Decentraleyes is The Reason Why I Can’t Use a Browser That is Not Compatible with Firefox Add-ons or Chrome Extensions

Decentraleyes is The Reason Why I Can’t Use a Browser That is Not Compatible with Firefox Add-ons or Chrome Extensions

Decentraleyes is a Firefox add-on and Chrome extension that automatically intercepts Internet traffic’s content delivery networks (CDNs) and replaces their resources with equivalents available locally. According to creator Synzvato, it can be configured to block requests for any CDN resources that do not have local equivalents.

This functionality only is available as an add-on or extension, not natively within any browser and not as a userscript. This means any browser that is not Firefox, Chrome, or a fork or derivative of either currently cannot block CDN requests.

CDN providers include Google and Cloudflare. When Decentraleyes intercepts them, it prevents the CDNs from making your browser send requests that include the Referer and Do Not Track (DNT) which, when combined with IP address logging and browser fingerprinting, can be used to identify users.

Aside from Decentraleyes’ testing utility, you can test this by examining the Network developer tool. Using the testing utility page as an example, you can see that Decentraleyes has intercepted a request to Google Hosted Libraries that uses jQuery v2.1.4. Filter for jQuery in Network, and take a look at the calls.

The first, jquery.min.js, was internally redirected as the Status Code indicates. The Response Headers show that the request was sent to Decentraleyes, using its Chrome-extension location, where resource jquery.min.js.dec was gathered. The only information the request URL receives (if at all because it was redirected internally) is the user agent.

Decentraleyes - Testing Utility - Resource Internal Redirect

JQuery.min.js.dec does reveal that this resource was collected locally as the Request URL of the Chrome-extension location and the Status Code, specifying that it was done so from the disk cache, indicate. Once more, the only relevant Request Header is the user agent and that was sent to Decentraleyes, not Google Hosted Libraries.

Decentraleyes - Testing Utility - Resource Retrieved from Disk Cache

Deactivate Decentraleyes on the page, and the CDN is able to connect to the browser and request more information. You can see the encoding, the language, the DNT status, ad the user agent, of course. This is not particularly awful unless IP address logging and browser fingerprinting are used to try to identify the user.

Decentraleyes - Testing Utility - CDN Connection

With fingerprinting, the more individualistic the browser is, the easier it can be to identify the user. Look at it this way: changing the user agent to a less commonly used one actually is counterintuitive because this can stand out to advertisers. You basically want to hide in plain site to keep your data as private as possible.

You do not have to worry about this with Decentraleyes because the CDNs’ servers are not able to receive requests, meaning any information needed for identification is blocked or redirected. The necessary resources are retrieved locally rather remotely, which equates to an increase in page load times.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s