ScriptSafe for Chrome update brings Fingerprint Protecting
ScriptSafe is a popular Google Chrome extension that works in many regards similar to the popular NoScript extension for the Firefox web browser.
The extension is as feature-rich as it gets, listing a massive list of features on its options page.
Apart from blocking certain elements such as script, object or iframe tags by default, it is making use of several blocklists to block unwanted content including ads.
ScriptSafe
A click on the extension icon displays options to control first and third-party resources of the active page. The extension differentiates between allowing and trusting on the positive side, and denying and distrusting on the negative side.
The core difference between allow and trust, and deny and distrust is that the first whitelists or blocks the current domain, while the second the entire domain (meaning all subdomains as well).
ScriptSafe ships with a large set of privacy related settings and options. The anti-fingerprinting functionality improves those further.
ScriptSafe Fingerprint Protecting
Fingerprinting protection is disabled by default as it may break some sites as the technologies can be used for legitimate purposes as well.
The following options are provided:
- Canvas Fingerprint Protection (disabled, blank readout, random readout, completely block readout).
- Block Audio fingerprinting.
- Block WebGL fingerprinting.
- Block Battery fingerprinting.
- Block Device enumeration.
- Block Gamepad enumeration.
- Block Canvas Font access.
- Reduce Keyboard fingerprinting.
Most options are self-explanatory, and one way around potential compatibility issues is to add sites to the whitelist that require these features.
The extension's blocking of elements and blocklist improves that further. This impacts the ability to run fingerprint tests on the other hand.
ScriptSafe Privacy options
Fingerprint Protection improves privacy, and so do the privacy settings provided by the extension. Only some are enabled by default, and it is a good idea to go through the list right after installation to make sure everything is set correctly.
ScriptSafe offers the following privacy related preferences:
- Block unwanted content: this loads various blocklists and uses them to block ad or malware domains.
- Block unwanted cookies:Â blocks cookies from sites on those lists.
- Unwanted content mode: defines whether whitelisted sites that are on blocklists will be blocked. Default is set to allow access.
- Antisocial Mode: the mode disables or removes social widgets even when whitelisted.
- WebRTC Protection: Protect Local IP and / or Public IP.
- Remove Webbugs: This removes invisible third-party elements that may be used to track you.
- Block Click-Through Referrer: block/allow the referrer when you click on links.
- User-Agent Spoof: use a different user-agent. Default is off.
- Referrer Spoof: Use a custom referrer.
Verdict
ScriptSafe is a powerful privacy and security extension for Google Chrome. The question that you may have is whether it is needed if you run a script blocker already in Chrome. The answer depends on whether you want to protect yourself against fingerprinting.
using a privacy extension in the most privacy invasive browser from a company known for data collection and tracking i find very amusing.
Canvas Fingerprint Protection (disabled, blank readout, random readout, completely block readout).
Block Audio fingerprinting.
Block WebGL fingerprinting.
Block Battery fingerprinting.
Block Device enumeration.
Block Gamepad enumeration.
Block Canvas Font access.
Reduce Keyboard fingerprinting.
Everything except to fakout canvas api to is already excluded in Chromium. And this since 1 year (without hype).
Antisocial mode and webbugs are very useful. I use a PAC file to block google, amazon and facebook connections while I browse Soundcloud. Without my own PAC file, Soundcloud can be a real hog. A Hint: Use tcpview by sysinternals to see the differences before and after applying such privacy measures.