Skip to content
/ PrivateNoteTab Public

A version of the Note Tab chrome extension (now taken down) but clean from the initially included spyware.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RatoGBM/PrivateNoteTab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
_locales
_locales
 
 
assets
assets
 
 
js
js
 
 
INSTALL.md
INSTALL.md
 
 
README.md
README.md
 
 
UNINSTALL.md
UNINSTALL.md
 
 
manifest.json
manifest.json
 
 
newtab.html
newtab.html
 
 

Repository files navigation

PrivateNoteTab

Good News! It seems that the extension has been removed from the chrome web store!

A cleaned up version of https://notetab.li/ (NoteTab Chrome Extension) without the spyware or search engine overrides.

You are free and encouraged to doublecheck my code changes to the original code.

To correctly install this extension please read Installing section

Issues with the original Extension as described in my comments on the Chrome Web Store

It spies on search queries!

After checking the source code, found multiple privacy concerning features of this extension.

First of all, it overrides the browsers default search engine with one linked to it's own address (https://notetab.li/search?q={searchTerms}), but then it simply redirects you to bing.com. If I hadn't looked closely at the code, I wouldn't have noticed that that my queries are not going to the search engine directly but are being channeled through a third party.

None of this was explicitly mentioned in the privacy policy, which is something I am very concerned about. Please provide a clear explanation as to why channeling search queries through your own website is necessary, and if it is for the sake of "collecting data to improve the extension", please add an option to opt out of it and send the queries directly to the browsers default search engine.

I deeply apologize for my poor grammar.

I forgot to mention a second potential way the extension is spying. In order to provide previews for bookmarks and websites you recently visited, it sends requests to https://sshot.org. Which means your history is in some for being transmitted to a third party website, which might be logging all of those URLs, which is also very privacy concerning.

Given tokens and other potentially private information is often present within some urls, means that the website has access to your life on the internet to an uncomfortable digree.

What I did

I used Chrome Extension source viewer to get the source code, which was unfortunetly minified, meaning I had to reverse engineer without any human understandable structure, variable names, or comments.

What I did:

  • Because I couldn't figure out a way to get the browsers default search engine, I removed the querry box from the middle of the screen. If you would like it back, uncomment the section of code on Lines 29690-29715, and edit in your search engine of choice on Line 25340 (I put in google). But I recommend using something like the All In One Web Searcher with a keyboard shortcut instead.
    • commented out replaced with Google the part where the search query is sent to https://notetab.li/search?q={searchTerms} in newtab.js (Line 25340) (but the search box is still off)
  • commented out the part where a request is sent to https://sshot.org?url= in background.js (Line 14063)
  • Removed default search engine override from manifest.json
  • Removed permissions to access sshot.org from manifest.json
  • "Jammed" the "update_url" in manifest.json to prevent NoteTab from updating
  • Renamed the title of the app to "PrivateNoteTab"
  • Removed the Install and uninstall urls

I am REALLY BAD at JavaScript, what I did right now is "cut of the branches", all functions are still being called, but their body is commented out. So if you have a better idea on how to turn of unwanted features at their root, please submitt pull request.

Installing

You can download the source files from the releases, or zip the repository.

Chromium won't allow you to use an extension that is not from the webstore. (Btw. use Brave, it is better privacy than Chrome or Edge)

You will have to use Developer Mode and Load unpacked features to get the extensions to work:

  1. Download and unzip this repository wherever you are comportable eg. ~/Documents/MyBrowserExtensions/
  2. Go to Settings->Extensions->(Menage Extensions)
  3. Enable Developer toggle on the top right, the option "Load Unpacked" should appear in the top left.
  4. Click it, and choose the PrivateNoteTab folder you just unziped.
  5. Figure out any popups that appear
  6. You should be done, reopen/restart your browser if necessary, and turn on the extension.

Here are other guides I found online on how to do it:

If you are experiencing any issues, please create a github issue. If you have any improvement suggestions, also create an issue, or do it yourself and submit a pull request.

About

A version of the Note Tab chrome extension (now taken down) but clean from the initially included spyware.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

Version 1.1 Latest
Aug 2, 2023

Packages

No packages published

Languages