Skip to content
This repository has been archived by the owner on Jun 28, 2024. It is now read-only.

EU-EDPS/website-evidence-collector

Repository files navigation

Repository Migration

The EDPS has migrated the project to the code repository of the European Union at https://code.europa.eu/EDPS/website-evidence-collector.

Website Evidence Collector Logo

Website Evidence Collector

The tool Website Evidence Collector (WEC) automates the website evidence collection of storage and transfer of personal data. It is based on the browser Chromium/Chrome and its JavaScript software library for automation puppeteer.

Installation

Screencast Installation

  1. The Website Evidence Collector is a set of scripts written in JavaScript for execution by Node.js. Install Node.js and the Node.js package manager (NPM). The minimum version for Node.js is 16.0.
  • Windows or Mac: Follow the guide on https://nodejs.org/en/.
  • Linux: use the Linux package manager to install Node.js, e.g. zypper in nodejs10 (check version) or apt install nodejs.
  1. Install the Website Evidence Collector from
  • the tarball archive file (*.tar.gz) downloaded from the EDPS Website: npm install --global ./website-evidence-collector-*.tar.gz (with * to be replaced by the current release version),
  • Github with npm install --global https://github.com/EU-EDPS/website-evidence-collector/tarball/latest, or
  • Github with npm install --global https://github.com/EU-EDPS/website-evidence-collector/tarball/master to get a potentially broken testing version, which includes the latest changes.

The tool can be uninstalled with npm uninstall --global website-evidence-collector.

Hint: You don't need root permissions for the installation. If you run into permission denied errors during step 2 of the installation try the following commands:

mkdir "${HOME}/.npm-packages"
npm config set prefix "${HOME}/.npm-packages"

Now repeat step 2.

Run Website Evidence Collector

Screencast Call

To start the collection for e.g. https://example.com, open the terminal and run website-evidence-collector https://example.com. The folder output contains the gathered evidence.

Notice on the Processing of Personal Data: This tool carries out automated processing of data of websites for the purpose of identifying their processing of personal data. If you run the tool to visit web pages containing personal data, this tool will download, display, and store these personal data in the form of text files and screenshots, and you will therefore process personal data.

Hint: If you run into command not found errors you have to add the .npm-packages to your PATH.
Run the following commands:

NPM_PACKAGES="${HOME}/.npm-packages"
export PATH="$PATH:$NPM_PACKAGES/bin"

You can check your PATH with this command: echo $PATH.

Examples with Command Line Options

Simple Output on the Terminal only

website-evidence-collector --no-output --yaml https://example.com 2> /dev/null

The last part 2> /dev/null works on Mac/Linux and redirects the logging output from the screen into a device for disregarding the content.

Ignore Certificate Errors during Collection

website-evidence-collector -y -q https://untrusted-root.badssl.com -- --ignore-certificate-errors

All command line arguments after -- (the second in case of npm) are applied to launch Chromium.

Reference: https://peter.sh/experiments/chromium-command-line-switches/#ignore-certificate-errors

Integrate with testssl.sh

Note: Testssl.sh v3.0 or higher must be already installed. The most recent and with WEC tested version is v3.0.6.

With the option --testssl, the website evidence collector calls testssl.sh to gather information about the HTTPS/SSL connection.

website-evidence-collector -q --testssl https://example.com

The tool assumes the executable testssl.sh can be found in the PATH variable. The option --testssl-executable allows to specify the location and implies the option testssl.

website-evidence-collector -q --testssl-executable ../testssl.sh-3.0.6/testssl.sh https://example.com

If testssl.sh is called separately, the JSON output file can be integrated subsequently with the option --testssl-file.

website-evidence-collector -q --testssl-file example-testssl.json https://example.com

Frequently Asked Questions

Please find a collection of frequently asked questions with answers in FAQ.md

Setup of the Development Environment

  1. Install the dependencies according to the Installation Guide point 1.
  2. Install the version control system Git (https://git-scm.com/).
  3. Download the Website Evidence Collector a. from the EDPS Website and unpack the received folder with e.g. 7zip, or b. from Github with git clone https://github.com/EU-EDPS/website-evidence-collector.
  4. Open the terminal and navigate to the folder website-evidence-collector.
  5. Install the dependencies using npm install
  6. Consider to use npm link to make the command website-evidence-collector outside of the project folder.

TODO List

Third-Party Software

The following software extends WEC to cover further use cases. It is developed independently of the WEC and is not tested or approved by the WEC developers.

Resources for Developers

Contributors

License

This work, excluding filter lists, is distributed under the European Union Public Licence (the ‘EUPL’). Please find the terms in the file LICENSE.txt.

Filter lists in the assets/ directory are authored by the EasyList authors (https://easylist.to/) and are for your convenience distributed together with this work under their respective license as indicated in their file headers.