Security Philosophy
TrackBlock follows a zero-trust architecture by design. We believe the most secure way to protect user data is to never have access to it in the first place. Every decision in TrackBlock's design starts from this principle.
Local Processing
All tracker analysis occurs entirely within your browser. TrackBlock never sends email content, tracking data, or any information to external servers. The extension operates as a fully self-contained analysis engine that runs locally on your device.
- No remote servers process your data
- No third-party analytics services
- No hidden telemetry or usage tracking
- No external dependencies for analysis
Permission Model
Minimal Scope
The extension only activates on email provider domains. It does not request broad host access or read data on arbitrary websites.
No Network Access
TrackBlock does not make external network requests for its core functionality. The extension can identify and block trackers without contacting any server.
Extension Security
TrackBlock follows browser extension security best practices:
- Content Security Policy (CSP) is enforced to prevent XSS attacks
- All extension code is static and reviewed before release
- No remote code execution — all logic is bundled with the extension
- Isolated world execution prevents interference from page scripts
- Regular updates to address any discovered vulnerabilities
Data Protection
Since TrackBlock does not collect or transmit data, traditional data protection concerns around storage, encryption, and transmission are inherently addressed. What little data exists (your preferences) stays in your browser's local storage, under your full control.
Responsible Disclosure
If you discover a security vulnerability in TrackBlock, please report it responsibly. We will investigate and address verified vulnerabilities promptly.
Security Contact
For security-related inquiries or to report a vulnerability: nazroqlabs@gmail.com