JShelter

JavaScript shield

JavaScript Shield modifies the behaviour of the JavaScript environment availble for the visited webpage. JShelter provides fake information to confuse fingerprinters or make webpage triggered attacks impossible or harder.

JavaScript Shield internally consists of wrappers, small pieces of code that modify the original behaviour of a JavaScript API (a function or a property) defined by standards. The behaviour of the most of the wrappers can be divided into several categories:

Precision reduction: The original value is too precise and it is not necessary for most use cases. JavaScript Shield modifies the values so that typical and benign use cases are not affected.
Provide fake information: Some wrappers provide fake information mostly to confuse fingerprinters. For example, canvas wrappers modifify the image so that the same instructions produce different result in each session and for each domain.
Hide information: Some APIs provide information that is not generally needed and can be hidden from most of the pages. Depending on the API, JavaScript Shield might return an error, an empty value, or block the API completely.

See our blog post for more information on browser fingerprinting counter-measures and farbling.

Network boundary shield

Network boundary shield prevents web pages to use the browser as a proxy between local network and the public Internet. See our blog post and Force Point report for examples of attacks handled by the Network Boundary Shield. The protection encapsulates the WebRequest API, so it captures all outgoing requests.

Generally, you want Network boundary shield protection active, however, some pages can be broken, because they require interaction between public Internet and local network, for example, some Intranet information systems might be broken by the Network boundary shield. JShelter users also reported increased number of false positives when using DNS-based filtering programs. If you use one, make sure that DNS returns 0.0.0.0 for the blocked domains.

You can disable the Network boundary shield by adding the domain (e.g. example.com) to the list below. The domains and all their subdomains listed bellow are not blocked by the Network boundary shield. To selectively deactivate the Network boundary shield, insert the domains to the list (excluding "www", but including all other domains eg. ".com"). We generally do not recommend disabling the Network boundary shield for domains from the public Internet.

Network boundary shield:

Please note, that these domain names are checked with domain hierarchy, so whitelisting example.com does also whitelist news.example.com.

Fingerprinting detector

Fingerprinting detection prevents web pages to extract fingerprint of your browser using JavaScript properties. See our blog post or Browser Fingerprinting: A survey for a closer description of browser fingerprinting.

For now, fingerprinting detector is turned off by default. By enabling it, you will be notified whenever JShelter detects fingerprinting behaviour on visited web page. As a countermeasure against leaking your fingerprint to unwanted parties, every detection is followed by blocking all subsequent HTTP requests and cleaning browser storage. Take into account that this action will probably result in a broken web page and we strongly recommend to use whitelist for trusted domains. You can do so via pop-up menu of the extension or explicitly add domains to the list below.

Fingerprinting detector:

Please note, that these domain names are checked with domain hierarchy, so whitelisting example.com does also whitelist news.example.com.