Author Topic: Anyone using JShelter here?  (Read 6945 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Anyone using JShelter here?
« on: April 22, 2022, 10:28:33 AM »
An extension that works additionally next to either NoScript and/or uMatrix.
See: https://jshelter.org/
Read: https://news.ycombinator.com/item?id=28736113

Somehow with this additional protection installed in the browser one cannot log on to many an account.  :(
Someone here on the forums has experience with this additional protection extension/add-on?  :P

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Anyone using JShelter here?
« Reply #1 on: April 22, 2022, 11:36:14 AM »
Hi, for the interested ones: https://arxiv.org/pdf/2204.01392.pdf
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Anyone using JShelter here?
« Reply #2 on: April 24, 2022, 03:10:18 PM »
Hi Asyn,

JShelter is still in their early stages of development. When active as an extension next to uMatrix I cannot log on to the forums here.

On the other hand avast does a lot of tracking all sorts, see: https://whotracks.me/websites/avast.com.html

According to Whotracks.me 28% of content on avast dot com is being used for various tracking purposes. That's a lot with 35 trackers for avast's as 6,8 per website is average.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Anyone using JShelter here?
« Reply #3 on: April 24, 2022, 03:48:14 PM »
Hi Asyn, JShelter is still in their early stages of development.
Hi Damian, correct - I might try/test it later on...
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Anyone using JShelter here?
« Reply #4 on: April 24, 2022, 05:00:31 PM »
<snip>
On the other hand avast does a lot of tracking all sorts, see: https://whotracks.me/websites/avast.com.html

According to Whotracks.me 28% of content on avast dot com is being used for various tracking purposes. That's a lot with 35 trackers for avast's as 6,8 per website is average.

polonus

That I find strange,
I have uBlock Origin, uMatrix, Disconnect, Privacy Badger and DuckDuckGo Privacy essentials and all I see in the way of blocking is google-analytics.com as I haven't allowed that in any of the above. 

I guess that whotracks.me doesn't use any blockers of any kind, to gage the tracker activity for avast.com and not specifically for forum.avast.com.

But even if I disable the previously mentioned add-ons above for avast.com I don't see a whole lot of trackers listed and even then I think some of those would be related to European GDPR privacy related to opt out, etc.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Anyone using JShelter here?
« Reply #5 on: April 24, 2022, 07:08:03 PM »
Hi DavidR,

I also was astonished with the mentioned 35 trackers -whotracks.me reported for avast dot com:
Essential Onetrust & Google
Cdn also Google
Advertising Google, Facebook, Appnexus inc, The Tradedesk;
Site analytics Conversant, Exponential interactive, Akamai techn., Hotjar, Verizon, Onesoon, Segment, Pingdom, Sentry, Pardot;
Social media Microsoft & Twitter;
Customer Interaction Trustpilot.

While for forum.avast.com Epic Umbrella extension mentioned that only avast dot com and forum dot avast com, [ffoo::] (multicast address) and google-analytics are  being pinged from our forums domain.
Only google-analytics being blocked inside my browser.  Page NOT indexable.

The above was found while siting behind a a Digital Ocean encrypted proxy from London, UK.

I did not see any of this running a sniffer on the wire of my connection either,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Anyone using JShelter here?
« Reply #6 on: April 24, 2022, 07:21:48 PM »
That I find strange,
I have uBlock Origin, uMatrix, Disconnect, Privacy Badger and DuckDuckGo Privacy essentials and all I see in the way of blocking is google-analytics.com as I haven't allowed that in any of the above. 

I guess that whotracks.me doesn't use any blockers of any kind, to gage the tracker activity for avast.com and not specifically for forum.avast.com.

But even if I disable the previously mentioned add-ons above for avast.com I don't see a whole lot of trackers listed and even then I think some of those would be related to European GDPR privacy related to opt out, etc.
Well, I usually don't comment on OT stuff, but Dave is certainly right that 35 trackers on avast.com is false/nonsense.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Anyone using JShelter here?
« Reply #7 on: April 24, 2022, 07:25:36 PM »
The above was found while siting behind a a Digital Ocean encrypted proxy from London, UK.
I strongly suggest to get rid of the proxy, it's propably doing more harm than good. Get a decent VPN (if needed).
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Anyone using JShelter here?
« Reply #8 on: April 24, 2022, 10:21:15 PM »
Hi Asyn,

You may have a point there, considering: https://whotracks.me/websites/digitalocean.com.html
I will disable it henceon. The proof of the puding is in the tasting. Scan, check and knowledge gained.  ;)

Damian

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Anyone using JShelter here?
« Reply #9 on: April 25, 2022, 05:00:59 PM »
Checked this developer cloud website - DigitalOcean - in another browser and found that Tracker SSL warns for tracking by trackers not protecting from NSA snooping are:
At least 9 third parties know you are on this webpage.

-assets.digitalocean.com assets.digitalocean.com
 -www.digitalocean.com
 -www-static.cdn.prismic.io
 -Google
 -prismic-io.s3.amazonaws.com
 -cdn.segment.com
 -www.googletagmanager.com
 -Optimizely
 -shaaaaaaaaaaaaa.com

Website with 22% of ads being blocked and 11% of tracking blocked. uMatrix blocks 2 e.g. -optimizely.com and -cdn.segment.com

ClearURLs re-wrote 115 scripts

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Anyone using JShelter here?
« Reply #10 on: April 25, 2022, 09:45:47 PM »
Hi Damian,

Now you have dropped the Digital Ocean encrypted proxy, it might be worth checking whotracks.me and see what you get for avast.com now :)
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Anyone using JShelter here?
« Reply #11 on: April 25, 2022, 11:45:24 PM »
Hi DavidR,

That is -googletaskmanager, -s.go-impulse.net, t.av.st, -widget.trustpilot.com and -static3.avast.com.
-go-impulse.net is being blocked for me. Host has one vulnerability.

Scripts according to Quick Source Viewer:
Quote
HTML
-www.avast.com/nl-nl/index#pc
144,080 bytes, 1704 nodes

Javascript 19   (external 11, inline 8)
-www.googletagmanager.com/​gtm.js?id=GTM-PZ48F8
-cdn.cookielaw.org/consent/b680e9a8-3d45-4e4a-998f-7d05f89e4486/​OtAutoBlock.js
INLINE: /* * This entire block is wrapped in an IIFE to prevent polluting the scope of
631,361 bytes

-cdn.cookielaw.org/scripttemplates/​otSDKStub.js
-static3.avast.com/10002315/web/j/vendor/​one-trust.js
INLINE: /*! Declare GTM dataLayer */ window.dataLayer = window.dataLayer || [];
630 bytes

INLINE: const gpcValue = navigator.globalPrivacyControl; if (gpcValue) { dataLay
119 bytes

INLINE: (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),
396 bytes

-cdn.polyfill.io/v2/​polyfill.min.js
INLINE: document.documentElement.className = document.documentElement.className.repl
101 bytes

INLINE: (window.BOOMR_mq=window.BOOMR_mq||[]).push(["addVar",{"rua.upush":"false","rua.c
366 bytes

INLINE: !function(a){var e="-https://s.go-mpulse.net/boomerang/",t="addEventListener";if(
3,032 bytes

INLINE: window.avastGlobals = window.avastGlobals || {}; window.avastGlobals.web = { d
1,528 bytes

-static3.avast.com/10002315/web/j/v2/vendor/​cash.js
-static3.avast.com/10002315/web/j/v2/​avast.js
-static3.avast.com/10002315/web/j/v2/vendor/​bootstrap-native.js
-static3.avast.com/10002315/web/j/v2/pages/​index.js
-static3.avast.com/10002315/web/j/v2/components/​cmp-oops.js
-static3.avast.com/10002315/web/j/v2/components/​cmp-trustpilot.js
CSS 8   (external 2, inline 6)
INLINE: :root .desktop.ad {display:none !important;}
44 bytes INJECTED

INLINE: iframe[src="-https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/in
275 bytes INJECTED

-static3.avast.com/10002315/web/c/v2/​index.css
INJECTED

-static3.avast.com/10002315/web/c/v2/avast/local/nl-nl/​local.css
INJECTED

INLINE: -a.gootranslink:link {color: #0000FF !important; text-decoration: underline !impo
2,944 bytes INJECTED

INLINE: /* cyrillic-ext */ @font-face { font-family: 'Montserrat'; font-style: norma
11,618 bytes INJECTED

INLINE: .BDTLL_status { cursor: pointer; display: inline; margin-right: 3px;
595 bytes INJECTED

INLINE: .BDTLL_icon_ok { background-image: url(data:image/png;base64,iVBORw0KGgoAAAA
31,830 bytes INJECTED

JSON 1   (external 0, inline 1)
INLINE: { "@context" : "-http://schema.org", "@type" : "Organization", "name" : "Ava
808 bytes

Others 1   (external 1, inline 0)
-resources.digital-cloud.medallia.eu/wdceu/82320/onsite/​embed.js

That's all I can see now.

polonus
« Last Edit: April 25, 2022, 11:48:16 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Anyone using JShelter here?
« Reply #12 on: April 26, 2022, 12:45:41 AM »
Strange much less than the initial 35 first reported :)

When I check a 'Live Connection' to avast.com in my browser even with all my AdBlockers/Tracker add-ons disabled, it is much more reasonable than the fearful 35.

I think my experience would be very much the same for many people with add-blockers, etc.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Anyone using JShelter here?
« Reply #13 on: April 26, 2022, 11:22:55 AM »
Hi DavidR,

Could well mean exaggeration on behalf of -whotracks.me.
But a digital ocean proxy would not be free if it was not into user tracking,
and selling data to the highest bidder.

What I see is that with uMatrix and JShelter extensions both active I cannot log-on to forum.avast.com,
because I get a continuing error in the matrix.

Therefore I guess JShelter is still in it's  development phase,
and not yet ready to be used by the many
(also it must have a special young category of 5 maintenance developers).

But without such experiments, one should never be the wiser, isn't it.
Big Tech will just defend it's own interests and a lot of tracking and monitoring would go well under the radar and will stay unknown to many an end-user.
You cannot worry all day long in the line of "You should not use Google, because it rids you of almost all of your digital data. Or for instance you cannot be on debian, because you will support Russian Orks (after Tolkien's Orcs)". In other words. One then should be sitting idle all day. But have an open mind and you will learn new facts all of the time. That is why I came to these here forums in the first place. (Thanks to avast forums).

For instance the trustpilot widget mentioned earlier by me one  is not prefetched, not crawlable by bots, not indexable with only links being followed. This one will kick up errors from cloudfront in need of another "x-amz-cf-id" for it's tag. Complicated? Yep, but this all goes on under the hood of your browser from
-https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/in  (not being blocked).
Fails to load:
Quote
Failed to load resource: the server responded with a status of 403 ()
SyncMessage.js:240 [Deprecation] Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check -https://xhr.spec.whatwg.org/.
browser.runtime.sendSyncMessage @ SyncMessage.js:240
SyncMessage.js:241 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
browser.runtime.sendSyncMessage @ SyncMessage.js:241
SyncMessage.js:255 syncMessage error in
-https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/in: Failed to execute 'send' on 'XMLHttpRequest': Failed to load '-https://[ff00::]/nscl/chrome-extension://ammoloihpcbognfddfjcljgembpibcmb/syncMessage?id=c58101d807.27b8%2Chttps%3A%2F%2Fwidget.trustpilot.com%2Ftrustboxes%2F53aa8807dec7e10d38f59f32%2Fin&url=https%3A%2F%2Fwidget.trustpilot.com%2Ftrustboxes%2F53aa8807dec7e10d38f59f32%2Fin&top=true&msg=%7B%22message%22%3A%22get%20wrapping%20for%20URL%22%2C%22url%22%3A%22
-https%3A%2F%2Fwidget.trustpilot.com%2Ftrustboxes%2F53aa8807dec7e10d38f59f32%2Fin%22%7D'. (response )
browser.runtime.sendSyncMessage @ SyncMessage.js:255
document_start.js:28 Uncaught TypeError: Cannot destructure property 'currentLevel' of 'undefined' as it is undefined.
    at configureInjection (document_start.js:28)
    at document_start.js:80
VM55:81 audioblocktrue
VM55:130 canvasfont = true
in:1 Unchecked runtime.lastError: Could not establish connection. Receiving end does not exist.
dD.js:1467
(unknown) Settings loaded...
intercept.js:1 Filter Running...
/favicon.ico:1 Failed to load resource: the server responded with a status of 403 ()
in:1 Unchecked runtime.lastError: The message port closed before a response was received.
DevTools failed to load SourceMap: Could not load content for chrome-extension://gegfpbhjnhegdnjdkghhnneaocdbbhjp/firefox/browser-polyfill.min.js.map:
HTTP error: status code 404, net::ERR_UNKNOWN_URL_SCHEME
in:1 Failed to load resource: the server responded with a status of 403 ()
That is why avast uses polyfill to adopt to all sorts of browsers.

Damian a.k.a. polonus
« Last Edit: April 26, 2022, 11:48:29 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Anyone using JShelter here?
« Reply #14 on: April 26, 2022, 05:49:07 PM »
Thanks for taking the time to expand on this and the information on JShelter. 

I guess it is still a little early to jump under that particular shelter just yet.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security