Comparison with other tools » History » Version 11
0gitnick, 03/01/2022 08:11 PM
Add JShelter to wiki
1 | 1 | jahoti | # Comparison with other extensions |
---|---|---|---|
2 | |||
3 | 5 | jahoti | The functionality of Haketilo partially overlaps with that of other extensions. None of those, however, is sufficient for our goal of liberating the web and hence the need to create a new one. |
4 | 1 | jahoti | |
5 | {{toc}} |
||
6 | |||
7 | ## LibreJS |
||
8 | 6 | jahoti | Of existing extensions [LibreJS](https://www.gnu.org/software/librejs/) seems to be the only one with a software-freedom-oriented goal. It inspects sites' scripts in search of license notices in a specified format. If it decides a given script is libre software or otherwise trivial, it allows it to run. |
9 | 1 | jahoti | |
10 | 6 | jahoti | While LibreJS shares many of its social aims with Haketilo, its scope is narrower, limited to script blocking (and not replacement or injection) for HTTP/S pages in Mozilla-derived browsers. |
11 | 1 | jahoti | |
12 | 9 | koszko | More fundamentally, there is also a difference in the underlying assumptions about webmasters. Whereas Haketilo takes an adverserial view, refusing to trust or expect co-operation by default, LibreJS more charitably gives them greater freedom to choose what scripts run in users' browsers at the cost of more burdensome license notice requirements. It should be noted that Haketilo's script blocking can be disabled, allowing for example LibreJS to be used for script blocking instead. |
13 | 1 | jahoti | |
14 | ## NoScript |
||
15 | 3 | jahoti | [NoScript](https://noscript.net/) is an extension often used as a content blocker, but it actually does a bit more and is more properly described as a security suite. It can be used to block scripts on per-site basis and works with both Firefox- and Chromium-derived browsers. NoScript author, Giorgio Maone, has also worked on LibreJS as an FSF contractor. |
16 | 1 | jahoti | |
17 | NoScript, while sometimes useful for the task of blocking nonfree javascript, is not by itself fully freedom-oriented and for example has youtube.com in its default site whitelist. NoScript's codebase is rather complex and hard to read. |
||
18 | |||
19 | ## uBlock Origin |
||
20 | 3 | jahoti | Often abbreviated as "UBO", [uBlock Origin](https://ublockorigin.com/) is a selective content blocker. It gives quite fine-grained control over what kinds of elements are allowed to load, including the possibility of blocking third-party resources on a per-domain basis. Both Firefox and Chrome are supported. |
21 | 1 | jahoti | |
22 | UBO is able to load and apply adware and spyware blacklists from several sources, which makes it able to function as an ad-blocker. However, what's more relevant for people who want to block all nonfree javascript is that UBO's codebase, although big, is rather clean and readable. |
||
23 | |||
24 | ## uMatrix |
||
25 | 7 | koszko | The [uMatrix extension](https://github.com/gorhill/uMatrix) is UBO's twin. Developed by the same author, these 2 share part of their codebase. While UBO can be used rather easily, uMatrix was a content blocker aimed at more advanced users. |
26 | 1 | jahoti | |
27 | ## Greasemonkey |
||
28 | 4 | jahoti | The extensions discussed so far have all been content blockers. [Greasemonkey](https://www.greasespot.net/), on the other hand, makes it possible to execute custom scripts on websites. These are usually referred to as "user scripts" and there are even sites (well, at least one) for sharing these between users. Greasemonkey only supports Firefox-derived browsers. |
29 | 1 | jahoti | |
30 | 10 | koszko | People often point at Greasemonkey as a possible solution when told about the need for a facility to replace sites' native javascript. Indeed, Greasemonkey could be used to achieve that. The fact that it doesn't block the original scripts is a small problem, giving the necessity of running some content blocker next to it. While generally suboptimal, this setup would be acceptable as a temporary solution. |
31 | |||
32 | At the time of writing Greasemonkey doesn't execute user scripts in the context of a page but rather in the more privileged context of WebExtensions content scripts[^1]. This might change with policy changes to extension stores[^2]. The current approach brings in security issues, although largely mitigated by the use of sandbox. There might also be incompatibilities with scripts failing to execute the way they would in the usual context. These incompatibilities could possibly also be bypassed in some way. |
||
33 | |||
34 | [^1]: https://github.com/greasemonkey/greasemonkey/blob/efd22a93121225ada47f2fe9f021af0ab6100c21/src/bg/execute.js#L20 |
||
35 | [^2]: https://developer.chrome.com/docs/extensions/mv3/intro/mv3-overview/#remotely-hosted-code |
||
36 | |||
37 | Site's CSP rules cause yet another possible issue when customizing pages using Greasemonkey[^3]. In some cases they may block custom injected elements like `<script>`s and `<img>`s. |
||
38 | |||
39 | [^3]: https://github.com/greasemonkey/greasemonkey/issues/2046 |
||
40 | 3 | jahoti | |
41 | ## ViolentMonkey |
||
42 | |||
43 | 4 | jahoti | [ViolentMonkey](https://violentmonkey.github.io) is similar to and largely compatible with Greasemonkey, with the benefit of supporting a wide range of browsers. All other potential issues listed for Greasemonkey still apply, however. |
44 | 11 | 0gitnick | |
45 | ## JShelter |
||
46 | [JShelter](https://jshelter.org/) improves browser security and privacy mainly by wrapping potentially dangerous browser APIs. It's not a content blocker nor a user script manager. Although it doesn't prevent proprietary Javascript from running, it does greatly reduce its harm. It supports Firefox, Chrome, and Opera. |