• Stars
    star
    193
  • Rank 201,081 (Top 4 %)
  • Language
    JavaScript
  • License
    GNU Affero Genera...
  • Created about 9 years ago
  • Updated 6 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Is your browser safe against tracking?

Cover Your Tracks (formerly Panopticlick)

How Unique - and Trackable - Is Your Browser?

Installation

The easiest way to set up an instance of Cover Your Tracks is with docker and docker-compose, but it can be installed on a host machine if desired.

Partial Installation on Host

You may need to install libmysqlclient-dev and python3.9-dev for Debian-based systems.

pip install pipenv
pipenv --python 3.9
pipenv install
cp config_example.py config.py

Then modify the relevant variables in config.py

Now, you can run

pipenv run python main.py

Full Docker Installation

To generate self-signed certificates for the Cover Your Tracks hosts, cd into examples/nginx and run

./generate_self_signed_certs.sh

Change each of the secrets in docker/secrets/ to a random value.

Then, from the git root, run

docker-compose up

Admin Routes

The following routes allow you to perform administrative tasks on the application. For each of the following curl commands, be sure to change the password to what you've set as the admin password in your config.py or docker-compose.yml file. Remove the --insecure flag in production.

POST /refresh-key

To have the application re-read the keyfile, which contains the key to the HMAC function for storing IP addresses, issue the following command:

curl -X POST -H 'Content-Type: application/json' -d '{"password": "changeme"}' --insecure https://coveryourtracks.eff.org/refresh-key

POST /migrate-db

To migrate the database to the latest version of the application, issue the following command:

curl -X POST -H 'Content-Type: application/json' -d '{"password": "changeme"}' --insecure https://coveryourtracks.eff.org/migrate-db

POST /epoch-update-totals

To update the totals table to reflect the number of times we've seen each fingerprinting characteristic in the last epoch (45 days), issue the following command:

curl -X POST -H 'Content-Type: application/json' -d '{"password": "changeme"}' --insecure https://coveryourtracks.eff.org/epoch-update-totals

Viewing Locally

Unless you've changed the server names specified in config.py, you'll have to add the following line to your /etc/hosts file:

127.0.0.1 coveryourtracks.eff.org trackersimulator.org firstpartysimulator.org firstpartysimulator.net eviltracker.net do-not-tracker.org

If you generated the certs yourself, in Firefox you'll have to go into private browsing mode to see the "I Understand the Risks" dialogue. You may also have to manually go to each of the above domains and go through the certificate exception process for each one in order for the application to be fully functional. Or with chrome, you can start chrome with the --ignore-certificate-errors flag, but beware this will ignore all certificate errors.

License

This project is licensed under the Affero General Public License, version 3. See the LICENSE file for details.

Credits

This is a rewrite of the original Cover Your Tracks codebase, developed by Peter Eckersley at the Electronic Frontier Foundation. Currently maintained by William Budington.

More Repositories

1

https-everywhere

A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections.
JavaScript
3,364
star
2

privacybadger

Privacy Badger is a browser extension that automatically learns to block invisible trackers.
JavaScript
3,172
star
3

crocodilehunter

Taking one back for Steve Irwin     (๑•̀ㅂ•́)و
Python
968
star
4

apkeep

Rust
827
star
5

OpenWireless

The official home of the EFF OpenWireless Project
JavaScript
731
star
6

action-center-platform

The EFF Action Center Platform
Ruby
453
star
7

privacybadgerfirefox-legacy

LEGACY Privacy Badger for Firefox SEE README
JavaScript
408
star
8

starttls-everywhere

A system for ensuring & authenticating STARTTLS encryption between mail servers
Python
371
star
9

yaya

Yet Another Yara Automaton - Automatically curate open source yara rules and run scans
Go
264
star
10

phantom-of-the-capitol

181
star
11

dnt-guide

How to Implement DNT
132
star
12

badger-sett

Automated training for Privacy Badger. Badger Sett automates browsers to visit websites to produce fresh Privacy Badger tracker data.
Python
119
star
13

cryptolog

Cryptolog is a tool for anonymizing webserver logs.
Python
68
star
14

cryptobot-email

Python
61
star
15

actioncenter-mobile

2.0
JavaScript
60
star
16

dnt-policy

dnt-policy
44
star
17

sec

Security Education Companion
JavaScript
38
star
18

spot_the_surveillance

Spot the Surveillance is an open-source educational VR tool to help people identify street-level surveillance in their community. As each surveillance device is identified, the user is informed on how the device is used via text and narration. The experience is created with accessibility in mind, so is entirely gaze-based for people with mobility challenges. Audio is also used to assist low-vision users.
JavaScript
34
star
19

www-l10n

31
star
20

rayhunter

Rust tool to detect cell site simulators on an orbic mobile hotspot
Rust
31
star
21

pushserver

A server for sending push notifications to mobile apps
JavaScript
30
star
22

privacybadger-website

Code and content of https://privacybadger.org
SCSS
25
star
23

badger-swarm

Runs distributed Badger Sett scans on Digital Ocean.
Shell
24
star
24

design

Open Source product design resources
22
star
25

starttls-backend

STARTTLS Everywhere web backend and checker
Go
18
star
26

https-everywhere-lib-wasm

A library for HTTPS Everywhere which compiles to WASM
Rust
16
star
27

webrequest-tlsinfo-api

A proposed addition to the Web Extensions API for providing TLS and X.509 information to addons
15
star
28

smtp-tls-history

Produce graphs of the historical (in)security of SMTP transmissions by parsing mailboxes
Python
13
star
29

https-everywhere-lib-core

Core Rust library for HTTPS Everywhere
Rust
12
star
30

trackerlab

EFF's Tracker Blocking Laboratory is an experimental project to test heuristic blocking of non-consensual online tracking. It's based on AdBlock Plus.
D
11
star
31

https-everywhere-docker-base

The Dockerfile for installing all the system-level requirements for HTTPS Everywhere
Dockerfile
11
star
32

onlinecensorship

Ruby
11
star
33

eff_diceware

A ruby gem for creating secure passphrases using EFF's long wordlist.
Ruby
10
star
34

cyberspying

cyberspying.eff.org twitter tool
JavaScript
10
star
35

ssd-l10n

ssd-l10n
10
star
36

https-everywhere-atlas

Static site generator for the HTTPS-Everywhere atlas.
CSS
10
star
37

starttls-policy-cli

Python
9
star
38

stopwatchingus

StopWatching.us Site
HTML
9
star
39

sas

Stand Against Spying
HTML
9
star
40

https-everywhere-standalone

Transparently redirect insecure HTTP to secure HTTPS using HTTPS Everywhere and `mitmproxy`
Python
9
star
41

congress-forms-test

Way for volunteers to test EFF's congress-forms repo
JavaScript
8
star
42

observatory

Python
7
star
43

dayofaction-banner

User-installable banner for activism campaigns
CSS
7
star
44

generate-smarter-encryption-bloom-filter

Generates the bloom file needed for HTTPS Everywhere's DuckDuckGo Smarter Encryption update channel.
Rust
6
star
45

starttls-frontend

Static front end for the STARTTLS scanner
CSS
6
star
46

OpenWireless-WebUI

Open Wireless Web UI
6
star
47

tokio-dl-stream-to-disk

A micro-library for downloading from a URL and streaming it directly to the disk
Rust
6
star
48

congress_forms

Ruby
5
star
49

congress-forms.js

A javascript widget which can construct plain forms that submit to a contact-congress server.
JavaScript
5
star
50

aws_one_click_staging

Ruby
4
star
51

psi-tumblr-crawler

JavaScript
4
star
52

https-everywhere-full-fetch-test

A docker wrapper to generate a patch after a full fetch test
Dockerfile
4
star
53

projectsecretidentity

CSS
4
star
54

ow-python

stripped down implementation of python for openwireless
4
star
55

org.eff.optimizedautocomplete

CiviCRM extension: Optimize the autocomplete search box mysql queries so they're more efficient on large databases
PHP
4
star
56

congress-pics

Generate dynamic images for members of congress
4
star
57

congress_forms_api

Ruby
4
star
58

fight215

JavaScript
3
star
59

roaming-android-mitm

Shell
3
star
60

ngw-website

JavaScript
3
star
61

httpse-ruleset-tests

JavaScript
3
star
62

lemonhrm

Fork of orangehrm open source hr management tool. Adds e-mail notifications and additional fields to the recruitment module.
PHP
3
star
63

psi-tumblr-uploader

2
star
64

eff_fab

Ruby
2
star
65

digitalcitizen

2
star
66

SEC-LevelUp

This repository is for the Level Up community to report issues with the Security Educatoin Companion, which is currently maintained by EFF. EFF is not actively developing this site and is not accepting feature requests..
2
star
67

active_preview

Rails plugin to make previews of active record objects
Ruby
2
star
68

rails_response_headers

Configure ActionController response headers with YAML.
Ruby
2
star
69

actioncenter-feedback

Repo for getting feedback on the new actioncenter
2
star
70

tosback2

HTML
2
star
71

stop-sesta

CSS
2
star
72

find-aa-domains

Create a script to find domains in the PB pre-block list which are mentioned in the Acceptable Ads list as well
JavaScript
2
star
73

privacybadger-test-fixtures-subdomain

Test fixtures for Privacy Badger
HTML
1
star
74

https-everywhere-labeller

Alexa Labeller for HTTPS Everywhere Repo
JavaScript
1
star
75

eff_matomo

Matomo API in Ruby
Ruby
1
star
76

sovereign-keys

C++
1
star
77

privacybadger-test-fixtures

Test fixtures for Privacy Badger
HTML
1
star
78

dear_fcc

Dear FCC
Ruby
1
star
79

fingerprinting-list

1
star
80

https-docs

1
star
81

petition-widget

Boilerplate code for embedding petitions
CSS
1
star
82

apkeep-files

1
star
83

ruby-civicrm

Ruby client for CiviCRM REST interface
Ruby
1
star