mirror of
https://github.com/arkenfox/user.js.git
synced 2024-11-26 04:21:39 +01:00
Updated 4.1 Extensions (markdown)
parent
c6a3ff1da2
commit
44f04f0e2c
@ -7,12 +7,14 @@ Preferences alone are **not enough**. Extensions can be more powerful, such as o
|
|||||||
* [#664](https://github.com/ghacksuserjs/ghacks-user.js/issues/664) CSP issues
|
* [#664](https://github.com/ghacksuserjs/ghacks-user.js/issues/664) CSP issues
|
||||||
|
|
||||||
### :small_orange_diamond: Extensions
|
### :small_orange_diamond: Extensions
|
||||||
These are all, where applicable, best configured to `deny-all` and whitelist.
|
In no particular order...
|
||||||
|
|
||||||
:exclamation: **CSP**: When multiple extensions use CSP injection to modify headers, **only one wins** and predicting the winner is like [rolling a dice](https://github.com/ghacksuserjs/ghacks-user.js/issues/265#issuecomment-393935989). **Some** CSP items to be aware of are highlighted below.
|
:exclamation: **CSP**: When multiple extensions use CSP injection to modify headers, **only one wins** and predicting the winner is like [rolling a dice](https://github.com/ghacksuserjs/ghacks-user.js/issues/265#issuecomment-393935989). **Some** CSP items to be aware of are highlighted below.
|
||||||
|
|
||||||
* [uBlock Origin](https://addons.mozilla.org/firefox/addon/ublock-origin/) <sup>✔ [Privacy](https://github.com/gorhill/uBlock/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uBlock)
|
* [uBlock Origin](https://addons.mozilla.org/firefox/addon/ublock-origin/) <sup>✔ [Privacy](https://github.com/gorhill/uBlock/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uBlock)
|
||||||
* :exclamation: **CSP**: Uncheck `Dashboard > Settings > Block remote fonts`. Font **rules** use CSP [unsure about font filters]. Use Request Control instead.
|
* :exclamation: **CSP**: Uncheck `Dashboard > Settings > Block remote fonts`. Font **rules** use CSP [unsure about font filters]. Use Request Control instead.
|
||||||
|
* [Privacy Badger](https://addons.mozilla.org/firefox/addon/privacy-badger17/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/privacy-badger17/privacy/)</sup> | [GitHub](https://github.com/EFForg/privacybadger)
|
||||||
|
* Uses heuristics to learn and to build local blocking lists. Your mileage will depend on what other blocking extensions you use and their configurations, but it certainly can't hurt.
|
||||||
* [uMatrix](https://addons.mozilla.org/firefox/addon/umatrix/) <sup>✔ [Privacy](https://github.com/gorhill/uMatrix/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uMatrix)
|
* [uMatrix](https://addons.mozilla.org/firefox/addon/umatrix/) <sup>✔ [Privacy](https://github.com/gorhill/uMatrix/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uMatrix)
|
||||||
* :exclamation: **CSP**: uMatrix uses CSP for `$inline` and for web workers (maybe others)
|
* :exclamation: **CSP**: uMatrix uses CSP for `$inline` and for web workers (maybe others)
|
||||||
* [HTTPS Everywhere](https://addons.mozilla.org/firefox/addon/https-everywhere/) <sup>✔ [Privacy](https://www.eff.org/code/privacy/policy)</sup> | [GitHub](https://github.com/EFForg/https-everywhere)
|
* [HTTPS Everywhere](https://addons.mozilla.org/firefox/addon/https-everywhere/) <sup>✔ [Privacy](https://www.eff.org/code/privacy/policy)</sup> | [GitHub](https://github.com/EFForg/https-everywhere)
|
||||||
@ -21,6 +23,9 @@ These are all, where applicable, best configured to `deny-all` and whitelist.
|
|||||||
* :exclamation: **CSP**: Uncheck `Misc > Block data URL pages`
|
* :exclamation: **CSP**: Uncheck `Misc > Block data URL pages`
|
||||||
* [Decentraleyes](https://addons.mozilla.org/firefox/addon/decentraleyes/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/decentraleyes/privacy/)</sup> | [GitLab](https://git.synz.io/Synzvato/decentraleyes) | [GitHub <sup>Archive</sup>](https://github.com/Synzvato/decentraleyes)
|
* [Decentraleyes](https://addons.mozilla.org/firefox/addon/decentraleyes/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/decentraleyes/privacy/)</sup> | [GitLab](https://git.synz.io/Synzvato/decentraleyes) | [GitHub <sup>Archive</sup>](https://github.com/Synzvato/decentraleyes)
|
||||||
* :sparkles: uBlock Origin users should add the [following rules](https://git.synz.io/Synzvato/decentraleyes/wikis/Frequently-Asked-Questions) if required
|
* :sparkles: uBlock Origin users should add the [following rules](https://git.synz.io/Synzvato/decentraleyes/wikis/Frequently-Asked-Questions) if required
|
||||||
|
* [Temporary Containers](https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/) <sup>✔ Privacy (stated on AMO)</sup> | [GitHub](https://github.com/stoically/temporary-containers)
|
||||||
|
* This can achieve *almost* everything First Party Isolation (FPI) does without breaking cross-domain logins. And (with or without FPI), in a hardened TC setup, this can even isolate repeat visits to the same domain, which FPI alone cannot.
|
||||||
|
* Required reading: [1] [AMO description](https://addons.mozilla.org/firefox/addon/temporary-containers/) [2] [Article](https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21) [3] [TC's Wiki](https://github.com/stoically/temporary-containers/wiki)
|
||||||
* [CSS Exfil Protection](https://addons.mozilla.org/firefox/addon/css-exfil-protection/) | [GitHub](https://github.com/mlgualtieri/CSS-Exfil-Protection) | [Homepage + Test](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester)
|
* [CSS Exfil Protection](https://addons.mozilla.org/firefox/addon/css-exfil-protection/) | [GitHub](https://github.com/mlgualtieri/CSS-Exfil-Protection) | [Homepage + Test](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester)
|
||||||
* [Smart Referer](https://addons.mozilla.org/firefox/addon/smart-referer/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/smart-referer/privacy/)</sup> | [GitLab](https://gitlab.com/smart-referer/smart-referer) | [GitHub <sup>Archive</sup>](https://github.com/meh/smart-referer)
|
* [Smart Referer](https://addons.mozilla.org/firefox/addon/smart-referer/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/smart-referer/privacy/)</sup> | [GitLab](https://gitlab.com/smart-referer/smart-referer) | [GitHub <sup>Archive</sup>](https://github.com/meh/smart-referer)
|
||||||
* [Header Editor](https://addons.mozilla.org/firefox/addon/header-editor/) | [GitHub](https://github.com/FirefoxBar/HeaderEditor)
|
* [Header Editor](https://addons.mozilla.org/firefox/addon/header-editor/) | [GitHub](https://github.com/FirefoxBar/HeaderEditor)
|
||||||
@ -34,13 +39,6 @@ These are all, where applicable, best configured to `deny-all` and whitelist.
|
|||||||
* [window.opener be gone](https://github.com/earthlng/testpages/raw/master/windowopener_be_gone-1.0-an%2Bfx.xpi) | see [#401](https://github.com/ghacksuserjs/ghacks-user.js/issues/401)
|
* [window.opener be gone](https://github.com/earthlng/testpages/raw/master/windowopener_be_gone-1.0-an%2Bfx.xpi) | see [#401](https://github.com/ghacksuserjs/ghacks-user.js/issues/401)
|
||||||
* [Request Control](https://addons.mozilla.org/firefox/addon/requestcontrol/) | [GitHub](https://github.com/tumpio/requestcontrol) | [Manual](https://github.com/tumpio/requestcontrol/blob/master/_locales/en/manual.md) | [Testing links](https://github.com/tumpio/requestcontrol/wiki/Testing-links)
|
* [Request Control](https://addons.mozilla.org/firefox/addon/requestcontrol/) | [GitHub](https://github.com/tumpio/requestcontrol) | [Manual](https://github.com/tumpio/requestcontrol/blob/master/_locales/en/manual.md) | [Testing links](https://github.com/tumpio/requestcontrol/wiki/Testing-links)
|
||||||
* [Redirector](https://addons.mozilla.org/firefox/addon/redirector/) <sup>✔ [Privacy](https://github.com/einaregilsson/Redirector/blob/master/privacy.md)</sup> | [GitHub](https://github.com/einaregilsson/Redirector)
|
* [Redirector](https://addons.mozilla.org/firefox/addon/redirector/) <sup>✔ [Privacy](https://github.com/einaregilsson/Redirector/blob/master/privacy.md)</sup> | [GitHub](https://github.com/einaregilsson/Redirector)
|
||||||
* [Cookie AutoDelete](https://addons.mozilla.org/firefox/addon/cookie-autodelete/) <sup>✔ [Privacy](https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/wiki/Privacy-Policy)</sup> | [GitHub](https://github.com/mrdokenny/Cookie-AutoDelete)
|
|
||||||
* :warning: APIs do not exist to allow clearing IndexedDB, Service Workers cache, appCache, or cache by host. Clearing cookies & localStorage on their own, and leaving orphaned persistent data is a false sense of privacy. Check [here](https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/wiki/FAQ:-Common-Questions-and-Issues#what-is-the-state-of-the-webextension-api-to-clean-x-data)
|
|
||||||
* [Temporary Containers](https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/) <sup>✔ Privacy (stated on AMO)</sup> | [GitHub](https://github.com/stoically/temporary-containers)
|
|
||||||
* This can achieve *almost* everything First Party Isolation (FPI) does without breaking cross-domain logins. And (with or without FPI), in a hardened TC setup, this can even isolate repeat visits to the same domain, which FPI alone cannot.
|
|
||||||
* Required reading: [1] [AMO description](https://addons.mozilla.org/firefox/addon/temporary-containers/) [2] [Article](https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21) [3] [TC's Wiki](https://github.com/stoically/temporary-containers/wiki)
|
|
||||||
* [Enterprise Policy Generator](https://addons.mozilla.org/firefox/addon/enterprise-policy-generator/) | [GitHub](https://github.com/cadeyrn/enterprise-policy-generator)
|
|
||||||
* For ESR60+ and [Enterprise Policies](https://support.mozilla.org/en-US/products/firefox-enterprise/policies-enterprise)
|
|
||||||
|
|
||||||
### :small_orange_diamond: Extensions [Tools]
|
### :small_orange_diamond: Extensions [Tools]
|
||||||
|
|
||||||
@ -48,17 +46,22 @@ These extensions will not mask or alter any data sent or received, but may be us
|
|||||||
|
|
||||||
* [uBO-Scope](https://addons.mozilla.org/firefox/addon/ubo-scope/) | [GitHub](https://github.com/gorhill/uBO-Scope)
|
* [uBO-Scope](https://addons.mozilla.org/firefox/addon/ubo-scope/) | [GitHub](https://github.com/gorhill/uBO-Scope)
|
||||||
* [True Sight](https://addons.mozilla.org/firefox/addon/detect-cloudflare-plus/) ✔ <sup>[Privacy](https://addons.mozilla.org/firefox/addon/detect-cloudflare-plus/privacy/)</sup> | [GitHub](https://github.com/claustromaniac/detect-cloudflare-plus)
|
* [True Sight](https://addons.mozilla.org/firefox/addon/detect-cloudflare-plus/) ✔ <sup>[Privacy](https://addons.mozilla.org/firefox/addon/detect-cloudflare-plus/privacy/)</sup> | [GitHub](https://github.com/claustromaniac/detect-cloudflare-plus)
|
||||||
* Why would you want to detect ~~Cloudflare~~ CDNs? Read [this](https://github.com/claustromaniac/detect-cloudflare-PA/blob/master/README.md#motivation).
|
* Why would you want to detect CDNs? Read [this](https://github.com/claustromaniac/detect-cloudflare-PA/blob/master/README.md#motivation).
|
||||||
* [mozlz4-edit](https://addons.mozilla.org/firefox/addon/mozlz4-edit/) | [Github](https://github.com/serj-kzv/mozlz4-edit)
|
* [mozlz4-edit](https://addons.mozilla.org/firefox/addon/mozlz4-edit/) | [Github](https://github.com/serj-kzv/mozlz4-edit)
|
||||||
* inspect and/or edit `*.lz4`, `*.mozlz4`, `*.jsonlz4`, `*.baklz4` and `*.json` files within FF
|
* inspect and/or edit `*.lz4`, `*.mozlz4`, `*.jsonlz4`, `*.baklz4` and `*.json` files within FF
|
||||||
* [CRX Viewer](https://addons.mozilla.org/firefox/addon/crxviewer/) | [GitHub](https://github.com/Rob--W/crxviewer)
|
* [CRX Viewer](https://addons.mozilla.org/firefox/addon/crxviewer/) | [GitHub](https://github.com/Rob--W/crxviewer)
|
||||||
* [Compare-UserJS](https://github.com/claustromaniac/Compare-UserJS)
|
* [Compare-UserJS](https://github.com/claustromaniac/Compare-UserJS)
|
||||||
* Not an extension, but an excellent tool to compare user.js files and output the diffs in detailed breakdown - by our very own incomparable [claustromaniac](https://github.com/claustromaniac) :cat2:
|
* Not an extension, but an excellent tool to compare user.js files and output the diffs in detailed breakdown - by our very own incomparable [claustromaniac](https://github.com/claustromaniac) :cat2:
|
||||||
|
* [Enterprise Policy Generator](https://addons.mozilla.org/firefox/addon/enterprise-policy-generator/) | [GitHub](https://github.com/cadeyrn/enterprise-policy-generator)
|
||||||
|
* For ESR60+ and [Enterprise Policies](https://support.mozilla.org/en-US/products/firefox-enterprise/policies-enterprise)
|
||||||
|
|
||||||
### :small_orange_diamond: Don't Bother...
|
### :small_orange_diamond: Don't Bother...
|
||||||
|
* Cookie extensions
|
||||||
|
* ❗️ APIs do not exist to allow clearing IndexedDB, Service Workers cache, appCache, or cache by host. Clearing cookies & localStorage on their own, and leaving orphaned persistent data is a false sense of privacy
|
||||||
|
* Use FPI (First Party Isolation) and/or Temporary Containers
|
||||||
* NoScript
|
* NoScript
|
||||||
* :exclamation: **CSP**: "NoScript uses some trickery to ensure its CSP headers are injected" <sup>[gorhill](https://bugzilla.mozilla.org/show_bug.cgi?id=1462989#c20)</sup>
|
* ❗️ **CSP**: "NoScript uses some trickery to ensure its CSP headers are injected" <sup>[gorhill](https://bugzilla.mozilla.org/show_bug.cgi?id=1462989#c20)</sup>
|
||||||
* Ghostery, Disconnect, Privacy Badger
|
* Ghostery, Disconnect
|
||||||
* They add nothing uBlock Origin doesn't already cover
|
* They add nothing uBlock Origin doesn't already cover
|
||||||
* Chameleon, Privacy Possum or any other extension that raises entropy
|
* Chameleon, Privacy Possum or any other extension that raises entropy
|
||||||
* We support *lowering* entropy. UA spoofing is best left to *privacy.resistFingerprinting*
|
* We support *lowering* entropy. This is best left to *privacy.resistFingerprinting*
|
||||||
|
Loading…
Reference in New Issue
Block a user