Installation instructions (Mozilla)¶

Here we'll describe how to install Haketilo from a .xpi file. Extensions in Firefox and its derivatives are often installed from the Mozilla Add-ons website (AMO), but for the sake of privacy and freedom, you should not use it!

Right now we only provide an unsigned .xpi extension file. This means it hasn't been cryptographically signed by Mozilla and therefore some of Mozilla browsers and even derivatives will refuse to install it. While we're going to provide a signed version of the extension soon, We now provide a Mozilla-signed build of Haketilo that should easily install on any Firefox build. Some of the instructions below still need to be updated to reflect that.

Browser compatibility¶

Haketilo is currently compatible with browsers based on Mozilla Firefox 60 and upwards. It has been tested against LibreWolf 90.0.2, Tor Browser 10.0.17, Parabola Iceweasel 75 and IceCat 60 (although for security reasons you should probably avoid browsers as old as the last 2).

You are strongly encouraged to use a Firefox derivative that isn't malware respects your freedom and privacy (i.e. does not snoop on you). Valid options are browsers in some of the "ethical" GNU/Linux distros like Parabola and Trisquel, the Tor Browser, and LibreWolf¹.

Steps¶

First, download the extension's .xpi file from the Releases. You can also download the PGP signature to verify the file hasn't been tampered with (although it is of limited benefit unless you have a proof developer's signing key does indeed belong to him...). After downloading, go to the about:addons URL. In the extensions management page that shows up, click on the gear icon and select "Install Add-on From File...".

Now, navigate to the downloaded .xpi file and select it.

Note: If, at this point, your browser shows you an error message about extension file being invalid, but you're sure the browser supports installation of unsigned extensions, go to the about:config URL, confirm the warning prompt that appears, search for the xpinstall.signatures.required preference and double-click it to toggle its value to "false".

You should be presented with a dialog asking whether to add Haketilo to your browser. Once you click "Add", the add-on will install.

The browser might ask whether you want to allow Haketilo to run in private windows. If you installed Haketilo for its script-blocking capabilities, then you most likely also want that and you can check this option. Otherwise, it is a perfectly valid approach to aim for a purely script-less experience in private browsing windows and use an add-on like NoScript or uBlock Origin there instead of Haketilo.

Important aside: in some browsers, extensions are by default blocked from running on privileged domains. This is done as a security measure to prevent add-ons exploiting "sync", the add-ons website, etc. to gain unauthorized powers, but prevents Haketilo from applying policies there. If you feel this is a bigger problem than malicious extensions, go to the about:config URL, confirm the warning prompt that appears, and search for the extensions.webextensions.restrictedDomains preference; if it appears, double-click on it, erase any text and press "enter" to unprivilege all websites.

That's it. You can now play a bit with the extension and learn how it works. Also, make sure you realize its limitations.