楼主#更多 发布于：2017-06-07 00:34
20 Firefox Security Add-On Recommendations
(San Francisco-based tech blogger and vpn convert)
Thanks to its open source development, Firefox is gaining market
share. This article presents a comprehensive list of Firefox security
add-on recommendations to keep your internet browsing, passwords, and
email safe and secure. Share
The combination of Firefox security add-ons and browser updates can
be tricky for many users. Some extensions lose effectiveness as Firefox
iterates. Others make changes to core functionality that end up
backfiring. And if you have an active security extension that is no
longer performing well, you may be unknowingly open to cyber-attacks.
So, keeping in tune with the most effective security add-ons is
imperative for your safety and privacy. In this write-up, we list our
Firefox Security Add-on Recommendation Criteria
To make our list, we grouped add-ons together according to their functions and analyzed:
Through this analysis, we can provide the full picture of an add-on’s
ability to improve key aspects of Firefox security and privacy.
Beyond the security benefits, a focus on privacy helps streamline
searches, remove visual clutter from the screen, and lessen the chance
of clicking on an unwanted ad. The following Firefox security extensions
offer suites of
functionality to block a range of threats and unwanted browsing experiences.
1. uBlock Origin
This add-on has the capability of blocking both ads and 3rd-party
network requests. It has a minimal CPU footprint and enables users to
load thousands of filters. The add-on author keeps versions up-to-date;
as of this writing, version 1.7 had been updated on May 1. It also has a
large base of more than 1 million users.
2. Adblock Plus
One of the most popular extension in the Firefox catalog, this
general privacy suite blocks known malware domains, removes social media
buttons, and disables trackers. As it iterates, Adblock Plus is
becoming customizable, allowing users to design filters that block
certain features while allowing others. It has more than 20 million
users and the author updated the current version regularly.
For advanced users, uMatrix enables a high degree of web security. This
evolution of the legacy add-on HTTP Switchboard is essentially a dynamic
firewall that is set to block all/enable exceptionally mode. This means
it will block most net requests until you whitelist the requests you
deem safe. Even if you switch to allow all/block exceptionally mode, the
extension still protects you from its library of 62,000+ blacklisted
hostnames. Regularly updated, uMatrix has more than 37,000 users.
Privacy and security have been sorely compromised with the explosion
of web analytics. Businesses claim tracking is key to improving services
and offerings. The government argues tracking enhances national
security. So, for better or worse, web tracking is here to stay.
But many people don’t want companies to know how they arrived at
their websites. Others would rather not leave a trail for the government
to follow. For this group, a tracking blocker is an essential Firefox
security add-on. Here are our recommendations.
Blocks 2,000+ tracking sites, which helps pages load up to 27%
faster. This is a fast and simple add-on, which pleases many users, and
it offers quick whitelisting to limit intrusiveness.
One downside, however, is that it does not allow users to specify
trackers to block. Another downside: Disconnect must be added first if
you want to view its blocking information.
This means you need to:
In terms of analytics, referrer tracking is one of the most important
functions. Through browser requests that are mostly invisible to users,
a website can learn where its traffic comes from. In many instances,
however, a user may not want to divulge this cross-site information.
With RefControl, you can create a fake “referrer” site, which helps
eliminate cross-site tracking. One note of caution: RefControl has not
been updated since December 2014.
Finding the green HTTPS lock while surfing offers a respite in the
web security storm. The following Firefox security extensions, however,
help extend the shelter.
6. HTTPS Everywhere
This extension protects your communications by enabling HTTPS
encryption automatically on sites that are known to support it, even
when you type URLs or follow links that omit the HTTPS prefix.
It should be noted that this extension does not create encryption
where it did not previously exist. Instead, it forces servers to render
the encrypted version if they try to render the unencrypted first. HTTPS
Everywhere is a “Featured” add-on in the Mozilla Library. It has more
than 179,00 users and is kept up-to-date.
The Perspectives add-on works to inform users if the certificate
associated with an encrypted site is trustworthy or not. Using its
database of server identities, the add-on will let you know if a secure
site’s certificate does not pass muster. Using it prevents man-in-the-middle attacks, lets you use self-signed certificates, and helps improve your browsing security.
Using private windows can be cumbersome:
Using this extension, you can bookmark sites in a private window. The
bookmarks are encrypted and password-protected, so only you have the
ability to use them. They are also locally stored, so there are no
issues with cloud hacking. With only 1,900+ users, this is a relatively
unknown service. It was last updated in September 2015.
9. Private Tab
Without opening a new window, you can gain all the functions of
private browsing thanks to the Private Tab add-on. Either from the file
menu or via a keyboard shortcut, you can open a private tab right next
to your normal browsing tabs. A “featured” add-on, Private Tab has more
than 70,000 users and is kept up-to-date.
Through this extension, Google cannot track searches even as the user
stays logged in on other Google services such as Youtube or Gmail. It
also removes privacy and cookie hints from the Google search page. This
add-on is recently updated, yet it has a small user base (12,000+
Cookies and Caches
A cookie is a small piece of data from a website that is stored on
your computer. Your browser looks for this data whenever you return to a
website, so it can populate the page with your information. In theory,
this makes websites easier to use. In practice, however, businesses can
use these cookies to track activity and populate your browser windows
with unwanted ads.
Your browser cache is a storage container for your visited website
data. Firefox uses this information so it does not have to reload the
same data when you re-visit a website. The advantage of the cache is
that it can speed download times because the browser does not have to
work as hard to display the website. The disadvantage, however, is that
the cache provides a different user with your browsing history.
The following Firefox security extensions are the best available cookie and cache managers for your browser.
11. Cookie Monster
Cookie Monster enables users to customize their cookie rulesets. Through its catalog of options a user can regulate:
extension offers complete cookie management. Downloaded almost 40,000
times, this add-on is rated highly (4 out of 5 star average from 260
reviews) and up-to-date.
12. Self-Destructing Cookies
Leave no cookie trace behind with this fast-acting extension. Once
installed, it automatically deletes all cookies applied by a web page
them moment the user closes the tab. A “featured” add-on by Mozilla,
Self-Destructing Cookies is up-to-date and has more than 190,000 users.
13. The Empty Cache Button
Clearing your cache is a good practice for keeping your browsing
history private. The Empty Cache Button extension helps remind Firefox
users to do exactly that. Clicking this button clears away four types of
cache files: memory, disk, offline, and favicon. It also provides
options for automatic tab reloading. One caution note: while it has a
wider user base of more than 55,000, it has not been updated since
Password Management and Generation
Password managers have become popular because many users want more
functionality than the built-in Firefox manager. The following
extensions add important features to password management and Firefox
This password manager gets our recommendation because of its power
and intuitive interface. Using one master password, the extension then
encrypts and backs up all your current passwords. Need a new one?
LastPass creates strong passwords and stores them automatically. Also,
it does not store your master password; only you maintain that
information. Plus, it has a mobile app that enables offline access to
your password data.
Cautionary Note: While LastPass has a robust user
base of 700,000+ downloads and an active update history, the reviews for
the latest version have not been stellar. Users have said it takes up
too much memory and that recent versions haven’t been working correctly.
This was not our experience in our tests, so we will continue to
recommend it for now. But we will also monitor this situation and
evaluate any future recommendations of this add-on.
Blur is an effective password manager, but it also secures your
financial/ payment data, enhance your online privacy, and offers several
security features. It works across devices and platforms. Plus, it
comes from a trusted source; Abine is a leader in consumer data
The add-on has a robust user community (207,000+ downloads) and a
decent update history. Its last update occurred in December 2015.
Browser Data Protection
Many web servers request information from your browser’s user agent.
If left unattended, the agent will disclose your browser type and
operating platform. For complete privacy, the following add-ons will
keep your Firefox browser data hidden.
16. User Agent Switcher
If you wish to mask your browser information, User Agent Switcher is a
helpful tool. Through its button and toolbar, you can create fake
browser data to share with websites. Situations where switching user agents can be helpful include:
It should be noted, however, that no update has been issued since 2011.
Cross-site requests are requests that your browser is told to make by
a website you are visiting to a completely different website. Though
usually legitimate requests, they often result in advertising companies
and other websites knowing your browsing habits, including specific
pages you view throughout the day. We’ve found the following Firefox
security add-ons to be effective against this type of attack.
17. Request Policy
This extension helps improve privacy and security by taking control
of Firefox’s cross-site requests. The default is to deny any cross-site
request, but users can customize the requests from the toolbar. It also
has an intuitive whitelisting system.
More than 80,000 users have downloaded Request Policy, but its last
update occurred in 2013. A newer version – called Request Policy
Continued – is available. It is a continuation of the original add-on.
The new version is still in Beta as of this writing. The developers are
still working on bug issues and enhancements.
The following add-ons will help enhance Firefox security and enrich
your email experience by reducing spam and unwanted advertising.
18. Bloody Vikings
Filling out forms with real email addresses often leads to spam in
your inbox. Bloody Vikings enables you to create temporary email
addresses so you can get the information or services you want without
compromising your privacy. A relatively small community (13,500+
downloads) uses this add-on. It is actively updated.
19. Adblock for Gmail
Without using much memory or CPU capacity, this extension blocks ads
in Gmail’s interface. It has a user community of more than 25,000 and
the author keeps it updated.
The add-ons discussed in this article represent top-of-the-line toolsto help protect Firefox security and privacy. There are two notable
omissions: NoScript and Web of Trust (WOT). While both of these add-ons provide quality features and have robust user communities, recent research has indicated they also have reuse vulnerabilities that may leave users open to attacks. While Firefox’s expected shift to multiprocess coding will fix these issues, we have not included them in this recommendation list.
Besides NoScript and WOT, did we miss any of your favorite Firefox security extensions? We’d love to hear from you. Leave your comment below.
看着文章写得还不错, 就直接抓过来了, 贴到论坛后的文章排版惨不忍睹, 原本想截图了事, 但很多扩展链接无法点击, 还是爬吧...
文章虽然是纯英文, 但我猜就算看图也能懂得文章所讲的核心内容, 就是安全与隐私保护.
最后我要说的是, 如果经常挂谷歌的话, 不允许cookie会有诸多不便, 所以Searchonymous扩展感觉还不错. 还有关于密码管理, 最近lesspass在amo貌似关注度还不错, 但我看了下五星的那些评论, 只是给五星而并没有提及哪些功能独特, 且4个16年注册, 1个08年或许是真, 不排除自卖自夸的可能, 换句话说, 我没体会出哪里更有优势, 粗略试装了下, 也是与lastpass同类扩展, 猜测是aes加密吧, 个人目前还是kesspass+keefox, 密码库本地管理比较稳妥, 但仍然会关注lesspass.
这些基本都囊括了我已经知道的 Firefox 的安全隐私方面主要的扩展。Noscript 有问题，好像都用的好好的吧。WOT 不推荐是正常的。
PS：啥时候推荐一些 WebExtensions 扩展？
amo上有一堆叫做User Agent Switcher或者类似名字的扩展, 甚至其中两个的xpi包名一模一样(除了版本号)
fang5566：这些基本都囊括了我已经知道的 Firefox 的安全隐私方面主要的扩展。Noscript 有问题，好像都用的好好的吧。WOT 不推荐是正常的。知道fang是半开玩笑说的, 但确实最近在翻up coming, 主要关注的就是webext扩展, 粗略过了下, 就是只看描述及截图, 一页20个扩展, 用了1个多星期, 目前翻了139页, 还未发现有亮点的扩展, 热门的webext屈指可数, ubo, tm, vm, 大多就像儿童玩具, 无含金量...
57下不知道会有多少冤魂, 预计会血流成河, vimp, fastest search, dta, ...都要挂, 到时候只能新旧版本混着用, 以esr为主