Updated 4.1 Extensions (markdown)

Thorin-Oakenpants 2019-05-08 12:22:03 +00:00
parent 8ed0d8d482
commit 8aeafaacc6

@ -15,17 +15,17 @@ These are all, where applicable, best configured to `deny-all` and whitelist.
* :exclamation: **CSP**: Uncheck `Dashboard > Settings > Block remote fonts`. Font **rules** use CSP [unsure about font filters]. Use Request Control instead.
* [uMatrix](https://addons.mozilla.org/firefox/addon/umatrix/) <sup>✔ [Privacy](https://github.com/gorhill/uMatrix/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uMatrix)
* :exclamation: **CSP**: uMatrix uses CSP for `$inline` and for web workers (may be others)
* :exclamation: uBlock Origin users should add the [following rules](https://git.synz.io/Synzvato/decentraleyes/wikis/Frequently-Asked-Questions) if required
* [HTTPS Everywhere](https://addons.mozilla.org/firefox/addon/https-everywhere/) <sup>✔ [Privacy](https://www.eff.org/code/privacy/policy)</sup> | [GitHub](https://github.com/EFForg/https-everywhere)
* :exclamation: **CSP**: Uncheck `Toolbar Icon > Encrypt All Sites Eligible (EASE)`
* [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/canvasblocker/privacy/)</sup> | [GitHub](https://github.com/kkapsner/CanvasBlocker)
* :exclamation: **CSP**: Uncheck `Misc > Block data URL pages`
* [Decentraleyes](https://addons.mozilla.org/firefox/addon/decentraleyes/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/decentraleyes/privacy/)</sup> | [GitLab](https://git.synz.io/Synzvato/decentraleyes) | [GitHub <sup>Archive</sup>](https://github.com/Synzvato/decentraleyes)
* :sparkles: uBlock Origin users should add the [following rules](https://git.synz.io/Synzvato/decentraleyes/wikis/Frequently-Asked-Questions) if required
* [CSS Exfil Protection](https://addons.mozilla.org/firefox/addon/css-exfil-protection/) | [GitHub](https://github.com/mlgualtieri/CSS-Exfil-Protection) | [Homepage + Test](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester)
* [Smart Referer](https://addons.mozilla.org/firefox/addon/smart-referer/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/smart-referer/privacy/)</sup> | [GitLab](https://gitlab.com/smart-referer/smart-referer) | [GitHub <sup>Archive</sup>](https://github.com/meh/smart-referer)
* [Header Editor](https://addons.mozilla.org/firefox/addon/header-editor/) | [GitHub](https://github.com/FirefoxBar/HeaderEditor)
* Allows you to run [Rules](https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.4-Header-Editor) to modify headers such as blocking ETags
* :bulb: Use [ETag Stoppa](https://addons.mozilla.org/firefox/addon/etag-stoppa/) | [GitHub](https://github.com/claustromaniac/ETag-Stoppa) if you don't want a full-on header extension
* [ETag Stoppa](https://addons.mozilla.org/firefox/addon/etag-stoppa/) | [GitHub](https://github.com/claustromaniac/ETag-Stoppa) Use this if you don't want a full-on header extension
* [Neat URL](https://addons.mozilla.org/firefox/addon/neat-url/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/neat-url/privacy/)</sup> | [GitHub](https://github.com/Smile4ever/firefoxaddons)
* [Skip Redirect](https://addons.mozilla.org/firefox/addon/skip-redirect/) | [GitHub](https://github.com/sblask/webextension-skip-redirect)
* [ClearURLs](https://addons.mozilla.org/firefox/addon/clearurls/) <sup>✔ Privacy (stated on AMO)</sup> | [GitLab](https://gitlab.com/KevinRoebert/ClearUrls) | [GitHub <sup>Archive</sup>](https://github.com/KevinRoebert/ClearUrls)
@ -35,7 +35,7 @@ These are all, where applicable, best configured to `deny-all` and whitelist.
* [Request Control](https://addons.mozilla.org/firefox/addon/requestcontrol/) | [GitHub](https://github.com/tumpio/requestcontrol) | [Manual](https://github.com/tumpio/requestcontrol/blob/master/_locales/en/manual.md) | [Testing links](https://github.com/tumpio/requestcontrol/wiki/Testing-links)
* [Redirector](https://addons.mozilla.org/firefox/addon/redirector/) <sup>✔ [Privacy](https://github.com/einaregilsson/Redirector/blob/master/privacy.md)</sup> | [GitHub](https://github.com/einaregilsson/Redirector)
* [Cookie AutoDelete](https://addons.mozilla.org/firefox/addon/cookie-autodelete/) <sup>✔ [Privacy](https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/wiki/Privacy-Policy)</sup> | [GitHub](https://github.com/mrdokenny/Cookie-AutoDelete)
* :exclamation: APIs do not exist to allow clearing IndexedDB, Service Workers cache, appCache, or cache by host. Clearing cookies & localStorage on their own, and leaving orphaned persistent data is a false sense of privacy. Check [here](https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/wiki/FAQ:-Common-Questions-and-Issues#what-is-the-state-of-the-webextension-api-to-clean-x-data)
* :warning: APIs do not exist to allow clearing IndexedDB, Service Workers cache, appCache, or cache by host. Clearing cookies & localStorage on their own, and leaving orphaned persistent data is a false sense of privacy. Check [here](https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/wiki/FAQ:-Common-Questions-and-Issues#what-is-the-state-of-the-webextension-api-to-clean-x-data)
* [Temporary Containers](https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/) <sup>✔ Privacy (stated on AMO)</sup> | [GitHub](https://github.com/stoically/temporary-containers)
* This can achieve *almost* everything First Party Isolation (FPI) does without breaking cross-domain logins. And (with or without FPI), in a hardened TC setup, this can even isolate repeat visits to the same domain, which FPI alone cannot.
* Required reading: [1] [AMO description](https://addons.mozilla.org/firefox/addon/temporary-containers/) [2] [Article](https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21) [3] [TC's Wiki](https://github.com/stoically/temporary-containers/wiki)