Trace

Browse online without leaving a Trace


Trace is an extension which has been built from the ground up to be an easy privacy toolkit for the browser.

Source Code

Whilst most extensions just block the servers which track you, Trace goes the extra mile by adding in protection you wouldn't otherwise have, such as:
  • Canvas Fingerprinting Protection

    Canvas Fingerprinting is a method of uniquely identifying browsers by hashing an image produced by the HTML5 Canvas element. This is one of the most common kinds of tracking I see when doing my research on webpages. To combat this, Trace randomly generates a new canvas hash every request, making it impossible to tie you down to one identity.
    A demo of canvas fingerprinting is available here: BrowserLeaks Canvas Fingerprinting Demo, when protected you should see the "Signature" changes every time you reload the page. If it stays the same, you're trackable.
  • Audio Fingerprinting Protection

    A more advanced tracking method is Audio Fingerprinting, this uses the AudioContext API to fingerprint your browser, Trace stops this by disabling the API, it is configurable so you can choose how extreme you want the protection to be.
    A demo of audio fingerprinting is available here: OpenWPM Audio Fingerprinting Demo.
  • WebGL Fingerprinting Protection

    There are two ways that websites can fingerprint WebGL. The more common is using WebGL parameters such as your GPU model, how many textures it can render etc to generate a fingerprint.
    The other method is by generating an image using the WebGL renderer which will be unique on each device. Trace can protect against both of these methods of fingerprinting by modifying the WebGL API.
    A demo of WebGL fingerprinting is available here: BrowserLeaks WebGL Fingerprinting Demo.
  • Client Rects Fingerprinting Protection

    This Javascript function returns coordinates and size information about HTML elements on a webpage, which seems rather innocent in itself... However since all of the values returned are in pixels, drawing the same element(s) on different displays and devices will yield different results due to a number of factors such as the size of the screen, browser viewport and pixel density of the screen, this is done so that the element looks consistent no matter the device. Trace protects you by adding a randomised decimal offset to each value, this will allow you to successfully spoof the fingerprint without breaking websites.
    A demo of Client Rects fingerprinting is available here: BrowserLeaks Rects Fingerprinting Demo.
  • HTTP Cookie Protection

    Cookies are the main form of tracking on the web, they store a unique identifier which is tied to all of your online activities. There are 2 types of cookie, first party and third party; first party cookies are ones from the current website that you're on. Whereas third party cookies are the ones set by other websites that are running code on the current site you're visiting. Third party cookies are the ones which usually track you and it's usually alright to outright disable third party cookies.
    Trace protects you against these tracking cookies by intercepting both Set-Cookie and Cookie headers, checking the names of the cookies against the cookie list, checking if they're third or first party and then removing them depending on your settings. More information is available here.
  • Screen Resolution Tracking Protection

    One of the many variables that websites can use to track you is the size of your screen. Trace can modify the browser variables which are seen by websites and change them. This means that you could essentially have a new identity on each page load.
  • Control over Referrer Headers

    The HTTP 'Referer' header (Yes it's spelt wrong), is a header that will tell a webpage the URL of the page that brought you to that page. This is an exremely common tracking technique but blocking it completely can actually break some websites. In version 2.0, Trace now handles this header itself instead of relying on a setting in the browser, allowing greater control in choosing when this header is sent.
  • Removal of Special Chrome Headers

    Chrome, by default will tell Google, Youtube and some other websites certain information about your Chrome installation. Such as experiments that are running in your browser, this not only allows Google to force 'experimental' features on you but it wastes unnecessary bandwidth, Trace protects you by removing those headers from Web Requests.
    The headers removed are: X-Client-Data, X-Chrome-UMA-Enabled, X-Chrome-Variations and X-Chrome-Connected
  • JS Plugin Spoofer

    Almost all web browsers have plugins installed, some people install extra plugins such as flash and java to perform tasks on specific web pages. This can be used to track you because it's another piece of information that makes you different from the crowd. To protect against this, Trace overrides the Javascript plugins object which makes it seem as though you don't have any plugins installed.
  • User-Agent Spoofer

    User-Agent Randomisation protection protects you by changing your HTTP User-Agent every 15 seconds. A User-Agent is a string of text sent to every website you visit telling it what OS and Browser you're using and their versions. Whilst this information can be used to show you relevant information for your computer it can also be used to identify you, it can also be used by attackers to identify if your system or browser is vulnerable to certain attacks.
  • WebRTC Leakage Prevention

    WebRTC is a technology that is rather new, by default it will tell a website your local IP (e.g 192.168.x.x), it can also tell a website about other devices on your network, blocking this not only makes it harder to track you but it can also stop attackers from being able to scope out your network and find potential weaknesses.
  • Hyperlink Auditing Prevention

    Hyperlink Auditing is a feature made solely to track you, when ever you click on a link with a 'ping' attribute, it visits the link but also tells trackers that you clicked it. It is also the type of request sent by a function in javascript called sendBeacon which is used by trackers to send analytics and other information about your activities on a webpage. You can disable this in Chrome, but it's difficult to find, so it's bundled in the Trace options panel.