being able to track my browsing history?

General discussion about the NoScript extension for Firefox
Post Reply
Posts: 1
Joined: Wed Nov 22, 2017 4:54 pm being able to track my browsing history?

Post by salim-b » Wed Nov 22, 2017 5:15 pm

Hi there,

I'd like to know what the CSP reports to are all about in the new WebExtension version of NoScript. I've noticed that they fire on every page that isn't whitelisted in NoScript (first party). Please have a look at this uBO bug report on GitHub. As gorhill (main developer of uBlock Origin) warns, those CSP reports have the potential to leak my detailed browsing history to!
Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

Senior Member
Posts: 9144
Joined: Sat Aug 03, 2013 5:45 pm

Re: being able to track my browsing history?

Post by barbaz » Wed Nov 22, 2017 9:49 pm wrote:"", as the name implies, is a domain which does not resolve to anything, and since is under my control I can make sure nobody makes it real domain. It's used as the report URI for the script-blocking CSP, in order to catch LOCALLY whatever has been blocked by NoScript and show it in the UI. As soon as the request is initiated, is processed LOCALLY by NoScript and blocked, so the information never leaves the browser. If, by accident (e.g. because you disable NoScript while a page with the CSP loaded is still active) the CSP report is fired and not caught, as I said the domain doesn't resolve and the request just times out.
*Always* check the changelogs BEFORE updating that important software!

Post Reply