JShelter version history - 25 versions
JShelter by Libor Polčák
Be careful with old versions! These versions are displayed for testing and reference purposes.You should always use the latest version of an add-on.
Latest version
Version 0.19.1
Released Sep 13, 2024 - 440.07 KBWorks with firefox 79.0 and later, android 120.0 and laterImprove performance of FPD in temporary background scripts: Limit the amount of data that is stored to the permanent storage as well as the number of write operations without a real hit stemming from the need to recomupte the data.Source code released under GNU General Public License v3.0 only
Download Firefox and get the extensionYou'll need Firefox to use this extensionOlder versions
Version 0.19
Released Aug 20, 2024 - 440.15 KBWorks with firefox 79.0 and later, android 120.0 and laterUpdated NoScript Commons Library dependency to the mv3 branch.
Fixed UI popup failing to render when opened first time after long inactivitySource code released under GNU General Public License v3.0 only
Version 0.18.1
Released Jun 28, 2024 - 441.59 KBWorks with firefox 79.0 and later, android 120.0 and laterFix the scope where updateCount used by FPD is created (Pagure issue 141. Although the function was not visible to page scripts, page script could have define their own function with several consequences as JShelter would call the page script function:
FPD would not learn about the calls and consequently would not detect fingeprinting attempts by the page,
pop up would not show calls to the wrapped APIs,
the page would be able to detect that JShelter is being installed,
if the page would not expect that someone is calling its function it can have any undesired consequences.
The bug was present in JShelter since the introduction of FPD in 0.6 and all versions up to 0.18 are affected.Source code released under GNU General Public License v3.0 only
Version 0.18
Released Apr 19, 2024 - 436.66 KBWorks with firefox 79.0 and later, android 120.0 and laterMigrate to non-persistent background pages as a first step towards Manifest v3. Please report any unusual behaviour.Source code released under GNU General Public License v3.0 only
Version 0.17
Released Nov 3, 2023 - 447.3 KBWorks with firefox 78.0a1 and later, android 120.0 and later* Added support for built-in tweaks for specific domains. The goal is to list several domains that
break unnecessarily. Typically, an addition to the list should be well explained and must not
lower protection. A nice candidate is WebWorker and the protection of Strict (break) and Remove.
* Updated translations
* Improved FPD report based on user feedback:
* Do not refresh report automatically when tracking callers but introduce an update button so that
users refresh when convenient (prevent glitches in the interfaces)
* Add buttons to hide/show details and fold/unfold groups
* Do not show traces in bold to better differentiate between API names and traces.
* Add possibility to forget current traces. Useful when there is a fingerprinting script that activates after some action. The button allows the user to hide the traces triggered in the past and later load only new traces.
* Add support for signing for Android on AMO: https://blog.mozilla.org/addons/2023/10/05/changes-to-android-extension-signing/, so we needed to increase minimal supported versionSource code released under GNU General Public License v3.0 only
Version 0.16
Released Sep 27, 2023 - 427.93 KBWorks with firefox 68.0 and later* Remove Workers in Recommended JSS level to make JShelter compatible with some pages. This change might be reverted when [Pagure issue 80](https://pagure.io/JShelter/webextension/issue/80#comment-852202) is solved.
* FPD: Add possibility to learn the calling stack of functions that lead to the tracked APIs ([Pagure issue 52](https://pagure.io/JShelter/webextension/issue/52)). This information can be used to create block list or to study the calling code and its effects.
* FPD: Fix browser overloading by FPD messages by HTMLElement.prototype.offsetHeight and offsetWidth wrappers that might have crashed browsers.
* FPD: code cleanupSource code released under GNU General Public License v3.0 only
Version 0.15.2
Released Sep 21, 2023 - 425.35 KBWorks with firefox 68.0 and later* Fix window.name protection, do not clear the property in the first visited page see https://pagure.io/JShelter/webextension/issue/116#comment-875070 for more details. The fix affects all Chromium-based browsers and Firefox installs with the protection active (by default it is off in Firefox as Firefox contains the protection since Firefox 88). This fixes, for example, reCaptcha.
* options: Improve space distribution, see https://github.com/polcak/jsrestrictor/pull/204#issuecomment-1727519706Source code released under GNU General Public License v3.0 only
Version 0.15
Released Sep 13, 2023 - 425.23 KBWorks with firefox 68.0 and later* Update NSCL to uses built-in and faster function to compute sha256.
* Russian translation added.Source code released under GNU General Public License v3.0 only
Version 0.14
Released Aug 31, 2023 - 404.18 KBWorks with firefox 68.0 and later* Added support for internationalization, Czech translation added, see blog post for instrctions for translators
* All texts revisited, clarified, and fixed grammar and typos
* Improved performance of Canvas and Audio little-lies wrappers by executing in WebAssembly, there will be a separate blog post with additional explanations. See the bachelor thesis of Martin Zmitko for more details.
* Improved performance of FPD. See the bachelor thesis of Martin Zmitko for more details.
* Expand description of the wrappers applied when the user interacts with the tweak GUI (suggested by the Plain Text UX review)
* Make level names in main options section stable width
* NSCL updated:
Prevent dead object access on using backward/forward cache of the browser
Fixed property/function mismatchSource code released under GNU General Public License v3.0 only
Version 0.13
Released Jun 29, 2023 - 369.9 KBWorks with firefox 68.0 and laterImprove performance of the code injection. See the bachelor thesis of Martin Zmitko (https://www.vut.cz/en/students/final-thesis/detail/147218) for more details.
* The code is no longer generated in the background due to the latency of passing huge messages from
background to content scripts.
* Optimize injection code size (remove duplicate code).Source code released under GNU General Public License v3.0 only
Version 0.12.2
Released Jun 7, 2023 - 367.6 KBWorks with firefox 68.0 and later* Reimplement AudioBuffer.prototype.copyFromChannel to prevent multiple farbling of the same data
* Optimize performance of Canvas and Audio wrappers
* NSCL updated: JShelter benefits from the mechanism to prevent inconsistencies / breakages when the extension gets updated and therefore the old wrappers are invalidated by Firefox which nukes their sandbox and new ones are installed on extension's automatic restartSource code released under GNU General Public License v3.0 only
Version 0.12.1
Released Apr 19, 2023 - 367.32 KBWorks with firefox 68.0 and later* bugfix: Return the correctly created Worker object from the `Strict` wrapper.Source code released under GNU General Public License v3.0 only
Version 0.12
Released Apr 19, 2023 - 367.32 KBWorks with firefox 68.0 and later* Cope with the changes of reported plugins and supported MIME types in the HTML standard and
browsers: The purpose of the wrappers is solely to prevent fingerprinting. As browsers return the
same 5 plugins, browsers modyfing the array stand out, which makes them more fingerprintable.
Hence, JShelter does not modify the empty list or the list of five standard plugins.
Reconsider and rewrite Web Worker wrappers (pagure issue 80)
* `Strict` WebWorker policy intentionally breakes Web Workers
* New policy to `Remove` Web Workers used for `Turn fingerprinting protection off` and `Strict` level.
* `Medium` WebWorker policy renamed to `Low` as it only tackles a single issue with Workers.
See FAQ for more information on current Worker wrappers.
Note that the `Low` policy does not work as intended in Firefox and will be fixed in future.
However, it was broken in the same way before 0.12 and the other changes are worth distributing
among our users.Source code released under GNU General Public License v3.0 only
Version 0.11.4
Released Mar 29, 2023 - 369.38 KBWorks with firefox 68.0 and later* bugfix: allow tweaking all levels except L0 in the popup (pagure issue 89)
* bugfix: clarify and fix the description of changes to NBS in 0.11.3 (pagure issue 41)Source code released under GNU General Public License v3.0 only
Version 0.11.3
Released Mar 28, 2023 - 369.15 KBWorks with firefox 68.0 and later* bugfix: Remove race condition that reset default level to Recommended from custom levels. Unfortunately, affected users need to manually restore the default level as JShelter cannot distinguish affected users automatically.
* bugfix: Deactivate NBS in the presence of HTTP proxy in Firefox, see pagure issues #41 and #85 for more details.
* enhancement: Fix empty spaces to improve the look of the option pageSource code released under GNU General Public License v3.0 only
Version 0.11.2
Released Mar 24, 2023 - 368.03 KBWorks with firefox 68.0 and later* bugfix: chack domains property in advanced options (introduced in 0.10)
* bugfix: remove unused config.whitelistedHosts
* bugfix: Fix several typos in the text in options
* bugfix: Do not use hard-coded level in the advanced options validity checks of configuration
* feature: Add option to reset configuration to advanced options
* enhancement: Reimplement JSS configuration in option to improve understandability
* enhancement: Fix race conditions in displaying stored configuration after changes through options
* enhancement: Add undo to advanced options
* enhancement: Warn users from tweaking their settings dur to higher risks of reidentification via browser fingerprinting
* enhancement: Add button to cancel the addition of a new level, update the error texts
* website: little improvements and clarifications
Most of the changes were influenced by the Plain Text UX reviewSource code released under GNU General Public License v3.0 only
Version 0.11.1
Released May 18, 2022 - 366.93 KBWorks with firefox 68.0 and laterNBS: do not show notifications for hostnames resolving to undefined IP addresses as described in FAQ (broken in 0.11 that does not show notifications only for undefined IP addresses, but shows notifications for hostnames resolving to undefined IP addresses)Source code released under GNU General Public License v3.0 only
Version 0.11
Released May 13, 2022 - 366.87 KBWorks with firefox 68.0 and later* Reset `window.name` only on eTLD+1 changes
* Farbling: Use eTLD+1 instead of origin to generate hash
* FPD: Clear storage during navigation (prevent the page from storing the hash to a local storage
and loading the hash after page reload)
* FPD configuration: Decouple notification and behaviour settings. Let a user to optionally disable notifications without strict effect on behaviour
* Improve CSP of the extension pages, fix broken favicons in FPD report
* NBS: Block requests to undefined IP address (0.0.0.0 or [::]) but do not show notifications
* Fix extension initialization in permanent private mode
* options: Add external links to JShelter.org FAQ and threat model
* Add favicons to options pages
* Remove unused iconsSource code released under GNU General Public License v3.0 only
Version 0.10
Released Apr 29, 2022 - 344.62 KBWorks with firefox 68.0 and later* Add wrappers modifying calls detecting supported media types and installed codecs (Multimedia playback), github issue 66
* Add wrappers modifying `HTMLMediaElement.prototype.canPlayType` (Multimedia playback)
* Add wrappers disabling Network Information API inspired by Brave, github issue 66
* Add wrappers disabling Web NFC API, github issue 66
* Add wrappers for Cooperative Scheduling of Background Tasks API, github issue 66
* Add wrappers for User idle detection, github issue 66
* Add possibility to set NBS as passive (notify user but do not block), github issue 66
* Fix Web Audio wrappers (Pagure issue #16)
* FPD Report allows exporting data as JSON
* Modified FPD wrappers independent on JSS
* FPD can be configured as strict (more aggressive fingerprinting detection)
* Better storages removal through content script in the absence of browserData permissions by FPD
* Fix early loading of module configuration (FPD used to be disabled after first installation)
* FPD initialization reworked
* Add support for customizing settings for file:// scheme (Github issue #180)
* Improve config checker in advanced options
* Improved English, naming consistency, and some descriptions
* Apply Content-Security-Policy to webextension pages
* Fix some issues with invalid domains in advanced JavaScript Shield configuration (Pagure issue 45)Source code released under GNU General Public License v3.0 only
Version 0.9
Released Apr 6, 2022 - 334.18 KBWorks with firefox 68.0 and later* Firefox: deactivate window.name wrapper for Firefox; Firefox provides protection since 88 and
JShelter wrapper brakes pages
* Enable webworker wrappers by default, see the paper https://arxiv.org/abs/2204.01392, §4.3
* Tidy up popup UI and FPD report UI
* Show wrapper groups descriptions in options.htmlSource code released under GNU General Public License v3.0 only
Version 0.8.1
Released Mar 22, 2022 - 332.91 KBWorks with firefox 68.0 and later* Add "Turn fingerprinting protection off" level. As the AFPD shows the likelihood of fingerprinting, some users might be tempted to trade some performance gain for no protection against fingerprinting. See for example Github #179.
* Fix displaying empty FPD reportSource code released under GNU General Public License v3.0 only
Version 0.8
Released Mar 16, 2022 - 332.71 KBWorks with firefox 68.0 and later* Show fingerprinting likelihood in the popup and badge icon colour
* GPS wrapper reimplemented to use farbling (simulate a stationary device for per domain and
sessions), previously each page load generated a new position
* Reorganize canvas reading wrappers, all are in the same group
* Security review and hardening of the wrappers
* Do not change values depending on activated tweaks
* Remove obvious reversibility of the canvas farbling
* Unify wrapping between H-C and WEBGL
* Unify the wrappers in Strict and Farbling wrapping of WebGL parameters (some were farbled but not disabled on Strict)
* Farbling of WebGL parameters spread more wildly to hide the correct
number (that might have been revealed after several visits)
* WebGL: Farble renderer and vendor the same way as unmasked versions
* Remove possible dependencies between multiple wrapping groups using
randomString()
* Strict: Return empty UNMASKED VENDOR and RENDERER - Previosuly, these values depended
on the domainHash, that meant that the unique value could be used to uniquely fingerprint the device.
* Harden WEBA farbling
* Scramble the output of PRNG with domainHash to prevent guessing the
future PRNs
* Try to improve speed as possible but the wrapping is likely slower
than 0.7.x
* Github #125: Add option to disable NBS notifications, limit the number of notifications
* Fix Pagure #18 Optional permissions for AFPD - it is not necessary to give browsingData
* Allowlist options in NBS and FPD changed breaking backwards compatibility
* When optionally activated, wrap BigInt typed arrays the same way as other typed arraysSource code released under GNU General Public License v3.0 only
Version 0.7.1
Released Mar 5, 2022 - 317.8 KBWorks with firefox 68.0 and laterApply proper shielding for `navigator.plugins`Source code released under GNU General Public License v3.0 only
Version 0.7
Released Feb 24, 2022 - 317.71 KBWorks with firefox 68.0 and later* JavaScript Restrictor rebranded to JShelter.
* The extension officially consists of JavaScript Shield (originally called wrappers), NBS, and FPD.
Unified way to disable each component in the pop up. This should prevent users from disabling NBS
thinking they disabled JSS.
* New UI to create and tweak JavaScript Shield levels.
* Pop up redesigned. Try not to confuse the user about global/per-page settings.
* It is possible to create per-domain JavaScript Shield tweaks, i.e. enable or disable specific
group of wrappers for certain domain only without the necessity to create a new level.
* The wrapping strength is defined by the user with a range input.
* The badge icon does not show level ID anymore. JShelter shows the number of wrapping groups
accessed by the current page. Report the number of calls for wrapped APIs in the pop up.
* Level 1 removed as it was not properly maintained.
* Timestamp protection in level 2 increased to match level 3.
* XHR wrappings and (sharred) array buffers not wrapped anymore as XHR is superseded by FPD and
array buffers break other APIs.
* New experimental level added that is based on original level 3.
* Better and much longer description of built-in levels.
* Added support for device rotation. Accelerometer, LinearAccelerationSensor, GravitySensor, and Magnetometer now adjust the gravity vector by the rotation matrix.
* AmbientLightSensor, Gyroscope, AbsoluteOrientationSensor, and RelativeOrientationSensor wrappers added.
* Accessibility improvements in pop up.
* New colour scheme based on the logo and JShelter.org web site for both light and dark theme.
* Load FPD settings from advanced options correctly.
* Some inconsistences in update mechanism of hardware and enumerateDevices found and fixed.
* Level settings are not backward-comptible, backup 0.6.x configuration if you plan to downgrade.Source code released under GNU General Public License v3.0 only
Version 0.6.4
Released Feb 3, 2022 - 298 KBWorks with firefox 68.0 and laterFix wrapping of navigator.plugins in Firefox. This regression appeared in 0.6 in the generated code resticted by apply_if condition.Source code released under GNU General Public License v3.0 only