CyberTech

Level 23
Verified
Trace blocks multiple tracking techniques in Firefox and Chrome

race is a privacy add-on for Mozilla Firefox and Google Chrome web browsers designed to block several tracking techniques used to track Internet user activity.

The extension is available for Chrome and Firefox officially but it may run on Chromium or Firefox based web browsers such as Vivaldi or Opera.

User tracking is a big privacy issue on today's Internet. Marketing companies, web publishers, software publishers, and advertising companies use numerous techniques to track users that go beyond dropping cookies on user systems.

Some techniques use, or abuse, new web technologies that browsers support while others track users using functionality that browsers supported for many years.

Trace

Trace is an anti-tracking extension for Firefox and Chrome that protects against the following tracking techniques:
  • Canvas Fingerprinting
  • Audio Fingerprinting
  • WebRTC Leaks
  • User-Agent Tracking
  • Browser plugin fingerprinting
  • Beacon Requests
  • Bad Top Level Domains
  • Hyperlink Auditing
  • HTTP Referrer Headers
  • Chrome Header Tracking
  • E-Tag Tracking
  • JavaScript Crypto Mining
  • URL Tracking Cleaner (experimental)
  • Trace Page (injects code into sites to disable certain functions)
A soon-to-be-released version will protect against specific tracking cookies and URL parameters on top of that.

Trace works right after installation. The browser extension adds an icon to the browser's main toolbar that you can click on to open the Settings or display statistics about the extension's blocking activity.

The Settings are divided into Trace Features, Advanced Features, Browser Settings, and Options. The first three list the available anti-tracking features and options to enable or disable each individually.

Some come with configuration options. If you click on WebRTC Protection for instance, you will notice that Trace blocks the leaking of the local IP address but does not disable RTCPeerConnection, RTCDataCahnel, and RTCRtpReceiver JavaScript objects by default. You can enable those but it may break sites and services that use WebRTC functionality.



A click on a protective feature displays a short summary of what it does; useful as you may not know right away what enabling Web Request Controller does

Many features that Trace supports, especially those listed under advanced, require that users know what disabling certain techniques has for consequences. While you could use trial and error to find out if enabling a feature breaks certain web functionality, you may prefer to know what disabling a feature does before you configure it.
The following options are provided for instance if you enable Audio Fingerprint Protection:
  • Disable Audio Channel Functions
  • Disable Audio Data Functions
  • Disable Offline AudioContext Object
  • Disable Main AudioContext Object
You can check the developer website for information on all supported protective features. The website links to several fingerprinting and privacy tests as well to test the browser with and without Trace enabled.

Trace comes with whitelisting functionality so that sites may use blocked functionality; you may want to whitelist a site if it is broken after installing Trace and if you need to access it.

Trace is provided as a free extension with a basic blocklist. You can support development by donating three British Pounds; this gives you a premium code that you may enter to gain access to the premium blocklist as well.

Closing Words
Trace is a powerful privacy enhancing browser extension for Chrome and Firefox. Its interface is big and bright, and that is probably something that some users don't like at all. It would be great if the developer could integrate a compact interface next to the default one.

The functionality that Trace provides is what counts, on the other hand. Trace offers numerous anti-tracking and fingerprinting features. The developer is very active and new features are added to the extension regularly.

Source: Trace blocks multiple tracking techniques in Firefox and Chrome - gHacks Tech News
 

HarborFront

Level 47
Verified
Content Creator
With FF Quantum it's working ok.

But not with Chrome browser especially with ScriptSafe due to redirection error. It's not working properly with CyDec Platform Anti-Fingerprinting too due to redirection error and CyDec also not working properly with ScriptSafe. Another issue is when sites using CAPTCHA it seems Trace and CyDec are causing no connection to CAPTCHA. Hotmail also not displaying/functioning properly if use Trace and CyDec

Finally, removed the latter two and use ScriptSafe

:unsure:
 
  • Like
Reactions: oldschool
3

37507

Some recent updates...

2.2.1 [2019-02-11]
Added new GPUs
Added new UAs
Fixed typo
Added warning for multiple whitelist entries for 1 domain
Fixed issue with whitelisted site not showing up in report page
Updated text
2.2 [2019-02-09]
You can now edit whitelist entries from the report page
Import/Export Whitelist entries
Improved Audio Fingerprinting protection
Initial version of WebGL Fingerprinting protection
Can see headers blocked in a tab from report page
New bad TLD
Made data consistent between frames for screen resolution protection
Almost finished with background fixes
Removed longclick library
Fix string readout of certain protections revealing Trace
Background fixes
Updated text
2.1.6 [2019-01-29]
Updated report page home design ready for 2.2
Updated background code ready for 2.2
Optimised certain functions
Report page now updates every second
2.1.5 [2019-01-24]
Updated CSS
New bad TLD
Code cleanup
2.1.4 [2019-01-19]
Fixed issue with the URL Tracking Cleaner on Firefox
2.1.3 [2019-01-19]
Fixed issue with the whitelist not showing in UI
Fixed issue with premium code logic
Updated preferences ready for v.2.2
2.1.2 [2019-01-15]
Restructured some code
2.1.1 [2019-01-15]
Updated Trace report window design
More background page fixes
Fixed report page bugs
Updated Chrome 72 fix to work on all future browsers
Code cleanup
2.1 [2019-01-01]
Whitelist is now sorted alphabetically in UI
Updated backup file specification
Report page updated to show stats current tab
Fixed UI scaling in Firefox
Trace version specified in Info section
Fixed a bug with Canvas Fingerprinting Protection
Fixed rare bug with premium in UI
Whitelisting can now affect all protections
New and improved blocked page design
New content script for when page loads
Can now remove ping attributes from <a> tags
Rel = noopener protection
Updated Text
Updated CSS
Updated User-Agents


 
3

37507

2.2.4 [2019-03-02]
Local blocklist can now be used
Updated local blocklist
Updated logic for blocklist downloading
Updated text
Added 3 new Bad TLDs
Added new UA
 

Windows_Security

Level 23
Verified
Trusted
Content Creator
Hi, was asked to give trace a spin. So installed it in Chromium-Edge to have a look at it. After having looked at the options I decided to create two profiles, a browsing profile and a booking profile.

Booking profile: installed Blank New Tab Page, Avast Online Security and Auto History Wipe. Avast set to block all by default except Analytics (because when you want to use a coupon which was send by email, you might need analytics and/or tag to get the discount).

Browsing profile: installed extensions Blank New Tab Page, Trace and Auto History Wipe and tightened the site permission by blocking: Camera, Microphone, Notifications, Flash, Unsandboxed Plugin Access, Handlers, MIDI Divices, USB Devices, Clipboard and Payment Handlers. Remained Javascript on Default, but added two block rules manually for Javascript (HTTP://* and FILE:///*).

Next had a look at Trace settings and decided to play with the settings (remember I have created "booking" compatibility oriented profile for online banking, shopping, skype and egovernment stuff etcetera so I don't risk messing up with webbased transactions).

Settings
  1. When Protection Runs
    All enabled on all pages
  2. Trace Settings
    Enabled everything but kept on default: everything except
    - Screen resolution protection (added 'Common Resolutions' which are rotated
    - Network information Spoof (websites sometimes use this for videos)
  3. Advanced Features
    Enabled everything but kept them on default, except
    - Cookie eater: Set Cookie Header (second option): randomise values of only cookies in list
    - JS Plugin Hide: kept on default = DISABLE
    - Proxy IP Spoofer
  4. Browser Settings
    Enabled all on default
Requests
  1. WebRequest Controller
    Only enabled the Default Trace Blocklist
  2. Local Blocklist (enabled = default)
  3. Bad TLD Protection (enabled = default)
  4. URL tracking Cleaner
    Enabled set to 'Randomize Selected Parameters', choose the 'Regular' parametes
 
Last edited:

Windows_Security

Level 23
Verified
Trusted
Content Creator
After running some time on Chrome without problems, I decided to opt for two user Profiles. NORMAL user profile with extensions Ghostery and Auto History wipe and PRIVATE user profile with Trace and Auto History Wipe. I tweaked the PRIVATE profile a little (e.g. did not install Dutch as language, added startpage as default search engine and did not opt to save passwords).

Running Ghostery without Enhanced Blocking (to prevent running into Adblock warnings/walls of websites). Running Trace maxed out except when there is a explicit warning a specific option breaks website functionality and disabled User Agent Randomizer (I want to hide in the herd of Windows 10 plus Chrome latest). The help section of Trace explains how to add your own rules. They are easier to write than AdBlock rules. Simply select add rule and select the "Block access to this site" and untick "Allow this site to make requests to blocked websites" options and your done.

I choose the same colour for User Profile (blue for normal, red for private) as the color code extension icon. These two profiles hopefully ends my search for balancing useability and blocking (with two different profiles I don't have to balance anymore, why did I not think of that earlier). :emoji_expressionless:

Using Chrome's developer tools (Network tab, select JavaScript) I checked what scripts were not blocked by Trace default filter and added them to my whitelist-blocklist, so these websites behaved nicely when visiting them with PRIVATE profile.

1555501070061.png


I noticed that Trace did not block one of the leading ad networks, so I sent the author a message and added top 25 ad&tracking networks in the world out of lazyness (I noticed afterwards that Trace default list blocks most of them). I aso used the 'whitelist' option to block the advertisements of Startpage search engine (DuckDuckGo has an option to disable advertisements, but I like Startpage more).
 
Last edited: