Project

General

Profile

Comparison with other tools » History » Version 12

koszko, 03/02/2022 05:23 PM
spell "JavaScript" with capital "J" and "S"

1 1 jahoti
# Comparison with other extensions
2
3 5 jahoti
The functionality of Haketilo partially overlaps with that of other extensions. None of those, however, is sufficient for our goal of liberating the web and hence the need to create a new one.
4 1 jahoti
5
{{toc}}
6
7
## LibreJS
8 6 jahoti
Of existing extensions [LibreJS](https://www.gnu.org/software/librejs/) seems to be the only one with a software-freedom-oriented goal. It inspects sites' scripts in search of license notices in a specified format. If it decides a given script is libre software or otherwise trivial, it allows it to run.
9 1 jahoti
10 6 jahoti
While LibreJS shares many of its social aims with Haketilo, its scope is narrower, limited to script blocking (and not replacement or injection) for HTTP/S pages in Mozilla-derived browsers.
11 1 jahoti
12 9 koszko
More fundamentally, there is also a difference in the underlying assumptions about webmasters. Whereas Haketilo takes an adverserial view, refusing to trust or expect co-operation by default, LibreJS more charitably gives them greater freedom to choose what scripts run in users' browsers at the cost of more burdensome license notice requirements. It should be noted that Haketilo's script blocking can be disabled, allowing for example LibreJS to be used for script blocking instead.
13 1 jahoti
14
## NoScript
15 3 jahoti
[NoScript](https://noscript.net/) is an extension often used as a content blocker, but it actually does a bit more and is more properly described as a security suite. It can be used to block scripts on per-site basis and works with both Firefox- and Chromium-derived browsers. NoScript author, Giorgio Maone, has also worked on LibreJS as an FSF contractor.
16 1 jahoti
17 12 koszko
NoScript, while sometimes useful for the task of blocking nonfree JavaScript, is not by itself fully freedom-oriented and for example has youtube.com in its default site whitelist. NoScript's codebase is rather complex and hard to read.
18 1 jahoti
19
## uBlock Origin
20 3 jahoti
Often abbreviated as "UBO", [uBlock Origin](https://ublockorigin.com/) is a selective content blocker. It gives quite fine-grained control over what kinds of elements are allowed to load, including the possibility of blocking third-party resources on a per-domain basis. Both Firefox and Chrome are supported.
21 1 jahoti
22 12 koszko
UBO is able to load and apply adware and spyware blacklists from several sources, which makes it able to function as an ad-blocker. However, what's more relevant for people who want to block all nonfree JavaScript is that UBO's codebase, although big, is rather clean and readable.
23 1 jahoti
24
## uMatrix
25 7 koszko
The [uMatrix extension](https://github.com/gorhill/uMatrix) is UBO's twin. Developed by the same author, these 2 share part of their codebase. While UBO can be used rather easily, uMatrix was a content blocker aimed at more advanced users.
26 1 jahoti
27
## Greasemonkey
28 4 jahoti
The extensions discussed so far have all been content blockers. [Greasemonkey](https://www.greasespot.net/), on the other hand, makes it possible to execute custom scripts on websites. These are usually referred to as "user scripts" and there are even sites (well, at least one) for sharing these between users. Greasemonkey only supports Firefox-derived browsers.
29 1 jahoti
30 12 koszko
People often point at Greasemonkey as a possible solution when told about the need for a facility to replace sites' native JavaScript. Indeed, Greasemonkey could be used to achieve that. The fact that it doesn't block the original scripts is a small problem, giving the necessity of running some content blocker next to it. While generally suboptimal, this setup would be acceptable as a temporary solution.
31 10 koszko
32
At the time of writing Greasemonkey doesn't execute user scripts in the context of a page but rather in the more privileged context of WebExtensions content scripts[^1]. This might change with policy changes to extension stores[^2]. The current approach brings in security issues, although largely mitigated by the use of sandbox. There might also be incompatibilities with scripts failing to execute the way they would in the usual context. These incompatibilities could possibly also be bypassed in some way. 
33
34
[^1]: https://github.com/greasemonkey/greasemonkey/blob/efd22a93121225ada47f2fe9f021af0ab6100c21/src/bg/execute.js#L20
35
[^2]: https://developer.chrome.com/docs/extensions/mv3/intro/mv3-overview/#remotely-hosted-code
36
37
Site's CSP rules cause yet another possible issue when customizing pages using Greasemonkey[^3]. In some cases they may block custom injected elements like `<script>`s and `<img>`s.
38
39
[^3]: https://github.com/greasemonkey/greasemonkey/issues/2046
40 3 jahoti
41
## ViolentMonkey
42
43 4 jahoti
[ViolentMonkey](https://violentmonkey.github.io) is similar to and largely compatible with Greasemonkey, with the benefit of supporting a wide range of browsers. All other potential issues listed for Greasemonkey still apply, however.
44 11 0gitnick
45
## JShelter
46
[JShelter](https://jshelter.org/) improves browser security and privacy mainly by wrapping potentially dangerous browser APIs. It's not a content blocker nor a user script manager. Although it doesn't prevent proprietary Javascript from running, it does greatly reduce its harm. It supports Firefox, Chrome, and Opera.