Firefox 浏览器附加组件
  • 扩展
  • 主题
    • 适用于 Firefox
    • 字典和语言包
    • 其他浏览器网站
    • 适用于 Android 的附加组件
登录
Origin Enforcer 预览

Origin Enforcer 作者: sje

Restores the control to the user and provides a security sandbox for cross domain and third party calls from websites. Websites now need your permission to make background cross domain calls, protecting you from malware and mass surveillance.

实验性实验性
3.6 (5 reviews)3.6 (5 reviews)
1 个用户1 个用户
您需要 Firefox 来使用此扩展
下载 Firefox 并安装扩展
下载文件

扩展元数据

屏幕截图
Look at all the mess of third party calls all blocked now.
You can enable 'akamaized.net' which the site seems to be using for content, which is enough to show the images, but all the other calls can remain blocked!accuweather.com does not even display! Looks at all the third party calls this site tries to make. Ditch this site immediately!Choose which third party domains the site can call. Some are legitimate, such as using another domain for content like images or videos.You can still read news on sites like yahoo.com while blocking all the tracking and surveillance calls to third parties. Here we just accept yimg.com as allowed, since it seems to be a yahoo owned domain for images.The guardian can be read without allowing any thirdparty calls. Images can be added by allowing one domain. If you want to allow images that are not displaying, right click the element, choose inspect element, and look at the image source, then you can enable that domain.Look at all that junk that is blocked! The site is still readable by blocking all that surveillance. Almost every site has google surveillance built in, so always keeep that blocked.Look at all that junk blocked! Can still read the site with all of it blocked.
关于此扩展
This is what browsers are supposed to do by default. In a proper security model, users have control, and give permissions to the websites to perform background requests to third party servers flowing out of websites. Websites should declare what third parties they use, why, and who owns the domains. But they don't, and calls especially to google and facebook in many sites let them track you everywhere. Websites secretly are making huge numbers of calls with cookies to other places on the internet without you knowing at all.

Users should decide which third party domains are ok! For too long, corporations like google and facebook have undermined internet security and hacked the http protocol to bypass security controls and take away the privacy and security of internet users. They have intentionally violated the basics of user controlled sandbox security model for mass surveillance.

This plugin intends to restore the power to the user in deciding cross domain and third party calls from websites. Websites should only make calls back to themselves, a simple principal called 'single origin' that protects users against viruses, security concerns, and surveillance. In this cross origin sandbox, the websites need your permission to make cross domain calls.

Manage which calls are allowed in the interface. You can upvote domains you allow, or downvote them to. block them. By default, only calls back the websites own domain is allowed. This will break many sites by default. Good sites, like duckduckgo.com work fine. Terrible sites may not come up at all. Some sites may be missing images since they come from another domain. If you want to see blocked images, right click the image, choose inspect element, and see the src, which domain it is coming from. Then you can allow this domain. Some sites will need many third party domains to work unfortunately. This is a simple way to allow everything for each site. You can also choose allow everything except cookies for sites that do not have a login and have should have no need for cookies.

Unfortunately browsers and websites today have granted themselves control to make any calls to anybody with cookies. This is all done under the covers, in secret, and causes a plague of malware, security issues, flood of internet spam calls and mass surveillance. Websites insert tracking and third party cross domain calls without regard, and browsers blindly go ahead and make these calls in secret without consent of the user to enable mass surveillance.

Corporations such as Google (via chrome, android, plugins, etc) and Facebook (via facebook.com and plugins) intentionally violate basic principals of user ownership and control, spread fake plugins, create fake sandboxes, and undermined security and privacy without regard for basic security norms. It is our job to stop them! This plugin restores the basic right that users control what third parties can receive calls from any site. Sites should only call back to themselves... and no others. They should referencing third party software and scripts, not load them from third parties.

This plugin enforces these basic rules regardless of what the websites wants to do, and takes back the control to the user from the broken security model of the browsers and websites. It stops the dangerous and sloppy web coding practices. It also makes visible the sloppy mess of cross domain calls going on behind the scenes on so many websites, showing the shocking state of the situation, and showing what is going on behind the scenes in secret without any user consent.

At a minimum, this plugin will expose the problem, showing the huge number of calls to thirdparties. Any site using many third parties should be rejected. You can fine tune what calls are allowed, such as allowing some needed calls, but rejecting others like to facebook or google or ad services.
评分 3.6(1 位用户)
登录以评价此扩展
目前尚无评分

已保存星级评分

5
2
4
1
3
1
2
0
1
1
阅读全部 5 条评价
权限与数据详细了解

必要权限:

  • 获取浏览器标签页
  • 访问您在所有网站的数据
更多信息
附加组件链接
  • 支持邮箱
版本
2.0
大小
31.52 KB
上次更新
5 年前 (2020年4月1日)
相关分类
  • 隐私和安全
许可证
BSD 双条款“简化”版许可证
版本历史
  • 查看所有版本
添加到收藏集
举报此附加组件
2.0 的发布说明
Added 3 modes :
- the default is enforcing the single origin rules, and allowing you to configure accepted cross origin calls by domian.
- a mode accepting all background requests, but blanket blocking all cookies. this might be useful to quickly enable all the cross origin calls, but still browse more anonymously by blocking all cookies in background requests
- a mode accepting eveything, turning off the origin enforcer for the domain

Added a way to reset the stats for a domain, so blocked calls and blocked cookie counts will reset

Better display

Better tooltips
sje 制作的更多扩展
  • 目前尚无评分

  • 目前尚无评分

  • 目前尚无评分

  • 目前尚无评分

  • 目前尚无评分

  • 目前尚无评分

转至 Mozilla 主页

附加组件

  • 关于
  • Firefox 附加组件博客
  • 扩展工坊
  • 开发者中心
  • 开发者政策
  • 社区博客
  • 论坛
  • 报告缺陷
  • 评价指南

浏览器

  • Desktop
  • Mobile
  • Enterprise

产品

  • Browsers
  • VPN
  • Relay
  • Monitor
  • Pocket
  • Bluesky (@firefox.com)
  • Instagram (Firefox)
  • YouTube (firefoxchannel)
  • 隐私
  • Cookie
  • 法律

除非另有注明,否则本网站上的内容可按知识共享 署名-相同方式共享 3.0 或更新版本使用。