This extension offers a novel line of defense centered on protecting every single click happening in the web browser, to completely preserve the security and privacy of our customers from the widespread adoption of misleading links.

Why Do I Need This?

Web pages have evolved into complex and dynamic applications, with links that are often opaque and misleading. Click-related threats are very common nowadays, and can lead users to dangerous situations and unwanted tracking. For instance, during the current COVID-19 circumstances, a vulnerability of the U.S. Department of Health and Human Services permitted one of these attacks, and malicious actors were able to steal information such as email credentials, credit card info, cryptocurrency wallets, and browsing data. Moreover, in the last year, millions of users were targeted with similar campaigns abusing this type of click-related vulnerabilities in companies like Adobe, Google, Microsoft or Cisco.

Add To Firefox
Download Archive

Chrome / Brave

Download the ClickMaster archive and unzip it. Open Chrome/Brave, navigate to chrome://extensions/ (or brave://extensions/) and enable developer mode. Click "Load unpacked" and select the unpacked archive.

Firefox

Click the Firefox link above and it should add the extension directly to Firefox.

ClickMaster Approach

It is able to block any unexpected click-related access from trackers and harmfull domains even before the browser actually contacts them. To do so it evaluates every single hyperlink and redirection that occurs agains a list of more than 10 million domains specially crafted for this mission.

How It Works

ClickMaster evaluates all hyperlinks (including links layered within iframes) and displays a tooltip informing about all entities that will be supposedly involved if the user decides to perform a click.

Information is presented using specific color codes in order raise awareness on the following points:

  • Domain or Entity behind the link is a tracker,
  • Domain or Entity behind the link is unknown,
  • Domain or Entity behind the link is local or known,
  • Connection between current Web site and link destination is unencrypted,
  • Connection between current Web site and link destination is encrypted,
Here's a few examples on how to leverage these capabilities:
Anti Phishing/Scam Protection: ClickMaster highlights the fact that the entity set as destination (aibpolicy.com) might not be legit since the link hidden behind the text is not known. This evaluation is performed against a list of 10 million Websites.
Privacy Awareness: ClickMaster highlights all entities and its owners hidden under Web based Advertising elements. Users should be entitled to known and therefore choose exactly who tracks their clicks.

What You Click is What You Should Get: Following the tooltip logic if the user engages in clicking an hyperlink and the policies are violated during the navigation process, the click is considered blocked and a banner is displayed in the top of the screen informing about the unexpected behaviour.

ClickMaster Banner: In this example the domain "stats.gmailo.co" was captured as part of an unexpected hyperlink redirection. And since the destination is neither local (does not share the same top level domain with the location where the click was performed) or known (not present in our specially crafted top 10 million domains list) the navigation is stopped and the click is considered blocked. The user has then the options to either: allow the click temporarily, trust the domain, or permanently disable the extension for the current Website.

The summary of all clicks blocked can also be visualized in the extension popup window where an options menu is also available.

ClickMaster Popup: The popup window displays a summary of all clicks blocked by category. Additionally it also allows users to take actions upon the current tab Website and access the options page.
ClickMaster Options Page: From the options menu is possible to turn on/off protocol downgrade protection and hyperlinks evaluation settings and consult the list of all trusted tracking entities, domains and Websites.

FAQ

Q1: Who can I contact if I have questions about the extension?

A1: If you have any questions you can email David.Silva@nortonlifelock.com or Iskander.Sanchez@nortonlifelock.com

Q2: Where can I learn more about the work behind this extension?

A2: Research has shown us that what we click is not always what we get.