sticky: extensions

[Thorin-Oakenpants]

previous threads #294 #211 #12 woo... the old issue of 294 is a palindrome of this issue 492 ... spooky :ghost:

---

Use this issue for extension announcements: new, gone-to-sh*t, recommendations for adding or dropping in the wiki list 4.1: Extensions. Stick to privacy and security related items

:small_orange_diamond: possible additions

• Modify Header Value
• mHeaderControl | GitHub
• Referer Control
• History AutoDelete
• WebAPI Manager | GitHub
• Forget Me Not | GitHub
• CookieBro
• Luminous | GitHub - JS Events handling
• FoxyProxy
  • Basic
  • Standard

:small_orange_diamond: nah ^{feel free to discuss}

• Canvas Defender
  • nah. see https://github.com/ghacksuserjs/ghacks-user.js/issues/458 , Canvas Blocker is far superior
• Google search link fix | GitHub
  • google/yandex. Personally, I suggest using something more universal
• VTzilla
  • shitty privacy policy, you have to opt-out of scanning everything, but could be handy for some people, as long as they are aware of the privacy implications
• Searchonymous2 | GitHub
  • use containers if you want to separate google search from logged in google services
• eCleaner (Forget Button) | GitHub
  • abandoned since Sept 2017, and outstanding issues. Forget Me Not looks better for this kind of thing
• Shape Shifter | GitHub
  • abandoned since Aug 2017, doesn't really offer anything not already covered
• Negotiator | GitHub
  • abandoned since July 2017 (and it had some issues/flaws according to the big E)

...

[crssi]

@Thorin-Oakenpants I can swear that there was a problem in the past, but now I haven't found any orphaned cookies... doesn't matter, I will drop the CAD for now. And you are right (like doooh :smile: )... with TC, there is no need for CAD. I am in a bit of fear for TC future existence... it seems that @stoically activity dropped to zero. :crying_cat_face:

[Woofy-Wolf]

Kudos to @claustromaniac for two extensions that should IMHO be added to the wiki:

• ETag Stoppa
• Privacy-Oriented Origin Policy

Privacy-Oriented Origin Policy is damn impressive. ETag Stoppa and POOP replaced Header Editor and Cors Everywhere in my browser.

You already know the extensions, of course. I'm nominating them, here, to nudge them toward an updated wiki. :)

[Thorin-Oakenpants]

ETag Stoppa is already there. And the POOPer needs more work .. I'm waiting for the #509 to pass 200 comments as a sure sign.

@claustromaniac : Add the POOPer when you're ready

[crssi]

@Woofy-Wolf same here :smile:, the HE+Cors Everywhere combination were PoC/workaround until @claustromaniac didn't made damn good PooP :smile_cat:

@Thorin-Oakenpants IMHO PooP needs just a week or two of observation, but I think its ready. For 100% mark, just a blacklist is missing, but its not a showstopper (and nothing is 100% in a real world). From observation in the last couple of months, there is only maxcdn.bootstrapcdn.com to be added to blacklist for now (but only if script type is not ticked in relaxed mode)... similar as it is now www.youtube.com *.googlevideo.com for whitelisting <- and nothing wrong with that, since its the same EvilCorp behind. Now, with PooP and Referer control (or ghacks or over SR), I really ask myself what would be additional reason for 3rd-party font blockage from tracking/FP perspective? :wink:

Cheers

EDIT: Added (but only if script type is not ticked in relaxed mode)

[crssi]

@Thorin-Oakenpants

Now, with PooP and Referer control (or ghacks or over SR), I really ask myself what would be additional reason for 3rd-party font blockage from tracking/FP perspective?

Don't get me wrong... I didn't imply or call for a change in ghacks-user.js. It should stay as it is there IMHO.

[Woofy-Wolf]

From my observation (I am using FPI+TC auto mode)... and still there are some cookies left behind and CAD deals with those.

This is my observation as well, and it's why I don't re-use containers in TC. I just tested a few sites. Cookies from washingtonpost.com were destroyed with their container. Cookies from nytimes.com and mozilla.com appeared to survive (which makes no sense whatsoever).

I used CAD until recently to delete cookies (& localstorage browser-wide) before their containers were destroyed. To delete cookies from a container that is about to be destroyed is (or should be) unnecessary and excessive. Anyway, I removed CAD after considering @Thorin-Oakenpants 's opinion of cookie managers, but I still take precautions because I don't understand what's going on. Instead of CAD, I set cookies to expire when the browser closes (minus some exceptions, each of which have their own permanent container). I run CCleaner, too. It always sees site data that FF didn't delete.

It's very strange.

[Thorin-Oakenpants]

ccleaner.... It always sees site data that FF didn't delete

FYI: it lists HSTS data from SiteSecurityServiceState.txt as "cookies"

Some domains are restricted - i.e extensions cannot control them. Not sure if that included cookies extensions.webextensions.restrictedDomains default value ( with my own line breaks added)

accounts-static.cdn.mozilla.net,
accounts.firefox.com,
addons.cdn.mozilla.net,
addons.mozilla.org,
api.accounts.firefox.com,
content.cdn.mozilla.net,
discovery.addons.mozilla.org,
input.mozilla.org,
install.mozilla.org,
oauth.accounts.firefox.com,
profile.accounts.firefox.com,
support.mozilla.org,
sync.services.mozilla.com,
testpilot.firefox.com

[atomGit]

speaking of ETags - the wiki says...

Note: if you disable disk and memory cache, this is not required

should Temporary Containers be added to that?

not understanding the workings of all this stuff, i wanted to dbbl chk, so with TC set to auto and RFP disabled i tested (http://lucb1e.com/rp/cookielesscookies/) and came up clean

[crssi]

^^ First revisit shows last entered value, but page reload after that looks like clean. Config here: TC(auto)+FPI+Memory enabled+Disk disabled IDK but it looks like the first revisit still gets read from memory.

[atomGit]

interesting - wonder what the diff is?

TC=auto, FPI disabled, mem enabled, disk disabled

i don't see how that should make a difference and, besides, etags are stored in web cache, so how is it possible to read mem cache after a restart? did you restart, or just refresh?

[crssi]

Reopened in a new TC (the old destroyed). Restart would be pointless for test when disk disabled. But what I wrote on my previous post suggests something smelly with containers... its should be totally cleared (memory cache also separated in container) or totally not (memory cache not separated), but not something in between. FF bug maybe?

[claustromaniac]

@claustromaniac : Add the POOPer when you're ready

It's no longer in alpha, which means I deem it complete and functional already. The documentation can use some more work, though.

Anyway, this may sound stupid to you, but I prefer not to add it to the wiki myself because it would be a biased recommendation. I don't have a problem recommending True Sight and ETag Stoppa, because the former merely provides information (it doesn't change the browser's behavior in any way), and the latter is extremely simplistic. However, POOP is fairly complex and it changes the behavior of cross-origin requests; it attempts to provide more privacy by altering a standard security mechanism.

I did a decent amount of research and I have confidence in my skills, but ideally a more experienced (read actual) developer should vet my work for me to feel comfortable recommending it myself. I don't expect that to happen, though. That would be quite a luxury.

Now, with PooP and Referer control (or ghacks or over SR), I really ask myself what would be additional reason for 3rd-party font blockage from tracking/FP perspective? :wink:

You forgot to mention Decentraleyes! It doesn't cover all fonts (that would be insane) but I noticed it takes care of some of the very popular ones. EDIT actually, I'm not sure now. Gotta check that again. EDIT ² NVM it doesn't yet. I got mixed up!

[Thorin-Oakenpants]

I'm actually afraid to use the POOPer ... it's installed and disabled. And I've ignored the long thread you guys chat in. I'm afraid of it breaking other extensions (rolling the dice thing) and it looks a little complex.

I've been taking my dumps out in the garden, but I cover them up like a good :cat2: does

[claustromaniac]

I can give you a super long explanation of why I consider it safe, but I won't for the same reason I refuse to recommend it myself (even though I am using it).

[Thorin-Oakenpants]

up to you :) now get over to the other project (and don't tell anyone) and help out Edit: no no no no no it's not librafox

[atomGit]

Decentraleyes - web fonts is on the ToDo list... for like 2 years - he's running into some sort of problemo with that

now get over to the other project (and don't tell anyone)

librefox - i'm liking the idea - haven't run it yet

[Thorin-Oakenpants]

No .. I have nothing to do with librafox

[claustromaniac]

librefox - i'm liking the idea - haven't run it yet

I have nothing to do with Librefox. (dafuq is librafox? :trollface:)

[atomGit]

Anyway, this may sound stupid to you, but I prefer not to add it to the wiki myself because it would be a biased recommendation.

wadda pussy (wee, i made a PUN!)

and you guys know damn well what Librefox is - i seen sum yas over there trying to jump ship!

so this whole add-on landscape changes with TC - pants, i ass-u-me ur using this by now?

no more storage cleaners, but several other things removed as well

for the record, me=:

MUST haves...

• ClearURLs - check this out verses Pure URL or whatever link cleaner you're using
• CSS Exfil Protection
• Decentraleyes, although the need for this is largely reduced by TC me thinks
• Firefox Multi-Account Containers - needed if you want to keep logins/settings/storage per-domain - supplements (a shortcoming?) in TC
• POOP
• Skip Redirect
• Temporary Containers (currently running in auto-mode with FPI disabled)
• uBO
• uM - i REALLY want to dump this and use uBO exclusively - TC makes this (much?) more feasible - have to think some

recommends...

• ReFont - very slick - i haven't tested yet if web font fetching is blocked with this, but it seems it is
• Smart HTTPS (pants hates it - that's why i like it ... actually, i don't give shits if my webber hammers an http site because they should ALL be using https (and Let's Encrypt certs are free) so i let 'em know in the logs + it doesn't depend on a possibly inaccurate list + ...)

not needed...

• Canvas Blocker (TC, user.js)
• ETag remover (TC)
• window.opener be gone (TC) ?
• rel=noopener scripts/add-on (TC)
• Referer Control (TC, can relax pref in user.js - essentially can control referrer with TC)
• Restrict to Domain (FPI toggle) (TC)
• all/nearly all add-ons that have anything to do with auto-cleaning storage (TC)
• ...

lots of problems solved and other add-ons rendered obsolete with TC - so much so that it seems like this should be a requirement - NOTE that a lot of this config depends on setting up auto-mode in TC properly

[claustromaniac]

and you guys know damn well what Librefox is

We know, we just aren't involved.

POOP (TC) ??? dunno about this - i asked on his repo - sure would hate to give up that little pile of pink poop on my toolbar : (

Answered, in case anyone else wonders.

• window.opener be gone (TC) ?
• rel=noopener scripts/add-on (TC)

I think using those two at the same time is redundant... (gotta check)

[practik]

@atomGit, that's impressive how many things are made redundant by TC. I tested TC briefly but ditched it because it breaks Recently Closed Tabs, which I use all the time. But I may have to revisit that choice …

For those (few?) who are still interested in extensions for cleaning cookies etc.: I've been using Forget Me Not daily for the past four months and haven't encountered any of the problems @crssi reported previously. And FMN does a couple of things better than Cookie AutoDelete:

• It allows you to whitelist cookies by name
• It handles containers more intelligently
• It clears cookieless localStorage

On the other hand, there's one thing CAD definitely does better: It clears cookies that are set during redirects. But even so I'd still say that FMN is just as Wiki-worthy as CAD.

That said, all this cookie monitoring I've been doing has been a big pain. Pants's suggestion from last week –

block all cookies and whitelist using FF's internals

– is looking extremely appealing.

[atomGit]

practik:

tested TC briefly but ditched it because it breaks Recently Closed Tabs

i never use that, but your right (sort of - i see 2 entries and neither is correct) - history still works and you can access that via a toolbar button

there's niggles with TC - nav'ing back fails unless 'back' is in the same container

my biggest gripe is when you WANT to store web data (settings/cookies/log-ons) because you gotta go through a SEVEN HUNDRED (5) step process - disable setting in TC>isolation>MAC; create a perm container; open site in perm; enable to always open site in perm; re-enable setting in TC - same for cross-domain log-ons i'm sure, at least some times, but you can pile a bunch of trusted sites in a single perm container too, like search engines, etc., then do all normal browsing in temp containers

for me the perks outweigh the pissers so far - i set uM (and FF) to allow 1st party cookies globally, so that's the end of pissing around with cookies/storage/IDB/etc., then you can dump several add-ons and break shit less often - the ghacks user.js needs a few settings relaxed to make a smoothie but that, again, equals less breakage

update: i've gotten the process of creating perm containers down to 3 steps if one disables the option on the 'Isolation' tab -> 'Multi-Account Containers', 'Open new Temporary Containers if a Permanent Container Tab tries to load ...' (every unique root domain is still opened in a new temp container if the 'Isolation' -> 'Global' options are setup right and auto-mode is enabled)

assigning multiple domains to a single container uses the same process, except you have to open a new instance of the perm container for each domain you wanna add, else TC kicks in

[atomGit]

hey, i'm just gonna drop this here and let one of you pros handle it - probably mentioned long ago, but i couldn't quickly find anything and i didn't want to make a new issue...

nobody should be editing the user.js, right? so maybe have the updater script set read-only attrib on it after writing just as a reminder those who might forget?

[atomGit]

@practik said...

I tested TC briefly but ditched it because it breaks Recently Closed Tabs ...

here's a potential half-fix: try setting 'Delete no longer needed Temporary Containers' to something other than 'after the last tab in it closes' - looks like after the time expires you still have to turn to the browser history though

[Thorin-Oakenpants]

https://github.com/ghacksuserjs/ghacks-user.js/issues/492#issuecomment-450505680

Decentraleyes, although the need for this is largely reduced by TC me thinks

Heck no. You might want to edit that comment. DC is not about isolation, it's about reducing/eliminating 3rd party calls

[atomGit]

did that + moved POOP to required based on feedback from :cat:

[Thorin-Oakenpants]

https://github.com/ghacksuserjs/ghacks-user.js/issues/492#issuecomment-449598392

I'm actually thinking of dropping CanvasBlocker myself. ClientRecs() is the only thing it adds for me

Actually, I CB is actually blocking a lot of canvas stuff that RFP isn't

[crssi]

@atomGit TC is really a good WE, but you cant "kill" all the thingy's with it. I am a bit time limited, so will be my post. ;)

I don't like ClearURLs, since there is no user control and same, but with user control, can be achieved with Neat URL and Skip Redirect. Smart HTTPS does NOT work with TC... at least not in automatic mode. Same goes with HTTPS by default. I don't like HTTPS Everywhere, really don't see a point to leak to EFF and most domains I use are even not listed in their database. I don't see a point for permanent containers, so it is for Multi-Account Containers, I am using TC + Context Plus. Canvas Blocker is more than just a Canvas blocker (also Audio and other), cannot be replaced with TC. Not sure yet, if TC can replace ETag remover... I would say no. Referer Control cannot be replaced by TC.

I really don't see a reason to disable FPI. In the past, there were plenty of problems, but lately Mozilla has really improved it and I could not find any breakages with FPI enabled.

You already got an answer for PooP and Decentaleyes.

Also with PooP, I do not see any reason (tracking wise) to block fonts and to complicate life with Refont or similar.

@practik with correct usage of TC, you can dump CAD and FMN and similar.

If you set, for example:

/* 1020  */ user_pref("browser.sessionstore.max_tabs_undo", 10);

you can undo closed tabs with CTRL+SHIFT+T and it will even reopen in the correct TC container (if invoked in a time before destroying the container).

[practik]

if invoked in time before destroying the container

This was exactly my problem; there were too many times when I wanted to reopen a tab whose container was already gone. I think if I do try TC again I'd rather just retrain myself to stop using Recently Closed Tabs altogether.

[crssi]

@practik try something like this (starting at default settings)

    General
      Automatic Mode: Check
      Container Name Prefix: %domain% #
      Random Container Color: Check
      Container Icon: fingerprint
      Container Number: Reuse available numbers
      Delete no longer needed Temporary Containers: 2 minutes after the last tab in it closes
      Click [Save]
    Isolation
      Per Domain
        Domain pattern: *
          Always open in new Temporary Containers: enabled
          Click [Add or Edit]
        Domain pattern: duckduckgo.com
          Always open in new Temporary Containers: enabled
          Click [Add or Edit]
      Global
        Mouse Clicks on Links should open new Temporary Containers
          Middle Mouse: If the clicked Link Domain does not match the active Tabs Domain (Subdomains won't get isolated)
        Click [Save]
    NOTE: CTRL+SHIFT+T = Undo closed tab(s)

^^ I am using DDG for search. Left mouse click will not open in a new container, but middle mouse click will if different domain. This way you have a control to open in a new container and the same time cross domain logins will not fail with a mouse left click. If you need to migrate container, then Context Plus extension will do.

Cheers

[crssi]

Nice one from @intika, making background of URL bar red color when non-secure site. Librefox HTTP Watcher - Red flag

[ghost]

I don't know about you but here I always prefer a style over a script over an extension, when feasible of course.

Coloring the urlbar background given the site's security status is easily performed right from the user's userChrome.css file thanks to a few lines, available i.e. with Color your URL bar based on website security

I chose (old habits I guess) to colorize only secure sites (yellow) perhaps because my memories go back to the times when secure sites were the minority, which is changing, fortunately.

[atomGit]

in this particular case i'm not sure that CSS accurately reflects the connection status, but yes, i was thinking the same thing - i recall reading something about something some time ago that suggested using CSS for this is a bad thing

[ghost]

That invalidates what I thought was always true, that is that CSS is less likely to be harmful than jscript and jscript than an extension's potential.

Regarding colorizing the urlbar background given the site's security status I've never encountered issues but maybe because I refer only to #identity-box.verifiedDomain and #identity-box.verifiedIdentity.

I'm not a specialist as I spend my time repeating it (especially to those who know more, lol) and I learn every day.

[claustromaniac]

Smart HTTPS does NOT work with TC... at least not in automatic mode. Same goes with HTTPS by default. I don't like HTTPS Everywhere, really don't see a point to leak to EFF and most domains I use are even not listed in their database.

@crssi, are you using any other extensions for that? Some time ago I made an extension that works somewhat similar to Smart HTTPS, but it is more minimalist and gets along with TC. I'm still not sure I want to publish it (I hardly have any time for maintaining the stuff that I already published), but if there is any interest I'll consider it. I used HTTPS Everywhere for the longest time but it is heavy AF and I have come across numerous sites that weren't in its database...

[atomGit]

interest no.1 right here

[crssi]

@claustromaniac I haven't found any other extension to replace Smart HTTPS or HTTPS by default. :crying_cat_face:

[atomGit]

ditto - i should have also mentioned that - i wonder why in hates Moz hasn't done something about this long ago, standards and net etiquette be damned - this is a serious privacy issue for anyone not encrypting their traffic

[claustromaniac]

There you go (source). It's ugly AF and it's not configurable, but it gets the shit done.

[Thorin-Oakenpants]

So I'm doing a dozen metric shit-tonnes of testing, and do you think I can find a decent working RFP toggle button? Yup, I am aware that some RFP effects require a restart.

Anyone know of one? Just a simple button that toggles RFP, nothing more.

Edit: this is all I could fine - https://addons.mozilla.org/en-US/firefox/addon/resist-fingerprinting/ - but it doesn't work

[claustromaniac]

I don't know of any, but such an extension should be super trivial to make... If you don't find one by tomorrow or so, I'll look into it.

[Thorin-Oakenpants]

It's not something I would ever want to promote, because it's a global switch. So what if a website breaks, that doesn't mean you should suddenly allow all the other open tabs and js and service workers etc to wreak havoc (and even if they weren't open, the end user would have to remember to toggle it back before they opened a website).

It's probably not a big deal. I can just keep using about:config. Just would have been handy in my testing, and as a decent visual indicator

[claustromaniac]

:jeans:, I know you didn't ask for this, but I literally made it while I was doing other totally unrelated stuff. It was that trivial. Change the file extension to XPI and install manually. Or don't, I don't care anyway.

rfp_switch-0.1.0-fx.zip

[Thorin-Oakenpants]

I know it's that trivial, it's a single pref flip (and icon change/detect) via the Privacy API or whateva. That's why I linked to that other broken version, assuming it would be a two minute fix with no fluffing around to get icons and shit

appreciated, and good you did it now, because you have some JS code reviewing to do soon

[Thorin-Oakenpants]

PS: reading this: https://medium.com/privateid-blog/privacy-inequality-the-most-brutal-form-of-inequality-youve-ever-imagined-e674d4f3cd42

I'm gonna be one of The Protected, not one of The Predictables - but it will still hurt: i am sure that a lack of data points will be held against people (getting a loan, insurance rates etc). It may pay to start curating a public ID of all things nice, sugar and spice....

Welcome to you new dark dystopian future...

[crssi]

@Thorin-Oakenpants

Just a simple button that toggles RFP, nothing more.

Just out of curiosity... Do you need this for testing purposes only (as a shortcut) or there are some real world usage?

[crssi]

@claustromaniac thank you for HTTPZ. :+1: I have one or two addons in mind, but really don't have a heart to ask, since I know you are busy with other stuff.

[Thorin-Oakenpants]

@crssi As I already said, it's useless IMO in a real world live main FF setup because it's a global switch and users have multiple tabs, multiple background js, and would have to check it's state when opening new web content - imagine making one mistake and leaving it off while you visited murderers.4.hire and googled how to dissolved bodies. It just makes it easier for me testing in my test bed (different portable FF nilla profiles) 1 as a visual indicator and 2 as a super quick way to toggle it.

[ghost]

As i understand it the RFP switch correlates to several other settings which is why I pain to understand the pertinence of an on/off switch for RFP alone:

Quoting ghacks user.js - date: 12 December 2018 - version 64-beta: Crocodile Pants

[SECTION 4500]: RFP (RESIST FINGERPRINTING)
   This master switch will be used for a wide range of items, many of which will
   **override** existing prefs from FF55+, often providing a **better** solution

   IMPORTANT: As existing prefs become redundant, and some of them WILL interfere
   with how RFP works, they will be moved to section 4600 and made inactive

Which means if I understand correctly that choosing to activate RFP must be done before running Firefox and after having modified other user.js settings accordingly to RFP true. Is this correct?

[Thorin-Oakenpants]

^^ Thanks StanGets .. I didn't bother thinking down the rabbit hole too deeply, because it's already a silly idea .. but that is just another reason a flip switching button to be used in session is a stupid idea

Lets say a user has RFP on, and uses the user.js with section 4600 commented out (as instructed). They then flip RFP off (manually or with an extension) to make one website work, and they would potentially give up more privacy because 4600 items are commented out. Yup, that's just stupid. And if they didn't have section 4600 commented out with RFP, then their fingerprint is F'd anyway.

But I am only using it in a test environment. With a vanilla profile, and no user.js. In fact in these tests I am only testing RFP

For the third time (3rd times a charm?) - this extension (and building it into other extensions as an option which I see a lot of) is a F stupid idea