SugarCoat, the software developed by Brave that alters script code to protect privacy without ‘breaking’ websites


Currently, online content blocking tools have to consider thousands of exceptions in their filters to avoid blocking scripts necessary for the operation of websites … but many times that means leaving the door open to thousands of scripts that violate our privacy.

A team of developers made up of researchers from the University of San Diego and the Brave browser have developed a tool called SugarCoat, with which they intend to “increase the protection of users’ private data while browsing”.

SugarCoat bets on the strategy of change

How? Rewriting on the fly the scripts contained in the web pages they visit, if it is detected that they violate their privacy. Do not opt ​​for the absolute lock, nor for the open door, but for the ‘change’.

For example, in the case of those scripts dedicated to tracking browsing history, SugarCoat will replace snippets of your code so they can continue running … without actually accessing private data that their creators are looking for.

This online test allows you to evaluate the effectiveness of your ad blocker

As explained by researchers at the University of San Diego, SugarCoat’s goal is to overcome the dilemma between “preserve privacy, but ‘break’ websites” (by blocking intrusive scripts) or “get websites to work, but give up privacy”.

SugarCoat is open source and is currently being integrated into the Brave browserAlthough it is designed with a view to integrating equally with other “privacy-centric” browsers such as Firefox and Tor Browser, as well as browser extensions “like uBlock Origin”.

In fact, uBlock Origin is one of the few tools that I could boast of betting on this approach code replacement, though I only had replacements for 27 scripts… Compared to the more than 6,000 exceptions already mentioned above. Why such an imbalance?

Because making such replacements was a slow and complex task even for privacy engineering experts. However now SugarCoat allows automatic generation of replacements, now easier thanks to the fact that it intercepts the communications between scripts and web APIs, since it is capable of impersonating the latter.

The inner workings of SugarCoat are explained in a paper recently published academic by his team of developers, entitled ‘SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking’ (here the PDF).

Via | UC San Diego


Please enter your comment!
Please enter your name here