Updated 4.1 Extensions (markdown)

Thorin-Oakenpants 2020-09-27 00:44:54 +00:00
parent cac47ec5f6
commit 5a1b3ee531

@ -2,24 +2,15 @@ This list covers privacy and security related extensions only. While we believe
### :small_orange_diamond: Relevant Links ### :small_orange_diamond: Relevant Links
* [#655](https://github.com/arkenfox/user.js/issues/655) Submissions | [#350](https://github.com/arkenfox/user.js/issues/350) Prefs & Extensions | [#664](https://github.com/arkenfox/user.js/issues/664) CSP issues * [#655](https://github.com/arkenfox/user.js/issues/655) Submissions | [#350](https://github.com/arkenfox/user.js/issues/350) Prefs & Extensions
### :small_orange_diamond: **CSP**
- **FULLY** fixed in ESR78.1+ and FF78+
- [Developer Release Notes](https://wiki.developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/77#API_changes), [1462989](https://bugzilla.mozilla.org/show_bug.cgi?id=1462989), [1635781](https://bugzilla.mozilla.org/show_bug.cgi?id=1635781)
- :exclamation: **CSP**: When multiple extensions use CSP injection to modify headers, only one wins and predicting the winner is like [rolling a dice](https://github.com/arkenfox/user.js/issues/265#issuecomment-393935989). Some CSP items (this is not an exhaustive list) to be aware of are highlighted below.
--- ---
### :small_orange_diamond: Extensions (in no particular order...) ### :small_orange_diamond: Extensions (in no particular order...)
* [uBlock Origin](https://addons.mozilla.org/firefox/addon/ublock-origin/) <sup>✔ [Privacy](https://github.com/gorhill/uBlock/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uBlock) * [uBlock Origin](https://addons.mozilla.org/firefox/addon/ublock-origin/) <sup>✔ [Privacy](https://github.com/gorhill/uBlock/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uBlock)
* :exclamation: **CSP**: Uncheck `Dashboard > Settings > Block remote fonts`. Font rules use CSP, use Request Control instead. [Other CSP issues](https://github.com/arkenfox/user.js/issues/664#issuecomment-472596147) include filter lists that use `$csp=` (and there are lot of them)
* [uMatrix](https://addons.mozilla.org/firefox/addon/umatrix/) <sup>✔ [Privacy](https://github.com/gorhill/uMatrix/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uMatrix) * [uMatrix](https://addons.mozilla.org/firefox/addon/umatrix/) <sup>✔ [Privacy](https://github.com/gorhill/uMatrix/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uMatrix)
* :exclamation: **CSP**: uMatrix uses CSP for `$inline` and for web workers (maybe others)
* [HTTPS Everywhere](https://addons.mozilla.org/firefox/addon/https-everywhere/) <sup>✔ [Privacy](https://www.eff.org/code/privacy/policy)</sup> | [GitHub](https://github.com/EFForg/https-everywhere) * [HTTPS Everywhere](https://addons.mozilla.org/firefox/addon/https-everywhere/) <sup>✔ [Privacy](https://www.eff.org/code/privacy/policy)</sup> | [GitHub](https://github.com/EFForg/https-everywhere)
* :exclamation: **CSP**: Uncheck `Toolbar Icon > Encrypt All Sites Eligible (EASE)`
* [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/canvasblocker/privacy/)</sup> | [GitHub](https://github.com/kkapsner/CanvasBlocker) * [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/canvasblocker/privacy/)</sup> | [GitHub](https://github.com/kkapsner/CanvasBlocker)
* :exclamation: **CSP**: Uncheck `Misc > Block data URL pages`
* [Temporary Containers](https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/) <sup>✔ Privacy (stated on AMO)</sup> | [GitHub](https://github.com/stoically/temporary-containers) * [Temporary Containers](https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/) <sup>✔ Privacy (stated on AMO)</sup> | [GitHub](https://github.com/stoically/temporary-containers)
* This can achieve *almost* everything First Party Isolation (FPI) does without breaking cross-domain logins. And (with or without FPI), in a hardened TC setup, this can even isolate repeat visits to the same domain, which FPI alone cannot. * This can achieve *almost* everything First Party Isolation (FPI) does without breaking cross-domain logins. And (with or without FPI), in a hardened TC setup, this can even isolate repeat visits to the same domain, which FPI alone cannot.
* Required reading: [1] [AMO description](https://addons.mozilla.org/firefox/addon/temporary-containers/) [2] [Article](https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21) [3] [TC's Wiki](https://github.com/stoically/temporary-containers/wiki) * Required reading: [1] [AMO description](https://addons.mozilla.org/firefox/addon/temporary-containers/) [2] [Article](https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21) [3] [TC's Wiki](https://github.com/stoically/temporary-containers/wiki)
@ -63,7 +54,6 @@ These extensions will not mask or alter any data sent or received, but may be us
* FF78+ [1636784](https://bugzilla.mozilla.org/1636784) cache * FF78+ [1636784](https://bugzilla.mozilla.org/1636784) cache
* Use FPI (First Party Isolation) and/or Temporary Containers * Use FPI (First Party Isolation) and/or Temporary Containers
* NoScript * NoScript
* ❗️ **CSP**: "NoScript uses some trickery to ensure its CSP headers are injected" <sup>[gorhill](https://bugzilla.mozilla.org/show_bug.cgi?id=1462989#c20)</sup>
* Privacy Badger * Privacy Badger
* Is easily [detected](https://adtechmadness.wordpress.com/2020/03/27/detecting-privacy-badgers-canvas-fp-detection/) and additional blocking via [hueristics](https://www.eff.org/privacybadger/faq#How-does-Privacy-Badger-work) is redundant or negligible when using uBlock Origin (depending on your configuration) * Is easily [detected](https://adtechmadness.wordpress.com/2020/03/27/detecting-privacy-badgers-canvas-fp-detection/) and additional blocking via [hueristics](https://www.eff.org/privacybadger/faq#How-does-Privacy-Badger-work) is redundant or negligible when using uBlock Origin (depending on your configuration)
* Ghostery, Disconnect * Ghostery, Disconnect