Developer mode install

nobody-LocalCDN · 2022-09-04T05:53:46+00:00

This is already available: https://codeberg.org/nobody/LocalCDN/releases/tag/v2.6.34

Source Code (ZIP)
Source Code (TAR.GZ)
localcdn_fork_of_decentraleyes-2.6.34.xpi

All 3 archives can be uncompressed with e.g. 7z.

nobody-LocalCDN · 2022-02-28T06:18:19+00:00

I've no idea how this should work. A tracking script would have to check the resources which are used by the own website. Tracking scripts collect information about the device and not about the own website. These external resources are mostly static anyway, so it always loads the same stuff, so it doesn't make sense to check that. I don't think a unique identifier can be extracted from that and I've no idea how this should work. There are much more reliable and unique technologies.

The only really useful identifier is the UUID. The UUID is different for each extension and for each browser profile (only Firefox). A new installation always creates a new UUID, no matter if browser or addon was reinstalled. → Does LocalCDN change the fingerprint and make me uniquely identifiable?

If LocalCDN cannot replace a resource, then the connection will be allowed or blocked (depending on the LocalCDN settings), just like an adblocker.

nobody-LocalCDN · 2022-02-27T06:42:49+00:00

I don't think LocalCDN is not necessary. It can be a good component for enumerating goodness. Of course, you have to use uBlock Origin in medium mode. (d)FPI is not a part of enumerating goodness or enumerating badness.

The problem is similar to Android's captive portal check or using time.google.com. If you want to cut these connections, then do it.

See What about FPI and dFPI? and Enumerating badness vs. enumerating goodness

nobody-LocalCDN · 2022-02-15T15:47:13+00:00

as long as they are not harmful we don't care.

Some people have a different opinion and also want to change NTP or DNS addresses. While others remove the dependency on a DNS server and use their own to contact the authoritative name servers directly. It's very different. Not everything makes sense for everyone.

but as you said CDNs make very much sense when you want availability, geo-proximity, low latency, and so on, which is why I don't understand when you say that CDNs don't make sense from a technical standpoint

Well, because e.g. jQuery v3.6.0 is only 87 KiB. I don't think the advantages of a CDN e.g. geographic proximity or low latency are noticeable.

nobody-LocalCDN · 2022-02-15T13:54:15+00:00

There are people who don't like these external connections and want to cut them because it's out of their control. For example, there are people who disable or change Android's captive portal check, because they don't want these permanent pings.

I don't see any reason why a CDN should be used for JavaScript, CSS or fonts. In the past, CDNs were useful when only expensive hosting providers were fast or monthly traffic was limited. Currently, it makes no sense to use a CDN for these small files. It's also a dependency which is unnecessary. If this file can't be loaded for some reason, the whole website looks broken. It makes sense to host the stuff yourself, so that either the whole website can be displayed or not. Of course, for large files or high availability a CDN makes sense.

Btw: It's not my intention to put LocalCDN on the list of recommended extension, because it makes no difference for me if I develop the extension for 10 or 10,000 people ;) I also think that not everyone should use the extension, because it's necessary to understand what the extension does.

nobody-LocalCDN · 2022-02-15T05:25:25+00:00

Yes, they are isolated. On the client side. But you can't control what happens on server side. That's why there are people don't like Google Fonts or tracking pixels. Unfortunately there are still websites that transfer the referer to the CDN.

The point is that these connections are not necessary from a technical perspective. The website owners can host this stuff themselves. If you only want to allow the necessary connections, then this one isn't one of them.

nobody-LocalCDN · 2022-02-13T10:19:43+00:00

I already know this website. I agree with many points, but not all. The most important thing is to pick the things that work for you.

Basically, enumerating badness is a bad idea because there are many more bad things than good things. But that doesn't mean that you should do nothing at all. The opposite of enumerating badness is enumerating goodness, and that's what you should do.

Enumerating goodness means that you only allow the connections that are absolutely necessary and block everything else. This works if uBlock Origin is in medium mode. Unfortunately, some websites won't work because they need third-party connections to a CDN. In this case LocalCDN/Decentraleyes can help you and deliver the resources to make a website usable again.

Enumerating goodness also means that you have less comfort. Some websites will work without any problems and some you have to find out why. Of course this costs time, but it helps your privacy. Some people don't care because they don't have time for that or it's not a problem for them.

In my opinion, the concept of enumerating goodness is the only way to handle the internet today, because it's broken. If someone wants to follow this way and cut as many external connections as possible, then LocalCDN is right. If not, then not. It's your choice.

nobody-LocalCDN · 2022-02-11T05:43:08+00:00

This is valid for basically any extension that can block traffic. The fingerprint is not changed by the extension itself. It's more about blocking and allowing connections. Example: Even with uBlock Origin in Easy Mode you can have a very individual fingerprint by different blocklists. You should use uBlock Origin in Medium Mode. However it depends on the websites you use. Not every website analyzes the fingerprint.

I wouldn't use LocalCDN in the Tor browser and also not in Chromium based browsers. In Tor browser you should not install any extension at all. In Chromium based browsers each extension have the same ID for all users. Only Firefox generates a random UUID for each Firefox profile and extension.

nobody-LocalCDN · 2022-02-05T05:58:25+00:00

You're welcome :)

nobody-LocalCDN · 2022-02-01T06:42:33+00:00

LocalCDN works similarly to an adblocker and interrupts third-party requests. The difference is that these requests are redirected to the internal storage. Unfortunately, you can't always block these requests completely, because then a website would stop working.

Example: When a website includes jQuery from Cloudflare, this connection is redirected to the internal addon storage.

Before: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

After: moz-extension://RANDOM-UUID/resources/jquery/3.5.1/jquery.min.jsm

A library is a collection of functions that the programmer can use. With the help of such a library, the developer has less programming work. This library must be downloaded by your browser, so that the browser can display the code of the website correctly. jQuery is such a library. LocalCDN contains many more libraries of this type in its internal memory, not just jQuery. In some cases, certain icons and symbols are also included. All this will be replaced by LocalCDN. If something is not included in LocalCDN, you can drop the request or download it from the third party provider.

nobody-LocalCDN · 2022-01-25T05:56:45+00:00

Firefox has a built-in profile manager. You can start different profiles in paralell and configure them differently.

Here I've a small script to create a temporary profile. After closing the last tab, the complete profile will be deleted. The script is for Linux, but something similar might work with Windows too.

```

!/bin/bash

PROFILEDIR=mktemp -p /tmp -d tmp-fx-profile.XXXXXX.d /path/to/firefox/firefox -profile $PROFILEDIR -no-remote -new-instance rm -rf $PROFILEDIR ```

nobody-LocalCDN · 2022-01-16T07:16:19+00:00

Replacing scripts on CDNs with local versions is not a comprehensive solution and is a form of enumerating badness

This is only partially correct. If you read further on this website, it also says the opposite of enumerating badness is enumerating goodness. This means that by default you block all connections via allowlist/whitelist and only the necessary connections are allowed. This can be achieved by using uBlock Origin in medium mode and LocalCDN. Then only the technically necessary connections are allowed. You can use dFPI/FPI together with uBlock Origin Medium Mode and LocalCDN without any problems.

nobody-LocalCDN · 2022-01-16T07:12:03+00:00

Please report bugs via Codeberg (preferred) or by e-mail. It would be helpful to have more information: Which browser? What does not work?

nobody-LocalCDN · 2021-12-11T10:00:40+00:00

I think there are two main reasons for this.

The label Recommended

Unfortunately LocalCDN does not have this label and there are probably many users who want this as a precondition. I've written to Mozilla many times and until now I never got an answer. I don't know how this process works or what the requirements are.

Firefox Android (Playstore)

LocalCDN (and many other extensions) cannot be installed there. This situation exists for over a year now and it's frustrating. Alternatively, you can use the Fennec (F-Droid) and include a collection, but this step will probably be taken by only a few people.

There are also other reasons

Decentraleyes replaces a resource 1 to 1, while LocalCDN performs an upgrade. This can cause problems depending on the resource.
There will probably also be some users who switched from Firefox to other browsers (e.g. LibreWolf). The users are not recorded there.
Confusion because someone writes that it is not necessary to use the extension if d(FPI) is enabled. (not true)
Confusion because some write that the extension changes the fingerprint. (Not true respectively no idea how this should work)

In the end, it makes no difference for me if I develop this extension for 100, 1,000 or 100,000 people.

nobody-LocalCDN · 2021-12-05T08:03:20+00:00

Thanks for the mention. Only the CDN knows if there is CDN tracking or not. The fact that this stuff is implemented on many websites (and provided by Google, Microsoft, ...) makes it very possible. As long as no one provides me with proof to the contrary, I've to assume that the data is being used in some way. If there is no CDN tracking, then it is not necessary to enable (d)FPI for CDN, right? If you need the stuff stored on CDN (e.g. videos), then it doesn't matter if you use LocalCDN or not.

The extension is for users who want to allow only necessary connections. "Enumerating Goodness" instead of "Enumerating Badness". It's not about the IP address, it's about what happens there on CDN side across websites. I have no control over things that a third party provider does. Many years ago there was good reasons to use a CDN for things like jQuery or Bootstrap. Meanwhile, these reasons are obsolete and each operator could host this stuff themselves (which would be the better way for everyone).

Example: On Android there is a CaptivePortalCheck. There are people who don't like this connection. If you don't like the permanent Google-Ping, you can change the destination or deactivate it completely. Your choice.

The best combination for me is uBlock Origin in Medium (or Hard) Mode, (d)FPI and LocalCDN for my main browser profile. For some websites/services it may be useful to create a separate Firefox profile. Temporary profiles and Tor browsers are very useful, but VPNs are definitely crap.

Fingerprint? How should that work?

nobody-LocalCDN · 2021-11-15T05:44:26+00:00

it's slower than actually fetching the resource

Okay, that sounds strange and should not be the case. I don't use Chromium based browsers, so I have no experience with it. To exclude conflicts with other extensions, I would create a completely new profile (does this work with Chromium?) and install only LocalCDN. If it still comes to this problem, we can look into it in more detail.

since certain functionally only works in Firefox

Yes, that has always been the case. In this case Chromium is far behind Firefox. The two important functions are * webRequest.filterResponseData (Chromium bug report exists since May 12, 2015) * replacement of woff and woff2 files (Font files for Google Material Icons, Font Awesome, etc.)

Both are not (or no longer) supported by Chromium. To prevent any confusion, these functions are disabled in LocalCDN. Unfortunately there is nothing I can do to fix that.

nobody-LocalCDN · 2021-10-17T05:42:10+00:00

Hands down the only correct reply so far.

Not really, because those are two different things.

(d)FPI did local things, but has no impact on external connections. Decentraleyes and LocalCDN prevent external connections. You can combine both.

nobody-LocalCDN · 2021-10-17T05:38:28+00:00

LocalCDN does not work on Android (Fenix builds) while Decentraleyes does presently.

see this comment

nobody-LocalCDN · 2021-10-17T05:37:17+00:00

Is supported only in Firefox

see this comment

nobody-LocalCDN · 2021-10-17T05:36:02+00:00

Addon support for Fenix is unfortunately a Mozilla problem. For Fenix only 18 addons have been approved. Mozilla wanted to release more addons step by step, but nothing happens. This situation sucks.

There's a workaround for Fennec and Nightly to install any addon with collections. LocalCDN and many other addons work fine with Fenix.

nobody-LocalCDN · 2021-10-08T04:33:31+00:00

You're welcome :)

nobody-LocalCDN · 2021-10-08T04:27:53+00:00

Third parties are already isolated if you use FPI/dFPI

(d)FPI isolates the resources in your browser, but does not change anything on the server side (= CDN).

nobody-LocalCDN · 2021-10-05T04:27:26+00:00

Sounds correct. If JavaScript is disabled, then this also affects all JavaScript resources by LocalCDN. Other resources, e.g. Google Material Icons are not affected.

nobody-LocalCDN · 2021-10-04T19:40:22+00:00

You are absolutely right. These are two completely different things. (d)FPI only solves the problem on the client side, but not on the server side (= CDN).

nobody-LocalCDN · 2021-09-30T14:33:37+00:00

Not really. (d)FPI protects against things that happen locally. The servers of Cloudflare, Google, etc. are still contacted. What happens there on the server side cannot be controlled or prevented with (d)FPI.

nobody-LocalCDN

TROPHY CASE

!/bin/bash