Think of Local sheriff as a recon tool in your browser (WebExtension). While you normally browse the internet, Local Sheriff works in the background to empower you in identifying what data points (PII) are being shared / leaked to which all third-parties.
Think of Local sheriff as a reconnaissance tool in your browser. While you normally browse the internet it works in the background and helps you to identify what sensitive personally identifiable information (PII) about you is being shared or leaked, and to which all third-parties.
Local Sheriff is a web-extension that can be used with Chrome, Opera, Firefox. Usage section has more details.
It has become the norm for websites to load enormous amounts of third-party resources on their webpages. Websites have genuine use cases like analytics, measure app performance, audience measurements, goal conversions, content recommendation, social sharing , CDNs etc.
But the way these third-parties are implemented & used by websites they are often not privacy proof. Sensitive user information like passwords, email-ids, name, order IDs, date-of-birth and other PII is leaked in abundance to whole bunch of third-parties.
The issues that Local Sheriff aims to highlight:
1. In the URL (Eg: booking reference, Lastname, email, twitter handle etc.)
2. On page content (Eg: capability URLs, which contain sensitive information but are not behind log in)
3. The values entered in forms
1. Via HTTP Headers like Referrer
2. Via query parameters
3. Browser features like Chrome browser – Translate and more.
GET
request to that page again to simulate what information can be accessed only based on the URL without user cookies, session etc.DEMO: Example of how information entered in forms can be leaked.
Local Sheriff uses the open-source tracker database from WhoTracks.me for creating tracker hostname to company mapping. Right now it is packaged in the extension itself.
Eg: Given a tracker hostname: atlassbx.com
find the company who owns it: Facebook
.
git clone https://github.com/cliqz-oss/local-sheriff.git
Chrome:
1. Open chrome://extensions
2. Enable developer mode
3. Load unpacked extension & point to the folder local-sheriff
Firefox:
1. open about:debugging
2. Load temporary-addon
3. Point to the folder local-sheriff and select manifest.json.
Please note Firefox will remove the extension on restart.
Alternatively:
Once you have it running, visit different pages like:
Check the control center to see what information has been shared.
Please note:
Thanks for your interest in contributing to Local Sheriff! There are many ways to contribute. To get started, take a look at CONTRIBUTING.md.
Local Sheriff does not transmit any data over the internet. All data needed for analysis remains on your local hard disk drive at all times. However, the data saved by this extension is NOT encrypted, so any data you save remains in the clear, although it will remain on your hard drive and only someone who knows where to look and has physical access to your hard drive would be able to access it. There is a plan in the roadmap to delete the data when user clears history.
Extensions in Chrome by default do not work in incognito mode. While, in Firefox they are enabled with limited functionailty. It would worth checking and deciding what should be the desired behaviour.
Clear data: Incase the extension is slow, or you want to remove the data. Please click on the clear data button. It will remove all the data stored by Local Sheriff & re-load the extension.
Thanks to @solso @Pythux @ecnmst for their valuable inputs and being early adopters of this tool.
Konark Modi: @konarkmodi