v1.0.7.16 BETA 2 - Help Test!

[andryou]

What's changed from v1.0.7.16 Beta 1 to aid in beta testing:

• Added Remove Possible Hash Tracking - remove possible tracking tokens passed using hash, where there is an attribute and value (e.g. #xtor=RSS-1) (disabled by default)
• Added Block Client Rectangles - prevent fingerprinting through calculating element rectangles. May interfere with some dropdowns. (disabled by default)
• Update Remove Google Analytics (UTM) Tracking to also sanitize URLs using the hash method
• Revamped Update and Options pages
• Incorporated feedback from Beta 1 testing (mainly notes and warnings on the options page about the various Fingerprinting options)
• Address ScriptSafe Panel not opening completely on Mac OS X

What's changed from v1.0.7.15 to aid in beta testing:

• Added Spoof Timezone - spoof or randomize your timezone; useful if you use VPN (disabled by default)
• Added Remove Google Analytics (UTM) Tracking option (under Privacy Settings) - remove Google Analytics (UTM) tracking tokens before they're actually passed to the server (disabled by default)
• Added option under User-Agent Spoof to apply spoofing to whitelisted domains as well (default behavior: bypass spoofing on whitelisted domains to avoid issues)
• Anti-Fingerprinting code consolidation (this means all fingerprinting options should also be tested)

Instructions on how to Beta Test:

1. Download the v1.0.7.16 BETA2: https://github.com/andryou/scriptsafe/archive/v1.0.7.16_beta2.zip
2. Extract the ZIP file to its own folder anywhere on your computer
3. Copy and paste chrome://extensions into your browser address bar and press Enter
4. Make sure you have disabled the Chrome Web Store version of ScriptSafe (ID: oiigbmnaadbkfbmpbfijlflahbdbdgdf)
   • Note: you may want to save a copy of your existing ScriptSafe settings at this point (see https://www.andryou.com/scriptsafe/frequently-asked-questions/#backup)
5. Enable “Developer Mode“
6. Click on Load unpacked extension, navigate to the folder you extracted ScriptSafe to in step Scriptsafe not Google friendly #2 and click on OK
7. Restore your existing ScriptSafe settings: https://www.andryou.com/scriptsafe/frequently-asked-questions/#restore

Some Test Sites:

• Timezone: http://www.w3schools.com/jsref/jsref_gettimezoneoffset.asp
• Google Analytics (UTM) Tracking Removal: http://blog.hubspot.com/9-reasons-you-cant-resist-list?utm_campaign=blogpost&utm_medium=social&utm_source=facebook&nonutmattribute=thisshouldnotberemoved
  • Note: non-UTM parameters in the URL should not be removed. In the above link I've included one.
• Possible Hash Tracking Example: https://www.google.com/#xtor=RSS-1
• User-Agent Spoofing even on whitelisted domains: http://www.whoishostingthis.com/tools/user-agent/

Any feedback/issues, please add it as a comment here or reply to my email I sent to all beta testers. If everything looks good, please let me know as well!

Thank you!

[andryou]

I'm aiming to officially release v1.0.7.16 tomorrow (the 30th), so please let me know sometime today if you find any issues! Thanks everyone :)

[gameb0y]

hi andryou,

User-Agent Spoofing not working :/

[andryou]

@gameb0y if you enable "Apply to whitelisted domains as well", it spoofs the user-agent on that page. If you don't allow JavaScript on that page, it's spoofed as well :)

[andryou]

v1.0.8.0 has been officially pushed out! I've decided to push the version to v1.0.8.0 from v1.0.7.16 Beta 2 due to the nature of the changes. Thanks everyone :)