sticky: extensions #655
Comments
|
Any thoughts on Trace by AbsoluteDouble? P.S.: IMHO it's a perfect fit for the "nah" category. |
|
Trace Firefox extension, IMHO, offers several of the features found on different extensions but doesn't really handle any of them correctly or at least as best as possible, as well as some others. Not yest anyway. My feeling is that the developer's work scheme was to install practically all features right from the start, more or less elaborated (rather less) and progressively bring each of these components to maturity. My preference is rather to add new features only once those in place have been optimized, not before. |
|
Add suggestions: Here on are not a suggestion, bust just for your info: |
Indeed. I have in mind another interesting Firefox extension which will as well provide the list of all sites accessed once on a page but will moreover display the security status of these connections:
This is interesting because not provided by uBO. |
|
About Kimetrac... I know you can see all that crap in uBO and uM and logger... but it caught my eye because: That is it, nothing further to discuss anyway, since I have put it in my post under the "section": Here on are not a suggestion, bust just for your info... so I don't care. 😄 Cheers and ❤️ you all 😸 |
|
I've discovered a Firefox (& Chrome) extension which seems to me so worthy that I'd appreciate your opinion about it: API-Killer-IndexedDB at its GitHub repository, available at Add-ons for Firefox. What has always bothered me are sites laying data in my Firefox's profile storage/default folder, so called indexedDB. With this API-Killer-IndexedDB extension I can now avoid blocking cookie permission for sites such as youtube.com without having my indexedDB folder filled with unnecessary data (of course if cookie permission is session-only this data is removed on FF exit, yet I dislike sites laying on my computer what is not at all necessary). Works great here. The developer has other extensions of which API-Killer-WebSocket and API-Killer-WebAssembly, all three in the scope of ghackuserjs concerns. Any cons to argument? |
|
@StanGets |
|
@crssi I don't know the developer, I discovered the extension while reviewing AOM's updated extensions and immediately spotted API-Killer-IndexedDB because of the word killer associated to IndexedDB.... One thing is sure: it works. But as the developer notes it on his GitHub repository,
This is what I remain aware of but up to now, with cookies blocked and therefor indexedDB as well, I've encountered no problematic site. I'm really enthusiastic about this extension but there may be cons, I'm no professional. |
|
Thanks for correcting me, @Thorin-Oakenpants :
Indeed I have set Firefox to clear "offline website data" on close. Wow, I had it all wrong, thanks agaiin.
I'm afraid that's above my skills. I mentioned the extension because it solves my problems on websites where i'd like to have a cookie -- i.e. YouTube when a userscript aiming to block Autoplay does it by modifying the site's cookie -- but where allowing the cookie would have that site lay itself in my IDB ... but considering the best often includes drawbacks is why I ask here advice. |
This comment has been minimized.
This comment has been minimized.
Yeah, you're absolutely right @Thorin-Oakenpants , and I do use FPI! |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
@StanGets
Its actually simple to do. See the last line in the post #664 (comment)
Cheers :) |
|
@crssi thanks! Done and imputing But what I don't understand is the CRX extension being a requirement for checking CSP. Can't I just download an extension's xpi file, unzip it and search from there on? Second point is, how is searching for Anyway, thanks. This is not school, forget my wondering... |
No. Its not, but makes the whole process much much simpler. For sure you can just download and unzip, which CRX essentially is doing already for you. 😉 Cheers |
I find Site Bleacher interesting because it seems to handle IndexedDB in a more clever way than other comparable addons. For what I have seen, the IndexedDB a site has put in my browser, while remaining after closing my tab, is cleared as soon as I'm visiting this site again. This seems to me to be the most efficient way to handle IDB, given the API limitation. |
This comment has been minimized.
This comment has been minimized.
|
^^ This extension doesn't touch CSP. Did you even check? |
|
@StanGets with regard to CRX asked...
in the CRX search input use: |
|
re: Site Bleacher - been using it for a while and, according to dev, it does not raise entropy (he's not injecting anything into IDB storage that website can read like i thought he may have been) i just asked him if it handles Workers cache, but i'm pretty sure it don't |
The developer has removed all his API-Killers and all his other extensions except one, or these have been removed by Mozilla, no idea. I had indeed mentioned the API-Killer-IndexedDB for the reasons evoked here above. The extension having been removed from AMO, and because I ignore for what reasons, I've removed it as well from my Firefox profile. Because I continue to dislike sites pouring data in my IDB, I've found another way to block the IDB Web Api : WebAPI Blocker I checked all occurrences of IDBxxx proveded by this WebAPI blocker and disabled all 14 of them, which are: IDBCursor Works like a charm. Certainly not all 14 need to be disabled but until I check the ones strictly required i disable all. No issues at this time. |
|
so... i asked the Site Bleacher dev if he would have a go at cleaning the 'service workers' stuff and he did :) in addition to cookies, local storage and IndexedDB, the extension also addresses service workers, cache storages, filesystems and webSQLs - i don't know exactly what's covered by the latter 3, so i asked him here if anyone cares to follow that and his answer was "Don't really know" |
|
Is there a downside to using Clean Links over the other link cleaners listed on the wiki? https://addons.mozilla.org/en-US/firefox/addon/clean-links-webext/ Personally, I find this extension catches and cleans a lot more links than the alternatives (ClearURLs, Neat URL, Skip Redirect), but I remember back before webextensions, people having an issue with it. I use it with the following settings:
|
somebody more knowledgeable might chime in, but IMO CleanURLs is the best of the bunch because it covers more and breaks less (not sure i've ever had ClearURLs break anything) - it's been an install & forget ext. for me - no need to fiddle with white/black lists (doen't even have one) some may not like it because it uses an external file (hosted on gitlab) but that's actually a plus in one way in that the dev doesn't have to update the ext. every time they need to change something |
When using the examples on this page to test: Clean Links successfully cleans most of them, except for the "no redirection, only parameters" group (except for example no.11) and no.14 in misc. ClearURLs cleans: no.2, no.6, no.7, no.8, no.11 Again, I'm not an expert on this but I'm just asking so I can get more information edit: Just realized I referenced other issues on accident, I thought I had to select the issue when using the hashtag symbol. Sorry about that... |
|
i never actually tested CleanURLs, so i'm glad you did - given your findings, i'll have to reconsider Clean Links which is what i used before |
|
i made the mistake of writing CleanURLs instead of ClearURLs in this thread anyway, i visited the test page you linked to and most of the samples are redirects ... ClearURLs is designed to remove tracking params, so i'm not sure if it's supposed to deal with redirects??? seems like it should be though Skip Redirect caught all the redirect samples, but ClearURLs did not catch all of the "no redirection, only parameters" samples -- i'm not sure what to think, but maybe ClearURLs isn't the best solution - ima gonna chat with da dev n c whts up |
|
Repo here. |
|
Why don't you guys refer https://github.com/Sainan/Universal-Bypass instead of https://github.com/sblask/webextension-skip-redirect? |
|
@DanKGooGLy - correct me if wrong, but Universal Bypass seems to be a very different animal than Skip Redirect in that UB doesn't skip redirects |
|
I don't know if any of you are in the EU, but here's a matter of QoL (quality-of-life). With an amnesic browser like this one (especially with Temporary Containers), either I don't care about cookies or Ninja Cookie feel nearly indispensable. You can train yourself to not mind all the cookie questions, but I think many would just give up on TC or arkenfox itself. Even after such training, I experience these as a huge QoL win. As an alternative, I just found that the uBlock Origin filter lists for annoyances (AdGuard, Fanboy, or EasyList Cookie), which seem to take care of many cases, but not YouTube for one. I'll continue to try them. Perhaps it could be useful to put in this as a tip on the wiki. I'm actually curious what you think about Ninja Cookie, i.e. automatically saying no to all the nonessentials. I don't think honest webmasters are a rare creature, so this would lead to less logging, right? |
|
I would avoid Ninja Cookie but that is just me. Good luck out there. \m/ |
|
Could anyone provide an opinion/recommendation concerning https://addons.mozilla.org/en-US/firefox/addon/trackmenot/, considering it’s no longer being maintainted? |
|
For uMatrix the wiki says "Use it as long as it works for you... except that's risky, because how do you know it's working properly?". As far as I can see (which is not much considering I'm no expert), it seems to work quite efficiently still, but am I missing some crucial detail here? I'd be glad to ditch it for uB0 only but uM is simpler to use in my case. |
|
github: https://github.com/ACK-J/Port_Authority
not sure this is something worth using - feedback appreciated |
Doesn't this add-on offer what gwarser's lan-block.txt list already provides? It blocks the scans on https://defuse.ca/in-browser-port-scanning.htm @gwarser : What do you think? |
This comment was marked as abuse.
This comment was marked as abuse.
uBlock Origin's CNAME blocking also takes care of the LexisNexis endpoint blocking as well. Edit: The addon seems to pick up Lexis Nexis endpoints not picked up by uBlock Origin, but more testing is needed to confirm that. Edit2: uBlock Origin blocks both the original script from running or if that is not blocked, the uncloaked domain. On another note, has anyone checked out https://github.com/garywill/autoreferer? Also with AdGuard URL Tracking filter being added to uBlock Origin, Neat URL is redundant. |
It looks good, but I prefer tools that allow you to specify the referer depending on the source URL and/or target URL, not the tab/window. |
|
I'm going to quote potassiumchloride's from minimized comment three posts up
... and then I'm going to FUCKING RUB IT IN HIS FACE Not cheering the fact this happened to uM, just pointing out that my apparent "very biased" "subjective" "personal" "FUD" was anything but
edit: and for the record, this was what it was, apparently "just saying that it's currently unmaintained and nothing else"
|
|
hpHosts has not disappeared from my uMatrix, even though I updated to 1.4.2 just now, unchecked the list, and restarted the browser. No harm done, this was just a quick edit to the default config I see on the commit... |
|
I updated to 1.4.4 but the "Reveal canonical names" option is now gone and adding the rule manually does nothing, can anyone confirm if they have the same issue? |
Get this build if you want cname uncloaking https://github.com/gorhill/uMatrix/releases/tag/1.4.3b0 |
|
uBO-Scope is abandonware. Latest commit was in July 2018. Might want to at least take note of it in the Extensions page. |
IDK if it's abandoned. Maybe it doesn't need anything done to it - @gorhill - then again, it could probably do with cname detection to properly ascertain partyness? the rest seems perfectly fine. Hopefully gorhill will reply |
|
I guess this is still the right place for extension talk, even though it's closed? A while back there was some discussion of Universal Bypass, an extension for demystifying shortened links. claustromaniac checked it out and found it was no help in the privacy dept. I generally avoid those links but every so often I encounter one (e.g. in an e-mail from the water company) that I have to click. So I looked to see what else is available on AMO these days and found four: Fast Forward (a fork of Universal Bypass), Link Unshorten, Quo Vadis?, and Unshort.link. I am no 🐈 but I did my best to test them out, and it looks to me like all but Quo Vadis? work by sending your URL to the developer's server or a third-party service for analysis, which I don't love. Quo Vadis? stumped me: It sends requests to the shortened URL and the final URL and any URLs in between, but none of those requests show up in the browser console; I could only see them by monitoring my computer's network traffic. So I wrote to the developer (https://basa.nl/quovadis/), who answered:
"Sandboxed" definitely sounds good, but I don't have the skills to evaluate what that really means, so I'm posting here in case others are interested in looking into it further. |
|
I’d appreciate more justification for Skip Redirect, since it’s the only extension to share the Recommended tier with uBlock Origin. Most of the Optional tier have caveats, and I think Skip Redirect does as well. While it works well when it works, it applies to a small enough class of links that I don’t think it’s worth the recommendation. Inherently, it can only detect trivial redirect links directly including the target URL. base64-encoding the target is enough to get past it. Many sites work this way; email newsletter service tracking links come to mind. Similarly, any custom server-side mapping of ID’s to target links, e.g. any URL shortener service, goes undetected. This can give users a false sense of security since Skip Redirect only skips the most benign redirect links. Additionally, it has a number of false positives (e.g. archive.org) that require users to attempt to exhaustively enumerate exceptions. This is futile, especially when services change their URL schemes. Given the prevalence of both false negatives and false positives, I’m not a big fan and don’t use it myself. Obviously, the wiki is just recommendations, so it’s up to the author and doesn’t force anyone to follow it, but since I think most of the rest of the repo and wiki are very well-thought-out, I’m genuinely curious about the rationale here. |
I also think providing further explanation/justification for Skip Redirect would provide value. |
I think Skip Redirect can go to base64-encoded link. I just tested with this link |
|
Yeah, I was wrong about that. The rest of my comment still applies. |
|
Btw, uBO has added a new network filter |
and others
previous threads #492 #294 #211 #12
Use this issue for extension announcements: new, gone-to-sh*t, recommendations for adding or dropping in the wiki list 4.1: Extensions. Stick to privacy and security related items
🔸 possible additions
🔸 nah
The text was updated successfully, but these errors were encountered: