[
{
"path": ".github/workflows/node.js.yml",
"content": "# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node\n# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions\n\nname: Tests\n\non:\n push:\n branches: [ \"main\" ]\n pull_request:\n branches: [ \"main\" ]\n\njobs:\n build:\n\n runs-on: ubuntu-latest\n\n strategy:\n matrix:\n node-version: [16.x, 18.x]\n # See supported Node.js release schedule at https://nodejs.org/en/about/releases/\n\n steps:\n - uses: actions/checkout@v3\n - name: Use Node.js ${{ matrix.node-version }}\n uses: actions/setup-node@v3\n with:\n node-version: ${{ matrix.node-version }}\n cache: 'npm'\n - run: npm ci\n - run: npm test\n"
},
{
"path": ".gitignore",
"content": "# Local user files\n.DS_Store\n.idea\n.vscode\n\n# Node.js\nnode_modules\n\n# Distribution files\ndist\ndev\n\n# local env files\n.env.local\n.env.*.local\n\n# Log files\nnpm-debug.log*\nyarn-debug.log*\nyarn-error.log*\n"
},
{
"path": "FUNDING.yml",
"content": "github: privacy-tech-lab\n"
},
{
"path": "LICENSE.md",
"content": "MIT License\n\nCopyright (c) 2021 privacy-tech-lab\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
},
{
"path": "README.md",
"content": "
\n \n \n \n \n \n \n \n \n \n \n \n
\n \n \n\n
\n \n
\n\n# OptMeowt ๐พ\n\nOptMeowt (\"Opt Me Out\") is a browser extension for opting you out from web tracking. OptMeowt works by sending Global Privacy Control (GPC) signals to visited websites per the [GPC spec](https://privacycg.github.io/gpc-spec/) that we are developing [at the W3C](https://github.com/privacycg/gpc-spec). In addition, OptMeowt also opts you out from Google's Topics API.\n\n
\n \n \n
\n\nOptMeowt is developed and maintained by Ambrose Vannier (@avan36), Ruby Friedman (@RubyFri), Matthew Rich (@mcrich921), Austin Bosch (@Spongebosch) and Sebastian Zimmeck (@SebastianZimmeck) of the [privacy-tech-lab](https://privacytechlab.org/).\n\nFormer contributors are Francisca Wijaya (@franciscawijaya), Sage Altman (@sagealtman), Matt May (@Mattm27), Ebuka Akubilo (@eakubilo), Samir Cerrato (@samir-cerrato), Nate Levinson (@natelevinson10), Oliver Wang (@OliverWang13), Sophie Eng (@sophieeng), Kate Hausladen (@katehausladen), Jocelyn Wang (@Jocelyn0830), Kuba Alicki (@kalicki1), Stanley Markman (@stanleymarkman), Kiryl Beliauski (@kbeliauski), Daniel Knopf (@dknopf) and Abdallah Salia (@asalia-1).\n\n[1. Research Publications](#1-research-publications) \n[2. Promo Video](#2-promo-video) \n[3. How Does OptMeowt Work?](#3-how-does-optmeowt-work) \n[4. Installing OptMeowt from Source](#4-installing-optmeowt-from-source) \n[5. Installing OptMeowt for Developers](#5-installing-optmeowt-for-developers) \n[6. Installing the OptMeowt PETS 2023 Version](#6-installing-the-optmeowt-pets-2023-version) \n[7. Testing](#7-testing) \n[8. OptMeowt's Permission Use](#8-optmeowts-permission-use) \n[9. OptMeowt's Architecture](#9-optmeowts-architecture) \n[10. Directories in this Repo](#10-directories-in-this-repo) \n[11. Third Party Libraries](#11-third-party-libraries) \n[12. Developer Guide](#12-developer-guide) \n[13. Thank You!](#13-thank-you)\n\n## 1. Research Publications\n\n- Sebastian Zimmeck, [Remarks on the Relevance of Privacy Expectations for Default Opt-out Settings](https://sebastianzimmeck.de/zimmeckEtAlRemarks2026.pdf), IEEE Symposium on Privacy Expectations (ISoPE), New York, New York, 2026, [BibTeX](https://sebastianzimmeck.de/citations.html#zimmeckEtAlGPCRemarks2026Bibtex).\n- Sebastian Zimmeck, Nishant Aggarwal, Zachary Liu, Sage Altman and Konrad Kollnig, [Exercising the CCPA Opt-out Right on Android: Legally Mandated but Practically Challenging](https://sebastianzimmeck.de/zimmeckEtAlGPCAndroid2026.pdf), 26th Privacy Enhancing Technologies Symposium (PETS), Calgary, Canada, July 2026, [BibTeX](https://sebastianzimmeck.de/citations.html#zimmeckEtAlGPCAndroid2026Bibtex)\n- Katherine Hausladen, Oliver Wang, Sophie Eng, Jocelyn Wang, Francisca Wijaya, Matt May and Sebastian Zimmeck, [Websites' Global Privacy Control Compliance at Scale and over Time](https://sebastianzimmeck.de/hausladenEtAlGPCWeb2025.pdf), 34th USENIX Security Symposium (USENIX Security), Seattle, CA, August 2025, [BibTeX](https://sebastianzimmeck.de/citations.html#hausladenEtAlGPCWeb2025Bibtex)\n- Francisca Wijaya, Katherine Hausladen, Matt May, Oliver Wang, Sophie Eng and Sebastian Zimmeck, [Crawl for GPC: An Investigation of CCPA Compliance on the Internet](https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/research/wijayaEtAlCrawlForGPC2024Poster.pdf), Summer Research 2024 Poster Session, Wesleyan University, July 2024\n- Sebastian Zimmeck, Nishant Aggarwal, Zachary Liu and Konrad Kollnig, [From Ad Identifiers to Global Privacy Control: The Status Quo and Future of Opting Out of Ad Tracking on Android](https://arxiv.org/abs/2407.14938), Under Review\n- Sebastian Zimmeck, Eliza Kuller, Chunyue Ma, Bella Tassone and Joe Champeau, [Generalizable Active Privacy Choice: Designing a Graphical User Interface for Global Privacy Control](https://sebastianzimmeck.de/zimmeckEtAlGPC2024.pdf), 24th Privacy Enhancing Technologies Symposium (PETS), Bristol, UK and Online Event, July 2024, [BibTeX](https://sebastianzimmeck.de/citations.html#zimmeckEtAlGPC2024Bibtex)\n- Katherine Hausladen, [Investigating the Current State of CCPA Compliance on the Internet](https://doi.org/10.14418/wes01.2.451), Master's Thesis, Wesleyan University, May 2024\n- Nishant Aggarwal, Wesley Tan, Konrad Kollnig and Sebastian Zimmeck, [The Invisible Threat: Exploring Mobile Privacy Concerns](https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/research/aggarwalEtAlInvisibleThreat2023Poster.pdf), Summer Research 2023 Poster Session, Wesleyan University, July 2023\n- Eliza Kuller, [Privacy Choice Mechanisms and Online Advertising: Can Generalizable Active Privacy Choices and Online Advertising Coexist?](https://doi.org/10.14418/wes01.1.2797), Undergraduate Honors Thesis, Wesleyan University, April 2023\n- Sebastian Zimmeck, Oliver Wang, Kuba Alicki, Jocelyn Wang and Sophie Eng, [Usability and Enforceability of Global Privacy Control](https://sebastianzimmeck.de/zimmeckEtAlGPC2023.pdf), 23rd Privacy Enhancing Technologies Symposium (PETS)\n Lausanne, Switzerland and Online Event, July 2023, [BibTeX](https://sebastianzimmeck.de/citations.html#zimmeckEtAlGPC2023Bibtex). For installing the OptMeowt version used in this paper, see the [instructions below](https://github.com/privacy-tech-lab/gpc-optmeowt#6-installing-the-optmeowt-pets-2023-version).\n- Isabella Tassone, Chunyue Ma, Eliza Kuller, Joe Champeau and Sebastian Zimmeck, [Enhancing Online Privacy: The Development of Practical Privacy Choice Mechanisms](https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/research/tassoneEtAlEnhancingOnlinePrivacy2022Poster.pdf), Summer Research 2022 Poster Session, Wesleyan University, July 2022\n- Sebastian Zimmeck, [Improving Internet Privacy with Global Privacy Control (GPC)](https://sebastianzimmeck.de/SaTC_PI_Meeting_2022_Poster_GPC_Zimmeck.pdf), 5th NSF Secure and Trustworthy Cyberspace Principal Investigator Meeting (2022 SaTC PI Meeting), Arlington, Virginia, USA, June 2022\n- Kuba Alicki, [Don't Sell Our Data: Exploring CCPA Compliance via Automated Privacy Signal Detection](https://digitalcollections.wesleyan.edu/islandora/dont-sell-our-data-exploring-ccpa-compliance-automated-privacy-signal-detection), Undergraduate Honors Thesis, Wesleyan University, April 2022\n- Eliza Kuller, Chunyue Ma, Isabella Tassone and Sebastian Zimmeck, [Making Online Privacy Choice Mechanisms Effective and Usable](http://summer21.research.wesleyan.edu/2021/07/22/balancing-usability-and-active-choice-while-developing-privacy-permission-schemes/), Summer Research 2021 Poster Session, Wesleyan University, Online, July 2021\n- Sebastian Zimmeck and Kuba Alicki, [Standardizing and Implementing Do Not Sell (Short Paper)](https://sebastianzimmeck.de/zimmeckAndAlicki2020DoNotSell.pdf), 19th Workshop on Privacy in the Electronic Society (WPES), Online Event, November 2020, [BibTeX](https://sebastianzimmeck.de/citations.html#zimmeckAndAlicki2020DoNotSellBibtex)\n\n## 2. Promo Video\n\n[](https://drive.google.com/file/d/1eto77EV13WazpJN1hGXiKKsP2l7oMEu1/view?usp=share_link)\n\n## 3. How Does OptMeowt Work?\n\nOptMeowt sends GPC signals to websites when you browse the web. Such signals must be respected for California consumers per the California Consumer Privacy Act (CCPA), [Regs Section 999.315(d)](https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/oal-sub-final-text-of-regs.pdf). The number of jurisdictions that require websites to respect GPC signals is increasing. Some websites also respect them even if they are not required to do so.\n\nIn detail, OptMeowt uses the following methods to opt you out:\n\n1. The [GPC header and JS property](https://privacycg.github.io/gpc-spec/).\n2. A `Permissions-Policy` header that opts sites out of Google's [Topics API](https://developer.mozilla.org/en-US/docs/Web/API/Topics_API) on Chromium-based browsers.\n\n**Opting Out of the Topics API:** As all browser vendors are phasing out the use of third-party cookies. In this context Google introduced the [Topics API](https://developer.mozilla.org/en-US/docs/Web/API/Topics_API). The Topics API identifies users' general areas of interest which are then used for personalized advertising. These topics are generated through observing and recording a users' browsing activity. Websites will then receive access to these topics that are stored on users' browsers. To opt you out of the Topics API OptMeowt sends a `Permissions-Policy` header to all the sites you visit. This approach follows [Google's documentation](https://developer.chrome.com/en/docs/privacy-sandbox/topics/#site-opt-out) on how to opt a site out of the Topics API. Note that this functionality of OptMeowt is only available for Chromium browsers as other browsers do not implement the Topics API.\n\n**Customizing which sites receive GPC signals:** For every site you visit OptMeowt will automatically add its domain to the `domain list`. Each newly added domain will receive GPC signals by default. However, you can exclude domains that should not receive GPC signals. This functionality is available on OptMeowt's popup window and settings page.\n\nFor a more in-depth look at how OptMeowt works, check out our [Beginners Guide to OptMeowt](https://docs.google.com/document/d/1H0sA6hK0Q0OLT4Tz_Yp-byHi0U4Ue5DO8k7K-NXnY2Q/edit?usp=sharing). (The document is up to date as of its date. Later changes to OptMeowt are not reflected.)\n\n## 4. Installing OptMeowt from Source\n\nHere are the instructions for installing OptMeowt from the source files in this repo.\n\n### Chrome and Firefox\n\n1. Clone this repo locally with:\n\n ```bash\n git clone https://github.com/privacy-tech-lab/gpc-optmeowt.git\n ```\n\n You can also download a zipped copy and unzip it.\n\n2. Install [Node.js and npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm).\n3. From within your local `/gpc-optmeowt/` directory install OptMeowt's dependencies with:\n\n ```bash\n npm ci\n ```\n\n4. Build the project by running:\n\n ```bash\n npm run build\n ```\n\n This command will create a built for both Chrome and Firefox in `.../gpc-optmeowt/dist/chrome/` and `.../gpc-optmeowt/dist/firefox/`, respectively. `npm run build` will also create packaged versions of OptMeowt in `.../gpc-optmeowt/packages` for distribution on the Chrome Web Store and on Firefox Add-Ons.\n\n### Chrome\n\n5. In Chrome, navigate to the extensions page at `chrome://extensions/`.\n6. Enable `Developer mode` with the slider on the top right corner of the extension page.\n7. Click the `Load unpacked` button in the top left of the page.\n8. Select the directory where you built OptMeowt, by default `/gpc-optmeowt/dist/chrome/` (the directory that contains the `manifest.json`).\n\n### Firefox\n\n5. In Firefox, navigate to the addons page with developer privileges at `about:debugging#/runtime/this-firefox`.\n6. Under `Temporary extensions`, click `Load Temporary Add-on...`.\n7. Select the manifest from the directory where you built OptMeowt, by default `/gpc-optmeowt/dist/firefox/manifest.json/`.\n\n**Note**: OptMeowt is in active development and new features are being added, some of which may cause errors. You can always get the stable release version on the [Chrome Web Store](https://chrome.google.com/webstore/detail/optmeowt/hdbnkdbhglahihjdbodmfefogcjbpgbo) and on [Firefox Add-Ons](https://addons.mozilla.org/en-US/firefox/addon/optmeowt/). You can also disable sending GPC signals to a site in case OptMeowt causes it to break.\n\n## 5. Installing OptMeowt for Developers\n\nTo build the development versions of OptMeowt follow the directions above but replace `npm run build` with:\n\n```bash\nnpm run start\n```\n\nThis command will run the npm script (referenced in `package.json`) that will call Webpack in development mode (Webpack settings are in `webpack.config.js`). `npm run start` will also initiate Webpack servers for both the Firefox and Chrome versions, which will listen for changes as you work and rebuild as necessary.\n\n### 5.1 Webpack\n\nWebpack will build the development versions of OptMeowt into the `dev` subdirectory instead of the `dist` subdirectory. The subdirectories for Chrome and Firefox are `dev/chrome` and `dev/firefox`, respectively.\n\nAlso, when you build for development, the development manifest (in `src/manifest-dev.json`) will be used instead of the distribution manifest (in `src/manifest-dist.json`). The development manifest contains an unsafe eval that we use for our source maps during development. The distribution manifest does not contain this eval. Webpack will select the correct manifest depending on whether you build for development or distribution.\n\nTo include new dependencies you can run:\n\n```bash\nnpm install\n```\n\nRunning this command instead of `npm ci` will include new dependencies in the `package-lock.json`, which is generated from the `package.json`.\n\n### 5.2 Debugging\n\nWe like to use the [Debugger for Firefox](https://marketplace.visualstudio.com/items?itemName=firefox-devtools.vscode-firefox-debug) from within [Visual Studio Code](https://code.visualstudio.com/) when in development to help automating the development and build processes. The default behavior is `F5` to launch and load the extension in the browser. There is a similar extension that you can use for Chrome, [JavaScript Debugger](https://marketplace.visualstudio.com/items?itemName=ms-vscode.js-debug), which is already included in Visual Studio Code by default. Make sure to follow the online documentation on writing the correct `.vscode/launch.json` file, or other necessary settings files, in order to properly load OptMeowt with the debugger.\n\n### 5.3 Developing on Windows\n\nWe have built most of our codebase in macOS, so path variables and similar code may cause the build to break in other OSs, in particular Windows. We recommend using macOS or installing a Linux OS if you will be working with the codebase in any significant manner.\n\n## 6. Installing the OptMeowt PETS 2023 Version\n\nThe version of OptMeowt used in our 2023 PETS paper, [Usability and Enforceability of Global Privacy Control](https://sebastianzimmeck.de/zimmeckEtAlGPC2023.pdf), can be found in our [v3.0.0-paper release](https://github.com/privacy-tech-lab/gpc-optmeowt/releases/tag/v3.0.0-paper). To view the v3.0.0-paper code, you can [look at the repo here](https://github.com/privacy-tech-lab/gpc-optmeowt/tree/v3.0.0-paper). Instructions for building the extension locally are the same as stated above per our [Firefox instructions](https://github.com/privacy-tech-lab/gpc-optmeowt/tree/main#firefox). To activate Analysis mode in the v3.0.0-paper release press the `Protection Mode` label in the popup. In addition, Analysis mode requires other privacy extensions or browsers to be disabled. For further detailed information on how to use analysis mode, please refer to [our methodology](https://github.com/privacy-tech-lab/gpc-optmeowt/tree/v4.0.1/#4-analysis-mode-firefox-only).\n\nAnalysis mode used to be part of the OptMeowt extension but is now part of the [GPC Web Crawler](https://github.com/privacy-tech-lab/gpc-web-crawler), which you can use to analyze websites' GPC compliance at scale.\n\n## 7. Testing\n\nOptMeowt uses the [Mocha](https://mochajs.org/) framework as well as [Puppeteer](https://pptr.dev/) to execute its testing and continuous integration. The continuous integration is built into the OptMeowt repo with Github Actions. The [Actions tab](https://github.com/privacy-tech-lab/gpc-optmeowt/actions) shows all workflows and past unit test checks for previous PRs.\n\nThe test responsible for checking OptMeowt's ability to set the GPC signal can not be run with GitHub Actions. You can run it locally with:\n\n```bash\nnpm test\n```\n\nUsing Puppeteer this command will launch an automated headful browser on Chromium testing the Chrome GPC signal against the [GPC reference server](https://global-privacy-control.vercel.app/).\n\n### 7.1 Running Automated Unit Tests\n\n**Locally:**\nYou can run unit tests locally.\n\n1. Clone this repo locally or download a zipped copy and unzip it.\n2. Make sure npm is up to date by running `npm -v` to check the version and updating follow [the instructions on the npm site](https://docs.npmjs.com/try-the-latest-stable-version-of-npm), depending on your operating system.\n3. Run tests with:\n\n ```bash\n npm test\n ```\n\n4. If Puppeteer is not installed, run:\n\n ```bash\n npm install\n ```\n\n**Continuous Integration:**\nThe continuous integration is built into the OptMeowt repo. Therefore, no changes to the extension environment are needed to run new tests.\n\n### 7.2 Manual UI testing\n\nThe following procedure is for testing the OptMeowt extension UI, which cannot be automated. They are recommended to be performed manually as follows:\n\n1. Download the version of the extension you want to test through `npm run start`. Then, download the unpacked dev version for your browser.\n2. Navigate to a site with the well-known file, like \n3. Click on the OptMeowt symbol in the top right of your browser.\n - [ ] TEST 1: The symbol for the cat should be solid green.\n - [ ] TEST 2: The URL of the website should be written under the \"Protection Mode\" banner.\n - [ ] TEST 3: Global Privacy Control should be enabled.\n - [ ] TEST 4: There should be a blue number detailing the number of domains receiving signals.\n4. Click on the drop down for \"3rd Party Domains\".\n - [ ] TEST 5: There should be sites that show up with Global Privacy Control switched on.\n5. Navigate out of the \"3rd Party Domains\" drop down and click on the \"Website Response\" drop down\n - [ ] TEST 6: There should be text showing that GPC Signals were accepted.\n - [ ] TEST 7: Switch \"Dark Mode\" on and off and ensure the popup is correctly changing colors.\n6. Navigate to the top of the popup and click on the \"More\" symbol (image: Sliders) to go to the Settings page.\n7. In the main settings page, click on \"Disable\" and open the popup.\n - [ ] TEST 8: The popup should be fully grayed out and showing the popup disabled.\n8. In the website, move to the Domainlist page.\n - [ ] TEST 9: There should be multiple domains showing in the Domainlist tab.\n9. Go back to the main settings page and export Domainlist.\n - [ ] TEST 10: Check the exported Domainlist and the Domainlist in the settings page to make sure the websites match up.\n\n### 7.3 Creating a New Test\n\n1. Navigate to `.../gpc-optmeowt/test/`. Then navigate to the folder in the test directory that corresponds to the tested function's location in the extension source code.\n2. Create a new file in the matching folder. Name the file with the format `FUNCTION_NAME.test.js`.\n For example, if testing a function named `sum` located in the folder `.../src/math`, create the test called `sum.test.js` in the folder `.../test/math`\n3. Write test using [ECMAScript formatting](https://nodejs.org/api/esm.html).\n\n## 8. OptMeowt's Permission Use\n\n**Note**: We do not collect any data from you. Third parties will also not receive your data. The permissions OptMeowt is using are required for opting you out. To that end, OptMeowt uses the following permissions:\n\n```json\n\"permissions\": [\n \"declarativeNetRequest\",\n \"webRequest\",\n \"webRequestBlocking\",\n \"webNavigation\",\n \"\",\n \"storage\",\n \"activeTab\",\n \"tabs\",\n \"scripting\"\n ]\n```\n\n- `declarativeNetRequest`: Allows OptMeowt to modify rules, allowing us to send the GPC header\n- `webRequest`: Pauses outgoing HTTP requests to append opt out headers\n- `webRequestBlocking`: Allows an extension to intercept and potentially block, modify, or redirect web requests before they are completed\n- `webNavigation`: Similar to `webRequest`, allows OptMeowt to check when navigation requests are made to reset processes\n- ``: Gives OptMeowt permission to access and interact with the content and data of any website visited by the browser\n- `storage`: Allows OptMeowt to save your opt out preferences in your browser\n- `activeTab`: Allows OptMeowt to set opt out signals on your active browser tab\n- `tabs`: Allows OptMeowt to keep track of HTTP headers per tab to show you the opt out status of the current site in a popup\n- `scripting`: Allows OptMeowt to declare content scripts and send the GPC DOM signal\n\n## 9. OptMeowt's Architecture\n\nDetailed information on OptMeowt's architecture is available in a [separate readme](https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/README_ARCHITECTURE.md).\n\n**Note**: The architecture readme is only current as of its commit date.\n\n## 10. Directories in this Repo\n\nHere are the main directories in this repo:\n\n- `src/`: Main contents of the OptMeowt browser extension.\n- `src/assets`: Graphical elements of the extension, including logos and button images.\n- `src/background`: Listeners for events and logic for sending privacy signals.\n- `src/data`: Definitions of headers and privacy flags.\n- `src/options`: UI elements and scripts for the supplemental options page.\n- `src/popup`: UI elements and scripts for the popup inside the extensions bar.\n- `src/theme`: Dark and light mode themes.\n- `ui-mockup`: Contains PDF and XD files demonstrating the preliminary mockup of OptMeowt.\n\n## 11. Third Party Libraries\n\nOptMeowt uses various [third party libraries](https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/package.json). We thank the developers.\n\n## 12. Developer Guide\n\nIf you have questions about OptMeowt's functionality or have found a bug, please check out our [FAQ \\ Known quirks](https://github.com/privacy-tech-lab/gpc-optmeowt/wiki/FAQ-%5C-Known-quirks) page on the [Wiki](https://github.com/privacy-tech-lab/gpc-optmeowt/wiki). If you cannot find what you are looking for, feel free to open an issue, and we will address it.\n\n**Note**: When viewing your browser's console on a site, a 404 error status code regarding the domain's GPC status file (`/.well-known/gpc.json`) may be shown. This behavior is normal and will occur (1) on domains that do not support GPC and (2) on domains that support GPC but do not host a `/.well-known/gpc.json` file.\n\n## 13. Thank You!\n\n
We would like to thank our supporters!
\n\n
Major financial support provided by the National Science Foundation.
Conclusions reached or positions taken are our own and not necessarily those of our financial supporters, its trustees, officers, or staff.
\n\n##\n\n
\n \n
\n"
},
{
"path": "README_ARCHITECTURE.md",
"content": "# Architecture Overview\n\n```txt\nsrc\nโโโ assets # Static images & files\nโโโ background # Manages the background script processes\nโย ย โโโ protection\nโย ย โ โโโ background.js\nโย ย โ โโโ listeners-chrome.js\nโย ย โ โโโ listeners-firefox.js\nโย ย โ โโโ protection-ff.js\nโย ย โ โโโ protection.js\nโย ย โโโ control.js\nโย ย โโโ storage.js\nโโโ common # Manages header sending and rules\nโย ย โโโ editDomainlist.js\nโย ย โโโ editRules.js\nโโโ content-scripts # Runs processes on site on adds DOM signal\nโย ย โโโ injection\nโย ย โย ย โโโ gpc-dom.js\nโย ย โโโ registration\nโย ย โย ย โโโ gpc-dom.js\nโย ย โโโ contentScript.js\nโโโ data # Stores constant data (DNS signals, settings, etc.)\nโย ย โโโ defaultSettings.js\nโย ย โโโ headers.js\nโย ย โโโ regex.js\nโโโ manifests # Stores manifests\nโย ย โโโ chrome\nโย ย โย ย โโโ manifest-dev.json\nโย ย โย ย โโโ manifest-dist.json\nโย ย โโโ firefox\nโย ย โย ย โโโ manifest-dev.json\nโย ย โย ย โโโ manifest-dist.json\nโโโ options # Options page frontend\nโย ย โโโ components\nโย ย โย ย โโโ scaffold-component.html\nโย ย โย ย โโโ util.js\nโย ย โโโ views\nโย ย โ โโโ about-view\nโย ย โ โย ย โโโ about-view.html\nโย ย โ โย ย โโโ about-view.js\nโย ย โ โโโ domainlist-view\nโย ย โ โย ย โโโ domainlist-view.html\nโย ย โ โย ย โโโ domainlist-view.js\nโย ย โ โโโ main-view\nโย ย โ โย ย โโโ main-view.html\nโย ย โ โย ย โโโ main-view.js\nโย ย โ โโโ settings-view\nโย ย โ โโโ settings-view.html\nโย ย โ โโโ settings-view.js\nโย ย โโโ dark-mode.css\nโย ย โโโ options.html\nโย ย โโโ options.js\nโย ย โโโ styles.css\nโโโ popup # Popup page frontend\nโย ย โโโ popup.html\nโย ย โโโ popup.js\nโย ย โโโ styles.css\nโโโ rules # Manages universal rules\nโย ย โโโ gpc_exceptions_rules.json\nโย ย โโโ universal_gpc_rules.json\nโโโ theme # Contains darkmode\n ย ย โโโ darkmode.js\ntest\nโโโ background\n โโโ gpc.test.js\n```\n\nThe following source folders have detailed descriptions further in the document.\n\n[background](#background)\\\n[common](#common)\\\n[content-scripts](#content-scripts)\\\n[data](#data)\\\n[manifests](#manifests)\\\n[options](#options)\\\n[popup](#popup)\\\n[rules](#rules)\\\n[theme](#theme)\n\n## background\n\n1. `protection`\n2. `control.js`\n3. `storage.js`\n\n### `src/background/protection`\n\n1. `background.js`\n2. `listeners-chrome.js`\n3. `listeners-firefox.js`\n4. `protection.js`\n5. `protection-ff.js`\n\n#### `protection/background.js`\n\nInitializes the protection mode listeners.\n\n#### `protection/listeners-chrome.js` and `protection/listeners-firefox.js`\n\nCreates listeners for Chrome and Firefox, respectively.\n\n#### `protection/protection.js`\n\nManages the domain list with functions like `logData();`, `updateDomainlistAndSignal();`, `pullToDomainlistCache();`, `syncDomainlists();`. Also responsible for supplying the popup with the proper information with `dataToPopup();`. Also creates listeners to watch the popup for domain list changes.\n\n#### `protection/protection-ff.js`\n\nManages the domain list for Firefox.\n\n### `background/control.js`\n\nUses `protection.js` to turn the extension on and off.\n\n### `background/storage.js`\n\nHandles storage uploads and downloads.\n\n## common\n\n1. `editDomainlist.js`\n2. `editRules.js`\n\nThis folder holds common internal API's to be used throughout the extension.\n\n### `common/editDomainlist.js`\n\nIs an internal API to be used for editing a users domain list.\n\n### `common/editRules.js`\n\nIs an internal API to be used for editing rules that allow us to send the GPC header.\n\n## content-scripts\n\n1. `injection`\n2. `registration`\n3. `contentScript.js`\n\nThis folder contains our main content script and methods for injecting the GPC signal into the DOM.\n\n### `src/content-scripts/injection`\n\n1. `gpc-dom.js`\n\n`gpc-dom.js` injects the DOM signal.\n\n### `src/content-scripts/registration`\n\n1. `gpc-dom.js`\n\nThis file injects `injection/gpc-dom.js` into the page using a static script. (Based on [this stack overflow thread](https://stackoverflow.com/questions/9515704/use-a-content-script-to-access-the-page-context-variables-and-functions))\n\n### `content-scripts/contentScript.js`\n\nThis runs on every page and sends information to signal background processes.\n\n## data\n\n1. `defaultSettings.js`\n2. `headers.js`\n3. `regex.js`\n\nThis folder contains static data.\n\n### `data/defaultSettings.js`\n\nContains the default OptMeowt settings.\n\n### `data/headers.js`\n\nContains the default headers to be attached to online requests.\n\n### `data/regex.js`\n\nContains regular expressions for finding \"do not sell\" links and related privacy signals.\n\n## manifests\n\n1. `chrome`\n2. `firefox`\n\nContains the extension manifests\n\n### `manifests/chrome`\n\n1. `manifest-dev.json`\n2. `manifest-dist.json`\n\nContains the development and distribution manifests for Chrome\n\n### `manifests/firefox`\n\n1. `manifest-dev.json`\n2. `manifest-dist.json`\n\nContains the development and distribution manifests for Firefox\n\n## options\n\n1. `components`\n2. `views`\n3. `dark-mode.css`\n4. `options.html`\n\nThis folder contains all of the frontend code\n\n### `options/components`\n\n1. `scaffold-component.html`\n2. `util.js`\n\nThis folder contains the basic layout of every options page and helper functions to help render the pages.\n\n### `options/views`\n\n1. `about-view`\n2. `domainlist-view`\n3. `main-view`\n4. `settings-view`\n\nContains all frontend and implementation of the settings pages.\n\n#### `views/about-view`\n\n1. `about-view.html`\n2. `about-view.js`\n\nBuilds the \"about\" page\n\n#### `views/domainlist-view`\n\n1. `domainlist-view.html`\n2. `domainlist-view.js`\n\nBuilds the domain list page\n\n#### `views/main-view`\n\n1. `main-view.html`\n2. `main-view.js`\n\nBuilds the main options page\n\n#### `views/settings-view`\n\n1. `settings-view.html`\n2. `settings-view.js`\n\nBuilds the settings page\n\n### `options/dark-mode.css`\n\nContains the dark-mode styles for OptMeowt.\n\n### `options/options.html` and `options/options.js`\n\nIs the entry point for the main options page.\n\n### `options/styles.css`\n\nContains the basic styles for OptMeowt.\n\n## popup\n\n1. `popup.html`\n2. `popup.js`\n3. `styles.css`\n\nContains the frontend and implementation for the OptMeowt popup.\n\n## rules\n\n1. `gpc_exception_rules.json`\n2. `universal_gpc_rules.json`\n\nContains rule framework for sending GPC headers to sites.\n\n## theme\n\n1. `darkmode.js`\n\nContains the dark mode functionality.\n\n**Links to APIs:**\n\nChrome: [webRequest](https://developer.chrome.com/docs/extensions/reference/webRequest/) and [webNavigation](https://developer.chrome.com/docs/extensions/reference/webNavigation/)\n\nFirefox: [webRequest](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest) and [webNavigation](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webNavigation)\n"
},
{
"path": "package.json",
"content": "{\n \"name\": \"optmeowt\",\n \"version\": \"6.1.0\",\n \"description\": \"A privacy extension that allows users to exercise rights under GPC\",\n \"main\": \"index.js\",\n \"type\": \"module\",\n \"scripts\": {\n \"prestart\": \"rimraf dev\",\n \"start\": \"concurrently -k npm:start:firefox npm:start:chrome\",\n \"start:firefox\": \"webpack --watch --mode development --env firefox\",\n \"start:chrome\": \"webpack --watch --mode development --env chrome\",\n \"prebuild\": \"rimraf dist && mkdir dist && mkdir dist/packages\",\n \"build\": \"npm run build:firefox && npm run build:chrome\",\n \"build:firefox\": \"webpack --mode production --env firefox\",\n \"build:chrome\": \"webpack --mode production --env chrome\",\n \"postbuild:firefox\": \"cd dist/firefox && zip -rFSX ../packages/ff-optmeowt-$npm_package_version.zip * -x '*.git*' -x '*.DS_Store*' -x '*.txt*'\",\n \"postbuild:chrome\": \"cd dist/chrome && zip -rFSX ../packages/chrome-optmeowt-$npm_package_version.zip * -x '*.git*' -x '*.DS_Store*' -x '*.txt*'\",\n \"test\": \"mocha $(find test -name '*.js')\"\n },\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/privacy-tech-lab/gpc-optmeowt.git\"\n },\n \"author\": \"\",\n \"license\": \"ISC\",\n \"bugs\": {\n \"url\": \"https://github.com/privacy-tech-lab/gpc-optmeowt/issues\"\n },\n \"homepage\": \"https://github.com/privacy-tech-lab/gpc-optmeowt#readme\",\n \"dependencies\": {\n \"animate.css\": \"^4.1.1\",\n \"darkmode-js\": \"^1.5.7\",\n \"file-saver\": \"^2.0.5\",\n \"idb\": \"^7.1.1\",\n \"mocha\": \"^10.8.2\",\n \"mustache\": \"^4.2.0\",\n \"path\": \"^0.12.7\",\n \"psl\": \"^1.8.0\",\n \"puppeteer\": \"^22.15.0\",\n \"rimraf\": \"^3.0.2\",\n \"tippy.js\": \"^6.3.7\",\n \"uikit\": \"3.6.9\"\n },\n \"devDependencies\": {\n \"@babel/core\": \"^7.21.3\",\n \"@babel/preset-env\": \"^7.20.2\",\n \"babel-loader\": \"^9.1.2\",\n \"clean-webpack-plugin\": \"^4.0.0\",\n \"concurrently\": \"^6.2.1\",\n \"copy-webpack-plugin\": \"^14.0.0\",\n \"css-loader\": \"^5.2.7\",\n \"file-loader\": \"^6.2.0\",\n \"html-webpack-plugin\": \"^5.3.2\",\n \"prettier\": \"^2.3.2\",\n \"string-replace-loader\": \"^3.0.3\",\n \"style-loader\": \"^2.0.0\",\n \"wait-on\": \"^7.2.0\",\n \"webpack\": \"^5.105.0\",\n \"webpack-cli\": \"^4.8.0\",\n \"webpack-dev-server\": \"^5.2.4\",\n \"workbox-webpack-plugin\": \"^7.3.0\"\n },\n \"overrides\": {\n \"serialize-javascript\": \"^7.0.4\"\n },\n \"resolutions\": {\n \"ws\": \"^8.17.1\"\n }\n}"
},
{
"path": "src/background/control.js",
"content": "/*\nLicensed per https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/LICENSE.md\nprivacy-tech-lab, https://privacytechlab.org/\n*/\n\n/*\ncontrol.js\n================================================================================\ncontrol.js manages persistent data, message liseteners, in particular\nto manage the state & functionality mode of the extension\n*/\n\nimport {\n init as initProtection_ff,\n halt as haltProtection_ff,\n} from \"./protection/protection-ff.js\";\nimport {\n init as initProtection_cr,\n halt as haltProtection_cr,\n} from \"./protection/protection.js\";\nimport { defaultSettings } from \"../data/defaultSettings.js\";\nimport { stores, storage } from \"./storage.js\";\nimport { reloadDynamicRules } from \"../common/editRules.js\";\n\nimport {\n debug_domainlist_and_dynamicrules,\n updateRemovalScript,\n} from \"../common/editDomainlist.js\";\n\nasync function enable() {\n var initProtection = initProtection_cr;\n initProtection();\n}\n\nfunction disable() {\n var haltProtection = haltProtection_cr;\n haltProtection();\n}\n\n/******************************************************************************/\n// Initializers\n\n// This is the very first thing the extension runs\n(async () => {\n chrome.scripting.registerContentScripts([\n {\n id: \"1\",\n matches: [\"\"],\n excludeMatches:[\"https://example.com/\"],\n js: [\"content-scripts/registration/gpc-dom.js\"],\n runAt: \"document_start\",\n }\n ]);\n\n // Check if the browser is Firefox\nif (\"$BROWSER\" == \"firefox\") {\n chrome.runtime.onInstalled.addListener(function (details) {\n if (details.reason === 'install') {\n chrome.runtime.openOptionsPage((result) => {});\n }\n });\n }\n // Initializes the default settings\n let settingsDB = await storage.getStore(stores.settings);\n for (let setting in defaultSettings) {\n if (typeof settingsDB[setting] === \"undefined\") {\n await storage.set(stores.settings, defaultSettings[setting], setting);\n }\n }\n const localSettings = await chrome.storage.local.get(\n \"WELLKNOWN_CHECK_ENABLED\"\n );\n if (typeof localSettings.WELLKNOWN_CHECK_ENABLED === \"undefined\") {\n await chrome.storage.local.set({\n WELLKNOWN_CHECK_ENABLED: defaultSettings[\"WELLKNOWN_CHECK_ENABLED\"],\n });\n }\n\n let isEnabled = await storage.get(stores.settings, \"IS_ENABLED\");\n\n if (isEnabled) {\n // Turns on the extension\n enable();\n updateRemovalScript();\n reloadDynamicRules();\n }\n\n})();\n\n/******************************************************************************/\n// Mode listeners\n\n// (1) Handle extension activeness is changed by calling all halt\n// \t - Make sure that I switch extensionmode and separate it from mode.domainlist\n// (2) Handle extension functionality with listeners and message passing\n\n/**\n * Listeners for information from --POPUP-- or --OPTIONS-- page\n * This is the main \"hub\" for message passing between the extension components\n * https://developer.chrome.com/docs/extensions/mv3/messaging/\n */\nchrome.runtime.onMessage.addListener(async function (\n message\n) {\n if (message.msg === \"TURN_ON_OFF\") {\n let isEnabled = message.data.isEnabled; // can be undefined\n\n if (isEnabled) {\n await storage.set(stores.settings, true, \"IS_ENABLED\");\n enable();\n } else {\n await storage.set(stores.settings, false, \"IS_ENABLED\");\n disable();\n }\n }\n\n if (message.msg === \"CHANGE_IS_DOMAINLISTED\") {\n let isDomainlisted = message.data.isDomainlisted; // can be undefined // not used\n }\n});\n"
},
{
"path": "src/background/protection/background.js",
"content": "/*\nLicensed per https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/LICENSE.md\nprivacy-tech-lab, https://privacytechlab.org/\n*/\n\n/*\nbackground.js\n================================================================================\nbackground.js is the main background script handling OptMeowt's\nmain opt-out functionality\n*/\n\nimport { enableListeners, disableListeners } from \"./listeners-$BROWSER.js\";\nimport { stores, storage } from \"../storage.js\";\nimport { defaultSettings } from \"../../data/defaultSettings.js\";\n\n// We could alt. use this in place of \"building\" for chrome/ff, just save it to settings in storage\nvar userAgent =\n window.navigator.userAgent.indexOf(\"Firefox\") > -1 ? \"moz\" : \"chrome\";\n\n/******************************************************************************/\n\n/**\n * Enables extension functionality and sets site listeners\n * Information regarding the functionality and timing of webRequest and webNavigation\n * can be found on Mozilla's & Chrome's API docuentation sites (also linked above)\n *\n * The actual listeners are located in `listeners-(chosen browser).js`\n * The functions called on event occurance are located in `events.js`\n *\n * HIERARCHY: manifest.json --> protection --> background.js --> listeners-$BROWSER.js --> events.js\n */\n\n/******************************************************************************/\n\n/**\n * Initializes the extension\n * Place all initialization necessary, as high level as can be, here.\n */\nasync function init() {\n enableListeners();\n}\n\nfunction halt() {\n disableListeners();\n}\n\n/******************************************************************************/\n\nexport const background = {\n init,\n halt,\n};\n"
},
{
"path": "src/background/protection/listeners-chrome.js",
"content": "/*\nLicensed per https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/LICENSE.md\nprivacy-tech-lab, https://privacytechlab.org/\n*/\n\n/*\nlisteners-chrome.js\n================================================================================\nlisteners-chrome.js holds the on-page-visit listeners for chrome that activate \nour main functionality\n*/\n\n// https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/onBeforeRequest\n// https://developer.chrome.com/docs/extensions/reference/webRequest/\n// This is the extraInfoSpec array of strings\nconst CHROME_REQUEST_SPEC = [\"requestHeaders\", \"extraHeaders\"];\nconst CHROME_RESPONSE_SPEC = [\"responseHeaders\", \"extraHeaders\"];\n// This is the filter object\nconst FILTER = { urls: [\"\"] };\n\n/**\n * Enables extension functionality and sets site listeners\n * Information regarding the functionality and timing of webRequest and webNavigation\n * can be found on Mozilla's & Chrome's API docuentation sites (also linked above)\n *\n * The functions called on event occurance are located in `events.js`\n */\nfunction enableListeners(callbacks) {\n const {\n onBeforeSendHeaders,\n onHeadersReceived,\n onBeforeNavigate,\n onCommitted,\n onCompleted,\n } = callbacks;\n\n // (4) global Chrome listeners\n chrome.webRequest.onBeforeSendHeaders.addListener(\n onBeforeSendHeaders,\n FILTER,\n CHROME_REQUEST_SPEC\n );\n chrome.webRequest.onHeadersReceived.addListener(\n onHeadersReceived,\n FILTER,\n CHROME_RESPONSE_SPEC\n );\n chrome.webNavigation.onBeforeNavigate.addListener(onBeforeNavigate, FILTER);\n chrome.webNavigation.onCommitted.addListener(onCommitted, FILTER);\n chrome.webNavigation.onCompleted.addListener(onCompleted, FILTER);\n}\n\n/**\n * Disables background listeners\n */\nfunction disableListeners(callbacks) {\n const {\n onBeforeSendHeaders,\n onHeadersReceived,\n onBeforeNavigate,\n onCommitted,\n onCompleted,\n } = callbacks;\n\n chrome.webRequest.onBeforeSendHeaders.removeListener(onBeforeSendHeaders);\n chrome.webRequest.onHeadersReceived.removeListener(onHeadersReceived);\n chrome.webNavigation.onBeforeNavigate.removeListener(onBeforeNavigate);\n chrome.webNavigation.onCommitted.removeListener(onCommitted);\n chrome.webNavigation.onCompleted.removeListener(onCompleted);\n}\n\nexport { enableListeners, disableListeners };\n"
},
{
"path": "src/background/protection/listeners-firefox.js",
"content": "/*\nLicensed per https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/LICENSE.md\nprivacy-tech-lab, https://privacytechlab.org/\n*/\n\n/*\nlisteners-firefox.js\n================================================================================\nlisteners-firefox.js holds the on-page-visit listeners for firefox that activate \nour main functionality\n*/\n\n// https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/onBeforeRequest\n// https://developer.chrome.com/docs/extensions/reference/webRequest/\n// This is the extraInfoSpec array of strings\nconst MOZ_REQUEST_SPEC = [\"requestHeaders\", \"blocking\"];\nconst MOZ_RESPONSE_SPEC = [\"responseHeaders\", \"blocking\"];\n\n// This is the filter object\nconst FILTER = { urls: [\"\"] };\n\n/**\n * Enables extension functionality and sets site listeners\n * Information regarding the functionality and timing of webRequest and webNavigation\n * can be found on Mozilla's & Chrome's API docuentation sites (also linked above)\n *\n * The functions called on event occurance are located in `events.js`\n */\nfunction enableListeners(callbacks) {\n const {\n onBeforeSendHeaders,\n onHeadersReceived,\n onBeforeNavigate,\n onCommitted,\n onCompleted,\n } = callbacks;\n\n // (4) global Firefox listeners\n chrome.webRequest.onBeforeSendHeaders.addListener(\n onBeforeSendHeaders,\n FILTER,\n MOZ_REQUEST_SPEC\n );\n chrome.webRequest.onHeadersReceived.addListener(\n onHeadersReceived,\n FILTER,\n MOZ_RESPONSE_SPEC\n );\n chrome.webNavigation.onBeforeNavigate.addListener(onBeforeNavigate);\n chrome.webNavigation.onCommitted.addListener(onCommitted);\n chrome.webNavigation.onCompleted.addListener(onCompleted);\n}\n\n/**\n * Disables background listeners\n */\nfunction disableListeners(callbacks) {\n const {\n onBeforeSendHeaders,\n onHeadersReceived,\n onBeforeNavigate,\n onCommitted,\n onCompleted,\n } = callbacks;\n\n chrome.webRequest.onBeforeSendHeaders.removeListener(onBeforeSendHeaders);\n chrome.webRequest.onHeadersReceived.removeListener(onHeadersReceived);\n chrome.webNavigation.onBeforeNavigate.removeListener(onBeforeNavigate);\n chrome.webNavigation.onCommitted.removeListener(onCommitted);\n chrome.webNavigation.onCompleted.removeListener(onCompleted);\n}\n\nexport { enableListeners, disableListeners };\n"
},
{
"path": "src/background/protection/protection-ff.js",
"content": "/*\nLicensed per https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/LICENSE.md\nprivacy-tech-lab, https://privacytechlab.org/\n*/\n\n/*\nprotection.js\n================================================================================\nprotection.js (1) Implements our per-site functionality for the background listeners\n (2) Handles cached values & message passing to popup & options page\n*/\n\nimport { stores, storage } from \"../storage.js\";\nimport { defaultSettings } from \"../../data/defaultSettings.js\";\nimport { headers } from \"../../data/headers.js\";\nimport { enableListeners, disableListeners } from \"./listeners-$BROWSER.js\";\nimport psl from \"psl\";\nimport { isWellknownCheckEnabled } from \"../../common/settings.js\";\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Initializers (cached values) **********/\n/******************************************************************************/\n/******************************************************************************/\n\nvar domainlist = {}; // Caches & mirrors domainlist in storage\nvar isDomainlisted = defaultSettings[\"IS_DOMAINLISTED\"];\nvar tabs = {}; // Caches all tab infomration, i.e. requests, etc. \nvar wellknown = {}; // Caches wellknown info to be sent to popup\nvar signalPerTab = {}; // Caches if a signal is sent to render the popup icon\nvar activeTabID = 0; // Caches current active tab id\nvar sendSignal = true; // Caches if the signal can be sent to the curr domain\nvar domPrev3rdParties = {}; //stores all the 3rd parties by domain (resets when you quit chrome)\nvar globalParsedDomain;\n\nasync function reloadVars() {\n let storedDomainlisted = await storage.get(\n stores.settings,\n \"IS_DOMAINLISTED\"\n );\n if (storedDomainlisted) {\n isDomainlisted = storedDomainlisted;\n }\n}\n\nreloadVars();\n\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Lisetener callbacks - Main functionality **********/\n/******************************************************************************/\n/******************************************************************************/\n\n/*\n * The four following functions are all related to the four main listeners in\n * `background.js`. These four functions implement all the other helper\n * functions below\n */\n\nconst listenerCallbacks = {\n /**\n * Handles all signal processessing prior to sending request headers\n * @param {object} details - retrieved info passed into callback\n * @returns {array} details.requestHeaders from addHeaders\n */\n onBeforeSendHeaders: async (details) => {\n await updateDomainlist(details);\n\n if (true) {\n signalPerTab[details.tabId] = true;\n return addHeaders(details);\n }\n },\n\n /**\n * @param {object} details - retrieved info passed into callback\n */\n onHeadersReceived: (details) => {\n logData(details);\n },\n\n /**\n * @param {object} details - retrieved info passed into callback\n */\n onBeforeNavigate: (details) => {\n // Resets certain cached info\n if (details.frameId === 0) {\n wellknown[details.tabId] = null;\n signalPerTab[details.tabId] = false;\n tabs[activeTabID].REQUEST_DOMAINS = {};\n }\n },\n\n /**\n * Adds DOM property\n * @param {object} details - retrieved info passed into callback\n */\n onCommitted: async (details) => {\n if (true) {\n addDomSignal(details);\n updatePopupIcon(details);\n }\n },\n}; // closes listenerCallbacks object\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Listener helper fxns - Main functionality **********/\n/******************************************************************************/\n/******************************************************************************/\n\n/**\n * Attaches headers from `headers.js` to details.requestHeaders\n * @param {object} details - retrieved info passed into callback\n * @returns {array} details.requestHeaders\n */\nfunction addHeaders(details) {\n console.log(\"addHeaders called\");\n for (let signal in headers) {\n let s = headers[signal];\n details.requestHeaders.push({ name: s.name, value: s.value });\n }\n return { requestHeaders: details.requestHeaders };\n}\n\n/**\n * Runs `dom.js` to attach DOM signal\n * @param {object} details - retrieved info passed into callback\n */\nfunction addDomSignal(details) {\n console.log(\"addDomSignal called\");\n chrome.scripting.executeScript(details.tabId, {\n file: \"../../content-scripts/injection/gpc-dom.js\",\n frameId: details.frameId, // Supposed to solve multiple injections\n // as opposed to allFrames: true\n runAt: \"document_start\",\n });\n}\n\nfunction getCurrentParsedDomain() {\n return new Promise((resolve, reject) => {\n try {\n chrome.tabs.query({ active: true, currentWindow: true }, function (tabs) {\n let tab = tabs[0];\n let url = new URL(tab.url);\n let parsed = psl.parse(url.hostname);\n let domain = parsed.domain;\n globalParsedDomain = domain; // for global scope variable\n resolve(domain);\n });\n } catch(e) {\n reject();\n }\n })\n}\n\n/**\n * Checks whether a particular domain should receive a DNS signal\n * (1) Parse url to get domain for domainlist\n * (2) Update domains by adding current domain to domainlist in storage.\n * (3) Updates the 3rd party list for the currentDomain\n * (4) Check to see if we should send signal.\n * \n * Currently, it only adds to domainlist store as NULL if it doesnt exist\n * @param {Object} details - callback object according to Chrome API\n */\n async function updateDomainlist(details) {\n let url = new URL(details.url);\n let parsedUrl = psl.parse(url.hostname);\n let parsedDomain = parsedUrl.domain;\n if (parsedDomain == null || parsedDomain == undefined) {\n return;\n }\n\n let parsedDomainVal = domainlist[parsedDomain];\n if (parsedDomainVal === undefined) {\n storage.set(stores.domainlist, null, parsedDomain); // Sets to storage async\n domainlist[parsedDomain] = null; // Sets to cache\n parsedDomainVal = null;\n }\n\n //get the current parsed domain--this is used to store 3rd parties (using globalParsedDomain variable)\n \n let currentDomain = await getCurrentParsedDomain(); \n //initialize the objects\n if (!(activeTabID in domPrev3rdParties)){\n domPrev3rdParties[activeTabID] = {};\n }\n if (!(currentDomain in domPrev3rdParties[activeTabID]) ){\n domPrev3rdParties[activeTabID][currentDomain] = {};\n }\n //as they come in, add the parsedDomain to the object with null value (just a placeholder)\n domPrev3rdParties[activeTabID][currentDomain][parsedDomain] = null;\n \n\n (isDomainlisted) \n ? ((parsedDomainVal === null) ? sendSignal = true : sendSignal = false)\n : sendSignal = true;\n}\n\nfunction updatePopupIcon(details) {\n if (wellknown[details.tabId] === undefined) {\n wellknown[details.tabId] = null;\n }\n if (wellknown[details.tabId] === null) {\n chrome.browserAction.setIcon({\n tabId: details.tabId,\n path: \"assets/face-icons/optmeow-face-circle-green-ring-128.png\",\n });\n }\n}\n\nfunction logData(details) {\n let url = new URL(details.url);\n let parsed = psl.parse(url.hostname);\n\n if (tabs[details.tabId] === undefined) {\n tabs[details.tabId] = { DOMAIN: null, REQUEST_DOMAINS: {}, TIMESTAMP: 0 };\n tabs[details.tabId].REQUEST_DOMAINS[parsed.domain] = {\n URLS: {},\n RESPONSE: details.responseHeaders,\n TIMESTAMP: details.timeStamp,\n };\n tabs[details.tabId].REQUEST_DOMAINS[parsed.domain].URLS = {\n URL: details.url,\n RESPONSE: details.responseHeaders,\n };\n } else {\n if (tabs[details.tabId].REQUEST_DOMAINS[parsed.domain] === undefined) {\n tabs[details.tabId].REQUEST_DOMAINS[parsed.domain] = {\n URLS: {},\n RESPONSE: details.responseHeaders,\n TIMESTAMP: details.timeStamp,\n };\n tabs[details.tabId].REQUEST_DOMAINS[parsed.domain].URLS[details.url] = {\n RESPONSE: details.responseHeaders,\n };\n } else {\n tabs[details.tabId].REQUEST_DOMAINS[parsed.domain].URLS[details.url] = {\n RESPONSE: details.responseHeaders,\n };\n }\n }\n}\n\nasync function pullToDomainlistCache() {\n let domain;\n let domainlistKeys = await storage.getAllKeys(stores.domainlist);\n let domainlistValues = await storage.getAll(stores.domainlist);\n for (let key in domainlistKeys) {\n domain = domainlistKeys[key];\n domainlist[domain] = domainlistValues[key];\n }\n}\n\nasync function syncDomainlists() {\n // (1) Reconstruct a domainlist indexedDB object from storage\n // (2) Iterate through local domainlist\n // --- If item in cache NOT in domainlistKeys/domainlistDB, add to storage\n // via storage.set()\n // (3) Iterate through all domain keys in indexedDB domainlist\n // --- If key NOT in cached domainlist, add to cached domainlist\n\n let domainlistKeys = await storage.getAllKeys(stores.domainlist);\n let domainlistValues = await storage.getAll(stores.domainlist);\n let domainlistDB = {};\n let domain;\n for (let key in domainlistKeys) {\n domain = domainlistKeys[key];\n domainlistDB[domain] = domainlistValues[key];\n }\n\n for (let domainKey in domainlist) {\n if (!domainlistDB[domainKey]) {\n await storage.set(stores.domainlist, domainlist[domainKey], domainKey);\n }\n }\n\n for (let domainKey in domainlistDB) {\n if (!domainlist[domainKey]) {\n domainlist[domainKey] = domainlistDB[domainKey];\n }\n }\n}\n\n/**\n * whether the curr site should get privacy signals\n * (We need to try and make a synchronous version, esp. for DOM issue & related\n * message passing with the contentscript which injects the DOM signal)\n * @returns {bool} sendSignal\n */\nasync function sendPrivacySignal(domain) {\n let sendSignal;\n const extensionEnabled = await storage.get(stores.settings, \"IS_ENABLED\");\n const extensionDomainlisted = await storage.get(\n stores.settings,\n \"IS_DOMAINLISTED\"\n );\n const domainDomainlisted = await storage.get(stores.domainlist, domain);\n\n if (extensionEnabled) {\n if (extensionDomainlisted) {\n // Recall we must flip the value of the domainlisted domain\n // due to how to how defined domainlisted values, corresponding to MV3\n // declarativeNetRequest rule exceptions\n // (i.e., null => no rule exists, valued => exception rule exists)\n sendSignal = !domainDomainlisted ? true : false;\n } else {\n sendSignal = true;\n }\n } else {\n sendSignal = false;\n }\n return sendSignal;\n}\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Message Passing - Popup helper fxns **********/\n/******************************************************************************/\n/******************************************************************************/\n\nfunction handleSendMessageError() {\n const error = chrome.runtime.lastError;\n if (error) {\n console.warn(error.message);\n }\n}\n\n// Info back to popup\nfunction dataToPopup() {\n\n let requestsData = {}; \n \n if (tabs[activeTabID] !== undefined) {\n\n requestsData = domPrev3rdParties[activeTabID][globalParsedDomain];\n console.log(\"requests by tabID:\", domPrev3rdParties);\n }\n\n chrome.tabs.query({ active: true, currentWindow: true }, function (tabs) {\n let tabID = tabs[0][\"id\"];\n let wellknownData = wellknown[tabID];\n\n let popupData = {\n requests: requestsData,\n wellknown: wellknownData,\n };\n\n chrome.runtime.sendMessage(\n {\n msg: \"POPUP_PROTECTION_DATA\",\n data: popupData,\n },\n handleSendMessageError\n );\n });\n}\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Message passing **********/\n/******************************************************************************/\n/******************************************************************************/\n\n/**\n * Currently only handles syncing domainlists between storage and memory\n * This runs when the popup disconnects from the background page\n * @param {Port} port\n */\nfunction onConnectHandler(port) {\n if (port.name === \"POPUP\") {\n port.onDisconnect.addListener(function () {\n syncDomainlists();\n });\n }\n}\n\n/**\n * This is currently only to handle adding the GPC DOM signal.\n * I'm not sure how to fit it into an async call, it doesn't want to connect.\n * It would be nice to merge the two onMessage handlers.\n * TODO: This method still seems to have a timing issue. Doesn't always show DOM signal as thumbs up on reference site.\n * @returns {Bool} true (lets us send asynchronous responses to senders)\n */\nfunction onMessageHandlerSynchronous(message, sender, sendResponse) {\n if (message.msg === \"APPEND_GPC_PROP\") {\n let url = new URL(sender.origin);\n let parsed = psl.parse(url.hostname);\n let domain = parsed.domain;\n\n const r = sendPrivacySignal(domain);\n r.then((r) => {\n const response = {\n msg: \"APPEND_GPC_PROP_RESPONSE\",\n sendGPC: r,\n };\n sendResponse(response);\n });\n }\n return true;\n}\n\n/**\n * Listeners for information from --POPUP-- or --OPTIONS-- page\n * This is the main \"hub\" for message passing between the extension components\n * https://developer.chrome.com/docs/extensions/mv3/messaging/\n */\nasync function onMessageHandlerAsync(message, sender, sendResponse) {\n if (message.msg === \"GET_WELLKNOWN_CHECK_ENABLED\") {\n const enabled = await isWellknownCheckEnabled();\n await chrome.storage.local.set({ WELLKNOWN_CHECK_ENABLED: enabled });\n sendResponse({ enabled });\n return true;\n }\n if (message.msg === \"TOGGLE_WELLKNOWN_CHECK\") {\n const enabled = message.data?.enabled !== false;\n await storage.set(stores.settings, enabled, \"WELLKNOWN_CHECK_ENABLED\");\n await chrome.storage.local.set({ WELLKNOWN_CHECK_ENABLED: enabled });\n if (!enabled) {\n await storage.clear(stores.wellknownInformation);\n wellknown = {};\n }\n }\n if (message.msg === \"CHANGE_IS_DOMAINLISTED\") {\n isDomainlisted = message.data.isDomainlisted;\n storage.set(stores.settings, isDomainlisted, \"IS_DOMAINLISTED\");\n }\n if (message.msg === \"SET_TO_DOMAINLIST\") {\n let { domain, key } = message.data;\n domainlist[domain] = key; // Sets to cache\n storage.set(stores.domainlist, key, domain); // Sets to long term storage\n }\n if (message.msg === \"REMOVE_FROM_DOMAINLIST\") {\n let domain = message.data;\n delete domainlist[domain];\n }\n if (message.msg === \"POPUP_PROTECTION\") {\n dataToPopup();\n }\n if (message.msg === \"CONTENT_SCRIPT_WELLKNOWN\") {\n const wellknownCheckEnabled = await isWellknownCheckEnabled();\n if (!wellknownCheckEnabled) {\n return true;\n }\n let tabID = sender.tab.id;\n wellknown[tabID] = message.data;\n if (wellknown[tabID][\"gpc\"] === true) {\n setTimeout(() => {}, 10000);\n if (signalPerTab[tabID] === true) {\n chrome.browserAction.setIcon({\n tabId: tabID,\n path: \"assets/face-icons/optmeow-face-circle-green-128.png\",\n });\n }\n }\n }\n\n if (message.msg === \"CONTENT_SCRIPT_TAB\") {\n let url = new URL(sender.origin);\n let parsed = psl.parse(url.hostname);\n let domain = parsed.domain;\n let tabID = sender.tab.id;\n if (tabs[tabID] === undefined) {\n tabs[tabID] = {\n DOMAIN: domain,\n REQUEST_DOMAINS: {},\n TIMESTAMP: message.data,\n };\n } else if (tabs[tabID].DOMAIN !== domain) {\n tabs[tabID].DOMAIN = domain;\n let urls = tabs[tabID][\"REQUEST_DOMAINS\"];\n for (let key in urls) {\n if (urls[key][\"TIMESTAMP\"] >= message.data) {\n tabs[tabID][\"REQUEST_DOMAINS\"][key] = urls[key];\n } else {\n delete tabs[tabID][\"REQUEST_DOMAINS\"][key];\n }\n }\n tabs[tabID][\"TIMESTAMP\"] = message.data;\n }\n }\n if (message.msg === \"FORCE_RELOAD\") {\n pullToDomainlistCache();\n }\n return true; // Async callbacks require this\n}\n\nfunction initMessagePassing() {\n chrome.runtime.onConnect.addListener(onConnectHandler);\n chrome.runtime.onMessage.addListener(onMessageHandlerAsync);\n chrome.runtime.onMessage.addListener(onMessageHandlerSynchronous);\n}\n\nfunction closeMessagePassing() {\n chrome.runtime.onConnect.removeListener(onConnectHandler);\n chrome.runtime.onMessage.removeListener(onMessageHandlerAsync);\n chrome.runtime.onMessage.removeListener(onMessageHandlerSynchronous);\n}\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Other initializers - run once per enable **********/\n/******************************************************************************/\n/******************************************************************************/\n\n/**\n * Listener for tab switch that updates the cached current tab variable\n */\nfunction onActivatedProtectionMode(info) {\n activeTabID = info.tabId;\n}\n\n// Handles misc. setup & setup listeners\nfunction initSetup() {\n pullToDomainlistCache();\n\n // Runs on startup to initialize the cached current tab variable\n chrome.tabs.query({ active: true, currentWindow: true }, function (tabs) {\n if (tabs.id) {\n activeTabID = tabs.id;\n }\n });\n\n chrome.tabs.onActivated.addListener(onActivatedProtectionMode);\n}\n\nfunction closeSetup() {\n chrome.tabs.onActivated.removeListener(onActivatedProtectionMode);\n}\n\n/**\n * Inteded to facilitate transitioning between analysis & protection modes\n */\nfunction wipeLocalVars() {\n domainlist = {}; // Caches & mirrors domainlist in storage\n tabs = {}; // Caches all tab infomration, i.e. requests, etc.\n wellknown = {}; // Caches wellknown info to be sent to popup\n signalPerTab = {}; // Caches if a signal is sent to render the popup icon\n activeTabID = 0; // Caches current active tab id\n sendSignal = false; // Caches if the signal can be sent to the curr domain\n}\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Exportable init / halt functions **********/\n/******************************************************************************/\n/******************************************************************************/\n\nexport function init() {\n reloadVars();\n enableListeners(listenerCallbacks);\n initMessagePassing();\n initSetup();\n}\n\n\nexport function halt() {\n disableListeners(listenerCallbacks);\n closeMessagePassing();\n closeSetup();\n wipeLocalVars();\n}\n"
},
{
"path": "src/background/protection/protection.js",
"content": "/*\nLicensed per https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/LICENSE.md\nprivacy-tech-lab, https://privacytechlab.org/\n*/\n\n/*\nprotection.js\n================================================================================\nprotection.js (1) Implements our per-site functionality for the background listeners\n (2) Handles cached values & message passing to popup & options page\n*/\n\nimport { stores, storage } from \"./../storage.js\";\nimport { defaultSettings } from \"../../data/defaultSettings.js\";\nimport { enableListeners, disableListeners } from \"./listeners-$BROWSER.js\";\nimport psl from \"psl\";\n\nimport {\n addDynamicRule,\n deleteDynamicRule,\n reloadDynamicRules,\n} from \"../../common/editRules.js\";\nimport { isWellknownCheckEnabled, isComplianceCheckEnabled, getUserState } from \"../../common/settings.js\";\nimport { fetchComplianceData, isCacheValid } from \"../../data/complianceData.js\";\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Initializers (cached values) **********/\n/******************************************************************************/\n/******************************************************************************/\n\nvar domainlist = {}; // Caches & mirrors domainlist in storage\nvar isDomainlisted = defaultSettings[\"IS_DOMAINLISTED\"];\nvar tabs = {}; // Caches all tab infomration, i.e. requests, etc. \nvar wellknown = {}; // Caches wellknown info to be sent to popup\nvar signalPerTab = {}; // Caches if a signal is sent to render the popup icon\nvar activeTabID = 0; // Caches current active tab id\nvar sendSignal = true; // Caches if the signal can be sent to the curr domain\nvar domPrev3rdParties = {}; //stores all the 3rd parties by domain (resets when you quit chrome)\nvar globalParsedDomain;\nvar setup = false;\n// complianceData cache is now handled by the IndexedDB store \"stores.complianceData\"\nconst DEFAULT_NO_DATA_STATUS = {\n status: 'no_data',\n details: 'We do not have data for this site.',\n lastChecked: null\n};\n\nasync function reloadVars() {\n let storedDomainlisted = await storage.get(\n stores.settings,\n \"IS_DOMAINLISTED\"\n );\n if (storedDomainlisted) {\n isDomainlisted = storedDomainlisted;\n }\n}\n\nreloadVars();\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Lisetener callbacks - Main functionality **********/\n/******************************************************************************/\n/******************************************************************************/\n\n/*\n * The four following functions are all related to the four main listeners in\n * `background.js`. These four functions implement all the other helper\n * functions below\n */\n\nconst listenerCallbacks = {\n /**\n * Handles all signal processessing prior to sending request headers\n * @param {object} details - retrieved info passed into callback\n * @returns {array}\n */\n onBeforeSendHeaders: async (details) => {\n await updateDomainlist(details);\n },\n\n /**\n * @param {object} details - retrieved info passed into callback\n */\n onHeadersReceived: async (details) => {\n //if (!setup){\n //initSetup();\n //}\n await logData(details);\n await sendData();\n\n\n\n },\n\n /**\n * @param {object} details - retrieved info passed into callback\n */\n onBeforeNavigate: (details) => {\n // Resets certain cached info\n },\n\n /**\n * Adds DOM property\n * @param {object} details - retrieved info passed into callback\n */\n onCommitted: async (details) => {\n await updateDomainlist(details);\n },\n\n onCompleted: async (details) => {\n await sendData();\n await handleComplianceCheck(details);\n }\n\n}; // closes listenerCallbacks object\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Listener helper fxns - Main functionality **********/\n/******************************************************************************/\n/******************************************************************************/\n\n\n/**\n * Fetches compliance data if not cached or cache is stale\n * @returns {Promise} - Metadata map containing stateCode or null if disabled/error\n */\nasync function getComplianceData() {\n const stateCode = await getUserState();\n if (!stateCode || stateCode === 'none') {\n return null;\n }\n\n // Check if we have valid cached data in IndexedDB\n const metadata = await storage.get(stores.complianceData, '_metadata');\n \n // Invalidate cache if state changed\n if (metadata && metadata.stateCode && metadata.stateCode !== stateCode) {\n await storage.clear(stores.complianceData);\n } else if (metadata && isCacheValid(metadata.fetchedAt)) {\n return metadata; // Cache is valid, return metadata to signify readiness\n }\n\n // Fetch fresh data for the selected state\n try {\n const result = await fetchComplianceData(stateCode);\n\n // fetchComplianceData returns { error: 'fetch_error' } on network/server failure\n if (result.error === 'fetch_error') {\n console.warn(`Compliance data unavailable for ${stateCode} (server/network error)`);\n return { _fetchError: true };\n }\n\n // Save individual domains to indexedDB instead of holding a huge object in memory\n const dataKeys = Object.keys(result.data);\n for (const key of dataKeys) {\n await storage.set(stores.complianceData, result.data[key], key);\n }\n\n // Store metadata in storage (including viewUrl for the popup's dataset link)\n const newMetadata = {\n fetchedAt: result.fetchedAt,\n count: result.count,\n stateCode,\n viewUrl: result.viewUrl || null,\n };\n await storage.set(stores.complianceData, newMetadata, '_metadata');\n\n // Notify the popup that fresh compliance data is ready to be painted!\n chrome.runtime.sendMessage({\n msg: \"COMPLIANCE_DATA_READY\"\n }).catch(e => {\n // Ignored: Popup might be closed\n });\n\n console.log(`Fetched ${stateCode} compliance data for ${result.count} domains`);\n return newMetadata;\n } catch (error) {\n console.error('Failed to fetch compliance data:', error);\n return null;\n }\n}\n\n/**\n * Looks up and stores compliance status for current domain after page load\n * @param {Object} details - callback object from onCompleted listener\n */\nasync function handleComplianceCheck(details) {\n // Only check main frame navigations\n if (details.frameId !== 0) return;\n\n const stateCode = await getUserState();\n if (!stateCode || stateCode === 'none') {\n return;\n }\n\n try {\n const url = new URL(details.url);\n const parsed = psl.parse(url.hostname);\n const domain = parsed.domain;\n\n if (!domain) return;\n\n console.log('Running compliance check for:', domain);\n\n const metadata = await storage.get(stores.complianceData, '_metadata');\n const cacheIsCold = !metadata || !isCacheValid(metadata.fetchedAt);\n if (cacheIsCold) {\n await storage.set(stores.settings, true, 'COMPLIANCE_LOADING');\n // Tell popup we are loading\n chrome.runtime.sendMessage({ msg: \"COMPLIANCE_DATA_LOADING\" }).catch(() => {});\n }\n\n // Wrap fetch + process + store in one try/finally so COMPLIANCE_LOADING is\n // only cleared AFTER the domain status is in storage. Clearing it earlier\n // caused the popup poll to read before the write completed (\"Not in Dataset\").\n try {\n const complianceDataMeta = await getComplianceData();\n\n // Server/network was unreachable โ store fetch_error so popup can show it\n if (complianceDataMeta && complianceDataMeta._fetchError) {\n await storage.set(stores.complianceData, { status: 'fetch_error' }, domain);\n return;\n }\n\n if (!complianceDataMeta) {\n console.log('No compliance data available');\n return;\n }\n\n const status = await storage.get(stores.complianceData, domain) || DEFAULT_NO_DATA_STATUS;\n\n console.log('Compliance status for', domain, ':', status.status);\n\n // Write status to storage FIRST, then clear loading flag\n await storage.set(stores.complianceData, status, domain);\n } finally {\n // Only clear after the write above completes (or on any error path)\n if (cacheIsCold) {\n await storage.set(stores.settings, false, 'COMPLIANCE_LOADING');\n // Notify popup that load is successful and store is populated\n chrome.runtime.sendMessage({ msg: \"COMPLIANCE_DATA_READY\" }).catch(() => {});\n }\n }\n } catch (error) {\n console.debug('Error in compliance check:', error);\n // Ensure loading flag is cleared on unexpected errors\n await storage.set(stores.settings, false, 'COMPLIANCE_LOADING');\n }\n}\n\nasync function sendData() {\n let activeTab = await chrome.tabs.query({ active: true, currentWindow: true });\n let activeTabID = activeTab.length > 0 ? activeTab[0].id : null;\n\n if (activeTabID === null) {\n return;\n }\n\n let currentDomain = await getCurrentParsedDomain();\n if (!currentDomain) {\n return;\n }\n\n const partiesForTab = domPrev3rdParties?.[activeTabID];\n const info = partiesForTab ? partiesForTab[currentDomain] : null;\n\n if (!info) {\n await storage.delete(stores.thirdParties, currentDomain);\n return;\n }\n\n const data = Object.keys(info).filter(Boolean);\n await storage.set(stores.thirdParties, data, currentDomain);\n\n}\n\n\nfunction getCurrentParsedDomain() {\n return new Promise((resolve) => {\n chrome.tabs.query({ active: true, currentWindow: true }, function (tabs) {\n try {\n const tab = tabs && tabs[0];\n if (!tab || !tab.url) {\n return resolve(null);\n }\n const url = new URL(tab.url);\n const parsed = psl.parse(url.hostname);\n const domain = parsed && parsed.domain ? parsed.domain : null;\n globalParsedDomain = domain; // for global scope variable\n resolve(domain);\n } catch (e) {\n resolve(null);\n }\n });\n });\n}\n\n\n/**\n * Checks whether a particular domain should receive a DNS signal\n * (1) Parse url to get domain for domainlist\n * (2) Update domains by adding current domain to domainlist in storage.\n * (3) Updates the 3rd party list for the currentDomain\n * (4) Check to see if we should send signal.\n * \n * Currently, it only adds to domainlist store as NULL if it doesnt exist\n * @param {Object} details - callback object according to Chrome API\n */\nasync function updateDomainlist(details) {\n if (!details || !details.url) {\n return;\n }\n\n let parsedDomain;\n try {\n let url = new URL(details.url);\n let parsedUrl = psl.parse(url.hostname);\n parsedDomain = parsedUrl.domain;\n } catch (e) {\n return;\n }\n\n if (!parsedDomain) {\n return;\n }\n\n let currDomainValue = await storage.get(stores.domainlist, parsedDomain);\n let id = details.tabId;\n\n if (currDomainValue === undefined) {\n await storage.set(stores.domainlist, null, parsedDomain); // Sets to storage async\n }\n\n let currentDomain = await getCurrentParsedDomain();\n if (!currentDomain) {\n return;\n }\n\n //get the current parsed domain--this is used to store 3rd parties (using globalParsedDomain variable)\n if (!(id in domPrev3rdParties)) {\n domPrev3rdParties[id] = {};\n }\n if (!(currentDomain in domPrev3rdParties[id])) {\n domPrev3rdParties[id][currentDomain] = {};\n }\n //as they come in, add the parsedDomain to the object with null value (just a placeholder)\n domPrev3rdParties[id][currentDomain][parsedDomain] = null;\n\n\n}\n\nfunction updatePopupIcon(tabId) {\n chrome.action.setIcon({\n tabId: tabId,\n path: \"assets/face-icons/optmeow-face-circle-green-ring-128.png\",\n });\n}\n\nasync function logData(details) {\n let url = new URL(details.url);\n let parsed = psl.parse(url.hostname);\n\n if (tabs[details.tabId] === undefined) {\n tabs[details.tabId] = { DOMAIN: null, REQUEST_DOMAINS: {}, TIMESTAMP: 0 };\n tabs[details.tabId].REQUEST_DOMAINS[parsed.domain] = {\n URLS: {},\n RESPONSE: details.responseHeaders,\n TIMESTAMP: details.timeStamp,\n };\n tabs[details.tabId].REQUEST_DOMAINS[parsed.domain].URLS = {\n URL: details.url,\n RESPONSE: details.responseHeaders,\n };\n } else {\n if (tabs[details.tabId].REQUEST_DOMAINS[parsed.domain] === undefined) {\n tabs[details.tabId].REQUEST_DOMAINS[parsed.domain] = {\n URLS: {},\n RESPONSE: details.responseHeaders,\n TIMESTAMP: details.timeStamp,\n };\n tabs[details.tabId].REQUEST_DOMAINS[parsed.domain].URLS[details.url] = {\n RESPONSE: details.responseHeaders,\n };\n } else {\n tabs[details.tabId].REQUEST_DOMAINS[parsed.domain].URLS[details.url] = {\n RESPONSE: details.responseHeaders,\n };\n }\n }\n\n}\n\nasync function pullToDomainlistCache() {\n let domain;\n let domainlistKeys = await storage.getAllKeys(stores.domainlist);\n let domainlistValues = await storage.getAll(stores.domainlist);\n\n for (let key in domainlistKeys) {\n domain = domainlistKeys[key];\n domainlist[domain] = domainlistValues[key];\n }\n}\n\nasync function syncDomainlists() {\n // (1) Reconstruct a domainlist indexedDB object from storage\n // (2) Iterate through local domainlist\n // --- If item in cache NOT in domainlistKeys/domainlistDB, add to storage\n // via storage.set()\n // (3) Iterate through all domain keys in indexedDB domainlist\n // --- If key NOT in cached domainlist, add to cached domainlist\n\n let domainlistKeys = await storage.getAllKeys(stores.domainlist);\n let domainlistValues = await storage.getAll(stores.domainlist);\n let domainlistDB = {};\n let domain;\n for (let key in domainlistKeys) {\n domain = domainlistKeys[key];\n domainlistDB[domain] = domainlistValues[key];\n }\n\n for (let domainKey in domainlist) {\n if (!domainlistDB[domainKey]) {\n await storage.set(stores.domainlist, domainlist[domainKey], domainKey);\n }\n }\n\n for (let domainKey in domainlistDB) {\n if (!domainlist[domainKey]) {\n domainlist[domainKey] = domainlistDB[domainKey];\n }\n }\n}\n\n/**\n * whether the curr site should get privacy signals\n * (We need to try and make a synchronous version, esp. for DOM issue & related\n * message passing with the contentscript which injects the DOM signal)\n * @returns {bool} sendSignal\n */\nasync function sendPrivacySignal(domain) {\n let sendSignal;\n const extensionEnabled = await storage.get(stores.settings, \"IS_ENABLED\");\n const extensionDomainlisted = await storage.get(\n stores.settings,\n \"IS_DOMAINLISTED\"\n );\n const domainDomainlisted = await storage.get(stores.domainlist, domain);\n\n if (extensionEnabled) {\n if (extensionDomainlisted) {\n // Recall we must flip the value of the domainlisted domain\n // due to how to how defined domainlisted values, corresponding to MV3\n // declarativeNetRequest rule exceptions\n // (i.e., null => no rule exists, valued => exception rule exists)\n sendSignal = !domainDomainlisted ? true : false;\n } else {\n sendSignal = true;\n }\n } else {\n sendSignal = false;\n }\n return sendSignal;\n}\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Message Passing - Popup helper fxns **********/\n/******************************************************************************/\n/******************************************************************************/\n\nfunction handleSendMessageError() {\n const error = chrome.runtime.lastError;\n if (error) {\n console.warn(error.message);\n }\n}\nasync function dataToPopupHelper() {\n //data gets sent back every time the popup is clicked\n let domain = await getCurrentParsedDomain();\n if (!domain) {\n return [];\n }\n\n let parties = await storage.get(stores.thirdParties, domain);\n if (!Array.isArray(parties)) {\n return [];\n }\n\n return parties;\n}\n\n// Info back to popup\nasync function dataToPopup(wellknownData) {\n let requestsData = await dataToPopupHelper(); //get requests from the helper\n chrome.tabs.query({ active: true, currentWindow: true }, function (tabs) {\n let popupData = {\n requests: requestsData,\n wellknown: wellknownData,\n };\n\n chrome.runtime.sendMessage(\n {\n msg: \"POPUP_PROTECTION_DATA\",\n data: popupData,\n },\n handleSendMessageError\n );\n });\n}\n\nasync function dataToPopupRequests() {\n let requestsData = await dataToPopupHelper(); //get requests from the helper\n console.log(\"requests data in DTPR: \", requestsData)\n\n chrome.tabs.query({ active: true, currentWindow: true }, function (tabs) {\n chrome.runtime.sendMessage(\n {\n msg: \"POPUP_PROTECTION_DATA_REQUESTS\",\n data: requestsData,\n },\n handleSendMessageError\n );\n });\n}\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Message passing **********/\n/******************************************************************************/\n/******************************************************************************/\n\n/**\n * Currently only handles syncing domainlists between storage and memory\n * This runs when the popup disconnects from the background page\n * @param {Port} port\n */\nfunction onConnectHandler(port) {\n if (port.name === \"POPUP\") {\n port.onDisconnect.addListener(function () {\n syncDomainlists();\n });\n }\n}\n\n/**\n * This is currently only to handle adding the GPC DOM signal.\n * I'm not sure how to fit it into an async call, it doesn't want to connect.\n * It would be nice to merge the two onMessage handlers.\n * TODO: This method still seems to have a timing issue. Doesn't always show DOM signal as thumbs up on reference site.\n * @returns {Bool} true (lets us send asynchronous responses to senders)\n */\nfunction onMessageHandlerSynchronous(message, sender, sendResponse) {\n if (message.msg === \"APPEND_GPC_PROP\") {\n let url = new URL(sender.origin);\n let parsed = psl.parse(url.hostname);\n let domain = parsed.domain;\n\n const r = sendPrivacySignal(domain);\n r.then((r) => {\n const response = {\n msg: \"APPEND_GPC_PROP_RESPONSE\",\n sendGPC: r,\n };\n sendResponse(response);\n });\n }\n //return true;\n}\n\n/**\n * Listeners for information from --POPUP-- or --OPTIONS-- page\n * This is the main \"hub\" for message passing between the extension components\n * https://developer.chrome.com/docs/extensions/mv3/messaging/\n */\nasync function onMessageHandlerAsync(message, sender, sendResponse) {\n if (message.msg === \"GET_WELLKNOWN_CHECK_ENABLED\") {\n const enabled = await isWellknownCheckEnabled();\n await chrome.storage.local.set({ WELLKNOWN_CHECK_ENABLED: enabled });\n sendResponse({ enabled });\n return true;\n }\n if (message.msg === \"USER_STATE_CHANGE\") {\n console.log(\"User state changed, triggering immediate compliance fetch...\");\n\n // Trigger fetch and update current tab\n (async () => {\n try {\n // Set loading flag\n await storage.set(stores.settings, true, \"COMPLIANCE_LOADING\");\n chrome.runtime.sendMessage({ msg: \"COMPLIANCE_DATA_LOADING\" }).catch(() => {});\n\n const dataMeta = await getComplianceData();\n const tabs = await chrome.tabs.query({ active: true, currentWindow: true });\n if (tabs.length > 0 && tabs[0].url) {\n const url = new URL(tabs[0].url);\n const parsed = psl.parse(url.hostname);\n const domain = parsed.domain;\n if (domain) {\n // Server/network error โ propagate fetch_error to the popup\n if (dataMeta && dataMeta._fetchError) {\n await storage.set(stores.complianceData, { status: 'fetch_error' }, domain);\n console.warn('Compliance config server unreachable; stored fetch_error for active domain');\n } else if (dataMeta) {\n const status = await storage.get(stores.complianceData, domain) || DEFAULT_NO_DATA_STATUS;\n await storage.set(stores.complianceData, status, domain);\n console.log(`Updated compliance storage for active domain: ${domain}`);\n }\n }\n }\n } catch (e) {\n console.error(\"Failed to fetch/update compliance data:\", e);\n } finally {\n // Clear loading flag\n await storage.set(stores.settings, false, \"COMPLIANCE_LOADING\");\n chrome.runtime.sendMessage({ msg: \"COMPLIANCE_DATA_READY\" }).catch(() => {});\n }\n })();\n return true;\n }\n if (message.msg === \"TOGGLE_WELLKNOWN_CHECK\") {\n const enabled = message.data?.enabled !== false;\n await storage.set(stores.settings, enabled, \"WELLKNOWN_CHECK_ENABLED\");\n await chrome.storage.local.set({ WELLKNOWN_CHECK_ENABLED: enabled });\n if (!enabled) {\n await storage.clear(stores.wellknownInformation);\n wellknown = {};\n }\n }\n if (message.msg === \"CHANGE_IS_DOMAINLISTED\") {\n let isDomainlisted = message.data.isDomainlisted;\n storage.set(stores.settings, isDomainlisted, \"IS_DOMAINLISTED\");\n }\n if (message.msg === \"SET_TO_DOMAINLIST\") {\n let { domain, key } = message.data;\n domainlist[domain] = key; // Sets to cache\n addDynamicRule(id, domain);\n storage.set(stores.domainlist, key, domain); // Sets to long term storage\n }\n if (message.msg === \"POPUP_PROTECTION_REQUESTS\") {\n console.log(\"info queried\");\n await dataToPopupRequests();\n }\n if (message.msg === \"CONTENT_SCRIPT_WELLKNOWN\") {\n const wellknownCheckEnabled = await isWellknownCheckEnabled();\n if (!wellknownCheckEnabled) {\n return true;\n }\n // sender.origin not working for Firefox MV3, instead added a new message argument, message.origin_url\n //let url = new URL(sender.origin);\n let url = new URL(message.origin_url);\n let parsed = psl.parse(url.hostname);\n let domain = parsed.domain;\n\n let tabID = sender.tab.id;\n let wellknown = [];\n let sendSignal = await storage.get(stores.domainlist, domain);\n\n wellknown[tabID] = message.data;\n let wellknownData = message.data;\n\n await storage.set(stores.wellknownInformation, wellknownData, domain);\n\n //await sendData();\n\n if (wellknown[tabID] === null && sendSignal == null) {\n updatePopupIcon(tabID);\n } else if (wellknown[tabID][\"gpc\"] === true && sendSignal == null) {\n chrome.action.setIcon({\n tabId: tabID,\n path: \"assets/face-icons/optmeow-face-circle-green-128.png\",\n });\n }\n chrome.runtime.onMessage.addListener(async function (message, _, __) {\n if (message.msg === \"POPUP_PROTECTION\") {\n await dataToPopup(wellknownData);\n }\n });\n }\n\n if (message.msg === \"CONTENT_SCRIPT_TAB\") {\n let url = new URL(sender.origin);\n let parsed = psl.parse(url.hostname);\n let domain = parsed.domain;\n let tabID = sender.tab.id;\n if (tabs[tabID] === undefined) {\n tabs[tabID] = {\n DOMAIN: domain,\n REQUEST_DOMAINS: {},\n TIMESTAMP: message.data,\n };\n } else if (tabs[tabID].DOMAIN !== domain) {\n tabs[tabID].DOMAIN = domain;\n let urls = tabs[tabID][\"REQUEST_DOMAINS\"];\n for (let key in urls) {\n if (urls[key][\"TIMESTAMP\"] >= message.data) {\n tabs[tabID][\"REQUEST_DOMAINS\"][key] = urls[key];\n } else {\n delete tabs[tabID][\"REQUEST_DOMAINS\"][key];\n }\n }\n tabs[tabID][\"TIMESTAMP\"] = message.data;\n }\n }\n return true; // Async callbacks require this\n}\n\nfunction initMessagePassing() {\n chrome.runtime.onConnect.addListener(onConnectHandler);\n chrome.runtime.onMessage.addListener(onMessageHandlerAsync);\n chrome.runtime.onMessage.addListener(onMessageHandlerSynchronous);\n}\n\nfunction closeMessagePassing() {\n chrome.runtime.onConnect.removeListener(onConnectHandler);\n chrome.runtime.onMessage.removeListener(onMessageHandlerAsync);\n chrome.runtime.onMessage.removeListener(onMessageHandlerSynchronous);\n}\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Other initializers - run once per enable **********/\n/******************************************************************************/\n/******************************************************************************/\n\n/**\n * Listener for tab switch that updates the cached current tab variable\n */\nfunction onActivatedProtectionMode(info) {\n activeTabID = info.tabId;\n console.log(\"onActivatedProtectionMode called\");\n}\n\n// Handles misc. setup & setup listeners\nfunction initSetup() {\n pullToDomainlistCache();\n\n // Runs on startup to initialize the cached current tab variable\n chrome.tabs.query({ active: true, currentWindow: true }, function (tabs) {\n if (tabs.id) {\n activeTabID = tabs.id;\n }\n });\n\n chrome.tabs.onActivated.addListener(onActivatedProtectionMode);\n setup = true;\n}\n\nfunction closeSetup() {\n chrome.tabs.onActivated.removeListener(onActivatedProtectionMode);\n}\n\n/**\n * Inteded to facilitate transitioning between analysis & protection modes\n */\nfunction wipeLocalVars() {\n domainlist = {}; // Caches & mirrors domainlist in storage\n tabs = {}; // Caches all tab infomration, i.e. requests, etc.\n wellknown = {}; // Caches wellknown info to be sent to popup\n signalPerTab = {}; // Caches if a signal is sent to render the popup icon\n activeTabID = 0; // Caches current active tab id\n sendSignal = false; // Caches if the signal can be sent to the curr domain\n}\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Exportable init / halt functions **********/\n/******************************************************************************/\n/******************************************************************************/\n\nexport function init() {\n reloadVars();\n enableListeners(listenerCallbacks);\n initMessagePassing();\n initSetup();\n}\n\nexport function halt() {\n disableListeners(listenerCallbacks);\n closeMessagePassing();\n closeSetup();\n wipeLocalVars();\n}\n"
},
{
"path": "src/background/storage.js",
"content": "/*\nLicensed per https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/LICENSE.md\nprivacy-tech-lab, https://privacytechlab.org/\n*/\n\n/*\nstorage.js\n================================================================================\nstorage.js handles OptMeowt's reads/writes of data to some local location\n*/\n\nimport { openDB } from \"idb\";\nimport { reloadDynamicRules } from \"../common/editRules.js\";\nimport pkg from 'file-saver';\nconst { saveAs } = pkg;\n\n/******************************************************************************/\n/************************** Enumerated settings *****************************/\n/******************************************************************************/\n\n// In general, these functions should be use with async / await for\n// syntactic sweetness & synchronous data handling\n// i.e., await storage.set(stores.settings, extensionMode.enabled, 'MODE')\nconst stores = Object.freeze({\n settings: \"SETTINGS\",\n domainlist: \"DOMAINLIST\",\n thirdParties: \"THIRDPARTIES\",\n wellknownInformation: \"WELLKNOWNDATA\",\n complianceData: \"COMPLIANCEDATA\",\n});\n\n/******************************************************************************/\n/************************* Main Storage Functions ***************************/\n/******************************************************************************/\n\nconst dbPromise = openDB(\"extensionDB\", 2, {\n upgrade: function dbPromiseInternal(db, oldVersion) {\n // Create stores that don't exist yet\n if (!db.objectStoreNames.contains(stores.domainlist)) {\n db.createObjectStore(stores.domainlist);\n }\n if (!db.objectStoreNames.contains(stores.settings)) {\n db.createObjectStore(stores.settings);\n }\n if (!db.objectStoreNames.contains(stores.thirdParties)) {\n db.createObjectStore(stores.thirdParties);\n }\n if (!db.objectStoreNames.contains(stores.wellknownInformation)) {\n db.createObjectStore(stores.wellknownInformation);\n }\n // New in version 2\n if (oldVersion < 2 && !db.objectStoreNames.contains(stores.complianceData)) {\n db.createObjectStore(stores.complianceData);\n }\n },\n});\n\nconst storage = {\n async get(store, key) {\n if (typeof key === \"undefined\") {\n return undefined;\n }\n return (await dbPromise).get(store, key);\n },\n async getAll(store) {\n return (await dbPromise).getAll(store);\n },\n async getAllKeys(store) {\n return (await dbPromise).getAllKeys(store);\n },\n // returns an object containing the given store\n async getStore(store) {\n const storeValues = await storage.getAll(store);\n const storeKeys = await storage.getAllKeys(store);\n let storeCopy = {};\n let key;\n for (let index in storeKeys) {\n key = storeKeys[index];\n storeCopy[key] = storeValues[index];\n }\n return storeCopy;\n },\n async set(store, value, key) {\n if (typeof key === \"undefined\") {\n return undefined;\n }\n return (await dbPromise).put(store, value, key);\n },\n async delete(store, key) {\n if (typeof key === \"undefined\") {\n return undefined;\n }\n return (await dbPromise).delete(store, key);\n },\n async clear(store) {\n return (await dbPromise).clear(store);\n },\n};\n\n/******************************************************************************/\n/********************* Importing/Exporting Domain List **********************/\n/******************************************************************************/\n\nasync function handleDownload() {\n const DOMAINLIST = await storage.getStore(stores.domainlist);\n let MANIFEST = chrome.runtime.getManifest();\n let data = {\n VERSION: MANIFEST.version,\n DOMAINLIST: DOMAINLIST,\n };\n\n let blob = new Blob([JSON.stringify(data, null, 4)], {\n type: \"text/plain;charset=utf-8\",\n });\n saveAs(blob, \"OptMeowt_backup.json\");\n}\n\n/**\n * Sets-up the process for importing a saved domainlist backup\n */\nasync function startUpload() {\n document.getElementById(\"upload-domainlist\").value = \"\";\n document.getElementById(\"upload-domainlist\").click();\n}\n\n/**\n * Imports and updates the domainlist in local storage with an imported backup\n */\nasync function handleUpload() {\n await storage.clear(stores.domainlist);\n const file = this.files[0];\n const fr = new FileReader();\n fr.onload = function (e) {\n const UPLOADED_DATA = JSON.parse(e.target.result);\n let version = UPLOADED_DATA.VERSION;\n let domainlist = UPLOADED_DATA.DOMAINLIST;\n version = version.split(\".\");\n\n let domainlist_keys = Object.keys(domainlist);\n let domainlist_vals = Object.values(domainlist);\n for (let i = 0; i < domainlist_keys.length; i++) {\n try {\n storage.set(stores.domainlist, domainlist_vals[i], domainlist_keys[i]);\n } catch (error) {\n alert(\"Error loading list\");\n }\n }\n // hardcode if it is the new version // check\n if (Number(version[0]) >= 3) {\n reloadDynamicRules();\n updateRemovalScript();\n } else {\n chrome.runtime.sendMessage({\n msg: \"FORCE_RELOAD\",\n });\n }\n };\n fr.readAsText(file);\n}\n\n/******************************************************************************/\n/******************************************************************************/\n/******************************************************************************/\n\nexport { handleDownload, startUpload, handleUpload, stores, storage };\n"
},
{
"path": "src/common/editDomainlist.js",
"content": "/*\nLicensed per https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/LICENSE.md\nprivacy-tech-lab, https://privacytechlab.org/\n*/\n\n/*\neditDomainlist.js\n================================================================================\neditDomainlist.js is an internal API modifying the domainlist / modifying the\ndomainlist simultaneously with the dynamic ruleset\n*/\n\nimport { storage, stores } from \"../background/storage.js\";\nimport {\n deleteAllDynamicRules,\n deleteDynamicRule,\n addDynamicRule,\n getFreshId,\n} from \"./editRules.js\";\n\n/* # Debugging */\n// debug_domainlist_and_dynamicrules\n// print_rules_and_domainlist\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Standard Operation **********/\n/******************************************************************************/\n/******************************************************************************/\n\nasync function updateRemovalScript() {\n let ex_matches = [\"https://example.org/foo/bar.html\"];\n let domain;\n let domainValue;\n const domainlistKeys = await storage.getAllKeys(stores.domainlist);\n const domainlistValues = await storage.getAll(stores.domainlist);\n for (let index in domainlistKeys) {\n domain = domainlistKeys[index];\n domainValue = domainlistValues[index];\n if (domainValue != null) {\n ex_matches.push(\"https://\" + domain + \"/*\");\n ex_matches.push(\"https://www.\" + domain + \"/*\");\n }\n }\n chrome.scripting\n .updateContentScripts([\n {\n id: \"1\",\n matches: [\"\"],\n excludeMatches: ex_matches,\n js: [\"content-scripts/registration/gpc-dom.js\"],\n runAt: \"document_start\",\n },\n ])\n .then(() => {});\n }\n\nasync function createCS(domain){\n let script = await chrome.scripting.getRegisteredContentScripts({\n });\n\n let ex_matches = script[0].excludeMatches;\n\n ex_matches.push(\"https://\" + domain + \"/*\");\n ex_matches.push(\"https://www.\" + domain + \"/*\");\n\n await chrome.scripting.updateContentScripts([\n {\n id: \"1\",\n matches: [\"\"],\n excludeMatches: ex_matches,\n js: [\"content-scripts/registration/gpc-dom.js\"],\n runAt: \"document_start\",\n },\n ])\n .then(() => {});\n }\n\nasync function deleteCS(domain){\n let script = await chrome.scripting.getRegisteredContentScripts({\n });\n let ex_matches = script[0].excludeMatches;\n function removeItemOnce(arr, value) {\n var index = arr.indexOf(value);\n if (index > -1) {\n arr.splice(index, 1);\n }\n return arr;\n }\n\n ex_matches = removeItemOnce(ex_matches,\"https://\" + domain + \"/*\");\n ex_matches = removeItemOnce(ex_matches,\"https://www.\" + domain + \"/*\");\n await chrome.scripting.updateContentScripts([\n {\n id: \"1\",\n matches: [\"\"],\n excludeMatches: ex_matches,\n js: [\"content-scripts/registration/gpc-dom.js\"],\n runAt: \"document_start\",\n },\n ])\n .then(() => {});\n }\n\nasync function deleteDomainlistAndDynamicRules() {\n await storage.clear(stores.domainlist);\n deleteAllDynamicRules();\n }\n\nasync function addDomainToDomainlistAndRules(domain) {\n let id = 1;\n id = await getFreshId();\n addDynamicRule(id, domain); // add the rule for the chosen domain\n createCS(domain);\n await storage.set(stores.domainlist, id, domain); // record what rule the domain is associated to\n}\n\nasync function removeDomainFromDomainlistAndRules(domain) {\n let id = await storage.get(stores.domainlist, domain);\n deleteDynamicRule(id);\n deleteCS(domain);\n await storage.set(stores.domainlist, null, domain);\n }\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Debugging **********/\n/******************************************************************************/\n/******************************************************************************/\n\nasync function debug_domainlist_and_dynamicrules() {\n let sampleSites = [ // not called\n \"a.com\",\n \"b.com\",\n \"c.com\",\n \"d.com\",\n \"e.com\",\n \"f.com\",\n \"g.com\",\n \"h.com\",\n \"i.com\",\n \"j.com\",\n ];\n await deleteDomainlistAndDynamicRules();\n await print_rules_and_domainlist();\n addDynamicRule(2, \"nytimes.com\"); // add the rule for the chosen domain\n await storage.set(stores.domainlist, 2, \"nytimes.com\"); // record what rule the domain is associated to\n\n await print_rules_and_domainlist();\n await addDomainToDomainlistAndRules(\"a.com\");\n await addDomainToDomainlistAndRules(\"b.com\");\n await addDomainToDomainlistAndRules(\"c.com\");\n await addDomainToDomainlistAndRules(\"d.com\");\n await addDomainToDomainlistAndRules(\"e.com\");\n await addDomainToDomainlistAndRules(\"f.com\");\n await addDomainToDomainlistAndRules(\"g.com\");\n await addDomainToDomainlistAndRules(\"h.com\");\n await addDomainToDomainlistAndRules(\"i.com\");\n await addDomainToDomainlistAndRules(\"j.com\");\n await print_rules_and_domainlist();\n}\n\nasync function print_rules_and_domainlist() {\n let rules = await chrome.declarativeNetRequest.getDynamicRules();\n let domainlist = await storage.getStore(stores.domainlist);\n console.log(\n \"Here are the curr dynamic rules:\",\n rules,\n \"Here is our curr domainlist: \",\n domainlist\n );\n}\n\n/******************************************************************************/\n/******************************************************************************/\n/******************************************************************************/\n\nexport {\n deleteDomainlistAndDynamicRules,\n addDomainToDomainlistAndRules,\n removeDomainFromDomainlistAndRules,\n updateRemovalScript,\n debug_domainlist_and_dynamicrules,\n print_rules_and_domainlist,\n deleteCS,\n createCS\n};\n"
},
{
"path": "src/common/editRules.js",
"content": "/*\nLicensed per https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/LICENSE.md\nprivacy-tech-lab, https://privacytechlab.org/\n*/\n\nimport { storage, stores } from \"../background/storage.js\";\n\n/*\neditRules.js\n================================================================================\neditRules.js is an internal API for adding/removing GPC-exclusion dynamic rules\n*/\n\n/**\n * Gets fresh rule ID for new DeclarativeNetRequest dynamic rule\n * Pulls from already set dynamic rules as opposed to domainlist values\n *\n * NOTE: Does not 'reserve' the ID. If it isn't used on the client side,\n * getFreshId() will spit out the same val next call.\n * @returns {Promise<(number|null)>} - number of fresh ID, null if non available\n */\nexport async function getFreshId() {\n const MAX_RULES =\n chrome.declarativeNetRequest.MAX_NUMBER_OF_DYNAMIC_AND_SESSION_RULES;\n const rules = await chrome.declarativeNetRequest.getDynamicRules();\n let freshId = null;\n let usedRuleIds = [];\n\n for (let i in rules) {\n usedRuleIds.push(rules[i][\"id\"]);\n }\n usedRuleIds.sort((a, b) => {\n return a - b;\n }); // Necessary for next for loop\n\n // Make sure the ID starts at 1 (I think 0 is reserved?)\n for (let i = 1; i < MAX_RULES; i++) {\n if (i !== usedRuleIds[i - 1]) {\n freshId = i; // We have found the first nonzero, unused id\n break;\n }\n }\n return freshId;\n}\n\n/**\n * Deletes GPC-exclusion rule from rule set\n * Does NOT remove from domainlist\n * (see declarativeNetRequest)\n * @param {number} id - rule id\n */\nexport async function deleteDynamicRule(id) {\n let UpdateRuleOptions = { removeRuleIds: [id] };\n await chrome.declarativeNetRequest.updateDynamicRules(UpdateRuleOptions);\n}\n\n/**\n * Deletes all GPC-exclusion dynamic rules\n * (see declarativeNetRequest)\n */\nexport async function deleteAllDynamicRules() {\n let MAX_RULES =\n chrome.declarativeNetRequest.MAX_NUMBER_OF_DYNAMIC_AND_SESSION_RULES;\n let UpdateRuleOptions = { removeRuleIds: [...Array(MAX_RULES).keys()] };\n await chrome.declarativeNetRequest.updateDynamicRules(UpdateRuleOptions);\n}\n\n/**\n * Adds domain as a rule to be excluded from receiving GPC signals\n * Note id should be fresh, o/w it will overwrite existing rule\n * (see getFreshId, declarativeNetRequest)\n * @param {number} id - rule id\n * @param {string} domain - domain to associate with id\n */\nexport async function addDynamicRule(id, domain) {\n let UpdateRuleOptions = {\n addRules: [\n {\n id: id,\n priority: 2,\n action: {\n type: \"modifyHeaders\",\n requestHeaders: [\n { \"header\": \"Sec-GPC\", \"operation\": \"remove\" },\n { \"header\": \"DNT\", \"operation\": \"remove\" },\n { \"header\": \"Permissions-Policy\", \"operation\": \"remove\"}\n ],\n },\n condition: {\n urlFilter: domain,\n resourceTypes: [\n \"main_frame\",\n \"sub_frame\",\n \"stylesheet\",\n \"script\",\n \"image\",\n \"font\",\n \"object\",\n \"xmlhttprequest\",\n \"ping\",\n \"csp_report\",\n \"media\",\n \"websocket\",\n \"other\",\n ],\n },\n },\n ],\n removeRuleIds: [id],\n };\n await chrome.declarativeNetRequest.updateDynamicRules(UpdateRuleOptions);\n return;\n}\n\n/**\n * Deletes all rules, queries current domainlist, and re-adds all rules\n * - Useful when replacing the domainlist via an import/export\n * - Remember rules as of v3.0.0 are 'exclusion' rules, i.e. excluded from\n * receiving GPC or other opt-outs.\n */\nexport async function reloadDynamicRules() {\n deleteAllDynamicRules();\n let domainlist = await storage.getStore(stores.domainlist);\n\n let promises = [];\n Object.keys(domainlist).forEach(async (domain) => {\n promises.push(\n new Promise(async (resolve, reject) => {\n let id = domainlist[domain];\n if (id) {\n await addDynamicRule(id, domain);\n }\n resolve();\n })\n );\n });\n }\n"
},
{
"path": "src/common/settings.js",
"content": "/*\nLicensed per https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/LICENSE.md\nprivacy-tech-lab, https://privacytechlab.org/\n*/\n\n/*\nsettings.js\n================================================================================\nShared helpers related to extension settings.\n*/\n\nimport { storage, stores } from \"../background/storage.js\";\n\n/**\n * Returns whether the well-known check is enabled.\n * Defaults to true unless explicitly disabled.\n * @returns {Promise}\n */\nexport async function isWellknownCheckEnabled() {\n const enabled = await storage.get(stores.settings, \"WELLKNOWN_CHECK_ENABLED\");\n return enabled !== false;\n}\n\n/**\n * Returns the user's selected state code (CA, CO, CT, NJ) or null if not set.\n * A value of \"none\" means the user explicitly chose not to be in a covered state.\n * @returns {Promise}\n */\nexport async function getUserState() {\n return await storage.get(stores.settings, \"USER_STATE\") || null;\n}\n\n/**\n * Returns whether the compliance check should be shown.\n * True when a valid state is selected (not null, not \"none\").\n * @returns {Promise}\n */\nexport async function isComplianceCheckEnabled() {\n const state = await getUserState();\n return state !== null && state !== \"none\";\n}\n"
},
{
"path": "src/content-scripts/contentScript.js",
"content": "/*\nLicensed per https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/LICENSE.md\nprivacy-tech-lab, https://privacytechlab.org/\n*/\n\n/*\ncontentScripts.js\n================================================================================\ncontentScripts.js runs on every page and passes data to the background page\nhttps://developer.chrome.com/extensions/content_scripts\n*/\n\n// Here is a resource I used to help setup the inject script functionality as\n// well as setup message listeners to pass data back to the background\n// https://www.freecodecamp.org/news/chrome-extension-message-passing-essentials/\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # USPAPI call helper functions **********/\n/******************************************************************************/\n/******************************************************************************/\n\n\n// To be injected to call the USPAPI function in analysis mode\nconst uspapi = `\n try {\n __uspapi('getUSPData', 1, (data) => {\n let currURL = document.URL\n window.postMessage({ type: \"USPAPI_TO_CONTENT_SCRIPT\", result: data, url: currURL });\n });\n }\n`;\n\nconst uspapiRequest = `\n try {\n __uspapi('getUSPData', 1, (data) => {\n let currURL = document.URL\n window.postMessage({ type: \"USPAPI_TO_CONTENT_SCRIPT_REQUEST\", result: data, url: currURL });\n });\n } catch (e) {\n window.postMessage({ type: \"USPAPI_TO_CONTENT_SCRIPT_REQUEST\", result: \"USPAPI_FAILED\" });\n }\n`;\n\nfunction injectScript(script) {\n const scriptElem = document.createElement(\"script\");\n scriptElem.innerHTML = script;\n document.documentElement.prepend(scriptElem);\n}\n\nasync function isWellknownCheckEnabled() {\n try {\n const { WELLKNOWN_CHECK_ENABLED } = await chrome.storage.local.get(\n \"WELLKNOWN_CHECK_ENABLED\"\n );\n if (typeof WELLKNOWN_CHECK_ENABLED === \"boolean\") {\n return WELLKNOWN_CHECK_ENABLED;\n }\n } catch (error) {\n print(error);\n }\n try {\n const response = await chrome.runtime.sendMessage({\n msg: \"GET_WELLKNOWN_CHECK_ENABLED\",\n });\n if (response && typeof response.enabled === \"boolean\") {\n return response.enabled;\n }\n } catch (error) {\n print(error);\n }\n // If we can't determine the setting, err on the side of not fetching.\n return false;\n}\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Main functionality **********/\n/******************************************************************************/\n/******************************************************************************/\n\nasync function getWellknown(url) {\n const response = await fetch(`${url.origin}/.well-known/gpc.json`);\n new_url = url = JSON.parse(JSON.stringify(url));\n let wellknownData;\n try {\n wellknownData = await response.json();\n } catch {\n wellknownData = null;\n }\n chrome.runtime.sendMessage({\n msg: \"CONTENT_SCRIPT_WELLKNOWN\",\n data: wellknownData,\n origin_url: new_url\n });\n}\n\n/**\n * Passes info to background scripts for processing via messages\n * https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/runtime/sendMessage\n * There are other ways to do this, but I use an IIFE to run everything at once\n * https://developer.mozilla.org/en-US/docs/Glossary/IIFE\n */\n(() => {\n /* MAIN CONTENT SCRIPT PROCESSES GO HERE */\n\n let url = new URL(location); // location object\n isWellknownCheckEnabled().then((shouldCheck) => {\n if (shouldCheck) {\n getWellknown(url);\n }\n });\n})();\n\n/******************************************************************************/\n/******************************************************************************/\n/********** # Message passing from injected script via window **********/\n/******************************************************************************/\n/******************************************************************************/\n\nchrome.runtime.onMessage.addListener(function (message, sender, sendResponse) { // check unused arguments\n if (message.msg === \"USPAPI_FETCH_REQUEST\") {\n injectScript(uspapiRequest);\n }\n});\n\nwindow.addEventListener(\n \"message\",\n function (event) {\n if (\n event.data.type == \"USPAPI_TO_CONTENT_SCRIPT\"\n ) {\n chrome.runtime.sendMessage({\n msg: \"USPAPI_TO_BACKGROUND\",\n data: event.data.result,\n location: this.location.href,\n });\n }\n if (event.data.type == \"USPAPI_TO_CONTENT_SCRIPT_REQUEST\") {\n chrome.runtime.sendMessage({\n msg: \"USPAPI_TO_BACKGROUND_FROM_FETCH_REQUEST\",\n data: event.data.result,\n location: this.location.href,\n });\n }\n },\n false\n);\n"
},
{
"path": "src/content-scripts/injection/gpc-dom.js",
"content": "/*\nLicensed per https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/LICENSE.md\nprivacy-tech-lab, https://privacytechlab.org/\n*/\n\n/*\ninjection/gpc-dom.js\n================================================================================\ninjection/gpc-dom.js is the static script injected by a related \ncontent script (registered from the extension service worker) for full DOM access\n*/\n\n/**\n * Sets Global Privacy Control (GPC) JavaScript property on the DOM\n */\nfunction setDomSignal() {\n try {\n var GPCVal = true;\n \n const GPCDomVal = `Object.defineProperties(Navigator.prototype, \n { \"globalPrivacyControl\": {\n\t\t get: () => ${GPCVal},\n\t\t configurable: true,\n\t\t enumerable: true\n\t }});\n document.currentScript.parentElement.removeChild(document.currentScript);\n\t `;\n\n const GPCDomElem = document.createElement(\"script\");\n GPCDomElem.innerHTML = GPCDomVal;\n document.documentElement.prepend(GPCDomElem);\n\n } catch (e) {\n console.error(`Failed to set DOM signal: ${e}`);\n }\n}\n\nsetDomSignal();\n"
},
{
"path": "src/content-scripts/registration/gpc-dom.js",
"content": "/*\nLicensed per https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/LICENSE.md\nprivacy-tech-lab, https://privacytechlab.org/\n*/\n\n/*\nregistration/gpc-dom.js\n================================================================================\nregistration/gpc-dom.js is the content script, registered via the \nextension service worker, that injects another static script to provide full\nDOM access and permissions\n*/\n\n// High Level:\n// Static script that will be injected onto a page to allow it full access, not\n// an isolated-world access (see Chrome extension API docs on isolated worlds).\n// Necessary to inject the GPC JS property on a page via full DOM permission.\n\n// Requirements:\n// - INJECTION_SCRIPT must also be defined under \"web_accessible_resources\"\n// - This url must be a (semi) absolute path from the compiled project to the script\n// (Please see webpack output file directory structure)\n// - This script must be registered from the extension service worker w/ same URL\nconst INJECTION_SCRIPT = \"content-scripts/injection/gpc-dom.js\";\n\n// Based on\n// https://stackoverflow.com/questions/9515704/use-a-content-script-to-access-the-page-context-variables-and-functions\nfunction injectStaticScript() {\n let s = document.createElement(\"script\");\n s.src = chrome.runtime.getURL(INJECTION_SCRIPT);\n s.online = function () {\n this.remove();\n };\n document.documentElement.prepend(s);\n}\ninjectStaticScript();\n"
},
{
"path": "src/data/complianceData.js",
"content": "/*\nLicensed per https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/LICENSE.md\nprivacy-tech-lab, https://privacytechlab.org/\n*/\n\n/*\ncomplianceData.js\n================================================================================\nFetches and processes GPC compliance data from state-specific hosted CSV files.\nCSV URLs are read dynamically from states.json hosted on GitHub so they can be\nupdated server-side without requiring an extension update.\n\nCompliance is determined by set membership and signal content:\n - Domain in noncompliant_sites โ 'non_compliant'\n - Domain in all_sites, signals found โ 'compliant'\n - Domain in all_sites, all signals null (nothing to measure against) โ 'no_signals'\n - Domain in neither โ 'no_data' (handled by caller)\n - Network/server error โ 'fetch_error' (handled by caller)\n\nThe 8 signal columns checked for null:\n uspapi_before_gpc, uspapi_after_gpc,\n usp_cookies_before_gpc, usp_cookies_after_gpc,\n OptanonConsent_before_gpc, OptanonConsent_after_gpc,\n gpp_before_gpc, gpp_after_gpc\n\nWhen the all_sites CSV includes a `compliance_classification` column (per the\nschema in gpc-web-ui at client/background_reading/COMPLIANCE_CLASSIFICATION_OVERVIEW.md\nโ https://github.com/privacy-tech-lab/gpc-web-ui/blob/master/client/background_reading/COMPLIANCE_CLASSIFICATION_OVERVIEW.md),\nthe parsed JSON object is attached to each domain entry as `classification` so\nthe popup can show per-family status (USPS, OptanonConsent, Well-known, GPP).\n*/\n\nconst STATES_JSON_URL =\n 'https://raw.githubusercontent.com/privacy-tech-lab/gpc-web-ui/master/client/public/states.json'; // Permalink to raw states.json โ use raw.githubusercontent.com so fetch() gets JSON, not an HTML page\n\n// Human-readable state names (used to look up entries in states.json)\nexport const STATE_NAMES = {\n CA: 'California',\n CO: 'Colorado',\n CT: 'Connecticut',\n NJ: 'New Jersey',\n};\n\n\n\n// Cache TTL: 24 hours\nconst CACHE_TTL_MS = 24 * 60 * 60 * 1000;\n\n/**\n * Converts a GitHub blob URL to a raw.githubusercontent.com URL so fetch()\n * receives the raw file content rather than an HTML page.\n * e.g. https://github.com/ORG/REPO/blob/SHA/path/file.csv\n * โ https://raw.githubusercontent.com/ORG/REPO/SHA/path/file.csv\n * @param {string} blobUrl\n * @returns {string}\n */\nfunction toRawUrl(blobUrl) {\n // Handle GitHub blob URLs\n const githubMatch = blobUrl.match(\n /^https:\\/\\/github\\.com\\/([^/]+\\/[^/]+)\\/blob\\/(.+)$/\n );\n if (githubMatch) {\n return `https://raw.githubusercontent.com/${githubMatch[1]}/${githubMatch[2]}`;\n }\n // If it's already a raw URL or something else, return as-is\n return blobUrl;\n}\n\n/**\n * Fetches states.json from the remote host to retrieve current CSV URLs.\n * @returns {Promise
![\"GitHub](\"https://img.shields.io/github/v/release/privacy-tech-lab/gpc-optmeowt\")
\n ![\"GitHub](\"https://img.shields.io/github/release-date/privacy-tech-lab/gpc-optmeowt\")
\n ![\"GitHub](\"https://img.shields.io/github/last-commit/privacy-tech-lab/gpc-optmeowt\")
\n ![\"GitHub](\"https://github.com/privacy-tech-lab/gpc-optmeowt/actions/workflows/node.js.yml/badge.svg?branch=main\"){kind=icon}
\n ![\"GitHub](\"https://img.shields.io/github/issues-raw/privacy-tech-lab/gpc-optmeowt\")
\n ![\"GitHub](\"https://img.shields.io/github/issues-closed-raw/privacy-tech-lab/gpc-optmeowt\")
\n ![\"GitHub\"](\"https://img.shields.io/github/license/privacy-tech-lab/gpc-optmeowt\")
\n ![\"GitHub](\"https://img.shields.io/github/watchers/privacy-tech-lab/gpc-optmeowt?style=social\")
\n ![\"GitHub](\"https://img.shields.io/github/stars/privacy-tech-lab/gpc-optmeowt?style=social\")
\n ![\"GitHub](\"https://img.shields.io/github/forks/privacy-tech-lab/gpc-optmeowt?style=social\")
\n ![\"GitHub](\"https://img.shields.io/static/v1?label=Sponsor&message=%E2%9D%A4&logo=GitHub&color=%23fe8e86\")
\n![\"OptMeowt](\"https://github.com/privacy-tech-lab/gpc-optmeowt/blob/issue-19/src/assets/cat-w-text/optmeow-logo-circle.png\"){kind=logo}
\n![\"Firefox](\"https://github.com/privacy-tech-lab/optmeowt/blob/main/firefox-add-ons-badge.png\"){kind=icon}
\n ![\"Chrome](\"https://github.com/privacy-tech-lab/gpc-optmeowt/blob/main/chrome-web-store-badge.png\"){kind=icon}
\n![\"National](\"./nsf.png\")
\n \n![\"privacy-tech-lab](\"./plt_logo.png\"){kind=logo}
\n![\"Sloan](\"./sloan_logo.jpg\"){kind=logo}
\n ![\"Wesleyan](\"./wesleyan_shield.png\")
\n