Decentraleyes for Firefox loads CDN resources locally
You can learn a lot about a site when you monitor its network connections when you connect your browser to it.
You may see connections to third-party sites, ads, web analytics scripts and a lot more just from that.
A common practice is to use popular JavaScript libraries or frameworks like jQuery or Ember. Sites may load locally hosted versions of those, or versions hosted by public content deliver networks (CDN) such as those by Google, Microsoft or Cloudflare.
These resources are often essential for a site's functionality, and blocking them may break part or all of a site.
There are two concerns that Internet users may have when it comes to the use of these content delivery networks: privacy and speed.
Speed is easier to explain. While it is often faster to use a CDN for resources than a locally hosted version on the site's server itself, it still means having to make a connection to the CDN in first place. That's not as fast as making these resources available locally on the user's computer.
Privacy, because connections to these sites are made, and these sites may drop cookies on your local system. They may also record your Internet activity since you connect to them using a web browser, and get information out of those connections such as your operating system, the web browser you are using, your IP address or location in the world.
Decentraleyes for Firefox takes care of both of those, at least for selected content delivery networks and resources.
- Supported CDNs: Google Hosted Libraries, Microsoft Ajax CDN, CDNJS (Cloudflare), jQuery CDN (MaxCDN), jsDelivr (MaxCDN), Yandex CDN, Baidu CDN, Sina Public Resources and UpYun Libraries.
- Resources that come bundled with the extension: AngularJS, Backbone.js, Dojo, Ember.js, Ext Core, jQuery, Modernizr, MooTools, Prototype, Scriptaculous, SWFObject, Underscore.js and Web Font Loader.
The extension blocks connections to these content delivery networks by replacing the requests with resources loaded locally.
This takes care of both issues. Locally loaded resources are always faster than remotely loaded resources, even if a powerful fast network makes them available on the Internet, and since connections are not made anymore to these networks, there is no privacy impact as well.
Decentraleyes is a new extension, and I wish it would do more than what it is offering right now. First, it is difficult to tell whether a resource was replaced or not. It would be great if this would be highlighted in form of a log or even an icon that highlights the number of resources replaced with local resources.
Second, it works only if supported resources are loaded. There are however a multitude more resources that may get loaded from content delivery networks. An option to add your own replacements would be useful.
Third, it should not necessary limit its functionality to CDNs. Sites may load these resources from their server, and while you won't get any privacy improvements blocking it and replacing it with a local one, you may get loading speed improvements.
Closing Words
Decentraleyes is a good extension that introduces something that nothing else offered before. It could become a great extension if its author would improve it further. (thanks Tom)
Fantastic tool, which has already been ported to WebExtensions!
Hello.
Thanks for the article. I would like to ask about “Decentraleyes” using with “uBlock Origin” and “NoScript v10”. On the github/faq website (see 1.) there is an information for “uBlock Origin” (non-easy mode) users about adding some rules with ‘noop’ option etc.
However, there is also: “In doubt? Ignore this guide.” And I’m a little confused: should I add mentioned rules or it’s okay to not do it – add anything and leave it as-is?
Test on ‘decentraleyes.org/test’ website only works when:
a) “No Script” is disabled (or website is ‘Temp. TRUSTED”?)
b) above rules are added to the “uBlock Origin”
With above points, there is an information/number – let say 6. – of locally delivered CDN etc. Normally, above number is not changing at all, on any websites, that I visit.
What should I do?
Thanks.
_________
1. https://github.com/Synzvato/decentraleyes/wiki/Frequently-Asked-Questions
Yeah No Script must add Decentraleyes + Ajax.Googleapis to the Permanent Trusted list for functionality tests to have success/Decentraleyes to function properly.
Dont know how it works as I would hate to add Googleapis to the trusted list at 1st instance.
I use Decentraleyes with Noscript. I think it’s a good idea, though I’m uncertain of the recommended blanket whitelist to all these CDNs globally even though they are stored locally. Wouldn’t malicious code from certain websites utilise these libraries as well?
I’m used to selectively choosing which CDN websites in Noscript to allow access to depending on the the website I am on. Personally I feel more comfortable blocking all CDNs by default and letting them through on a case to case basis for decentraleyes to deal with when they are actually needed for your website viewing requirements.
For the Privoxy users a version is available at: https://www.prxbx.com/forums/showthread.php?tid=2287
Is there a Chrome extension that does the same thing? I run this in Firefox but would really like to have the same functionality in Chrome as well.
I knew I had seen the concept before, but couldn’t remember the add-on’s name… thanks. Looks like this ‘Local Load’ is a bit forgotten.
> “Decentraleyes is a good extension that introduces something that nothing else offered before.”
I’m not certain how this addon works but it sounds very similar to what Local Load does:
https://addons.mozilla.org/addon/local-load/
Local Load is quite different in the sense that it looks for specific “data-replacement” attributes in on a given page. So, when installed, it does allow you to load local resources, but only for pages that you (or someone else) prepared specifically. It does not prevent arbitrary websites from referring you to Content Delivery Networks.
So basically, Decentraleyes is a completely different tool altogether. Also, it seems that Local Load is no longer under active development which means no new library versions were added since early 2013.
Good and useful idea.
1) How does it handle different version of libraries?
2) How does it get (and update) the local libraries in the first place?
It probably has them included within the plugin, and updating will be by the plugin updating probably.
As for different versions… I take it that versions are distinct via the CDN links provided in pages, that it can select a local version.
True on both remarks, John. The database included in the add-on is very specific as for the version of each and every resources it includes. No messing up possible.
I tried similar addon few years ago, but it had a constant problems. Since different websites use different or specifically modified versions of the same script, some websites did not worked properly.
Decentraleyes only replaces resources from supported delivery networks. So the add-on effectively ensures that the behavior of an injected local copy is identical to that of the script that was originally requested.
Thank Martin for this, I used a local proxy to redirect some jqueries to local versions. But I don’t have time to maintain that myself, so I hope the author of this keep up to date with new versions.
I also have a suggest for the author if he’s still reading this page. Maybe you could implement a heuristic method to automatically cache common assets. This would eliminate of having to do the caching yourself.
Whilst not as simple as this, NoScript surrogates can be used to access local versions of some libraries. https://forums.informaction.com/viewtopic.php?f=10&t=19598
This add-on is redundant if you already have uBlock Origin?
Not at all redundant, Helios88 : uBlock Origin and Decentraleyes don’t perform the same thing.
uBlock Origin blocks/allows traffic, Decentraleyes redirects CDN resources to your Firefox profile for the resources it handles, included in the add-on (approx. 8MB).
uBlock Origin blocks requests to those servers, but that works only if this is not needed for core functionality.
Martin,
Thanks for this review.
Q:
is there any quantitative measurement
ref the speedup of page loading?
Any specific web page examples,
ie: “with and without” this addon?
(if the load speed is only a “fraction of a second”,
that’s imperceptible to a human observer loading a web page,
and this addon would not really make any difference).
Well it depends but I would not say that you get a noticeable improvement out of it unless downloads from these CDN servers are slow, for instance if your Internet connection is maxed out or slow.
Awesome, I’ve been wondering for a very long time why there’s no such addon. Thanks!
I wasn’t aware of such an add-on and to me the concept looks very very interesting and promising.
I’m gonna give this a try as soon as I can.
Thank you very much, Martin, for providing us nice information, as always.
Keep up the great work !
A most interesting add-on. For those who run the ‘uBlock Origin’ add-on as well, I’ve checked that Decentraleyes is “under the authority” so to say of uBlock : even calling data as it is locally, Decentraleyes will not do so if that data is blocked in any way by uBlock. It may be obvious for techies but not being one I had to check myself.
Martin, thanks for reviewing this add-on. Also, you write, “it is difficult to tell whether a resource was replaced or not” : not that difficult. As the developer mentions it on his AOM page, “There’s a testing tool, but you can also use Firefox’s built-in network monitor to view all requests made in the course of loading a page. Lastly, by default, Decentraleyes marks locally fetched resources by prepending comments to them.” … and if you run uBlock, just have a look at its Logger and open the resource locally.
I’m really fond of this add-on. Of course it can and will be improved but it’s already quite nice.
Tom, what I meant by this is that I’d like a “on first glance” indicator that a resource was replaced by a local one.
I agree, Martin. In the same way as adblockers for instance. That would be a welcomed enhancement.