mirror of
https://github.com/arkenfox/user.js.git
synced 2025-10-31 13:55:26 +01:00
Updated 4.1 Extensions (markdown)
Thorin-Oakenpants
@@ -13,16 +13,16 @@ This list covers privacy and security related extensions only. While we believe
|
||||
---
|
||||
### :small_orange_diamond: Extensions (maybe)
|
||||
* [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/canvasblocker/privacy/)</sup> | [GitHub](https://github.com/kkapsner/CanvasBlocker)
|
||||
- `Canvas API`: great fallback if you allow an RFP canvas site exception
|
||||
- `Screen API` and `Navigator API`: don't use with RFP
|
||||
- `The rest`: good protection against naive scripts, detectable with advanced scripts
|
||||
- `Canvas API`: great fallback if you allow an RFP canvas site exception
|
||||
- `Screen API` and `Navigator API`: don't use with RFP
|
||||
- `The rest`: good protection against naive scripts, detectable with advanced scripts
|
||||
* [Header Editor](https://addons.mozilla.org/firefox/addon/header-editor/) | [GitHub](https://github.com/FirefoxBar/HeaderEditor)
|
||||
* Allows you to run [Rules](https://github.com/arkenfox/user.js/wiki/4.2.4-Header-Editor) to modify modify the request header and response header, cancel a request and redirect a request. Be careful not to alter your passive fingerprint
|
||||
- Allows you to run [Rules](https://github.com/arkenfox/user.js/wiki/4.2.4-Header-Editor) to modify modify the request header and response header, cancel a request and redirect a request. Be careful not to alter your passive fingerprint
|
||||
* [Request Control](https://addons.mozilla.org/firefox/addon/requestcontrol/) | [GitHub](https://github.com/tumpio/requestcontrol) | [Manual](https://github.com/tumpio/requestcontrol/blob/master/_locales/en/manual.md) | [Testing links](https://github.com/tumpio/requestcontrol/wiki/Testing-links)
|
||||
* [Redirector](https://addons.mozilla.org/firefox/addon/redirector/) <sup>✔ [Privacy](https://github.com/einaregilsson/Redirector/blob/master/privacy.md)</sup> | [GitHub](https://github.com/einaregilsson/Redirector)
|
||||
* [Temporary Containers](https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/) <sup>✔ Privacy (stated on AMO)</sup> | [GitHub](https://github.com/stoically/temporary-containers)
|
||||
* This can achieve *almost* everything First Party Isolation (FPI) does without breaking cross-domain logins. And (with or without FPI), in a hardened TC setup, this can even isolate repeat visits to the same domain, which FPI alone cannot.
|
||||
* Required reading: [1] [AMO description](https://addons.mozilla.org/firefox/addon/temporary-containers/) [2] [Article](https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21) [3] [TC's Wiki](https://github.com/stoically/temporary-containers/wiki)
|
||||
- This can achieve *almost* everything First Party Isolation (FPI) does without breaking cross-domain logins. And (with or without FPI), in a hardened TC setup, this can even isolate repeat visits to the same domain, which FPI alone cannot.
|
||||
- Required reading: [1] [AMO description](https://addons.mozilla.org/firefox/addon/temporary-containers/) [2] [Article](https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21) [3] [TC's Wiki](https://github.com/stoically/temporary-containers/wiki)
|
||||
|
||||
---
|
||||
### :small_orange_diamond: Extensions [Tools]
|
||||
@@ -31,38 +31,38 @@ These extensions will not mask or alter any data sent or received, but may be us
|
||||
|
||||
* [uBO-Scope](https://addons.mozilla.org/firefox/addon/ubo-scope/) | [GitHub](https://github.com/gorhill/uBO-Scope)
|
||||
* [Behave](https://addons.mozilla.org/firefox/addon/behave/) | [GitHub](https://github.com/mindedsecurity/behave)
|
||||
* monitors and warns if a web page; performs DNS Rebinding attacks to Private IPs, accesses Private IPs, does Port Scans
|
||||
- Monitors and warns if a web page; performs DNS Rebinding attacks to Private IPs, accesses Private IPs, does Port Scans
|
||||
* [True Sight](https://addons.mozilla.org/firefox/addon/detect-cloudflare-plus/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/detect-cloudflare-plus/privacy/)</sup> | [GitHub](https://github.com/claustromaniac/detect-cloudflare-plus)
|
||||
* Why would you want to detect CDNs? Read [this](https://github.com/claustromaniac/detect-cloudflare-PA/blob/master/README.md#motivation).
|
||||
- Why would you want to detect CDNs? Read [this](https://github.com/claustromaniac/detect-cloudflare-PA/blob/master/README.md#motivation).
|
||||
* [mozlz4-edit](https://addons.mozilla.org/firefox/addon/mozlz4-edit/) | [Github](https://github.com/serj-kzv/mozlz4-edit)
|
||||
* inspect and/or edit `*.lz4`, `*.mozlz4`, `*.jsonlz4`, `*.baklz4` and `*.json` files within FF
|
||||
- Inspect and/or edit `*.lz4`, `*.mozlz4`, `*.jsonlz4`, `*.baklz4` and `*.json` files within FF
|
||||
* [CRX Viewer](https://addons.mozilla.org/firefox/addon/crxviewer/) | [GitHub](https://github.com/Rob--W/crxviewer)
|
||||
* [Compare-UserJS](https://github.com/claustromaniac/Compare-UserJS)
|
||||
* Not an extension, but an excellent tool to compare user.js files and output the diffs in detailed breakdown - by our very own incomparable [claustromaniac](https://github.com/claustromaniac) :cat2:
|
||||
* [Enterprise Policy Generator](https://addons.mozilla.org/firefox/addon/enterprise-policy-generator/) | [GitHub](https://github.com/cadeyrn/enterprise-policy-generator)
|
||||
* For ESR60+ and [Enterprise Policies](https://support.mozilla.org/en-US/products/firefox-enterprise/policies-enterprise)
|
||||
- For ESR60+ and [Enterprise Policies](https://support.mozilla.org/en-US/products/firefox-enterprise/policies-enterprise)
|
||||
* [Compare-UserJS](https://github.com/claustromaniac/Compare-UserJS)
|
||||
- Not an extension, but an tool to compare user.js files and output the diffs in detailed breakdown - by our very own [claustromaniac](https://github.com/claustromaniac) :cat2:
|
||||
|
||||
---
|
||||
|
||||
### :small_orange_diamond: Don't Bother...
|
||||
* uMatrix
|
||||
- ⚠️ No longer maintained, the last commit was April 2020 except for a [one-off patch](https://github.com/gorhill/uMatrix/releases/tag/1.4.2) to fix a [vulnerability](https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc)
|
||||
- Everything uMatrix did can be covered by prefs or other extensions: use uBlock Origin for any content blocking.
|
||||
* HTTPS Everywhere
|
||||
- Scheduled for [deprecation](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) and redundant with [HTTPS-Only Mode](https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/)
|
||||
- ⚠️ No longer maintained, the last commit was April 2020 except for a [one-off patch](https://github.com/gorhill/uMatrix/releases/tag/1.4.2) to fix a [vulnerability](https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc)
|
||||
- Everything uMatrix did can be covered by prefs or other extensions: use uBlock Origin for any content blocking.
|
||||
* NoScript, Ghostery, Disconnect, Privacy Badger, etc
|
||||
* redundant with uBlock Origin
|
||||
* Note: Privacy Badger is easily [detected](https://adtechmadness.wordpress.com/2020/03/27/detecting-privacy-badgers-canvas-fp-detection/), and [no longer](https://www.eff.org/deeplinks/2020/10/privacy-badger-changing-protect-you-better) uses [hueristics](https://www.eff.org/privacybadger/faq#How-does-Privacy-Badger-work)
|
||||
- Redundant with uBlock Origin
|
||||
- Note: Privacy Badger is easily [detected](https://adtechmadness.wordpress.com/2020/03/27/detecting-privacy-badgers-canvas-fp-detection/), and [no longer](https://www.eff.org/deeplinks/2020/10/privacy-badger-changing-protect-you-better) uses [hueristics](https://www.eff.org/privacybadger/faq#How-does-Privacy-Badger-work)
|
||||
* Neat URL, ClearURLs
|
||||
* redundant with uBlock Origin's [`removeparam`](https://github.com/gorhill/uBlock/wiki/Static-filter-syntax#removeparam)
|
||||
* [CSS Exfil Protection](https://addons.mozilla.org/firefox/addon/css-exfil-protection/) | [GitHub](https://github.com/mlgualtieri/CSS-Exfil-Protection) | [Homepage + Test](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester)
|
||||
* Practically zero threat and if the platform's CSS was compromised, you'd have bigger problems to worry about
|
||||
- Redundant with uBlock Origin's [`removeparam`](https://github.com/gorhill/uBlock/wiki/Static-filter-syntax#removeparam)
|
||||
* HTTPS Everywhere
|
||||
- Scheduled for [deprecation](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) and redundant with [HTTPS-Only Mode](https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/)
|
||||
* CSS Exfil Protection
|
||||
- Practically zero threat and if the platform's CSS was compromised, you'd have bigger problems to worry about
|
||||
* Decentraleyes, LocalCDN
|
||||
* Third parties are already isolated if you use Total Cookie Protection (dFPI) or FPI
|
||||
* Replacing scripts on CDNs with local versions is not a comprehensive solution and is a form of [enumerating badness](https://www.ranum.com/security/computer_security/editorials/dumb/). While it may work with some scripts that are included it doesn’t help with most other third party connections
|
||||
* CDN extensions don't really improve privacy as far as sharing your IP address is concerned and their usage is fingerprintable as this Tor Project developer [points out](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22089#note_2639603). They are the [wrong tool](https://en.wikipedia.org/wiki/XY_problem) for the job and are not a substitute for a good VPN or Tor Browser. Its worth noting the [resources](https://git.synz.io/Synzvato/decentraleyes/-/tree/master/resources) for Decentraleyes are hugely out of date and would not be likely be used anyway
|
||||
- Third parties are already isolated if you use Total Cookie Protection (dFPI) or FPI
|
||||
- Replacing scripts on CDNs with local versions is not a comprehensive solution and is a form of [enumerating badness](https://www.ranum.com/security/computer_security/editorials/dumb/). While it may work with some scripts that are included it doesn’t help with most other third party connections
|
||||
- CDN extensions don't really improve privacy as far as sharing your IP address is concerned and their usage is fingerprintable as this Tor Project developer [points out](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22089#note_2639603). They are the [wrong tool](https://en.wikipedia.org/wiki/XY_problem) for the job and are not a substitute for a good VPN or Tor Browser. Its worth noting the [resources](https://git.synz.io/Synzvato/decentraleyes/-/tree/master/resources) for Decentraleyes are hugely out of date and would not be likely be used anyway
|
||||
* Cookie extensions
|
||||
* ❗️ Functionality for extensions may be missing for clearing IndexedDB, Service Workers cache, or cache **by host**. Clearing cookies & localStorage on their own, and leaving orphaned persistent data is a false sense of privacy
|
||||
- ❗️ Functionality for extensions may be missing for clearing IndexedDB, Service Workers cache, or cache **by host**. Clearing cookies & localStorage on their own, and leaving orphaned persistent data is a false sense of privacy
|
||||
* see [1340511](https://bugzilla.mozilla.org/1340511) for progress on this
|
||||
* FF77+ [1551301](https://bugzilla.mozilla.org/1551301) IDB [1632990](https://bugzilla.mozilla.org/1632990) Service Workers cache
|
||||
* FF78+ [1636784](https://bugzilla.mozilla.org/1636784) cache
|
||||
|
||||
Reference in New Issue
Block a user