Updated 4.1 Extensions (markdown)

4.1-Extensions.md

@@ -2,7 +2,7 @@ These are our current web browser recommendations and settings you can use to pr
 
 This list covers privacy and security related extensions only. While we believe these are the very best of the best, this can be subjective depending on your needs. We are also not saying you have to use all these extensions.
 
-### :small_orange_diamond: Extensions (in no particular order...)
+### :small_orange_diamond: Extensions
 
 * [uBlock Origin](https://addons.mozilla.org/firefox/addon/ublock-origin/) <sup>✔ [Privacy](https://github.com/gorhill/uBlock/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uBlock)
    * ⭐ import [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt) | [GitHub](https://github.com/DandelionSprout/adfilt/blob/master/LegitimateURLShortener.txt)
@@ -11,18 +11,18 @@ This list covers privacy and security related extensions only. While we believe
 * [Skip Redirect](https://addons.mozilla.org/firefox/addon/skip-redirect/) | [GitHub](https://github.com/sblask/webextension-skip-redirect)
 
 ---
-### :small_orange_diamond: Extensions (maybe)
-* [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/canvasblocker/privacy/)</sup> | [GitHub](https://github.com/kkapsner/CanvasBlocker)
-  - `Canvas API`: great fallback if you allow an RFP canvas site exception
-  - `Screen API` and `Navigator API`: don't use with RFP
-  - `The rest`: good protection against naive scripts, detectable with advanced scripts
+### :small_orange_diamond: Extensions [Maybe]
 * [Header Editor](https://addons.mozilla.org/firefox/addon/header-editor/) | [GitHub](https://github.com/FirefoxBar/HeaderEditor)
   - Allows you to run [Rules](https://github.com/arkenfox/user.js/wiki/4.2.4-Header-Editor) to modify modify the request header and response header, cancel a request and redirect a request. Be careful not to alter your passive fingerprint
 * [Request Control](https://addons.mozilla.org/firefox/addon/requestcontrol/) | [GitHub](https://github.com/tumpio/requestcontrol) | [Manual](https://github.com/tumpio/requestcontrol/blob/master/_locales/en/manual.md) | [Testing links](https://github.com/tumpio/requestcontrol/wiki/Testing-links)
 * [Redirector](https://addons.mozilla.org/firefox/addon/redirector/) <sup>✔ [Privacy](https://github.com/einaregilsson/Redirector/blob/master/privacy.md)</sup> | [GitHub](https://github.com/einaregilsson/Redirector)
-* [Temporary Containers](https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/) <sup>✔ Privacy (stated on AMO)</sup> | [GitHub](https://github.com/stoically/temporary-containers)
-  - This can achieve *almost* everything First Party Isolation (FPI) does without breaking cross-domain logins. And (with or without FPI), in a hardened TC setup, this can even isolate repeat visits to the same domain, which FPI alone cannot.
-  - Required reading: [1] [AMO description](https://addons.mozilla.org/firefox/addon/temporary-containers/) [2] [Article](https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21) [3] [TC's Wiki](https://github.com/stoically/temporary-containers/wiki)
+* [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/canvasblocker/privacy/)</sup> | [GitHub](https://github.com/kkapsner/CanvasBlocker)
+  - ⭐ RFP users
+    - This is redundant
+    - Note: If you allow a site exception for canvas, this is not universal: it's one metric and one specific test for that one site: it does not fingerprint you beyond that first party, and it may not even be fingerprinting you
+    - Warning: Some of the APIs will interfere with RFP, as extensions are the last to modify
+  - ⭐ non-RFP users
+    - good protection against naive scripts, detectable with advanced scripts
 
 ---
 ### :small_orange_diamond: Extensions [Tools]
@@ -61,12 +61,14 @@ These extensions will not mask or alter any data sent or received, but may be us
   - Third parties are already isolated if you use Total Cookie Protection (dFPI) or FPI
   - Replacing scripts on CDNs with local versions is not a comprehensive solution and is a form of [enumerating badness](https://www.ranum.com/security/computer_security/editorials/dumb/). While it may work with some scripts that are included it doesn’t help with most other third party connections
   - CDN extensions don't really improve privacy as far as sharing your IP address is concerned and their usage is fingerprintable as this Tor Project developer [points out](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22089#note_2639603). They are the [wrong tool](https://en.wikipedia.org/wiki/XY_problem) for the job and are not a substitute for a good VPN or Tor Browser. Its worth noting the [resources](https://git.synz.io/Synzvato/decentraleyes/-/tree/master/resources) for Decentraleyes are hugely out of date and would not be likely be used anyway
+
+❗️ Sanitizing in-session is a false sense of privacy. Extensions may lack APIs or application of them, and it does nothing for IP tracking. If this is your threat model, use the Tor Browser
+
+* Temporary Containers
+  - Redundant with Total Cookie Protection (dFPI) or FPI
+  - If you want to multiple logins to the same site, use MAC
 * Cookie extensions
-   - ❗️ Functionality for extensions may be missing for clearing IndexedDB, Service Workers cache, or cache **by host**. Clearing cookies & localStorage on their own, and leaving orphaned persistent data is a false sense of privacy
-      * see [1340511](https://bugzilla.mozilla.org/1340511) for progress on this
-         * FF77+ [1551301](https://bugzilla.mozilla.org/1551301) IDB [1632990](https://bugzilla.mozilla.org/1632990) Service Workers cache
-         * FF78+ [1636784](https://bugzilla.mozilla.org/1636784) cache
-   * Use FPI (First Party Isolation) or Total Cookie Protection (FF86+) ... and/or Temporary Containers
+  - Redundant with Total Cookie Protection (dFPI) or FPI
 
 ---