Tool in the spotlight: Pure URL

Tool in the Spotlight: Pure URL, a Firefox extension that removes tracking query string fields like “utm_source=*” from URLs (the homepage of its creator is here. NOTE: while, according to the add-on web page, the tools declares to be available under the GPL v3.0, we can’t find the location of its actual source code).

What makes us excited about this add-on is that it automatically modifies and strips all unnecessary query string content (e.g. “utm_source=*” but others as well) from URLs that it encounters while you are browsing. Many sites embed these query string elements in links that they provide in order to track you, their advertisement campaigns, conversion sources, etc.
But these fields are of no use to you and even work against your best interests.

What Pure URL does, is turn a hyperlink like this:
https://www.domain.com/?page=7741&utm_source=somesite.com&utm_medium=RSS&utm_campaign=mail
into the more reasonable:
https://www.domain.com/?page=7741

By default, Pure URL treats and removes the following unnecessary query string elements (lifted and modified from the extension’s web page as of writing of this article):

  • utm_source, utm_medium, utm_term, utm_content, utm_campaign: spyware fields used by Google Analytics
  • yclid: spyware fields used by Yandex
  • feature: a useless field used by youtube.com
  • fb_action_ids, fb_action_types, fb_ref, fb_source, action_object_map, action_type_map, action_ref_map: spyware fields used by Facebook
  • ref, fref, hc_location: tracking fields used by Facebook
  • ref_: tracking field used by imdb.com

Pure URL strips out these query string values from hyperlinks by default and lets you specify which others you want it to strip as well (and – but why would you do this – which ones of the above, you want to keep).

One word of caution: it is unclear whether or not it prevents these values from being submitted to servers when you make a request containing these values yourself. In other words: it is unclear whether or not this add-on only modifies your DOM or whether it also modifies your requests. This can be an issue when you click on links containing these values in another program (e.g. e-mail client) which then opens up the page in your browser.

While IvyDNS already protects against this type of tracking, it is useful to have a multi-layered approach to your online security and privacy. Pure URL is a nice addition to these layers which also prevent the server-side from tracking you through these query string values.

NOTE: we are entirely unaffiliated with whoever produces this tool, we receive no compensation whatsoever from them.

Tool in the spotlight: Random Agent Spoofer

Tool in the Spotlight: Random Agent Spoofer, a Firefox extension that gives you control over how your browser identifies to sites you visit.

Many sites create a fingerprint of you when you visit them. Usually, this information contains the ‘User Agent’ string, which (oversimplified) is a combination of the name of your browser, its version together with the name of your operating system with its version (this is much oversimplified, check out the wikipedia page for more info). This is useful information for those operating the sites you visit because it enables them to send you content that is specific to your browser. Specifically, if the site detects that you are visiting them using a mobile browser/device, it will send the mobile version of the site; if it sees a desktop browser or device, it sends the desktop version of the site.

However, with HTML5 and CSS3 in specific, websites no longer need to have multiple versions for different browsers, they can use “media selectors” to have the site render correctly instead.

The remaining use of the user agent string is being reduced to just fingerprinting you so that you can be uniquely identified based on what your browser tells the site it is and is capable of using a technique called browser fingerprinting. So even though you aren’t logged into the site, it knows it is you before you told it that it is you. Obviously, we are not a fan of this kind of thing. No-one should be forced to identify or legitimize themselves unless out of their own volition.

Enter Random Agent Spoofer, a tool that is part of the solution by changing the way your browser identifies to sites. It makes it super easy to select a particular browser and version you want to impersonate or you can set it up to change how it identifies every so often by itself. Once configured, there’s nothing you need to do.

Obviously, and similarly to other tools we highlight, this tool is not the one, single tool to use which will solve all your problems, but it adds to making it harder for sites to identify you as you visit them.
On top of that, Random Agent Spoofer gives you control over script injection, cookie behavior, headers sent to the site when you request it, etc… all making it harder for the site to figure out who you are (and make their efforts to do so, more frustrating and less accurate).

Check out the tool here. This tool is an open source tool currently hosted on GitHub, which means that you can look at the source code and figure out what exactly it is that it does, and how it does it – if that’s your thing (it is for us).

NOTE: we are entirely unaffiliated with whoever produces this tool, we receive no compensation whatsoever from them.

Tool in the spotlight: uMatrix

Tool in the Spotlight: Firefox extension – uMatrix.

uMatrix is a tool we love because it puts you back in control of where your browser will connect to when you visit a web page instead of handing that control over to whoever created the web page. Without it, your browser will just connect to and download everything and anything the page tells it to connect to or download. uMatrix gives you back the control to specify what you want your browser to connect to (and thus spend your bandwidth on) and what you don’t want your browser to connect to. The benefits of uMatrix are that it significantly enhances your security, privacy and greatly reduces your network usage (i.e. your browsing becomes faster since requests that are not made, are requests you don’t have to wait for).

By default, uMatrix works in a ‘relax block-all/allow-exceptionally mode’. What this means is that only ‘first party’ assets, namely those directly related to what you’re visiting, are allowed to be downloaded. Anything else that is attempted to be downloaded will be blocked.
In this mode, you’re really telling your browser to “go get this specific thing and make sure you get just that thing, don’t bother with anything else”. These ‘anything else’ could be third party scripts, trackers (like cookies, tracking pixels or any other analytics code), images, etc.

Sometimes this will break a web page that really does rely on these third parties, but you is easily fixed by the ‘allow-exceptionally’-part of this mode: the matrix lets you specify which types of assets (scripts, images, cookies, etc.) you are allowing to be downloaded from other places for this specific site. There is an excellent write-up here about how to do this.

NOTE: we are entirely unaffiliated with whoever produces this tool, we receive no compensation whatsoever from them.

Web-of-Trust add-on caught selling out its users

The Web-of-Trust (WoT) add-on for Firefox and/or Chrome has been removed from the add-on repositories for Firefox and Chrome. Some excellent sleuthing(*) by the Norddeutscher Rundfunk revealed that the WoT add-on was selling data which can uniquely identify its users to other parties, without ever asking for consent for this, let alone in a clear and proper way.

On top of this, WoT made claims about anonymizing the data but, as is almost always the case, the data was either not anonymized at all or the anonymization is useless and individual users can be deduced from the data. If the article is correct, then it appears that the latter is the case, that these claims appear to be unsubstantiated and grossly misleading, and that WoT is no different from other privacy-invaders.

This is just another example of the kind of limitations that you face when you try to enhance your privacy through browser add-ons or extensions: they see everything you see and it only takes a single, rogue add-on to compromise you, your privacy and your security. And while most of these tools are valuable and useful, you need a more comprehensive tool to secure you, your on-line safety and your privacy.

This is where IvyDNS comes in: it prevents connections to undesirable domains and it does it on a deeper, more fundamental networking level than browser add-ons. IvyDNS’ Artificial Intelligence contains comprehensive information about the purpose of domains and blocks access to those that are undesirable, whether that is because the domain is used in tracking you, serves malware, serves advertising, invades your privacy, etc.

IvyDNS is also built so that it does not ever receive the kind information that WoT is reselling. This is because IvyDNS receives only DNS requests: ‘What is the IP address for domain X’. It never receives information about which page you are requesting, or even which protocol you will be using to talk to that server. You could be asking for the IP address of a domain because you want to check your e-mail, you want to visit a web page on it, or there’s an app that pulls data from there, etc… IvyDNS does not ever see or receive the purpose of requests (nor requests made to non-IvyDNS servers).

The reason for this is simple. It is none of our business, and it would be wrong to pull ‘stunts’ as described in the linked articles. We built IvyDNS with these considerations in mind. It offers deep protection from top to bottom and it keeps you secure, undisturbed and as private as it can, while you are on-line!

You can read the original article on NDR.de (in German) about WoT selling out its users, and read about it over at The Register.

Tool in the spotlight: Youtube-dl

Tool in the Spotlight: youtube-dl, a command-line program to download videos from your favorite video site(s). It works on Linux, Windows and macOS.

This tool enables you to download (almost) any video from your favorite video site so you can watch it later or just keep a copy of it around. It has support for over 800 sites and that list is always growing. It has an extensive set of options you can give it, including proxy settings and, what’s very interesting for this kind of thing, geo-verification proxy settings that enables you to do location “correction” or spoofing.

You can get the source for the tool and instructions on how to install it or build it yourself on github here.

NOTE: we are entirely unaffiliated with whoever produces this tool, we receive no compensation whatsoever from them.

Tool in the spotlight: Decentraleyes

Tool in the Spotlight: Decentraleyes, a Firefox extension which performs local emulation of Content Delivery Networks (CDN): Websites have increasingly begun to rely much more on large third-parties for content delivery. Canceling requests for ads or trackers is usually without issue, however blocking actual content, not unexpectedly, breaks pages. The aim of this add-on is to cut-out the middleman by providing lightning speed delivery of local (bundled) files to improve online privacy.

Check out the tool here.

NOTE: we are entirely unaffiliated with whoever produces this tool, we receive no compensation whatsoever from them.

Tool in the spotlight: HTTPS Everywhere

Tool in the Spotlight: HTTPS Everywhere, a Firefox extension by the good folks at the Electronic Frontier Foundation (EFF) that encrypts your communications with many major websites, making your browsing more secure. It checks whether websites you visit offer encrypted browsing and if they do, automatically switches you to the encrypted version of the website.

Check out the tool’s website for download instructions.

NOTE: we are entirely unaffiliated with whoever produces this tool, we receive no compensation whatsoever from them.

Tool in the spotlight: Click&Clean

Tool in the Spotlight: Click&Clean, a Firefox extension that eliminates data related to your current browser session and which can be set up so that it automatically clears out any residual browsing data when you terminate your browser. This way, every time you start your browser, you start with a clean slate.

NOTE: we are entirely unaffiliated with whoever produces this tool, we receive no compensation whatsoever from them.