Git/firefox-user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2024-11-22 02:21:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updated 4.1 Extensions (markdown)

Thorin-Oakenpants 2020-09-15 11:22:11 +00:00
parent 375d26ec8e
commit bfa735393e
1 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
4.1-Extensions.md

@ -2,39 +2,39 @@ This list covers privacy and security related extensions only. While we believe
### :small_orange_diamond: Relevant Links
* [#655](https://github.com/ghacksuserjs/ghacks-user.js/issues/655) Submissions | [#350](https://github.com/ghacksuserjs/ghacks-user.js/issues/350) Prefs & Extensions | [#664](https://github.com/ghacksuserjs/ghacks-user.js/issues/664) CSP issues
* [#655](https://github.com/arkenfox/user.js/issues/655) Submissions | [#350](https://github.com/arkenfox/user.js/issues/350) Prefs & Extensions | [#664](https://github.com/arkenfox/user.js/issues/664) CSP issues
### :small_orange_diamond: **CSP**
- **FULLY** fixed in ESR78.1+ and FF78+
- [Developer Release Notes](https://wiki.developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/77#API_changes), [1462989](https://bugzilla.mozilla.org/show_bug.cgi?id=1462989), [1635781](https://bugzilla.mozilla.org/show_bug.cgi?id=1635781)
- :exclamation: **CSP**: When multiple extensions use CSP injection to modify headers, only one wins and predicting the winner is like [rolling a dice](https://github.com/ghacksuserjs/ghacks-user.js/issues/265#issuecomment-393935989). Some CSP items (this is not an exhaustive list) to be aware of are highlighted below.
- :exclamation: **CSP**: When multiple extensions use CSP injection to modify headers, only one wins and predicting the winner is like [rolling a dice](https://github.com/arkenfox/user.js/issues/265#issuecomment-393935989). Some CSP items (this is not an exhaustive list) to be aware of are highlighted below.
---
### :small_orange_diamond: Extensions (in no particular order...)
* [uBlock Origin](https://addons.mozilla.org/firefox/addon/ublock-origin/) <sup> [Privacy](https://github.com/gorhill/uBlock/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uBlock)
* :exclamation: **CSP**: Uncheck `Dashboard > Settings > Block remote fonts`. Font rules use CSP, use Request Control instead. [Other CSP issues](https://github.com/ghacksuserjs/ghacks-user.js/issues/664#issuecomment-472596147) include filter lists that use `$csp=` (and there are lot of them)
* [uMatrix](https://addons.mozilla.org/firefox/addon/umatrix/) <sup> [Privacy](https://github.com/gorhill/uMatrix/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uMatrix)
* [uBlock Origin](https://addons.mozilla.org/firefox/addon/ublock-origin/) <sup>? [Privacy](https://github.com/gorhill/uBlock/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uBlock)
* :exclamation: **CSP**: Uncheck `Dashboard > Settings > Block remote fonts`. Font rules use CSP, use Request Control instead. [Other CSP issues](https://github.com/arkenfox/user.js/issues/664#issuecomment-472596147) include filter lists that use `$csp=` (and there are lot of them)
* [uMatrix](https://addons.mozilla.org/firefox/addon/umatrix/) <sup>? [Privacy](https://github.com/gorhill/uMatrix/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uMatrix)
* :exclamation: **CSP**: uMatrix uses CSP for `$inline` and for web workers (maybe others)
* [HTTPS Everywhere](https://addons.mozilla.org/firefox/addon/https-everywhere/) <sup> [Privacy](https://www.eff.org/code/privacy/policy)</sup> | [GitHub](https://github.com/EFForg/https-everywhere)
* [HTTPS Everywhere](https://addons.mozilla.org/firefox/addon/https-everywhere/) <sup>? [Privacy](https://www.eff.org/code/privacy/policy)</sup> | [GitHub](https://github.com/EFForg/https-everywhere)
* :exclamation: **CSP**: Uncheck `Toolbar Icon > Encrypt All Sites Eligible (EASE)`
* [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) <sup> [Privacy](https://addons.mozilla.org/firefox/addon/canvasblocker/privacy/)</sup> | [GitHub](https://github.com/kkapsner/CanvasBlocker)
* [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) <sup>? [Privacy](https://addons.mozilla.org/firefox/addon/canvasblocker/privacy/)</sup> | [GitHub](https://github.com/kkapsner/CanvasBlocker)
* :exclamation: **CSP**: Uncheck `Misc > Block data URL pages`
* [Decentraleyes](https://addons.mozilla.org/firefox/addon/decentraleyes/) <sup> [Privacy](https://addons.mozilla.org/firefox/addon/decentraleyes/privacy/)</sup> | [GitLab](https://git.synz.io/Synzvato/decentraleyes) | [GitHub <sup>Archive</sup>](https://github.com/Synzvato/decentraleyes)
* [Decentraleyes](https://addons.mozilla.org/firefox/addon/decentraleyes/) <sup>? [Privacy](https://addons.mozilla.org/firefox/addon/decentraleyes/privacy/)</sup> | [GitLab](https://git.synz.io/Synzvato/decentraleyes) | [GitHub <sup>Archive</sup>](https://github.com/Synzvato/decentraleyes)
* :sparkles: uBlock Origin users should add the [following `noop` rules](https://git.synz.io/Synzvato/decentraleyes/wikis/Frequently-Asked-Questions) if required
* [Temporary Containers](https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/) <sup> Privacy (stated on AMO)</sup> | [GitHub](https://github.com/stoically/temporary-containers)
* [Temporary Containers](https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/) <sup>? Privacy (stated on AMO)</sup> | [GitHub](https://github.com/stoically/temporary-containers)
* This can achieve *almost* everything First Party Isolation (FPI) does without breaking cross-domain logins. And (with or without FPI), in a hardened TC setup, this can even isolate repeat visits to the same domain, which FPI alone cannot.
* Required reading: [1] [AMO description](https://addons.mozilla.org/firefox/addon/temporary-containers/) [2] [Article](https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21) [3] [TC's Wiki](https://github.com/stoically/temporary-containers/wiki)
* [CSS Exfil Protection](https://addons.mozilla.org/firefox/addon/css-exfil-protection/) | [GitHub](https://github.com/mlgualtieri/CSS-Exfil-Protection) | [Homepage + Test](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester)
* [Smart Referer](https://addons.mozilla.org/firefox/addon/smart-referer/) <sup> [Privacy](https://addons.mozilla.org/firefox/addon/smart-referer/privacy/)</sup> | [GitLab](https://gitlab.com/smart-referer/smart-referer) | [GitHub <sup>Archive</sup>](https://github.com/meh/smart-referer)
* [Smart Referer](https://addons.mozilla.org/firefox/addon/smart-referer/) <sup>? [Privacy](https://addons.mozilla.org/firefox/addon/smart-referer/privacy/)</sup> | [GitLab](https://gitlab.com/smart-referer/smart-referer) | [GitHub <sup>Archive</sup>](https://github.com/meh/smart-referer)
* [Header Editor](https://addons.mozilla.org/firefox/addon/header-editor/) | [GitHub](https://github.com/FirefoxBar/HeaderEditor)
* Allows you to run [Rules](https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.4-Header-Editor) to modify headers such as blocking ETags
* Allows you to run [Rules](https://github.com/arkenfox/user.js/wiki/4.2.4-Header-Editor) to modify headers such as blocking ETags
* [ETag Stoppa](https://addons.mozilla.org/firefox/addon/etag-stoppa/) | [GitHub](https://github.com/claustromaniac/ETag-Stoppa) Use this if you don't want a full-on header extension
* [Neat URL](https://addons.mozilla.org/firefox/addon/neat-url/) <sup> [Privacy](https://addons.mozilla.org/firefox/addon/neat-url/privacy/)</sup> | [GitHub](https://github.com/Smile4ever/Neat-URL)
* [Neat URL](https://addons.mozilla.org/firefox/addon/neat-url/) <sup>? [Privacy](https://addons.mozilla.org/firefox/addon/neat-url/privacy/)</sup> | [GitHub](https://github.com/Smile4ever/Neat-URL)
* [Skip Redirect](https://addons.mozilla.org/firefox/addon/skip-redirect/) | [GitHub](https://github.com/sblask/webextension-skip-redirect)
* [ClearURLs](https://addons.mozilla.org/firefox/addon/clearurls/) <sup> Privacy (stated on AMO)</sup> | [GitLab](https://gitlab.com/KevinRoebert/ClearUrls) | [GitHub <sup>Archive</sup>](https://github.com/KevinRoebert/ClearUrls)
* [ClearURLs](https://addons.mozilla.org/firefox/addon/clearurls/) <sup>? Privacy (stated on AMO)</sup> | [GitLab](https://gitlab.com/KevinRoebert/ClearUrls) | [GitHub <sup>Archive</sup>](https://github.com/KevinRoebert/ClearUrls)
* [Request Control](https://addons.mozilla.org/firefox/addon/requestcontrol/) | [GitHub](https://github.com/tumpio/requestcontrol) | [Manual](https://github.com/tumpio/requestcontrol/blob/master/_locales/en/manual.md) | [Testing links](https://github.com/tumpio/requestcontrol/wiki/Testing-links)
* [Redirector](https://addons.mozilla.org/firefox/addon/redirector/) <sup> [Privacy](https://github.com/einaregilsson/Redirector/blob/master/privacy.md)</sup> | [GitHub](https://github.com/einaregilsson/Redirector)
* [Redirector](https://addons.mozilla.org/firefox/addon/redirector/) <sup>? [Privacy](https://github.com/einaregilsson/Redirector/blob/master/privacy.md)</sup> | [GitHub](https://github.com/einaregilsson/Redirector)
---
@ -45,7 +45,7 @@ These extensions will not mask or alter any data sent or received, but may be us
* [uBO-Scope](https://addons.mozilla.org/firefox/addon/ubo-scope/) | [GitHub](https://github.com/gorhill/uBO-Scope)
* [Behave](https://addons.mozilla.org/firefox/addon/behave/) | [GitHub](https://github.com/mindedsecurity/behave)
* monitors and warns if a web page; performs DNS Rebinding attacks to Private IPs, accesses Private IPs, does Port Scans
* [True Sight](https://addons.mozilla.org/firefox/addon/detect-cloudflare-plus/) <sup>[Privacy](https://addons.mozilla.org/firefox/addon/detect-cloudflare-plus/privacy/)</sup> | [GitHub](https://github.com/claustromaniac/detect-cloudflare-plus)
* [True Sight](https://addons.mozilla.org/firefox/addon/detect-cloudflare-plus/) ? <sup>[Privacy](https://addons.mozilla.org/firefox/addon/detect-cloudflare-plus/privacy/)</sup> | [GitHub](https://github.com/claustromaniac/detect-cloudflare-plus)
* Why would you want to detect CDNs? Read [this](https://github.com/claustromaniac/detect-cloudflare-PA/blob/master/README.md#motivation).
* [mozlz4-edit](https://addons.mozilla.org/firefox/addon/mozlz4-edit/) | [Github](https://github.com/serj-kzv/mozlz4-edit)
* inspect and/or edit `*.lz4`, `*.mozlz4`, `*.jsonlz4`, `*.baklz4` and `*.json` files within FF
@ -59,13 +59,13 @@ These extensions will not mask or alter any data sent or received, but may be us
### :small_orange_diamond: Don't Bother...
* Cookie extensions
* ❗️ Functionality for extensions may be missing for clearing IndexedDB, Service Workers cache, or cache **by host**. Clearing cookies & localStorage on their own, and leaving orphaned persistent data is a false sense of privacy
* ?? Functionality for extensions may be missing for clearing IndexedDB, Service Workers cache, or cache **by host**. Clearing cookies & localStorage on their own, and leaving orphaned persistent data is a false sense of privacy
* see [1340511](https://bugzilla.mozilla.org/1340511) for progress on this
* FF77+ [1551301](https://bugzilla.mozilla.org/1551301) IDB [1632990](https://bugzilla.mozilla.org/1632990) Service Workers cache
* FF78+ [1636784](https://bugzilla.mozilla.org/1636784) cache
* Use FPI (First Party Isolation) and/or Temporary Containers
* NoScript
* ❗️ **CSP**: "NoScript uses some trickery to ensure its CSP headers are injected" <sup>[gorhill](https://bugzilla.mozilla.org/show_bug.cgi?id=1462989#c20)</sup>
* ?? **CSP**: "NoScript uses some trickery to ensure its CSP headers are injected" <sup>[gorhill](https://bugzilla.mozilla.org/show_bug.cgi?id=1462989#c20)</sup>
* Privacy Badger
* Is easily [detected](https://adtechmadness.wordpress.com/2020/03/27/detecting-privacy-badgers-canvas-fp-detection/) and additional blocking via [hueristics](https://www.eff.org/privacybadger/faq#How-does-Privacy-Badger-work) is redundant or negligible when using uBlock Origin (depending on your configuration)
* Ghostery, Disconnect
@ -73,7 +73,7 @@ These extensions will not mask or alter any data sent or received, but may be us
---
### :small_orange_diamond: ⚠️ Anti-Fingerprinting Extensions... F&%K NO!
### :small_orange_diamond: ?? Anti-Fingerprinting Extensions... F&%K NO!
* **DON'T BOTHER** to **USE** extension features to **CHANGE** any RFP protections
* Exception: where you can whitelist a site for functionality and you know the risks