is best to use the above user script or extension." Voilà. Edited April 19, 2023 by msfntor added Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted April 20, 2023 Share Posted April 20, 2023 It is very simple to check if the blocking rule (inserted in my filters) is working. Open the browser development tools and reload our MSFN forum. In the images below I show you how this is done. Rule up and running: uBO without the blocking rule: Then it is obvious that if you check the API (BrowserLeaks.com - test Features Detection) this is present and working. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now