skytalk
热心会员
热心会员
  • UID32994
  • 注册日期2010-06-06
  • 最后登录2023-07-07
  • 发帖数652
  • 经验1061枚
  • 威望3点
  • 贡献值1292点
  • 好评度154点
  • 社区居民
  • 忠实会员
阅读:6376回复:8

20个附件组件 增强火狐的安全性

楼主#
更多 发布于:2017-06-07 00:34
20 Firefox Security Add-On Recommendations





John Norris
(San Francisco-based tech blogger and vpn convert)

Thanks to its open source development, Firefox is gaining market
share. This article presents a comprehensive list of Firefox security
add-on recommendations to keep your internet browsing, passwords, and
email safe and secure. Share

The combination of Firefox security add-ons and browser updates can
be tricky for many users. Some extensions lose effectiveness as Firefox
iterates. Others make changes to core functionality that end up
backfiring. And if you have an active security extension that is no
longer performing well, you may be unknowingly open to cyber-attacks.
So, keeping in tune with the most effective security add-ons is
imperative for your safety and privacy. In this write-up, we list our
recommendations.


Firefox Security Add-on Recommendation Criteria

To make our list, we grouped add-ons together according to their functions and analyzed:
  • Out-of-the-box features
  • Customizing options
  • Effectiveness as reported by user ratings
  • Update activity
  • User community size

Through this analysis, we can provide the full picture of an add-on’s
 ability to improve key aspects of Firefox security and privacy.


Multi-Purpose Blockers
Beyond the security benefits, a focus on privacy helps streamline
searches, remove visual clutter from the screen, and lessen the chance
of clicking on an unwanted ad. The following Firefox security extensions
 offer suites of
 functionality to block a range of threats and unwanted browsing experiences.

1. uBlock Origin
This add-on has the capability of blocking both ads and 3rd-party
 network requests. It has a minimal CPU footprint and enables users to
load thousands of filters. The add-on author keeps versions up-to-date;
as of this writing, version 1.7 had been updated on May 1. It also has a
 large base of more than 1 million users.



2. Adblock Plus
One of the most popular extension in the Firefox catalog, this
general privacy suite blocks known malware domains, removes social media
 buttons, and disables trackers. As it iterates, Adblock Plus is
becoming customizable, allowing users to design filters that block
certain features while allowing others. It has more than 20 million
users and the author updated the current version regularly.



3. uMatrix
For advanced users, uMatrix enables a high degree of web security. This
 evolution of the legacy add-on HTTP Switchboard is essentially a dynamic
 firewall that is set to block all/enable exceptionally mode. This means
 it will block most net requests until you whitelist the requests you
deem safe. Even if you switch to allow all/block exceptionally mode, the
 extension still protects you from its library of 62,000+ blacklisted
hostnames. Regularly updated, uMatrix has more than 37,000 users.




Tracking
Privacy and security have been sorely compromised with the explosion
of web analytics. Businesses claim tracking is key to improving services
 and offerings. The government argues tracking enhances national
security. So, for better or worse, web tracking is here to stay.
But many people don’t want companies to know how they arrived at
their websites. Others would rather not leave a trail for the government
 to follow. For this group, a tracking blocker is an essential Firefox
security add-on. Here are our recommendations.

4. Disconnect
Blocks 2,000+ tracking sites, which helps pages load up to 27%
faster. This is a fast and simple add-on, which pleases many users, and
it offers quick whitelisting to limit intrusiveness.
One downside, however, is that it does not allow users to specify
trackers to block. Another downside: Disconnect must be added first if
you want to view its blocking information.
This means you need to:
  1. Uninstall all other filtering extensions.
  2. Install Disconnect.
  3. Reinstall your other filtering extensions (like Adblock Plus)
  4. Last updated in January 2015, Disconnect has more than 280,000 users.



5. RefControl
In terms of analytics, referrer tracking is one of the most important
 functions. Through browser requests that are mostly invisible to users,
 a website can learn where its traffic comes from. In many instances,
however, a user may not want to divulge this cross-site information.
With RefControl, you can create a fake “referrer” site, which helps
eliminate cross-site tracking. One  note of caution: RefControl has not
been updated since December 2014.



Encryption
Finding the green HTTPS lock while surfing offers a respite in the
web security storm. The following Firefox security extensions, however,
help extend the shelter.

6. HTTPS Everywhere


This extension protects your communications by enabling HTTPS
encryption automatically on sites that are known to support it, even
when you type URLs or follow links that omit the HTTPS prefix.
It should be noted that this extension does not create encryption
where it did not previously exist. Instead, it forces servers to render
the encrypted version if they try to render the unencrypted first. HTTPS
 Everywhere is a “Featured” add-on in the Mozilla Library. It has more
than 179,00 users and is kept up-to-date.


7. Perspectives
The Perspectives add-on works to inform users if the certificate
associated with an encrypted site is trustworthy or not. Using its
database of server identities, the add-on will let you know if a secure
site’s certificate does not pass muster. Using it prevents man-in-the-middle attacks, lets you use self-signed certificates, and helps improve your browsing security.



Privacy
Using private windows can be cumbersome:
  • A whole new window has to open.
  • Bookmarks don’t work.
  • Super cookies can still show your browsing history even if you are in a private window
These Firefox security extensions help improve the entire “private” browsing experience.

8. Hush


Using this extension, you can bookmark sites in a private window. The
 bookmarks are encrypted and password-protected, so only you have the
ability to use them. They are also locally stored, so there are no
issues with cloud hacking. With only 1,900+ users, this is a relatively
unknown service. It was last updated in September 2015.


9. Private Tab
Without opening a new window, you can gain all the functions of
private browsing thanks to the Private Tab add-on. Either from the file
menu or via a keyboard shortcut, you can open a private tab right next
to your normal browsing tabs. A “featured” add-on, Private Tab has more
than 70,000 users and is kept up-to-date.



10. Searchonymous
Through this extension, Google cannot track searches even as the user
 stays logged in on other Google services such as Youtube or Gmail. It
also removes privacy and cookie hints from the Google search page. This
add-on is recently updated, yet it has a small user base (12,000+
downloads).



Cookies and Caches
A cookie is a small piece of data from a website that is stored on
your computer. Your browser looks for this data whenever you return to a
 website, so it can populate the page with your information. In theory,
this makes websites easier to use. In practice, however, businesses can
use these cookies to track activity and populate your browser windows
with unwanted ads.
Your browser cache is a storage container for your visited website
data. Firefox uses this information so it does not have to reload the
same data when you re-visit a website. The advantage of the cache is
that it can speed download times because the browser does not have to
work as hard to display the website. The disadvantage, however, is that
the cache provides a different user with your browsing history.
The following Firefox security extensions are the best available cookie and cache managers for your browser.


11. Cookie Monster
Cookie Monster enables users to customize their cookie rulesets. Through its catalog of options a user can regulate:
  • What sites can set cookies and what sites cannot
  • Acceptable cookies versus unacceptable ones
  • When and how to delete cookies
Through features such as temporary permission, block all/block just 3rd party cookies, and “view cookie” options for current/all sites, this
extension offers complete cookie management. Downloaded almost 40,000
times, this add-on is rated highly (4 out of 5 star average from 260
reviews) and up-to-date.



12. Self-Destructing Cookies
Leave no cookie trace behind with this fast-acting extension. Once
installed, it automatically deletes all cookies applied by a web page
them moment the user closes the tab. A “featured” add-on by Mozilla,
Self-Destructing Cookies is up-to-date and has more than 190,000 users.



13. The Empty Cache Button
Clearing your cache is a good practice for keeping your browsing
history private. The Empty Cache Button extension helps remind Firefox
users to do exactly that. Clicking this button clears away four types of
 cache files: memory, disk, offline, and favicon. It also provides
options for automatic tab reloading. One caution note: while it has a
wider user base of more than 55,000, it has not been updated since
September 2014.



Password Management and Generation
Password managers have become popular because many users want more
functionality than the built-in Firefox manager. The following
extensions add important features to password management and Firefox
security.

14. LastPass
This password manager gets our recommendation because of its power
and intuitive interface. Using one master password, the extension then
encrypts and backs up all your current passwords. Need a new one?
LastPass creates strong passwords and stores them automatically. Also,
it does not store your master password; only you maintain that
information. Plus, it has a mobile app that enables offline access to
your password data.

Cautionary Note: While LastPass has a robust user
base of 700,000+ downloads and an active update history, the reviews for
 the latest version have not been stellar. Users have said it takes up
too much memory and that recent versions haven’t been working correctly.
 This was not our experience in our tests, so we will continue to
recommend it for now. But we will also monitor this situation and
evaluate any future recommendations of this add-on.


15. Blur
Blur is an effective password manager, but it also secures your
financial/ payment data, enhance your online privacy, and offers several
 security features. It works across devices and platforms. Plus, it
comes from a trusted source; Abine is a leader in consumer data
security.
The add-on has a robust user community (207,000+ downloads) and a
decent update history. Its last update occurred in December 2015.



Browser Data Protection
Many web servers request information from your browser’s user agent.
If left unattended, the agent will disclose your browser type and
operating platform. For complete privacy, the following add-ons will
keep your Firefox browser data hidden.

16. User Agent Switcher
If you wish to mask your browser information, User Agent Switcher is a
 helpful tool. Through its button and toolbar, you can create fake
browser data to share with websites. Situations where switching user agents can be helpful include:
  • Displaying websites that say they are solely for Internet Explorer
  • Viewing a mobile website on a desktop
  • Getting past registration screens using the Googlebot agent
Another add-on featured by Mozilla, it has more than 300,000 users.
It should be noted, however, that no update has been issued since 2011.



Cross-Site Requests
Cross-site requests are requests that your browser is told to make by
 a website you are visiting to a completely different website. Though
usually legitimate requests, they often result in advertising companies
and other websites knowing your browsing habits, including specific
pages you view throughout the day. We’ve found the following Firefox
security add-ons to be effective against this type of attack.

17. Request Policy


This extension helps improve privacy and security by taking control
of Firefox’s cross-site requests. The default is to deny any cross-site
request, but users can customize the requests from the toolbar. It also
has an intuitive whitelisting system.
More than 80,000 users have downloaded Request Policy, but its last
update occurred in 2013. A newer version – called Request Policy
Continued – is available. It is a continuation of the original add-on.
The new version is still in Beta as of this writing. The developers are
still working on bug issues and enhancements.


Email Privacy
The following add-ons will help enhance Firefox security and enrich
your email experience by reducing spam and unwanted advertising.

18. Bloody Vikings


Filling out forms with real email addresses often leads to spam in
your inbox. Bloody Vikings enables you to create temporary email
addresses so you can get the information or services you want without
compromising your privacy. A relatively small community (13,500+
downloads) uses this add-on. It is actively updated.



19. Adblock for Gmail
Without using much memory or CPU capacity, this extension blocks ads
in Gmail’s interface. It has a user community of more than 25,000 and
the author keeps it updated.



Conclusion
The add-ons discussed in this article represent top-of-the-line toolsto help protect Firefox security and privacy. There are two notable
omissions: NoScript and Web of Trust (WOT). While both of these add-ons provide quality features and have robust user communities, recent research has indicated they also have reuse vulnerabilities that may leave users open to attacks. While Firefox’s expected shift to multiprocess coding will fix these issues, we have not included them in this recommendation list.
Besides NoScript and WOT, did we miss any of your favorite Firefox security extensions? We’d love to hear from you. Leave your comment below.


看着文章写得还不错, 就直接抓过来了, 贴到论坛后的文章排版惨不忍睹, 原本想截图了事, 但很多扩展链接无法点击, 还是爬吧...
文章虽然是纯英文, 但我猜就算看图也能懂得文章所讲的核心内容, 就是安全与隐私保护.

最后我要说的是, 如果经常挂谷歌的话, 不允许cookie会有诸多不便, 所以Searchonymous扩展感觉还不错. 还有关于密码管理, 最近lesspass在amo貌似关注度还不错, 但我看了下五星的那些评论, 只是给五星而并没有提及哪些功能独特, 且4个16年注册, 1个08年或许是真, 不排除自卖自夸的可能, 换句话说, 我没体会出哪里更有优势, 粗略试装了下, 也是与lastpass同类扩展, 猜测是aes加密吧, 个人目前还是kesspass+keefox, 密码库本地管理比较稳妥, 但仍然会关注lesspass.

最新喜欢:

fang5566fang55... yfdyh000yfdyh0...
yfdyh000
千年狐狸
千年狐狸
  • UID29079
  • 注册日期2009-06-07
  • 最后登录2022-05-18
  • 发帖数2262
  • 经验1390枚
  • 威望0点
  • 贡献值52点
  • 好评度139点
  • 社区居民
  • 最爱沙发
  • 忠实会员
1楼#
发布于:2017-06-07 08:42
LessPass与LastPass好像不太一样,是“花蜜”那种按配置(方案)和暗号(主口令)用算法生成密码的软件。

它的同步是可选功能。感觉它目前不是很方便和可靠。默认配置就有符号,适用性不高吧。配置没记牢就糟糕了。
fang5566
管理员
管理员
  • UID3719
  • 注册日期2005-03-07
  • 最后登录2024-10-03
  • 发帖数18485
  • 经验4839枚
  • 威望5点
  • 贡献值4316点
  • 好评度1117点
  • 社区居民
  • 最爱沙发
  • 忠实会员
  • 终身成就
2楼#
发布于:2017-06-07 09:45
这些基本都囊括了我已经知道的 Firefox 的安全隐私方面主要的扩展。Noscript 有问题,好像都用的好好的吧。WOT 不推荐是正常的。




PS:啥时候推荐一些 WebExtensions 扩展?
Firefox More than meets your experience
白左
千年狐狸
千年狐狸
  • UID34985
  • 注册日期2010-12-29
  • 最后登录2024-09-21
  • 发帖数2039
  • 经验655枚
  • 威望0点
  • 贡献值364点
  • 好评度69点
  • 社区居民
  • 忠实会员
3楼#
发布于:2017-06-07 11:55
amo上有一堆叫做User Agent Switcher或者类似名字的扩展, 甚至其中两个的xpi包名一模一样(除了版本号)
辨识度超低...

在某社会主义初级阶段国家, 部分隐私扩展没什么卵用. 没有扩展可以让你不用把手机号暴露给百度就能在贴吧发帖, 也没有扩展可以让你不用把手机号暴露给B站就能在视频里发弹幕

在法律规定隐藏个人隐私为非法的国家, 这些扩展只是个笑话
-いたんですか? -ええ、ずっと
infinity
狐狸大王
狐狸大王
  • UID48261
  • 注册日期2014-12-18
  • 最后登录2024-08-11
  • 发帖数352
  • 经验350枚
  • 威望0点
  • 贡献值96点
  • 好评度34点
  • 社区居民
  • 忠实会员
4楼#
发布于:2017-06-07 13:09
可惜安卓Firefox没有什么能导出cookies的扩展
电脑上没baidu的cookies,现在登百度网盘要验证手机号,手机上还登着,想把cookies导过来
目前只想到一个办法:电脑手机版都登上firefox账号开启同步,不过听所火狐的同步很坑,不敢用,万一把我手机上的cookies也给弄没了就真得验证手机去了
skytalk
热心会员
热心会员
  • UID32994
  • 注册日期2010-06-06
  • 最后登录2023-07-07
  • 发帖数652
  • 经验1061枚
  • 威望3点
  • 贡献值1292点
  • 好评度154点
  • 社区居民
  • 忠实会员
5楼#
发布于:2017-06-07 22:51
fang5566:这些基本都囊括了我已经知道的 Firefox 的安全隐私方面主要的扩展。Noscript 有问题,好像都用的好好的吧。WOT 不推荐是正常的。




PS:啥时候推荐一些 WebExtensions 扩展?
回到原帖
知道fang是半开玩笑说的, 但确实最近在翻up coming, 主要关注的就是webext扩展, 粗略过了下, 就是只看描述及截图, 一页20个扩展, 用了1个多星期, 目前翻了139页, 还未发现有亮点的扩展, 热门的webext屈指可数, ubo, tm, vm, 大多就像儿童玩具, 无含金量...
57下不知道会有多少冤魂, 预计会血流成河, vimp, fastest search, dta, ...都要挂, 到时候只能新旧版本混着用, 以esr为主
fang5566
管理员
管理员
  • UID3719
  • 注册日期2005-03-07
  • 最后登录2024-10-03
  • 发帖数18485
  • 经验4839枚
  • 威望5点
  • 贡献值4316点
  • 好评度1117点
  • 社区居民
  • 最爱沙发
  • 忠实会员
  • 终身成就
6楼#
发布于:2017-06-07 23:59
skytalk:知道fang是半开玩笑说的, 但确实最近在翻up coming, 主要关注的就是webext扩展, 粗略过了下, 就是只看描述及截图, 一页20个扩展, 用了1个多星期, 目前翻了139页, 还未发现有亮点的扩展, 热门的webext屈指可...回到原帖
也是没办法,当年我嘲笑chrome 简单鸡肋,没想到有一天ff也是这样。今后扩展可玩性也会大大降低,大家还是拼性能吧
Firefox More than meets your experience
myhead
火狐狸
火狐狸
  • UID46565
  • 注册日期2014-07-04
  • 最后登录2020-04-14
  • 发帖数107
  • 经验92枚
  • 威望0点
  • 贡献值20点
  • 好评度8点
7楼#
发布于:2017-06-08 12:53
infinity:可惜安卓Firefox没有什么能导出cookies的扩展
电脑上没baidu的cookies,现在登百度网盘要验证手机号,手机上还登着,想把cookies导过来
目前只想到一个办法:电脑手机版都登上firefox账号开启同步,不过听所火狐的...
回到原帖
导出cookies并不需要拓展。而且firefox同步应该也不同步cookies。
你需要做的只是抓包,好比说用packet capture,支持截取ssl的内容。
不过我觉得就算你有cookies了也用不久,不如找个google voice这样的网络号码应付一下。
infinity
狐狸大王
狐狸大王
  • UID48261
  • 注册日期2014-12-18
  • 最后登录2024-08-11
  • 发帖数352
  • 经验350枚
  • 威望0点
  • 贡献值96点
  • 好评度34点
  • 社区居民
  • 忠实会员
8楼#
发布于:2017-06-09 10:21
myhead:导出cookies并不需要拓展。而且firefox同步应该也不同步cookies。
你需要做的只是抓包,好比说用packet capture,支持截取ssl的内容。
不过我觉得就算你有cookies了也用不久,不如找个google voic...
回到原帖
是的,它居然不同步cookies,无语。我最后发现chrome里是登着账号的,就把cookies倒腾过来了。
游客

返回顶部