diff --git a/Appendix-C:-Firefox-Add-ons.md b/Appendix-C:-Firefox-Add-ons.md new file mode 100644 index 0000000..e16a3b1 --- /dev/null +++ b/Appendix-C:-Firefox-Add-ons.md @@ -0,0 +1,44 @@ +Preferences alone are **not enough**. In fact, some of these are **mandatory** if you use the `ghacks user.js` in it's default state. For example +- All tracking protection and safebrowsing is turned off by default. Unless you disable the relevant preferences (and reset them) or use a substitute (uBlock Origin), then you are putting yourself at risk +- All cookies are denied by default. Unless you change the preference, or use an add-on you will never be able to login anywhere. + +Add-ons can be more powerful than a preference, such as offering whitelists/blacklists and more granular control. This allows you to set a preference at a `deny-all` level, but get back functionality on sites where you need it. An add-on can also solve issues where the browser itself has no current solution (such as canvas fingerprinting). Others listed offer a simple toggle for you to use with problem sites. This list will cover privacy and security related add-ons only, to enhance and work in tandem with the `ghacks user.js`. While we believe these are the very best of the best, this can be subjective depending on your needs. + +If you would like to submit a privacy or security related add-on to be added to this list, please post the details [here](https://github.com/ghacksuserjs/ghacks-user.js/issues/12) for consideration, thanks. + +### Recommended Add-ons +These are all, where applicable, best configured to `deny-all` and whitelist. + +- [NoScript](https://addons.mozilla.org/en-US/firefox/addon/noscript/) +- [uBlock Origin](https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/) - essential if you are not using Mozilla's Tracking Protection and Safe Browsing +- [uMatrix](https://addons.mozilla.org/en-US/firefox/addon/umatrix/) +- *[1] [Cookie Controller](https://addons.mozilla.org/en-US/firefox/addon/cookie-controller/) +- *[1] [Self-Destructing Cookies](https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/) +- [HTTPS Everywhere](https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/) +- [CanvasBlocker](https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/) +- [No Resource URI Leak](https://addons.mozilla.org/en-US/firefox/addon/no-resource-uri-leak/) +- [Decentraleyes](https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/) +- [NoRedirect](https://addons.mozilla.org/en-US/firefox/addon/noredirect/) +- *[2] [UAControl](https://addons.mozilla.org/en-US/firefox/addon/uacontrol/) +- *[2] [User-Agent JS Fixer](https://addons.mozilla.org/en-US/firefox/addon/user-agent-js-fixer/) +- [Popup Blocker Ultimate](https://addons.mozilla.org/en-US/firefox/addon/popup-blocker-ultimate/) - still evaluating. I think it has a memory leak. +- [Pure URL](https://addons.mozilla.org/en-US/firefox/addon/pure-url/) +- [Google Privacy](https://addons.mozilla.org/en-US/firefox/addon/google-privacy/) +- [Quick Java](https://addons.mozilla.org/en-US/firefox/addon/quickjava/) - configurable toggle buttons for JS, Java, Flash, Images and more. Suggest you don't use/enable anything that will conflict, such as the Cookies toggle. +- [Disable IndexedDB](https://addons.mozilla.org/en-US/firefox/addon/disable-indexeddb/) - toggle button for indexedDB which is disabled by default. + +[1] Don't use multiple cookie add-ons + +[2] It's debatable if UA spoofing is worth it. UAControl offers whitelisting. User-Agent JS Fixer is only needed if your choice of add-on doesn't cover JS + +NOTE: At the time of publication the following are not e10s compatible: +Google Privacy, NoRedirect, UAControl, User-Agent JS Fixer, Popup Blocker Ultimate + +### Still Looking For... +- e10s compatible UA solution that allows whitelisting and covers JS +- e10s compatible comprehensible solution that address tracking in URLs +- e10s compatible popup blocker + +### Don't Bother Recommending These... +- Ghostery +