Show HN: Firefox extension to obfuscate web page text (addons.mozilla.org)
Sometimes you might want to share a screenshot of the website you're on, without revealing the personal data that is visible at that time. With Obfuscate, you can make text unreadable without changing the structure of the web page.
Hit the extension button or press Alt+Shift+O to activate for the current page.
(Note that extensions can't modify the add-on website, so trying it on there won't work.)
Credit for the original idea: https://chaos.social/@maris/108379386421123630
90 comments
[ 2.3 ms ] story [ 136 ms ] thread(Specifically: it now mandates "Manifest V3" for new extensions, which Firefox is still implementing (it basically has to follow what Chrome is doing, given Chrome's reach). Once Manifest V3 works on more browsers, I should be able to relatively easily upgrade, and then support Chrome as well.)
Edit: oh, I should probably also add that I'm a Mozilla employee, but this is a personal project, and I'd have done the same if I hadn't been.
I don't see any breaking changes here.
I wasn't clear enough in my comment, I was suggesting you can make a branch in your project repository for chrome. Make the change only there until Firefox supports MV3.
Having everything be Chrome-first (and, often, Chrome-only) is how we got here in the first place. <3 to the OP for focusing on Firefox first, and putting a pebble on the right side of the scale!
Looks like spaces are preserved, and the bar lengths seem to match the world length. Is that the case? I didn't measure it precisely and didn't check the source code.
If so you might want to add some random noise. Sometimes it might be possible to reconstruct parts of the text just based on the word lengths.
It probably does need installation or hosting though.
[1] https://gitlab.com/vincenttunru/obfuscate/-/blob/2ada3be5059...
[2] https://github.com/HYPD/flow-typeface
[3] https://gitlab.com/vincenttunru/obfuscate/-/issues/2
[4] https://github.com/christiannaths/redacted-font
Compare that to FireFox which just has a text box and you can type into it, or delete out of it.
[1] with that delightful UX where it's /invisible/ until you wave the magic cursor around in the right place.
There is a button at the top of the editor, to the right of the filter input. The buttons that show up on hover are for inserting the new style at a specific position in the cascade, if needed -- but that's a rarer occurrence, which is why it's not visible by default.
> And it broke because Chrome is "being helpful" by forcing structure in the UI, so it instantly turned into a lot of crossed out lines with yellow warning triangles, and there's there's no visible delete option, no context menu delete, it doesn't respond to the delete key
I agree that one should be able to paste any CSS block or declaration and expect the style editor to parse it. But it's also worth keeping in mind that the only difference in this particular situation is pasting the declaration instead of the surrounding block, and you'd get the results you're after. Chromium's dev tools are definitely not perfect, but I think Firefox's method is much more cumbersome from a developer's perspective.
Maybe that's something that should be mentioned in the description though, just in case.
And the blur for images isn't great. It may be better to just use a black box there. Or maybe pick a single colour from the image or something like that.
How about also having a choice in obfuscation mode?
I see that there are a ton of people on that Twitter thread who love this. Good for them!
> The term "greeking" was applied by various WYSIWYG editors of the 1980s, such as ApplixWare and Island Graphics. Greeking referred to the substitution of text with a placeholder gray bar upon moving out of focus.
edit: Redactify for instant pre-seed angel funding
It would be crude to set font-family to "Flow Circular" !important on every element (in the style attribute), but it would probably be much more effective.
https://news.ycombinator.com/item?id=4679801 https://github.com/bishopfox/unredacter
- locate the text node containing the selected text
- split the text node into 3 segment (the selected one in the middle)
- replace the selected segment with a span that has font style on it
?
I did something like this before to replace part of the text with a ruby tag.
https://codepen.io/mmis1000/pen/gOgKqba?editors=0010
Or probably you can do it the reverse the obfuscate the selected text and make it actually works like a black pen.
Although it will be definitely more complex because selection may cross multi text nodes. But the idea should apply.
https://gorp.app
I can't find it ATM, but I used to have a bookmarklet that added one of these as a css style on all elements (or removed its edits when run a second time, to revert the page). Shouldn't be too hard to write if I decide I want it again and still can't find the source of the one used back then. It didn't watch for and update dynamic content changes, but was useful for quick “mock-up” screenshots. The only problem was that the character widths won't quite match (or might be massively different from) the font the page is currently using though no doubt there are things that could be done to improve that. It relied on the font being installed locally, but it wouldn't be beyond the wit of man to make it load a web font or include it as a data block in the bookmarklet.
Someone else also mentioned that font, so I logged that here: https://gitlab.com/vincenttunru/obfuscate/-/issues/2
[1] I'm not sure want the limits on those are on modern browsers, the length that would work varied quite a bit back in the day. It was small in IE (<2K?) though I'm not sure IE of the time I'm remembering the bookmark referred to previously supported fonts loaded that way anyway.
I've picked 'medium shade (U+2592)' character [3] as visual counterpart, because if felt it has similar "weight" as average glyph. It does not store original values so the only only way to revert it back is to reload page.
[1] https://gist.github.com/myfonj/3bdb6bbacd3b080938716495d8989... [2] https://myfonj.github.io/utils/bookmarklets/dummyze-scramble... [3] https://graphemica.com/%E2%96%92
For anyone navigating this issue who doesn't like to or doesn't have the authority to change what extensions are installed, at least on MacOS, CMD-shift-4 will allow you to select a subsection of the screen to take a screenshot.
Here's a collage I made by opening several preview windows of PDFs I have saved while doing OSINT, then hitting CMD-shift-4:
https://i.imgur.com/5tudrhv.png
I've been saving the screenshots with the intent of usin OpenCV to parse the images into text (with the highlighted portions bolded using markdown or something -- I called the art project "saccades"[A])
Also, if you want to change the default screenshot location:
defaults write com.apple.screencapture location [tk]
(where [TK] is a file path, minus the brackets, I'm fond of redirecting them to a folder in the home directory so you can make use of the tilde goodness inherent in... nix stuff.)
//[A] "From French saccade, 1. (rare) A sudden jerking movement. 2. A rapid jerky movement of the eye (voluntary or involuntary) from one focus to another." https://en.wiktionary.org/wiki/saccade#English
/ PS: If anyone knows a better image host than Imgur please let me know, I don't want to just upload it into Wikimedia or whatever, since it's not intended to go adjacent to an article. (I have some animal photos I may upload to Wikimedia under some kind of CC license once I sort them.) */
https://www.lipsum.com/
As things stand today, gaining my trust would require some work on my side (and I'm a professional of IT Security). For the majority of Internet users (who are not expected to understand what 'package-lock.json' file does), this would take a leap of faith instead.
Is there any service out there that could scan an add-on and highlight any known vulnerabilities (like OWASP Dependency Checker)? Could the add-on service on Mozilla side automatically run such kind of scan and add red flags next to the current warning, if vulnerabilities are already identified on the add-on or any of its dependencies?
(Note: this is my interpretation as an add-on developer, not as a Mozilla employee - I'm not involved in addons.mozilla.org.)
(Simple example: try https://www.unicode.org/standard/WhatIsUnicode-more.html and observe the list of language links on the left.)