From 2f080176db08d1c60d66a919182b598c205ecc60 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 24 Feb 2021 12:59:24 +0000 Subject: [PATCH] Updated 4.1 Extensions (markdown) --- 4.1-Extensions.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/4.1-Extensions.md b/4.1-Extensions.md index 1de7138..37f35aa 100644 --- a/4.1-Extensions.md +++ b/4.1-Extensions.md @@ -28,10 +28,9 @@ This list covers privacy and security related extensions only. While we believe * [HTTPS Everywhere](https://addons.mozilla.org/firefox/addon/https-everywhere/) ✔ [Privacy](https://www.eff.org/code/privacy/policy) | [GitHub](https://github.com/EFForg/https-everywhere) - If you're using HTTPS-Only mode (usable since FF83), then this is basically redundant, especially as more of the web turns to secure context * [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) ✔ [Privacy](https://addons.mozilla.org/firefox/addon/canvasblocker/privacy/) | [GitHub](https://github.com/kkapsner/CanvasBlocker) - - **DO NOT** use `Screen API` or `Navigator API` protections with RFP - - `Window` is protected in the user.js since FF82+ (`privacy.window.name.update.enabled`) - - `Audio` is disabled in the user.js, and if enabled (e.g. with remote video conferencing), the entropy is low - - The rest is up to you + - `Canvas API`: great fallback if you allow an RFP canvas site exception + - `Screen API` and `Navigator API`: don't use with RFP + - `The rest`: good protection against naive scripts, detectable with advanced scripts * [CSS Exfil Protection](https://addons.mozilla.org/firefox/addon/css-exfil-protection/) | [GitHub](https://github.com/mlgualtieri/CSS-Exfil-Protection) | [Homepage + Test](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester) - Practically zero threat and if the platform's CSS was compromised, you'd have bigger problems to worry about