Skip to main content
How to hack into your eesel

Your data is always secure. Hack eesel to see for yourself.

Amogh Sarda avatar
Written by Amogh Sarda
Updated over 2 years ago

Privacy is at the heart of how we've built eesel and you can read all about it in our privacy policy. In this post we're going to look at the network requests eesel makes and verify that:

  • the title, URL and content of pages that you track in eesel will be stored locally on your browser only, and never leave your computer

  • for pages in eesel folders, the title and URL of the pages will additionally be stored securely in eesel servers

Let's get started.

Steps

1. Head to the background page

Let’s first verify that the title, URL and content of pages in eesel are stored locally on your browser only, and never leave your computer. For this, we need to head to the “background page”.

Most browser extensions have a “background page” which is basically the brain of the extension. You can find your local eesel brain here.

It's beautiful, isn't it?

It's beautiful, isn't it?

2. On this page, right click, click Inspect, and switch to the “Network” tab

The Developer Console is a tool that comes with your browser and logs information about what’s happening on the page you’re on. We’ll use the “Network” tab in this a lot, to see the things eesel is receiving and sending.

3. Open eesel in another tab

Make sure you don’t close the background page and it's Network tab. We’ll need to constantly refer back to that to study what's happening in the Network soon.

4. Refresh the eesel new tab, and observe your background page “Network”

It’s time for the magnifying glass (or maybe a Sherlock-esque monocle?). When you refresh your eesel new tab, you'll see different things pop up on the side in your background page’s “Network”.

All these things are basically what eesel is sending and receiving. For instance, you can see an event fired when eesel is opened, and it has associated information like an event name (“documentListViewed”) and “properties” like your “appVersion”.

The “t”, “p”, “i” objects are from Segment which is the tool we use to collect events and attributes. It creates “t” for track events like clicking a filter, “p” for page views like opening the settings page, “i” to associate an anonymous user id to your events. For more on that, read the Segment spec.

5. Refresh your background page and study the “i” events

When you refresh the background page, you’ll see the “i” event in its "Network". When you click into the “traits”, you’ll see some basic information is sent like “appVersion”, “installID”, “createdAt” (when you installed), “documentCount” (the number of docs tracked in your eesel) with this event.

No information about your docs (like your titles, url or content) is being sent.

6. Search, click into a doc and more, and study the “t” and “p” events

So from here, we’re going to interact with eesel in different ways and examine the different events. For instance, here’s the event when I search in eesel.

Notice how an anonymous user id and the event name (“documentSearchUsed”) are sent, but nothing sensitive (like the keywords searched) is sent. Here’s the event when I click into a doc from eesel.

Notice how nothing about the doc (like it’s url, title or content) is sent. Interact with eesel like this in several different ways, see the events and their associated data, and confirm that nothing on your document titles, urls or content is sent with any event. You may want to try clicking different app filters, adding an app and opening your eesel settings.

7. Open a doc in a tab

Let’s now confirm that when you open a doc, eesel doesn’t send any information about the doc. To check this out, let’s open a kind of doc that eesel tracks. For instance, I’ve opened a Google doc here.

8. See the events sent when you’re on the doc

Interact with your doc by clicking around or refreshing the page. You’ll see that there’s no network activity on your background page.

No API calls are made at all and everything remains on your computer.

9. Open the “Application” tab

So where exactly is the doc data stored? We’ll look at that next, and for that, in your background page’s Developer Console, switch from the “Network” tab to the “Application” tab.

10. Open the “IndexedDB” database and head to “documentList”

Voila! Your document titles, url and content are here, and only here. Pretty neat eh?

Feel free to explore around other parts of this database.

11. Setup a Folder with a rule

Let’s also verify that for pages in eesel folders, the title and URL of the pages will additionally be stored securely in eesel servers. For that, we need to make a Folder.

Click the “+” and “New Folder”. Note that you’ll need to login for this feature if you haven’t already.

Make sure that when you make the Folder, you set a “rule” for it, so a document can get added to the Folder automatically.

12. Create a doc that matches the rule

For instance, I’ve just made a new doc to match the rule, and I notice the blue banner notifying me that the doc has been added automatically.

13. Inspect for “graphql” requests and confirm that only title and url are sent

If I then jump on the “Network” tab of my background page, under “graphql”, I can see that only the title and url of the page are sent to eesel servers, and not the content. For context, “graphql” objects are related to your local eesel communicating with eesel’s servers.

14. Look at the “Network” for other eesel related pages

We’ve been looking at the “Network” tab in the background page so far. That’s where the most meaningful events are sent from but eesel also has other pages where it can send data from. For example, there’s the eesel new tab, and to see what's happening there, you can right click, click “Inspect” on your eesel new tab, and switch to the “Network” tab. From there, you can follow the last steps again to interact with docs and study the network activity.

Another place where eesel could send data from is the scripts it injects on your docs. eesel does this to index and store your doc information (like title, url, content) locally, and also to open spotlight. To study this, open a doc, switch to its “Network” tab, and repeat the last steps. For instance, this is the “Network” tab of a Google Doc, and amidst all the requests Google Doc makes, there’s nothing related to eesel.

Overall, you’ll notice the same behaviour as with the background page when it comes to your document title, url, and content.

Conclusion

That's it! You've hacked into the mainframe and seen what happens with your data for yourself. If you get stuck at any point or have more follow up questions, let us know :)

Did this answer your question?