sticky: extensions #655
Comments
|
Any thoughts on Trace by AbsoluteDouble? P.S.: IMHO it's a perfect fit for the "nah" category. |
|
Trace Firefox extension, IMHO, offers several of the features found on different extensions but doesn't really handle any of them correctly or at least as best as possible, as well as some others. Not yest anyway. My feeling is that the developer's work scheme was to install practically all features right from the start, more or less elaborated (rather less) and progressively bring each of these components to maturity. My preference is rather to add new features only once those in place have been optimized, not before. |
|
Add suggestions: Here on are not a suggestion, bust just for your info: |
Indeed. I have in mind another interesting Firefox extension which will as well provide the list of all sites accessed once on a page but will moreover display the security status of these connections:
This is interesting because not provided by uBO. |
|
About Kimetrac... I know you can see all that crap in uBO and uM and logger... but it caught my eye because: That is it, nothing further to discuss anyway, since I have put it in my post under the "section": Here on are not a suggestion, bust just for your info... so I don't care. Cheers and |
|
I've discovered a Firefox (& Chrome) extension which seems to me so worthy that I'd appreciate your opinion about it: API-Killer-IndexedDB at its GitHub repository, available at Add-ons for Firefox. What has always bothered me are sites laying data in my Firefox's profile storage/default folder, so called indexedDB. With this API-Killer-IndexedDB extension I can now avoid blocking cookie permission for sites such as youtube.com without having my indexedDB folder filled with unnecessary data (of course if cookie permission is session-only this data is removed on FF exit, yet I dislike sites laying on my computer what is not at all necessary). Works great here. The developer has other extensions of which API-Killer-WebSocket and API-Killer-WebAssembly, all three in the scope of ghackuserjs concerns. Any cons to argument? |
|
@StanGets |
|
@crssi I don't know the developer, I discovered the extension while reviewing AOM's updated extensions and immediately spotted API-Killer-IndexedDB because of the word killer associated to IndexedDB.... One thing is sure: it works. But as the developer notes it on his GitHub repository,
This is what I remain aware of but up to now, with cookies blocked and therefor indexedDB as well, I've encountered no problematic site. I'm really enthusiastic about this extension but there may be cons, I'm no professional. |
|
Thanks for correcting me, @Thorin-Oakenpants :
Indeed I have set Firefox to clear "offline website data" on close. Wow, I had it all wrong, thanks agaiin.
I'm afraid that's above my skills. I mentioned the extension because it solves my problems on websites where i'd like to have a cookie -- i.e. YouTube when a userscript aiming to block Autoplay does it by modifying the site's cookie -- but where allowing the cookie would have that site lay itself in my IDB ... but considering the best often includes drawbacks is why I ask here advice. |
This comment was marked as off-topic.
This comment was marked as off-topic.
Yeah, you're absolutely right @Thorin-Oakenpants , and I do use FPI! |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
|
@StanGets
Its actually simple to do. See the last line in the post #664 (comment)
Cheers :) |
|
@crssi thanks! Done and imputing But what I don't understand is the CRX extension being a requirement for checking CSP. Can't I just download an extension's xpi file, unzip it and search from there on? Second point is, how is searching for Anyway, thanks. This is not school, forget my wondering... |
No. Its not, but makes the whole process much much simpler. For sure you can just download and unzip, which CRX essentially is doing already for you. Cheers |
I find Site Bleacher interesting because it seems to handle IndexedDB in a more clever way than other comparable addons. For what I have seen, the IndexedDB a site has put in my browser, while remaining after closing my tab, is cleared as soon as I'm visiting this site again. This seems to me to be the most efficient way to handle IDB, given the API limitation. |
This comment has been hidden.
This comment has been hidden.
|
^^ This extension doesn't touch CSP. Did you even check? |
|
@StanGets with regard to CRX asked...
in the CRX search input use: |
|
re: Site Bleacher - been using it for a while and, according to dev, it does not raise entropy (he's not injecting anything into IDB storage that website can read like i thought he may have been) i just asked him if it handles Workers cache, but i'm pretty sure it don't |
The developer has removed all his API-Killers and all his other extensions except one, or these have been removed by Mozilla, no idea. I had indeed mentioned the API-Killer-IndexedDB for the reasons evoked here above. The extension having been removed from AMO, and because I ignore for what reasons, I've removed it as well from my Firefox profile. Because I continue to dislike sites pouring data in my IDB, I've found another way to block the IDB Web Api : WebAPI Blocker I checked all occurrences of IDBxxx proveded by this WebAPI blocker and disabled all 14 of them, which are: IDBCursor Works like a charm. Certainly not all 14 need to be disabled but until I check the ones strictly required i disable all. No issues at this time. |
|
so... i asked the Site Bleacher dev if he would have a go at cleaning the 'service workers' stuff and he did :) in addition to cookies, local storage and IndexedDB, the extension also addresses service workers, cache storages, filesystems and webSQLs - i don't know exactly what's covered by the latter 3, so i asked him here if anyone cares to follow that and his answer was "Don't really know" |
|
Is there a downside to using Clean Links over the other link cleaners listed on the wiki? https://addons.mozilla.org/en-US/firefox/addon/clean-links-webext/ Personally, I find this extension catches and cleans a lot more links than the alternatives (ClearURLs, Neat URL, Skip Redirect), but I remember back before webextensions, people having an issue with it. I use it with the following settings:
|
somebody more knowledgeable might chime in, but IMO CleanURLs is the best of the bunch because it covers more and breaks less (not sure i've ever had ClearURLs break anything) - it's been an install & forget ext. for me - no need to fiddle with white/black lists (doen't even have one) some may not like it because it uses an external file (hosted on gitlab) but that's actually a plus in one way in that the dev doesn't have to update the ext. every time they need to change something |
When using the examples on this page to test: Clean Links successfully cleans most of them, except for the "no redirection, only parameters" group (except for example no.11) and no.14 in misc. ClearURLs cleans: no.2, no.6, no.7, no.8, no.11 Again, I'm not an expert on this but I'm just asking so I can get more information edit: Just realized I referenced other issues on accident, I thought I had to select the issue when using the hashtag symbol. Sorry about that... |
|
i never actually tested CleanURLs, so i'm glad you did - given your findings, i'll have to reconsider Clean Links which is what i used before |
|
i made the mistake of writing CleanURLs instead of ClearURLs in this thread anyway, i visited the test page you linked to and most of the samples are redirects ... ClearURLs is designed to remove tracking params, so i'm not sure if it's supposed to deal with redirects??? seems like it should be though Skip Redirect caught all the redirect samples, but ClearURLs did not catch all of the "no redirection, only parameters" samples -- i'm not sure what to think, but maybe ClearURLs isn't the best solution - ima gonna chat with da dev n c whts up |
|
Repo here. |
|
If this is the wrong place for my question please let me know. I went through the extensions and found Smart Referer. I was checking a bit what it was and I do not 100% understand it yet. But, checking wikipedia, I found the following line:
Does this mean that if you have HTTPS-only, the extension does not really matter? |
|
@Duckbilled it does matter. The referrer is still sent if you go from a https to https site. The bit you quoted only matters if you go from https to http Tbh if you follow the settings from arkenfox user.js you referrer options are pretty strict. Smart Referer is more usefull if you didn't set your referrer options through the user.js |
|
FYI "LibreMatrix" has disappeared. Hopefully someone else forks uM,,, |
|
should i use cookie-autodelete? |
Are you using first party isolation? If you are, then what is your threat model? Clearing cookies (and hopefully other related data like service worker caches, IDB, localStorage etc) only makes sense if you're trying to stop tracking repeat visits to the same site within a session (you are sanitizing on close, right?) .. and even then, your visits are still linkable via your IP (so I would assume you have a VPN and it changes from time to time, and of course that temp IP you're using is shared) tl;dr: what is your threat model or end-game? |
|
@Thorin-Oakenpants I have a question, does using extensions like Dark reader or Dark background and light text increase entropy ? Can they be detected by the website as we are making changes to the design locally ? I'm specifically using Dark background and light text with a slightly tweaked grey color as the website background. Will this make me stand out in any obvious way ? |
|
If javascript is enabled, yes. PoCOpen a page (I used wikipedia), open the console and execute window.getComputedStyle(document.getElementsByTagName("body")[0]).backgroundColorWith Dark Reader: "rgb(29, 32, 33)" |
|
i would guess such scripts are not widespread and that those being used are not parsing through all the attribs. that said, i wonder if the server could hash the document when it spits it out, then compare the hash (assuming JS) with a client-side hash? |
Strange, mine shows the exact background color value that I set even with the Java script disabled using Ublock origin. I tried changing the values and executing this resulted in whatever values I set every time. |
Disabling JS in uB does not affect JS entered by the user in the console. |
Oh! my bad. Missed that logic. |
|
Why don't you guys refer https://github.com/Sainan/Universal-Bypass instead of https://github.com/sblask/webextension-skip-redirect? |
|
@DanKGooGLy - correct me if wrong, but Universal Bypass seems to be a very different animal than Skip Redirect in that UB doesn't skip redirects |
|
I don't know if any of you are in the EU, but here's a matter of QoL (quality-of-life). With an amnesic browser like this one (especially with Temporary Containers), either I don't care about cookies or Ninja Cookie feel nearly indispensable. You can train yourself to not mind all the cookie questions, but I think many would just give up on TC or arkenfox itself. Even after such training, I experience these as a huge QoL win. As an alternative, I just found that the uBlock Origin filter lists for annoyances (AdGuard, Fanboy, or EasyList Cookie), which seem to take care of many cases, but not YouTube for one. I'll continue to try them. Perhaps it could be useful to put in this as a tip on the wiki. I'm actually curious what you think about Ninja Cookie, i.e. automatically saying no to all the nonessentials. I don't think honest webmasters are a rare creature, so this would lead to less logging, right? |
|
I would avoid Ninja Cookie but that is just me. Good luck out there. \m/ |
|
Could anyone provide an opinion/recommendation concerning https://addons.mozilla.org/en-US/firefox/addon/trackmenot/, considering it’s no longer being maintainted? |
|
For uMatrix the wiki says "Use it as long as it works for you... except that's risky, because how do you know it's working properly?". As far as I can see (which is not much considering I'm no expert), it seems to work quite efficiently still, but am I missing some crucial detail here? I'd be glad to ditch it for uB0 only but uM is simpler to use in my case. |
|
github: https://github.com/ACK-J/Port_Authority
not sure this is something worth using - feedback appreciated |
Doesn't this add-on offer what gwarser's lan-block.txt list already provides? It blocks the scans on https://defuse.ca/in-browser-port-scanning.htm @gwarser : What do you think? |
This comment has been minimized.
This comment has been minimized.
uBlock Origin's CNAME blocking also takes care of the LexisNexis endpoint blocking as well. Edit: The addon seems to pick up Lexis Nexis endpoints not picked up by uBlock Origin, but more testing is needed to confirm that. Edit2: uBlock Origin blocks both the original script from running or if that is not blocked, the uncloaked domain. On another note, has anyone checked out https://github.com/garywill/autoreferer? Also with AdGuard URL Tracking filter being added to uBlock Origin, Neat URL is redundant. |
It looks good, but I prefer tools that allow you to specify the referer depending on the source URL and/or target URL, not the tab/window. |
|
I'm going to quote potassiumchloride's from minimized comment three posts up
... and then I'm going to FUCKING RUB IT IN HIS FACE Not cheering the fact this happened to uM, just pointing out that my apparent "very biased" "subjective" "personal" "FUD" was anything but
edit: and for the record, this was what it was, apparently "just saying that it's currently unmaintained and nothing else"
|
|
hpHosts has not disappeared from my uMatrix, even though I updated to 1.4.2 just now, unchecked the list, and restarted the browser. No harm done, this was just a quick edit to the default config I see on the commit... |
|
I updated to 1.4.4 but the "Reveal canonical names" option is now gone and adding the rule manually does nothing, can anyone confirm if they have the same issue? |
Get this build if you want cname uncloaking https://github.com/gorhill/uMatrix/releases/tag/1.4.3b0 |
and others
previous threads #492 #294 #211 #12
Use this issue for extension announcements: new, gone-to-sh*t, recommendations for adding or dropping in the wiki list 4.1: Extensions. Stick to privacy and security related items
The text was updated successfully, but these errors were encountered: