Updated 4.1 Extensions (markdown)

Thorin-Oakenpants 2022-10-13 02:05:13 +00:00
parent 19f7fa19b9
commit f236e9cf2b

@ -35,6 +35,12 @@ This list covers privacy and security related extensions only. While we believe
- Randomize canvas and audio, maybe webgl if you use that: the rest is not needed
* [Header Editor](https://addons.mozilla.org/firefox/addon/header-editor/) | <sup>[github](https://github.com/FirefoxBar/HeaderEditor)</sup>
- Allows you to run rules to modify the request header and response header, cancel a request and redirect a request. Be careful not to universally alter your passive fingerprint
* [Multi-Account Containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/) (MAC) | <sup>[github](https://github.com/mozilla/multi-account-containers)</sup> and [Temporary Containers](https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/) (TC) | <sup>✔ [privacy](https://addons.mozilla.org/firefox/addon/temporary-containers/privacy/)</sup> | <sup>[github](https://github.com/stoically/temporary-containers)</sup>
- While third parties are already partitioned with [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (dFPI), leveraging containers can provide additonal benefits, such as
- an extra layer of isolation, see [Bugzilla 1767271](https://bugzilla.mozilla.org/1767271)
- signing in to multiple accounts on the same site
- MAC and Mozilla VPN adds [advanced VPN and proxy settings](https://support.mozilla.org/en-US/kb/use-multi-account-containers-mozilla-vpn)
- While TC provides sanitizing, and uses a [dFPI-compatible API](https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/contextualIdentities/remove), this is not why it is recommended as optional, see the `Cookie extensions` in the `DON'T BOTHER` section below
* [Request Control](https://addons.mozilla.org/firefox/addon/requestcontrol/) | <sup>[github](https://github.com/tumpio/requestcontrol)</sup> | <sup>[manual](https://github.com/tumpio/requestcontrol/blob/master/_locales/en/manual.wiki)</sup> | <sup>[testing links](https://github.com/tumpio/requestcontrol/wiki/Testing-links)</sup>
* [Redirector](https://addons.mozilla.org/firefox/addon/redirector/) <sup>✔ [privacy](https://github.com/einaregilsson/Redirector/blob/master/privacy.md)</sup> | <sup>[github](https://github.com/einaregilsson/Redirector)</sup>
* [Smart Referer](https://addons.mozilla.org/firefox/addon/smart-referer/) <sup>✔ [privacy](https://addons.mozilla.org/firefox/addon/smart-referer/privacy/)</sup> | <sup>[gitlab](https://gitlab.com/smart-referer/smart-referer)</sup> | <sup>[github: archived](https://github.com/meh/smart-referer)</sup>
@ -89,8 +95,7 @@ These extensions will not mask or alter any data sent or received, but may be us
- Third parties are already partitioned if you use [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (dFPI)
- Replacing _some version specific_ scripts on CDNs with local versions is not a comprehensive solution and is a form of [enumerating badness](https://www.ranum.com/security/computer_security/editorials/dumb/). While it may work with some scripts that are included it doesnt help with most other third party connections
- CDN extensions don't really improve privacy as far as sharing your IP address is concerned and their usage is fingerprintable as this Tor Project developer [points out](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22089#note_2639603). They are the [wrong tool](https://en.wikipedia.org/wiki/XY_problem) for the job and are not a substitute for a good VPN or Tor Browser. Its worth noting the [resources](https://git.synz.io/Synzvato/decentraleyes/-/tree/master/resources) for Decentraleyes are over three years out of date and would not likely be used anyway
* Temporary Containers, Cookie extensions
- Third parties are already partitioned with [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (dFPI)
* Cookie extensions
- ❗Sanitizing in-session is a false sense of privacy. They do nothing for IP tracking. Even Tor Browser does not sanitize in-session e.g. when you request a new circuit. A new ID requires _both_ full sanitizing _and_ a new IP. The same applies to Firefox
- ❗Cookie extensions can lack APIs or implementation of them to properly sanitize
- e.g. at the time of writing: [Cookie Auto Delete](https://addons.mozilla.org/firefox/addon/cookie-autodelete/)