EFForg/cover-your-tracks EFForg/cover-your-tracks

  • Stars
    star
    175
  • Rank 210,200 (Top 5 %)
  • Language
    JavaScript
  • License
    GNU Affero Genera...
  • Created over 8 years ago
  • Updated 21 days ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
EFForg/cover-your-tracks
github

EFForg

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Is your browser safe against tracking?

Cover Your Tracks (formerly Panopticlick)

How Unique - and Trackable - Is Your Browser?

Installation

The easiest way to set up an instance of Cover Your Tracks is with docker and docker-compose, but it can be installed on a host machine if desired.

Partial Installation on Host

You may need to install libmysqlclient-dev and python3.9-dev for Debian-based systems.

pip install pipenv
pipenv --python 3.9
pipenv install
cp config_example.py config.py

Then modify the relevant variables in config.py

Now, you can run

pipenv run python main.py

Full Docker Installation

To generate self-signed certificates for the Cover Your Tracks hosts, cd into examples/nginx and run

./generate_self_signed_certs.sh

Change each of the secrets in docker/secrets/ to a random value.

Then, from the git root, run

docker-compose up

Admin Routes

The following routes allow you to perform administrative tasks on the application. For each of the following curl commands, be sure to change the password to what you've set as the admin password in your config.py or docker-compose.yml file. Remove the --insecure flag in production.

POST /refresh-key

To have the application re-read the keyfile, which contains the key to the HMAC function for storing IP addresses, issue the following command:

curl -X POST -H 'Content-Type: application/json' -d '{"password": "changeme"}' --insecure https://coveryourtracks.eff.org/refresh-key

POST /migrate-db

To migrate the database to the latest version of the application, issue the following command:

curl -X POST -H 'Content-Type: application/json' -d '{"password": "changeme"}' --insecure https://coveryourtracks.eff.org/migrate-db

POST /epoch-update-totals

To update the totals table to reflect the number of times we've seen each fingerprinting characteristic in the last epoch (45 days), issue the following command:

curl -X POST -H 'Content-Type: application/json' -d '{"password": "changeme"}' --insecure https://coveryourtracks.eff.org/epoch-update-totals

Viewing Locally

Unless you've changed the server names specified in config.py, you'll have to add the following line to your /etc/hosts file:

127.0.0.1 coveryourtracks.eff.org trackersimulator.org firstpartysimulator.org firstpartysimulator.net eviltracker.net do-not-tracker.org

If you generated the certs yourself, in Firefox you'll have to go into private browsing mode to see the "I Understand the Risks" dialogue. You may also have to manually go to each of the above domains and go through the certificate exception process for each one in order for the application to be fully functional. Or with chrome, you can start chrome with the --ignore-certificate-errors flag, but beware this will ignore all certificate errors.

License

This project is licensed under the Affero General Public License, version 3. See the LICENSE file for details.

Credits

This is a rewrite of the original Cover Your Tracks codebase, developed by Peter Eckersley at the Electronic Frontier Foundation. Currently maintained by William Budington.

More Repositories

1

https-everywhere

A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections.
JavaScript
3,375
star
2

privacybadger

Privacy Badger is a browser extension that automatically learns to block invisible trackers.
JavaScript
2,996
star
3

crocodilehunter

Taking one back for Steve Irwin γ€€ γ€€ (๑‒̀ㅂ‒́)و
Python
926
star
4

OpenWireless

The official home of the EFF OpenWireless Project
JavaScript
731
star
5

apkeep

Rust
684
star
6

action-center-platform

The EFF Action Center Platform
Ruby
428
star
7

privacybadgerfirefox-legacy

LEGACY Privacy Badger for Firefox SEE README
JavaScript
411
star
8

starttls-everywhere

A system for ensuring & authenticating STARTTLS encryption between mail servers
Python
370
star
9

yaya

Yet Another Yara Automaton - Automatically curate open source yara rules and run scans
Go
251
star
10

phantom-of-the-capitol

178
star
11

dnt-guide

How to Implement DNT
128
star
12

badger-sett

Browser automation for Privacy Badger. Used to pre-train new Badgers before every release.
Python
102
star
13

cryptolog

Cryptolog is a tool for anonymizing webserver logs.
Python
68
star
14

cryptobot-email

Python
61
star
15

actioncenter-mobile

2.0
JavaScript
60
star
16

dnt-policy

dnt-policy
43
star
17

sec

Security Education Companion
JavaScript
39
star
18

spot_the_surveillance

Spot the Surveillance is an open-source educational VR tool to help people identify street-level surveillance in their community. As each surveillance device is identified, the user is informed on how the device is used via text and narration. The experience is created with accessibility in mind, so is entirely gaze-based for people with mobility challenges. Audio is also used to assist low-vision users.
JavaScript
34
star
19

www-l10n

31
star
20

pushserver

A server for sending push notifications to mobile apps
JavaScript
30
star
21

badger-swarm

Runs distributed Badger Sett scans on Digital Ocean.
Shell
21
star
22

design

Open Source product design resources
21
star
23

privacybadger-website

Code and content of https://privacybadger.org
SCSS
20
star
24

starttls-backend

STARTTLS Everywhere web backend and checker
Go
16
star
25

https-everywhere-lib-wasm

A library for HTTPS Everywhere which compiles to WASM
Rust
16
star
26

webrequest-tlsinfo-api

A proposed addition to the Web Extensions API for providing TLS and X.509 information to addons
15
star
27

smtp-tls-history

Produce graphs of the historical (in)security of SMTP transmissions by parsing mailboxes
Python
13
star
28

https-everywhere-lib-core

Core Rust library for HTTPS Everywhere
Rust
12
star
29

onlinecensorship

Ruby
12
star
30

trackerlab

EFF's Tracker Blocking Laboratory is an experimental project to test heuristic blocking of non-consensual online tracking. It's based on AdBlock Plus.
D
11
star
31

https-everywhere-docker-base

The Dockerfile for installing all the system-level requirements for HTTPS Everywhere
Dockerfile
11
star
32

cyberspying

cyberspying.eff.org twitter tool
JavaScript
10
star
33

https-everywhere-atlas

Static site generator for the HTTPS-Everywhere atlas.
CSS
10
star
34

ssd-l10n

ssd-l10n
10
star
35

eff_diceware

A ruby gem for creating secure passphrases using EFF's long wordlist.
Ruby
9
star
36

stopwatchingus

StopWatching.us Site
HTML
9
star
37

sas

Stand Against Spying
HTML
9
star
38

starttls-policy-cli

Python
9
star
39

https-everywhere-standalone

Transparently redirect insecure HTTP to secure HTTPS using HTTPS Everywhere and `mitmproxy`
Python
9
star
40

congress-forms-test

Way for volunteers to test EFF's congress-forms repo
JavaScript
8
star
41

generate-smarter-encryption-bloom-filter

Generates the bloom file needed for HTTPS Everywhere's DuckDuckGo Smarter Encryption update channel.
Rust
7
star
42

dayofaction-banner

User-installable banner for activism campaigns
CSS
7
star
43

observatory

Python
6
star
44

OpenWireless-WebUI

Open Wireless Web UI
6
star
45

tokio-dl-stream-to-disk

A micro-library for downloading from a URL and streaming it directly to the disk
Rust
6
star
46

congress_forms

Ruby
5
star
47

starttls-frontend

Static front end for the STARTTLS scanner
CSS
5
star
48

congress-forms.js

A javascript widget which can construct plain forms that submit to a contact-congress server.
JavaScript
5
star
49

aws_one_click_staging

Ruby
4
star
50

psi-tumblr-crawler

JavaScript
4
star
51

https-everywhere-full-fetch-test

A docker wrapper to generate a patch after a full fetch test
Dockerfile
4
star
52

ow-python

stripped down implementation of python for openwireless
4
star
53

projectsecretidentity

CSS
4
star
54

org.eff.optimizedautocomplete

CiviCRM extension: Optimize the autocomplete search box mysql queries so they're more efficient on large databases
PHP
4
star
55

congress-pics

Generate dynamic images for members of congress
4
star
56

fight215

JavaScript
3
star
57

ngw-website

JavaScript
3
star
58

httpse-ruleset-tests

JavaScript
3
star
59

congress_forms_api

Ruby
3
star
60

lemonhrm

Fork of orangehrm open source hr management tool. Adds e-mail notifications and additional fields to the recruitment module.
PHP
3
star
61

psi-tumblr-uploader

2
star
62

digitalcitizen

2
star
63

roaming-android-mitm

Shell
2
star
64

find-aa-domains

Create a script to find domains in the PB pre-block list which are mentioned in the Acceptable Ads list as well
JavaScript
2
star
65

active_preview

Rails plugin to make previews of active record objects
Ruby
2
star
66

rails_response_headers

Configure ActionController response headers with YAML.
Ruby
2
star
67

actioncenter-feedback

Repo for getting feedback on the new actioncenter
2
star
68

eff_fab

Ruby
2
star
69

stop-sesta

CSS
2
star
70

tosback2

HTML
2
star
71

eff_matomo

Matomo API in Ruby
Ruby
1
star
72

sovereign-keys

C++
1
star
73

privacybadger-test-fixtures

Test fixtures for Privacy Badger
HTML
1
star
74

SEC-LevelUp

This repository is for the Level Up community to report issues with the Security Educatoin Companion, which is currently maintained by EFF. EFF is not actively developing this site and is not accepting feature requests..
1
star
75

dear_fcc

Dear FCC
Ruby
1
star
76

https-everywhere-labeller

Alexa Labeller for HTTPS Everywhere Repo
JavaScript
1
star
77

fingerprinting-list

1
star
78

ruby-civicrm

Ruby client for CiviCRM REST interface
Ruby
1
star
79

https-docs

1
star
80

petition-widget

Boilerplate code for embedding petitions
CSS
1
star
81

apkeep-files

1
star