Q: Does HIN ever modify Web page content (e.g. to remove ads)?

Q: Does HIN wipe or clean out cache, cookies, browsing history, etc.?

Q: What should be Chromium privacy settings be set to in order to work best with HIN?

• Under "On startup," choose "Open the New Tab page."
• Under "Appearance ... Show Home button," check the box (if not already), and click "Change" and choose "Use the New Tab page." Then leave the "Show Home button" box checked or unchecked as desired.
• Click "Show advanced setting." Under "Privacy," uncheck all boxes that appear following "Chromium may use web services ..." While HIN's default rules will help to plug unnecessary "leakage" of Google sign-in data to these services, which are operated by Google, some of these services may employ the Google "back door" domains (see below) and be un-filterable. It is therefore best simply to disable them.
• Click "Show advanced setting." Under "Privacy," click the "Content Settings" button. Under "Cookies," check "Block third-party cookies and site-data".

Q: How do I sync my customized HIN rules and actions to multiple browsers?

Q: I've created some useful rules I would like to share, how can I do that?

Q: I'm not sure I like the default rules. Why are the default rules the way they are, and how can I change them?

Q: Why does HIN override the "New tab" page?

Q: Does HIN log my Web request activity anywhere?

• HIN is globally enabled.
• Debug capture is on. A red "DBG!" indicator will appear in the browser icon. Capture is off by default and can only be enabled explicitly by the user.
• The HIN debug page is being displayed.
• The debug page is not in "paused" mode, or is in paused mode with prior events having been captured.
• The user has not pressed the CLEAR button on the Debug page.

Q: Why would I need something like HIN when I have "incognito mode?" Can/should I use HIN in incognito mode?

Q: Are there URLs that cannot be intercepted?

• The startup URL(s) configured in "Settings" under the section "On Startup ... Open a specific set of pages," and the section "Show Home button," as well as the startup URL(s) passed on the command line. These URLs are opened apparently before HIN is loaded. To mitigate this, avoid passing URLs you want intercepted and filtered on the command line, and choose in "Settings" the option "Open the New Tab page" for both the "On startup" and "Show Home button" sections.

• For certain Chromium browsers, notably Google Chrome and some Chromium project builds, any URL hosted at the Google "back door" domains clients1.google.com ... clients9.google.com. These domains, owned and operated by Google, are hard-coded into Chromium by the Chromium developers to be exempt from trapping by the chrome.webRequest API on which HIN is based. This exemption is for domains hosting services ostensibly for use in maintaining the integrity of Chromium extensions and apps, and its purpose is to prevent such services from being interfered with extensions. However, it is has been observed that Google also uses these domains to host services unrelated to Chromium integrity, including services that serve up tracking GIFs, Javascript code, and activity logging functions unrelated to Chromium, but rather used in the operation of Google's commercial web-based services.
  Until this is fixed, the only remedy for this situation is to avoid accessing services that might access these domains outside their intended use. Because chrome.webRequest (and so, HIN) cannot intercept these URLs, the potentially problematic situation itself can only be detected by lower level means as above. Some prevention of the retrieval by Google of non-Chromium-related Javascript from these domains is done by the default rule, "Block Google Back-door Javascript." See "Rules" section.

Q: Does HIN access external resources or use third party libraries?

Q: How can I know my copy of HIN is authentic and does what this document claims?

Q: Why is the installation procedure the way it is?

Q: What are the licensing terms for HIN?

Q: Why does HIN exist? What is the motivation?

Q: Who are you?

• name: Action name. This name will appear in the debug page when the action is enabled and a rule matches that performs the action. This is the name used by rules to refer to the action.
• description: Action description. Describes the purpose and operation of the action. This will appear in the tooltip of the action where it appears on the HIN toolbar icon popup.
• enabled: Boolean flag, true if the action is enabled. If an action is disabled, it will not be performed for any rule (although other actions for a matching rule will be performed if enabled).
• action: One or more action operations. This can be a single action operation, as given by Action Syntax below, or a list of them.

Action Syntax

Overview

Toolbar Icon Menu

• Global enable/disable: when clicked will toggle the global enabled status. The "jet" icon will be blue when HIN is enabled and red if disabled. No modifications of any kinds will be done to any Web requests when HIN is globally disabled. As well, the status of the global Cookie blocking, as well as the rules and actions will be grayed out as a reminder that their enabled status has been overridden by the global disable.
• Cookies allowed/blocked: This is a quick way to suspend the sending and setting of all HTTP cookies while browsing. Your current set of cookies will not be touched. This means you can temporarily sign out of all sites, and be signed back in where you left off, when Cookie blocking is again disabled. Cookie blocking will not be effective when HIN is globally disabled. To remind that this setting is in effect, the browser icon will be augmented with the red indicator ("badge") text of "-CK" when cookie blocking is on, but only if the "badge" is not already being used for the debug capture indicator.
• Debug capture on/off: Toggles debug capture. When debug capture is enabled, HIN will capture and keep in memory, on a first-in, first-out (FIFO) basis, a configurable number of requests that have matched rules. Turning off capture does not clear out from memory any events that have been previously captured. This is intentional, to allow a snapshot of events to be analyzed and not pushed out of the FIFO queue by new events. Debug capturing slows down browsing, so it is advised not to have it on unless necessary.
• HIN Options: Opens the HIN Options page. This page allows for editing of all HIN options. Most of the fields are self-evident. When editing the rules or actions JSON it is recommended to click "Verify" first to check syntax. There are also buttons to revert the content of the options form to what was last saved, or to reset to "factory" defaults that ship with HIN. Export and import of the JSON is supported. This is particularly useful for sharing rules with others, to make a backup copy of work on rules, and to synchronize settings across browsers on different machines. When importing, the JSON rules and actions will add to and/or replace the current rules, so that rules and actions may be added in fragments from various sources.
• Debug Page: Opens the HIN Debug page. This page shows the request event information captured while debug capture mode is enabled. A queue of a limited number (a few hundred) of requests is kept in memory on a first-in, first-out (FIFO) basis. This size of this queue can be adjusted on the Options page. By default this page refreshes automatically every few seconds. Auto-refresh can be turned off so that the content of the page is stable and can be analyzed, while events will continue to be captured. While auto-refresh is off, an immediate, manual refresh can be triggered by clicking REFRESH. The FIFO queue of events can be flushed by clicking the CLEAR button, or reloading HIN.
• FAQ & Documentation: Brings up this page.
• Reload HIN: Reloads the extension. This will cause options to be re-read from disk, and any captured debug events to be flushed.
• Manage Extension: Goes to the Chromium extensions management page section for HIN. This is useful for adjusting extension settings such as whether it can run in "incognito" (private) mode, whether to allow access to "file://" URLs, to verify HIN's requested extension permissions, etc.
• Uninstall HIN: Will uninstall HIN, possibly after showing a confirmation dialog.
• RULES list: Shows the list of rules currently in place, with a green check-mark indicating the rule is enabled, and a red "X" indicating the rule is disabled. Clicking on the rule will toggle its enabled status. Hovering over the rule name will show the detailed description, what actions are enabled for the rule, and the detailed match expression.
• ACTIONS list: Shows the list of actions currently in place, with a green check-mark indicating the action is enabled, and a red "X" indicating the action is disabled. Clicking on the action will toggle its enabled status. Hovering over the action name will show the detailed description, and the specific operations when the action is performed.

Functionality Intentionally not Provided by HIN

• Cookie/history editing and scrubbing. There are many good cookie store management extensions. EditThisCookie looks like a good one. Note that if you simply want to disable cookies for entire domains Chromium's built-in facility as well as EditThisCookie are good for that. HIN can be used as well, and will provide a debug facility to view what is being discarded.
• Modification of browsed content to "clean" out ads and other unwanted content. You can use AdBlock Plus for this function, or simply don't visit sites whose content you don't want to see.
• Developer HTTP traffic logging/capture tool (beyond what is on the HIN debug page). HIN is not a comprehensive HTTP traffic analysis tool. For that purpose, use Developer Tools' "Network" tab, or an external network monitoring ("sniffer") utility such as tcpdump, tcpflow, WireShark, and/or a logging HTTP proxy such as the SSL-decrypting "mitmproxy" or "Fiddler."

Future Development

• Ability to match a rule on more request information (e.g. request headers).
• Ability to match a rule on response information (e.g. response headers, HTTP status).
• Creation and use of a central repository for rule contributions.