Awesome Privacy

Recent Commits

• github-actions[bot] (26 Apr 24)

  Release 2024.4.26 [ci release] (#2516) Co-authored-by: sammacbeth <[email protected]>

• Dave Vandyke (26 Apr 24)

  Wait for user allowlisting to apply before reloading the website (#2515) The popup UI (e.g. privacy dashboard) lets users disable protections for a website. When the user clicks the toggle button, the website is allowlisted and reloaded. With MV3, this requires a declarativeNetRequest rule update which doesn't happen instantly. We need to take care for that rule update to finish before reloading the page, because otherwise some requests might still be blocked after the reload.

• github-actions[bot] (25 Apr 24)

  Release 2024.4.25 [ci release] (#2514) Co-authored-by: sammacbeth <[email protected]>

• Dave Vandyke (24 Apr 24)

  Ensure onFirstSearchPostExtensionInstallCalls is called correctly (#2513) When fixing the onboarding flow for the Chrome MV3 build[1], I made a mistake. For MV3 builds, the page's onFirstSearchPostExtensionInstall function was being called like: onFirstSearchPostExtensionInstall({ isAddressBarQuery: false, showCounterMessaging: true, showWelcomeBanner: true }, { hadFocusOnStart: true }) Instead of like: onFirstSearchPostExtensionInstall({ hadFocusOnStart: true, isAddressBarQuery: false, showCounterMessaging: true, showWelcomeBanner: true }) (I had missed a subtle Object.assign call.) Let's fix that here, and also add test coverage for that call to catch similar mistakes in the future. 1 - https://github.com/duckduckgo/duckduckgo-privacy-extension/commit/2e4441d633715b455e24fa9311af19b2aeb05230

• Dave Vandyke (23 Apr 24)

  Avoid including old smarter_encryption.txt file in builds silently (#2512) In the past, we wrote shared/data/smarter_encryption.txt when building the extension and added it to the .gitignore to ensure it wasn't accidentally included in the repository. Unfortunately however, this means that if the file exists, it will be somewhat hidden yet be included in builds. This is a problem given the file's >5MB size. Let's remove the path from .gitignore, so that the file will be noticed by developers and removed.

• Dave Vandyke (22 Apr 24)

  Remove GPC declarativeNetRequest rule when GPC feature is disabled (#2510) When the user selects to disable Global Privacy Control (GPC) in the options page, we must take care to remove the corresponding declarativeNetRequest rule. Otherwise, the GPC headers will be added to requests against the user's wishes.

• Dave Vandyke (17 Apr 24)

  Fix the onboarding flow for the Chrome MV3 build (#2509) The onboarding code has some logic to display a welcome banner the first time the user performs a DuckDuckGo search after installing the extension. Until now, that code did not work for Chrome MV3 builds, since it attempted to inject a script into the "main world" by appending a <script> element - that does not work with MV3 due to the stricter Content-Security-Policy used. Let's use the scripting.executeScript API instead to inject the required code into the "main world". Note: This code is somewhat convoluted and could likely be simplified in the future. But for now, with the upcoming MV3 migration deadline, let's make the minimum changes required to get this working!

• Dave Vandyke (16 Apr 24)

  Increase the minimum supported browser versions (#2506) Our policy is to have the minimum supported Firefox version be the previous ESR release, which is currently version 102[1]. For the Chrome MV3 migration, we'll be making use of the recent increase of the dynamic declarativeNetRequest rule limit[2] that came in with version 121[3]. Note: Increasing the minimum supported browser versions for Chrome MV2 builds isn't important now, since we'll be migrating Chrome users to MV3 shortly. 1 - https://endoflife.date/firefox 2 - https://issues.chromium.org/issues/40282671 3 - https://chromium.googlesource.com/chromium/src/+/cbcff7e25340834b9ef92cdb05e20ab4f3a34564/chrome/VERSION

• dependabot[bot] (16 Apr 24)

  Bump the external-dependencies group with 10 updates (#2508) Bumps the external-dependencies group with 10 updates: | Package | From | To | | --- | --- | --- | | [dexie](https://github.com/dexie/Dexie.js) | `3.2.5` | `4.0.4` | | [i18next](https://github.com/i18next/i18next) | `23.10.0` | `23.11.2` | | [tldts](https://github.com/remusao/tldts) | `6.1.11` | `6.1.16` | | [@playwright/test](https://github.com/microsoft/playwright) | `1.42.1` | `1.43.1` | | [@types/chrome](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/chrome) | `0.0.262` | `0.0.266` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.11.24` | `20.12.7` | | [esbuild](https://github.com/evanw/esbuild) | `0.20.1` | `0.20.2` | | [glob](https://github.com/isaacs/node-glob) | `10.3.10` | `10.3.12` | | [sass](https://github.com/sass/dart-sass) | `1.71.1` | `1.75.0` | | [mocha](https://github.com/mochajs/mocha) | `10.3.0` | `10.4.0` | Updates `dexie` from 3.2.5 to 4.0.4 - [Release notes](https://github.com/dexie/Dexie.js/releases) - [Commits](https://github.com/dexie/Dexie.js/compare/v3.2.5...v4.0.4) Updates `i18next` from 23.10.0 to 23.11.2 - [Release notes](https://github.com/i18next/i18next/releases) - [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md) - [Commits](https://github.com/i18next/i18next/compare/v23.10.0...v23.11.2) Updates `tldts` from 6.1.11 to 6.1.16 - [Release notes](https://github.com/remusao/tldts/releases) - [Changelog](https://github.com/remusao/tldts/blob/master/CHANGELOG.md) - [Commits](https://github.com/remusao/tldts/compare/v6.1.11...v6.1.16) Updates `@playwright/test` from 1.42.1 to 1.43.1 - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](https://github.com/microsoft/playwright/compare/v1.42.1...v1.43.1) Updates `@types/chrome` from 0.0.262 to 0.0.266 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/chrome) Updates `@types/node` from 20.11.24 to 20.12.7 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `esbuild` from 0.20.1 to 0.20.2 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](https://github.com/evanw/esbuild/compare/v0.20.1...v0.20.2) Updates `glob` from 10.3.10 to 10.3.12 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](https://github.com/isaacs/node-glob/compare/v10.3.10...v10.3.12) Updates `sass` from 1.71.1 to 1.75.0 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.71.1...1.75.0) Updates `mocha` from 10.3.0 to 10.4.0 - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md) - [Commits](https://github.com/mochajs/mocha/compare/v10.3.0...v10.4.0) --- updated-dependencies: - dependency-name: dexie dependency-type: direct:production update-type: version-update:semver-major dependency-group: external-dependencies - dependency-name: i18next dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external-dependencies - dependency-name: tldts dependency-type: direct:production update-type: version-update:semver-patch dependency-group: external-dependencies - dependency-name: "@playwright/test" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: external-dependencies - dependency-name: "@types/chrome" dependency-type: direct:development update-type: version-update:semver-patch dependency-group: external-dependencies - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: external-dependencies - dependency-name: esbuild dependency-type: direct:development update-type: version-update:semver-patch dependency-group: external-dependencies - dependency-name: glob dependency-type: direct:development update-type: version-update:semver-patch dependency-group: external-dependencies - dependency-name: sass dependency-type: direct:development update-type: version-update:semver-minor dependency-group: external-dependencies - dependency-name: mocha dependency-type: direct:development update-type: version-update:semver-minor dependency-group: external-dependencies ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• dependabot[bot] (16 Apr 24)

  Bump @duckduckgo/content-scope-scripts from 5.6.0 to 5.12.0 (#2502) Bumps [@duckduckgo/content-scope-scripts](https://github.com/duckduckgo/content-scope-scripts) from 5.6.0 to 5.12.0. - [Release notes](https://github.com/duckduckgo/content-scope-scripts/releases) - [Commits](https://github.com/duckduckgo/content-scope-scripts/compare/edd96481d49b094c260f9a79e078abdbdd3a83fb...1bb3bc5eb565735051f342a87b5405d4374876c7) --- updated-dependencies: - dependency-name: "@duckduckgo/content-scope-scripts" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• Dave Vandyke (16 Apr 24)

  Remove build tooling for static declarativeNetRequest rulesets (#2505) Anticipating hitting Chrome's limit of 5,000 dynamic declarativeNetRequest rules[1], we begun work[2] to transition tracker blocking to use a static declarativeNetRequest ruleset. That work got put on hold, and since then Google have relaxed the dynamic rule limit to around 30,000[3] (though note that the limits are even more complex now, with a distinction between "safe" vs "unsafe" rules). The new dynamic rule limit should be plenty for our needs in the foreseeable future. Let's remove the code to generate static declarativeNetRequest rulesets at build time. 1 - https://developer.chrome.com/docs/extensions/reference/declarativeNetRequest/#property-MAX_NUMBER_OF_DYNAMIC_AND_SESSION_RULES 2 - https://github.com/duckduckgo/duckduckgo-privacy-extension/commit/d3b3827c731628d79bbbf9c6cfa0ccab3bde36db 3 - https://issues.chromium.org/issues/40282671

• Sam Macbeth (16 Apr 24)

  Implement manual resource caching. (#2490) Our CDN is currently serving `cache-control: no-cache`, so we can't rely on the browser it cache these requests for us.

• dependabot[bot] (15 Apr 24)

  Bump stefanzweifel/git-auto-commit-action from 5.0.0 to 5.0.1 (#2500) Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/8756aa072ef5b4a080af5dc8fef36c5d586e521d...8621497c8c39c72f3e2a999a26b4ca1b5058a842) --- updated-dependencies: - dependency-name: stefanzweifel/git-auto-commit-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• dependabot[bot] (15 Apr 24)

  Bump @duckduckgo/privacy-dashboard from 3.2.0 to 3.5.0 (#2503) Bumps [@duckduckgo/privacy-dashboard](https://github.com/duckduckgo/privacy-dashboard) from 3.2.0 to 3.5.0. - [Release notes](https://github.com/duckduckgo/privacy-dashboard/releases) - [Commits](https://github.com/duckduckgo/privacy-dashboard/compare/c67d268bf234760f49034a0fe7a6137a1b216b05...14b13d0c3db38f471ce4ba1ecb502ee1986c84d7) --- updated-dependencies: - dependency-name: "@duckduckgo/privacy-dashboard" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• Sam Macbeth (12 Apr 24)

  Support debugger server on subpath endpoints (#2499)

• Dax Mobile (09 Apr 24)

  Update autofill to 11.0.1 (#2497) Co-authored-by: GioSensation <[email protected]>

• Dax Mobile (09 Apr 24)

  Update autofill to 11.0.0 (#2495) Co-authored-by: GioSensation <[email protected]>

• Sam Macbeth (08 Apr 24)

  Custom config override (#2485) * Debugger connection component - allow override of config URL and use websocket to auto-refetch on change. * Add UI to set debugger connection * Revert config update interval * Remove debugging option * Fix button text alignment * Add force reload state to debugger button * Fix reload button on settings page refresh

• Sam Macbeth (27 Mar 24)

  Refactor TDS list loading (#2309) * Refactor TDS Storage Move trackers global initialization to component Re-add getSerializableList to tdsStorage (for devtools) Remove global updateLists alarm - these are now handled by individual resource loaders Implement onUpdate and stub it out in tdsStorage Fix stubs for unit-tests Comments Fix lint Move resources into a single tds component Make sure trackers update whenever tds changes Allow tests to mock tdsStorage Properly type tdsstorage Fix return of getSerializableList Fix devtools Fix some flaky MV3 tests More MV3 test fixes Tidy up Resource-loader unit-tests Fix merge * Update component types * Log load date on startup - for better debugging SW restarts * Use createAlarm wrapper * Use EventTarget on ResourceLoader for event dispatch * Move forDynamicDNRRulesLoaded helper to backgroundWait * afterUpdate event: emitted when the promises from all onUpdate listeners have resolved. * Add comments and types for ready and allLoadingFinished promises.

• Sam Macbeth (25 Mar 24)

  Detect internal users and add an extra section to settings for them. (#2480)

• dependabot[bot] (25 Mar 24)

  Bump @duckduckgo/tracker-surrogates from 1.3.1 to 1.3.2 (#2483) Bumps [@duckduckgo/tracker-surrogates](https://github.com/duckduckgo/tracker-surrogates) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/duckduckgo/tracker-surrogates/releases) - [Commits](https://github.com/duckduckgo/tracker-surrogates/compare/57b338a69e8b7554f005904c40d8536303433d4f...0528e3226df15b1a3e319ad68ef76612a8f26623) --- updated-dependencies: - dependency-name: "@duckduckgo/tracker-surrogates" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• dependabot[bot] (19 Mar 24)

  Bump privacy-test-pages from 1.3.0 to 1.3.1 (#2475) Bumps [privacy-test-pages](https://github.com/duckduckgo/privacy-test-pages) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/duckduckgo/privacy-test-pages/releases) - [Commits](https://github.com/duckduckgo/privacy-test-pages/compare/340bca2b1e917d16e1489976a25b919370556bc5...94f9ca1081c0bd773194c940e9b2c05b9b374da4) --- updated-dependencies: - dependency-name: privacy-test-pages dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• dependabot[bot] (19 Mar 24)

  Bump follow-redirects from 1.15.4 to 1.15.6 (#2472) Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.4 to 1.15.6. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.4...v1.15.6) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• dependabot[bot] (19 Mar 24)

  Bump @duckduckgo/content-scope-scripts from 4.64.0 to 5.6.0 (#2473) Bumps [@duckduckgo/content-scope-scripts](https://github.com/duckduckgo/content-scope-scripts) from 4.64.0 to 5.6.0. - [Release notes](https://github.com/duckduckgo/content-scope-scripts/releases) - [Commits](https://github.com/duckduckgo/content-scope-scripts/compare/36ddba2cbac52a41b9a9275af06d32fa8a56d2d7...edd96481d49b094c260f9a79e078abdbdd3a83fb) --- updated-dependencies: - dependency-name: "@duckduckgo/content-scope-scripts" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• Dax Mobile (14 Mar 24)

  Update autofill to 10.2.0 (#2470) Co-authored-by: GioSensation <[email protected]>

• github-actions[bot] (11 Mar 24)

  Release 2024.3.11 [ci release] (#2465) Co-authored-by: sammacbeth <[email protected]>

• Dave Vandyke (08 Mar 24)

  Improve unit test usability (#2463) The unit tests were a little tricky to work with, for failures the wrong line numbers were given and console.log() didn't work. Let's try to improve the situation: 1. Have the unit tests bundled with inline sourcemaps, that can then be used to report the line numbers correctly. 2. Add a note to the unit test's README to mention to use console.warn() or console.error() instead of console.log(). Note: Unfortunately adding inline sourcemaps seems to slow down Karma/Jasmine quite a bit. In the future, we might consider using a faster test runner, or one that supports external sourcemaps.

• Dave Vandyke (07 Mar 24)

  Use runtime.onPerformanceWarning event for breakage reports (#2462) The new runtime.onPerformanceWarning event is fired for extensions when the browser detects a runtime performance issue. This is so that extension developers can be notified and proactively investigate performance issues in their extensions. Initially, the event will be available with Firefox 124 and will fire only for serious content-script hangs[1]. (For those hangs, the user is also shown a warning banner[2].) In the future, the event will hopefully be available on more browsers, will include stack traces where possible and will fire under more conditions. For now, let's just include a basic `performanceWarning` flag with breakage reports, that indicates if the event fired for the tab in question. In the future, we can expand this as necessary to include details of stack traces and warning type and category. 1 - https://bugzilla.mozilla.org/show_bug.cgi?id=1861445 2 - "EXTENSION NAME" is slowing down Firefox. To speed up your browser, stop that extension. Learn more <Stop>

• dependabot[bot] (07 Mar 24)

  Bump @duckduckgo/privacy-reference-tests from `438faf5` to `a603ff9` (#2452) Bumps [@duckduckgo/privacy-reference-tests](https://github.com/duckduckgo/privacy-reference-tests) from `438faf5` to `a603ff9`. - [Release notes](https://github.com/duckduckgo/privacy-reference-tests/releases) - [Commits](https://github.com/duckduckgo/privacy-reference-tests/compare/438faf5160f7db0fd2f2952945a809a33a9cdbac...a603ff9af22ca3ff7ce2e7ffbfe18c447d9f23e8) --- updated-dependencies: - dependency-name: "@duckduckgo/privacy-reference-tests" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• dependabot[bot] (07 Mar 24)

  Bump sammacbeth/action-asana-sync from 5 to 6 (#2461) Bumps [sammacbeth/action-asana-sync](https://github.com/sammacbeth/action-asana-sync) from 5 to 6. - [Release notes](https://github.com/sammacbeth/action-asana-sync/releases) - [Commits](https://github.com/sammacbeth/action-asana-sync/compare/v5...v6) --- updated-dependencies: - dependency-name: sammacbeth/action-asana-sync dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>