阅读:6376回复:8
20个附件组件 增强火狐的安全性
20 Firefox Security Add-On Recommendations
John Norris (San Francisco-based tech blogger and vpn convert) Thanks to its open source development, Firefox is gaining market share. This article presents a comprehensive list of Firefox security add-on recommendations to keep your internet browsing, passwords, and email safe and secure. Share The combination of Firefox security add-ons and browser updates can be tricky for many users. Some extensions lose effectiveness as Firefox iterates. Others make changes to core functionality that end up backfiring. And if you have an active security extension that is no longer performing well, you may be unknowingly open to cyber-attacks. So, keeping in tune with the most effective security add-ons is imperative for your safety and privacy. In this write-up, we list our recommendations. Firefox Security Add-on Recommendation Criteria To make our list, we grouped add-ons together according to their functions and analyzed:
Through this analysis, we can provide the full picture of an add-on’s ability to improve key aspects of Firefox security and privacy. Multi-Purpose Blockers Beyond the security benefits, a focus on privacy helps streamline searches, remove visual clutter from the screen, and lessen the chance of clicking on an unwanted ad. The following Firefox security extensions offer suites of functionality to block a range of threats and unwanted browsing experiences. 1. uBlock Origin This add-on has the capability of blocking both ads and 3rd-party network requests. It has a minimal CPU footprint and enables users to load thousands of filters. The add-on author keeps versions up-to-date; as of this writing, version 1.7 had been updated on May 1. It also has a large base of more than 1 million users. 2. Adblock Plus One of the most popular extension in the Firefox catalog, this general privacy suite blocks known malware domains, removes social media buttons, and disables trackers. As it iterates, Adblock Plus is becoming customizable, allowing users to design filters that block certain features while allowing others. It has more than 20 million users and the author updated the current version regularly. 3. uMatrix For advanced users, uMatrix enables a high degree of web security. This evolution of the legacy add-on HTTP Switchboard is essentially a dynamic firewall that is set to block all/enable exceptionally mode. This means it will block most net requests until you whitelist the requests you deem safe. Even if you switch to allow all/block exceptionally mode, the extension still protects you from its library of 62,000+ blacklisted hostnames. Regularly updated, uMatrix has more than 37,000 users. Tracking Privacy and security have been sorely compromised with the explosion of web analytics. Businesses claim tracking is key to improving services and offerings. The government argues tracking enhances national security. So, for better or worse, web tracking is here to stay. But many people don’t want companies to know how they arrived at their websites. Others would rather not leave a trail for the government to follow. For this group, a tracking blocker is an essential Firefox security add-on. Here are our recommendations. 4. Disconnect Blocks 2,000+ tracking sites, which helps pages load up to 27% faster. This is a fast and simple add-on, which pleases many users, and it offers quick whitelisting to limit intrusiveness. One downside, however, is that it does not allow users to specify trackers to block. Another downside: Disconnect must be added first if you want to view its blocking information. This means you need to:
5. RefControl In terms of analytics, referrer tracking is one of the most important functions. Through browser requests that are mostly invisible to users, a website can learn where its traffic comes from. In many instances, however, a user may not want to divulge this cross-site information. With RefControl, you can create a fake “referrer” site, which helps eliminate cross-site tracking. One note of caution: RefControl has not been updated since December 2014. Encryption Finding the green HTTPS lock while surfing offers a respite in the web security storm. The following Firefox security extensions, however, help extend the shelter. 6. HTTPS Everywhere This extension protects your communications by enabling HTTPS encryption automatically on sites that are known to support it, even when you type URLs or follow links that omit the HTTPS prefix. It should be noted that this extension does not create encryption where it did not previously exist. Instead, it forces servers to render the encrypted version if they try to render the unencrypted first. HTTPS Everywhere is a “Featured” add-on in the Mozilla Library. It has more than 179,00 users and is kept up-to-date. 7. Perspectives The Perspectives add-on works to inform users if the certificate associated with an encrypted site is trustworthy or not. Using its database of server identities, the add-on will let you know if a secure site’s certificate does not pass muster. Using it prevents man-in-the-middle attacks, lets you use self-signed certificates, and helps improve your browsing security. Privacy Using private windows can be cumbersome:
8. Hush Using this extension, you can bookmark sites in a private window. The bookmarks are encrypted and password-protected, so only you have the ability to use them. They are also locally stored, so there are no issues with cloud hacking. With only 1,900+ users, this is a relatively unknown service. It was last updated in September 2015. 9. Private Tab Without opening a new window, you can gain all the functions of private browsing thanks to the Private Tab add-on. Either from the file menu or via a keyboard shortcut, you can open a private tab right next to your normal browsing tabs. A “featured” add-on, Private Tab has more than 70,000 users and is kept up-to-date. 10. Searchonymous Through this extension, Google cannot track searches even as the user stays logged in on other Google services such as Youtube or Gmail. It also removes privacy and cookie hints from the Google search page. This add-on is recently updated, yet it has a small user base (12,000+ downloads). Cookies and Caches A cookie is a small piece of data from a website that is stored on your computer. Your browser looks for this data whenever you return to a website, so it can populate the page with your information. In theory, this makes websites easier to use. In practice, however, businesses can use these cookies to track activity and populate your browser windows with unwanted ads. Your browser cache is a storage container for your visited website data. Firefox uses this information so it does not have to reload the same data when you re-visit a website. The advantage of the cache is that it can speed download times because the browser does not have to work as hard to display the website. The disadvantage, however, is that the cache provides a different user with your browsing history. The following Firefox security extensions are the best available cookie and cache managers for your browser. 11. Cookie Monster Cookie Monster enables users to customize their cookie rulesets. Through its catalog of options a user can regulate:
extension offers complete cookie management. Downloaded almost 40,000 times, this add-on is rated highly (4 out of 5 star average from 260 reviews) and up-to-date. 12. Self-Destructing Cookies Leave no cookie trace behind with this fast-acting extension. Once installed, it automatically deletes all cookies applied by a web page them moment the user closes the tab. A “featured” add-on by Mozilla, Self-Destructing Cookies is up-to-date and has more than 190,000 users. 13. The Empty Cache Button Clearing your cache is a good practice for keeping your browsing history private. The Empty Cache Button extension helps remind Firefox users to do exactly that. Clicking this button clears away four types of cache files: memory, disk, offline, and favicon. It also provides options for automatic tab reloading. One caution note: while it has a wider user base of more than 55,000, it has not been updated since September 2014. Password Management and Generation Password managers have become popular because many users want more functionality than the built-in Firefox manager. The following extensions add important features to password management and Firefox security. 14. LastPass This password manager gets our recommendation because of its power and intuitive interface. Using one master password, the extension then encrypts and backs up all your current passwords. Need a new one? LastPass creates strong passwords and stores them automatically. Also, it does not store your master password; only you maintain that information. Plus, it has a mobile app that enables offline access to your password data. Cautionary Note: While LastPass has a robust user base of 700,000+ downloads and an active update history, the reviews for the latest version have not been stellar. Users have said it takes up too much memory and that recent versions haven’t been working correctly. This was not our experience in our tests, so we will continue to recommend it for now. But we will also monitor this situation and evaluate any future recommendations of this add-on. 15. Blur Blur is an effective password manager, but it also secures your financial/ payment data, enhance your online privacy, and offers several security features. It works across devices and platforms. Plus, it comes from a trusted source; Abine is a leader in consumer data security. The add-on has a robust user community (207,000+ downloads) and a decent update history. Its last update occurred in December 2015. Browser Data Protection Many web servers request information from your browser’s user agent. If left unattended, the agent will disclose your browser type and operating platform. For complete privacy, the following add-ons will keep your Firefox browser data hidden. 16. User Agent Switcher If you wish to mask your browser information, User Agent Switcher is a helpful tool. Through its button and toolbar, you can create fake browser data to share with websites. Situations where switching user agents can be helpful include:
It should be noted, however, that no update has been issued since 2011. Cross-Site Requests Cross-site requests are requests that your browser is told to make by a website you are visiting to a completely different website. Though usually legitimate requests, they often result in advertising companies and other websites knowing your browsing habits, including specific pages you view throughout the day. We’ve found the following Firefox security add-ons to be effective against this type of attack. 17. Request Policy This extension helps improve privacy and security by taking control of Firefox’s cross-site requests. The default is to deny any cross-site request, but users can customize the requests from the toolbar. It also has an intuitive whitelisting system. More than 80,000 users have downloaded Request Policy, but its last update occurred in 2013. A newer version – called Request Policy Continued – is available. It is a continuation of the original add-on. The new version is still in Beta as of this writing. The developers are still working on bug issues and enhancements. Email Privacy The following add-ons will help enhance Firefox security and enrich your email experience by reducing spam and unwanted advertising. 18. Bloody Vikings Filling out forms with real email addresses often leads to spam in your inbox. Bloody Vikings enables you to create temporary email addresses so you can get the information or services you want without compromising your privacy. A relatively small community (13,500+ downloads) uses this add-on. It is actively updated. 19. Adblock for Gmail Without using much memory or CPU capacity, this extension blocks ads in Gmail’s interface. It has a user community of more than 25,000 and the author keeps it updated. Conclusion The add-ons discussed in this article represent top-of-the-line toolsto help protect Firefox security and privacy. There are two notable omissions: NoScript and Web of Trust (WOT). While both of these add-ons provide quality features and have robust user communities, recent research has indicated they also have reuse vulnerabilities that may leave users open to attacks. While Firefox’s expected shift to multiprocess coding will fix these issues, we have not included them in this recommendation list. Besides NoScript and WOT, did we miss any of your favorite Firefox security extensions? We’d love to hear from you. Leave your comment below. 看着文章写得还不错, 就直接抓过来了, 贴到论坛后的文章排版惨不忍睹, 原本想截图了事, 但很多扩展链接无法点击, 还是爬吧... 文章虽然是纯英文, 但我猜就算看图也能懂得文章所讲的核心内容, 就是安全与隐私保护. 最后我要说的是, 如果经常挂谷歌的话, 不允许cookie会有诸多不便, 所以Searchonymous扩展感觉还不错. 还有关于密码管理, 最近lesspass在amo貌似关注度还不错, 但我看了下五星的那些评论, 只是给五星而并没有提及哪些功能独特, 且4个16年注册, 1个08年或许是真, 不排除自卖自夸的可能, 换句话说, 我没体会出哪里更有优势, 粗略试装了下, 也是与lastpass同类扩展, 猜测是aes加密吧, 个人目前还是kesspass+keefox, 密码库本地管理比较稳妥, 但仍然会关注lesspass. |
|
1楼#
发布于:2017-06-07 08:42
LessPass与LastPass好像不太一样,是“花蜜”那种按配置(方案)和暗号(主口令)用算法生成密码的软件。
它的同步是可选功能。感觉它目前不是很方便和可靠。默认配置就有符号,适用性不高吧。配置没记牢就糟糕了。 |
|
2楼#
发布于:2017-06-07 09:45
这些基本都囊括了我已经知道的 Firefox 的安全隐私方面主要的扩展。Noscript 有问题,好像都用的好好的吧。WOT 不推荐是正常的。
PS:啥时候推荐一些 WebExtensions 扩展? |
|
|
3楼#
发布于:2017-06-07 11:55
amo上有一堆叫做User Agent Switcher或者类似名字的扩展, 甚至其中两个的xpi包名一模一样(除了版本号)
辨识度超低... 在法律规定隐藏个人隐私为非法的国家, 这些扩展只是个笑话 |
|
|
4楼#
发布于:2017-06-07 13:09
可惜安卓Firefox没有什么能导出cookies的扩展
电脑上没baidu的cookies,现在登百度网盘要验证手机号,手机上还登着,想把cookies导过来 目前只想到一个办法:电脑手机版都登上firefox账号开启同步,不过听所火狐的同步很坑,不敢用,万一把我手机上的cookies也给弄没了就真得验证手机去了 |
|
5楼#
发布于:2017-06-07 22:51
fang5566:这些基本都囊括了我已经知道的 Firefox 的安全隐私方面主要的扩展。Noscript 有问题,好像都用的好好的吧。WOT 不推荐是正常的。知道fang是半开玩笑说的, 但确实最近在翻up coming, 主要关注的就是webext扩展, 粗略过了下, 就是只看描述及截图, 一页20个扩展, 用了1个多星期, 目前翻了139页, 还未发现有亮点的扩展, 热门的webext屈指可数, ubo, tm, vm, 大多就像儿童玩具, 无含金量... 57下不知道会有多少冤魂, 预计会血流成河, vimp, fastest search, dta, ...都要挂, 到时候只能新旧版本混着用, 以esr为主 |
|
6楼#
发布于:2017-06-07 23:59
|
|
|
7楼#
发布于:2017-06-08 12:53
|
|
8楼#
发布于:2017-06-09 10:21
|
|