JShelter
JavaScript Shield
JavaScript Shield modifies the behaviour of the JavaScript environment availble for the visited webpage. JShelter provides fake information to confuse fingerprinters or make webpage triggered attacks impossible or harder.
JavaScript Shield internally consists of wrappers, small pieces of code that modify the original behaviour of a JavaScript API (a function or a property) defined by standards. The behaviour of the most of the wrappers can be divided into several categories:
Precision reduction: The original value is too precise and it is not necessary for most use cases. JavaScript Shield modifies the values so that typical and benign use cases are not affected.
Provide fake information: Some wrappers provide fake information mostly to confuse fingerprinters. For example, canvas wrappers modifify the image so that the same instructions produce different result in each session and for each domain.
Hide information: Some APIs provide information that is not generally needed and can be hidden from most of the pages. Depending on the API, JavaScript Shield might return an error, an empty value, or block the API completely.
See our blog post for more information on browser fingerprinting counter-measures and farbling.
Network Boundary Shield prevents web pages to use the browser as a proxy between local network and the public Internet. See our blog post and Force Point report for examples of attacks handled by the Network Boundary Shield. The protection encapsulates the WebRequest API, so it captures all outgoing requests.
Generally, you want Network Boundary Shield to block all suspicious requests. However, some pages can be broken, because they require interaction between public Internet and local network, for example, some Intranet information systems might be broken by the Network Boundary Shield. JShelter users also reported increased number of false positives when using DNS-based filtering programs. If you use one, make sure that DNS returns 0.0.0.0 for the blocked domains.
Network Boundary Shield default behavior can be globally adjusted by the settings below. Network Boundary Shield can also be completely disabled on a per-domain basis using the whitelist. Domains can be whitelisted via Network Boundary Shield switch in the popup window or manually via Manage whitelist option. Keep in mind that whitelisting a domain will also whitelist its subdomains. To selectively deactivate the Network Boundary Shield, insert the domains to the whitelist (excluding "www", but including all other domains e.g. ".com").
Fingerprint Detector provides a mechanism that informs users about fingerprinting activity on visited web pages. The detector also prevents web pages from extracting browser fingerprint, if a user chooses to do so. See our blog post or Browser Fingerprinting: A survey for a closer description of browser fingerprinting.
By enabling the detector, you will be notified whenever it detects fingerprinting behavior on a visited web page. The detector measure severity of potential fingerprint with each page visit. Then, it assigns a likelihood of fingerprinting to the page according to our heuristic system. The likelihood is presented to you by badge color of JShelter icon and also in popup window. If a high likelihood of fingerprinting occurs, you will be notified by a separate notification. It's possible to show details about the fingerprint by generating a fingerprint report. You can access it via popup window or by clicking directly on the notification.
The default behavior of Fingerprint Detector can be adjusted to your liking. You can choose "blocking" behavior, which works as a countermeasure against leaking your fingerprint to unwanted parties. In this case, every positive detection is followed by blocking all subsequent HTTP requests and cleaning browser storage. Take into account that this action will probably result in a broken web page and we strongly recommend to use a whitelist for trusted domains. Switching off the detector for a domain in the popup window will add the domain to the whitelist. This domain won't be evaluated or blocked in the future. You can manage all the whitelisted domains below.