sticky: extensions

[Thorin-Oakenpants]

:exclamation: please try to NOT start discussions in here, start a new issue instead. ONLY use this thread to report extensions - thank you

Use this issue for extension announcements: new, gone-to-sh*t, recommendations for adding or dropping in the wiki list 4.1: Extensions. Stick to privacy and security related items, and do not mention legacy extensions

:small_orange_diamond: Added Web Extensions

• ... go look on the Wiki page - not listing things twice

:small_orange_diamond: Pending Web Extensions

• Negotiator | GitHub
  • doesn't work (yet) full of bugs and errors - ask earthlng - worth revisiting
• Google search link fix | GitHub
  • google/yandex. Personally, I use a user script called "google privacy" which has been working for years - I should find a link for it, see if it's maintained, stick in the wiki for user scripts? -Thorin
• Searchonymous2 | GitHub
• Modify Header Value
• Referer Control
• eCleaner (Forget Button) | GitHub
  • NOTE: bulk clean per storage type: eg indexedDB, dom storage etc
  • NOTE: Is using wrong Storage API for settings??? Requires cookies in order to access local dom.
• mHeaderControl | GitHub
• Shape Shifter | GitHub
• EditThisCookie
• History AutoDelete
• FoxyProxy
  • Basic
  • Standard
• WebAPI Manager | GitHub
• Forget Me Not | GitHub
• Luminous | GitHub - JS Events handling
• 3P Request Blocker

:small_orange_diamond: Rejected ^{If you strongly disagree, then by all means, bring it up}

• Canvas Defender
  • nah - see https://github.com/ghacksuserjs/ghacks-user.js/issues/458
• VTzilla
  • shitty privacy policy, you have to opt-out of scanning everything, but could be handy for some people, as long as they are aware of the privacy implications

...

[curiosity-seeker]

Yes, this is exactly how Lastpass does it, too - see, e.g., https://www.lastpass.com/how-lastpass-works . And yet there seem to exist - or, at least, existed - implementation errors. They attracted attention because Lastpass is the most popular password manager. Who knows if Bitwarden is affected by similar flaws.

I am not sure if you should recommend any cloud-based password manager. There are many users who refrain from using them because of security concerns.

[Thorin-Oakenpants]

Hmmm .. I thought LastPass had all the keys, so to speak. Something I did for a client a few weeks ago really led me to believe they could see it all (password info rendered into an https page - I think it was either the print output or an online vault page or something). I guess not. BTW, a quick search unearthed this

https://hackernoon.com/psa-lastpass-does-not-encrypt-everything-in-your-vault-8722d69b2032

Not that BW couldn't have issues as well. BTW, BW allows you to use any cloud, including your own (but yeah, most people couldn't do that and would be even less able to make it secure)

[claustromaniac]

Lately, I've been trying out MasterPassword (GitHub). I like the concept a lot, but I wish it were possible to create longer passwords. It can at most generate 20-char-long passwords AFAICT. I wouldn't use it for anything super important, for that reason.

Also, I see a theoretical downside to it: if an attacker got ahold of ONE of your passwords that were generated with MasterPassword, and if he knew that you use that extension, by reversing the algorithm it should be possible for them to get ahold of ALL of your passwords generated that way. It's a scary worst-case scenario, but they have to be targeting YOU, which to me sounds a lot less likely than getting your passwords stolen from a high-profile cloud service like LastPass or the like (except maybe a self-hosted BW instance, of course).

[fmarier]

Lately, I've been trying out MasterPassword (GitHub). I like the concept a lot, but I wish it were possible to create longer passwords. It can at most generate 20-char-long passwords AFAICT. I wouldn't use it for anything super important, for that reason.

That concept is usually called "password generators". The adblockplus guy reviewed the security details of all of the ones he could find and ended up writing his own.

[claustromaniac]

Thanks for the info, @fmarier !

[claustromaniac]

Just FYI, regarding the Detect Cloudflare extension that I mentioned previously, I released a fork of it with some minor changes here.

[Thorin-Oakenpants]

I prefer toolbar icons, so everything is visually in one place

[claustromaniac]

I prefer a Page Action for this one because I don't need to see the extension's icon when CF is not detected. It just wastes valuable space on smaller screens.

I opened a pull request to commit the other significant difference to the original extension. If it is merged, the behavior of the icon will be the only difference left between the original and my fork. I considered making more changes but maybe some other time :)