I made an extension that bypasses online age verification

To show my stance towards online age verification, I made a small (literally, less than 10 kilobytes) add-on that will completely skip ageverif.net’s verification prompt. (Only that site (for now?))

With more and more data breaches going on it’s important to protect yourself by not sharing unnecessary data, and to show how broken some age verification platforms are!

It’s #opensource too! https://github.com/helloyanis/agechecker.net-bypass (more info on why I do it is in the readme)

@privacy

#ageverification #firefox #hacking #web #cybersecurity

  • bamboo@lemmy.blahaj.zoneEnglish
    33·
    1 day ago

    Can’t this just be a filter in uBlock Origin? What does this do that is special that uBlock Origin can’t do?

      • Fmstrat@lemmy.world
        5·
        20 hours ago

        You need to send data to a callback URL. Blocks won’t work, that’s basically like sitting on the verification screen and doing nothing.

    • 🦊 helloyanis :veripawed3:@furries.clubOP
      14·
      1 day ago

      @bamboo I dont’t think so? I’m not sure how uBO filters works but the popup file is supposed to send an event to the main page to let it know that the verification is done and I don’t think uBO filters can do that

      • bamboo@lemmy.blahaj.zoneEnglish
        9·
        1 day ago

        In your experience do sites fail open or closed if the JavaScript from the third party not load? Like will the site wait for the event of the JavaScript library is never requested or loaded?

        • 🦊 helloyanis :veripawed3:@furries.clubOP
          9·
          1 day ago

          @bamboo Not sure if that’s exactly what you mean but each site can set up the age verification by loading a script and adding event callbacks, like redirect_url to set an URL to be redirected to once the verification is over, and onclosed which occurs when the verification is successful, and where the site can set some code to run.

          So if you just block the popup, it never appears and can never fire onclose and the code that happens after will never run.

          Since sites are often minified and obfuscated, and the call for the popup can come from any file, I just replaced the response to requests to the popup URL, to have my own script that fires the event and/or redirects to the page, so that it works every time.

          I think the only way to counter this is, if they change the URL (I can later update it too, or if a website hosts their own version of the file (so it will be at a different URL and be undetected). But all of these have easy workarounds as well.

    • scytale@piefed.zipEnglish
      2·
      1 day ago

      Curious to know this as well. I think it’s possible, but I myself am not capable of writing the filter.