Script Safe for Firefox: better privacy and security controls
Script Safe, a popular extension for the Google Chrome web browser, has been ported to the Firefox web browser by its author.
Tip: check out our review of Script Safe for Chrome if you use the browser, or another Chromium-based browser.
Script Safe is a privacy and security extension that gives Firefox users better control over what gets loaded when web pages are opened in the browser, and what web pages may do or access.
Script Safe for Firefox
The extension is configured to block many elements that sites may load by default. This includes scripts, iframes, embedded objects, and audio or video content. In fact, the only elements that websites are allowed to load, besides the actual HTML page and stylesheet are images, Noscript elements, and Data URLs.
You can change this default behavior in the program settings. There you may switch from block to allow mode if you prefer that for instance, and customize the default behavior in detail.
The extension adds an icon to the main Firefox toolbar. A click on it displays either nothing at all, if you use the default block mode, or the connections that the site makes.
This default behavior, of not showing any connections, is a bit problematic from a usability point of view. While this may not be an issue if the site works as expected, you cannot control individual connections unless you set the main domain to "allow".
You may need to do a hard refresh of the page afterwards (using Ctrl-F5) as the list of connections is not displayed otherwise.
You control each connection a site makes individually, so that you may allow or block individual connections, trust or distrust them.
Script Safe supports whitelisting and blacklisting which automates the functionality. Use it to whitelist trusted sites or connections that are required for functionality that you need, or to blacklist sites that you distrust.
Script Safe uses several hosts file lists to block unwanted content regardless of the mode the extension is run in. This means basically that it will block many advertisement, malware or tracking domains even if you set the program to allow mode, or allow connections on a particular site temporarily. You can still whitelist these domains manually, but there is a setting that prevents these from being loaded even if whitelist.
What more? Script Safe blocks unwanted cookies from the same range of domains as well, protects the local IP address from leaking when WebRTC is used, and blocks so called web bugs on top of that.
You can add the following blocking options on top of all that:
- Block social widgets, e.g. Facebook like buttons.
- Remove Google Analytics tracking.
- Block click-through referrer information.
- Spoof the user-agent, referrer, or timezone (does not work in Firefox properly it seems).
- Various fingerprinting protections: plugin enumeration, canvas fingerprinting, audio fingerprinting, WebGL fingerprinting, battery fingerprinting, device enumeration, gamepad enumeration, WebVR enumeration, Bluetooth enumeration, Canvas font access, client rectangles, clipboard interference, reduce keyboard fingerprinting
You are probably wondering how Script Safe compares to NoScript or uMatrix. Script Safe has a couple of usability issues, but the WebExtensions version of NoScript has them also. The main issue with ScriptSafe is that while it comes with an auto-reload feature that is enabled by default, that it does not work properly (at least not on the system I tested it on as I had to force refresh the page to get the changes to apply).
Script Safe adds fingerprinting and other privacy protections and enhancements to the browser however, more than many anti-fingerprinting extensions offer.
The first version of Script Safe for Firefox is up to a promising start. The developer needs to sort out some features of the extension, and work on the usability part as well. I can see this become a very popular extension though in the long run.
Now You: Which privacy / security extensions do you run?