Installation instructions (browser extension Mozilla) » History » Revision 17
« Previous |
Revision 17/20
(diff)
| Next »
koszko, 03/12/2022 09:58 AM
encourage PGP and Signify signature verification
Installation instructions (Mozilla)¶
- Table of contents
- Installation instructions (Mozilla)
Browser compatibility¶
Haketilo is currently compatible with browsers based on Mozilla Firefox 60 and upwards.
Although this makes little difference to Haketilo, please consider using a Firefox derivative that isn't malware respects your freedom and privacy (i.e. does not snoop on you). Valid options are browsers in some of the "ethical" GNU/Linux distros like Parabola and Trisquel, the Tor Browser and LibreWolf.
Single-user install¶
Here we'll describe how to install Haketilo from a .xpi file served by our servers. Extensions in Firefox and its derivatives are often installed from the Mozilla Add-ons website (AMO) but this approach has serious privacy and freedom problems.
Right now we only provide an unsigned .xpi extension file. This means it hasn't been cryptographically signed by Mozilla (this is nohow related to the signatures we provide on the Releases page) and therefore some of Mozilla browsers and even derivatives will refuse to install it. While we're going to provide a signed version of the extension soon, you are strongly encouraged to use a Firefox derivative that allows you to manage your software and install unsigned add-ons as well.
Note: even if your browser refuses to install unsigned extensions, you can still 1) try it out by installing it as a "temporary" add-on on about:debugging
page or 2) try installing it globally
Steps¶
Note: depending on the versions of your web browser and Haketilo some UI elements and text messages might be slightly different on your machine than on the screenshots below
First, download the extension's .xpi file from the Releases. You can also download the PGP and Signify cryptographic signatures made by us to verify the file hasn't been tampered with. The verification procedure is described here. After downloading, go to the about:addons
URL. In the extensions management page that shows up, click on the gear icon and select "Install Add-on From File...".
Now, navigate to the downloaded .xpi file and select it.
Note: if, at this point, your browser shows you an error message about extension file being invalid but you're sure the browser supports installation of unsigned extensions, go to the about:config
URL, confirm the warning prompt that appears, search for the xpinstall.signatures.required
preference and double-click it to toggle its value to "false"
You should be presented with a dialog asking whether to add Haketilo to your browser. Once you click "Add", the add-on will install.
The browser might ask whether you want to allow Haketilo to run in private windows. If you installed Haketilo for its script-blocking capabilities, you most likely also want to utilize them in Private Browsing mode and you can check this option. However, there might be some issues involved and it's recommended that you read the related note.
Global install (GNU/Linux distributions)¶
Most Firefox-based browsers from GNU/Linux distros' package managers (including firefox-esr
from Debian and abrowser
from Trisquel) are configured to automatically pick up extensions placed under
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
where {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
is the ID of Mozilla Firefox. This is what enables commands like apt install webext-ublock-origin
to work on distros (in this case, Debian and Trisquel).
Here, we'll leverage this to install Haketilo system-wide and have it appear in the browser of every user account.
Note: you need access to root account via sudo
command for the instructions below to work
Note: it is assumed you have wget
and unzip
commands installed
Steps¶
Note: depending on the versions of your web browser and Haketilo some UI elements and text messages might be slightly different on your machine than on the screenshots below
Run the following in your POSIX shell to download the .xpi file and its PGP and Signify signatures made by us:
HAKETILO_VER="1.0b1" # replace with the version you want to have installed
HAKETILO_URL="https://hydrilla.koszko.org/downloads/haketilo-$HAKETILO_VER.xpi"
HAKETILO_DIR="/tmp/haketilo-${HAKETILO_VER}_release_files"
rm -rf $HAKETILO_DIR && mkdir -p $HAKETILO_DIR && cd $HAKETILO_DIR
wget "$HAKETILO_URL" "$HAKETILO_URL.sig" "$HAKETILO_URL.asc"
The files have been placed in a new directory under /tmp
. You are now encouraged to verify our signatures as described here. Once done, run the snippet below in the same shell and type your user password when prompted:
FIREFOX_ID="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
HAKETILO_ID="{6fe13369-88e9-440f-b837-5012fb3bedec}"
# You may need to use a different path for other browsers and distros.
EXT_PATH="/usr/share/mozilla/extensions/$FIREFOX_ID/$HAKETILO_ID/"
install_haketilo() {
sudo rm -rf "$EXT_PATH" && sudo mkdir -p "$EXT_PATH" && cd "$EXT_PATH"
sudo unzip $HAKETILO_DIR/haketilo-$HAKETILO_VER.xpi
rm -rf $HAKETILO_DIR
}
install_haketilo
Once you have performed the installation, you might (or might not) want to give Haketilo access to private browser windows. You can do it from the about:addons
page. There might be some issues involved, so it's recommended that you read the related note.
Post-installation notes¶
Using Haketilo in private windows¶
Note: after this section was written bug #115 was discovered which makes some of the workarounds described here ineffective; work is ongoing to fix the bug inside Haketilo
If you're using the Private Browsing mode, you probably care about security and privacy. Those are basically unachievable with JavaScript globally allowed in the browser. Because of that, you likely want to give Haketilo permission to run in private windows as well.
Note: it is a perfectly valid approach to aim for a purely script-less experience in private browsing windows and use an add-on like NoScript or uBlock Origin there instead of Haketilo
Haketilo 1.0 uses IndexedDB in-browser database to store all its settings and data. Unfortunately, the ability to use IndexedDB in Private Browsing mode is disabled by default in many Mozilla-based browsers. This causes Haketilo's settings page to be inoperable even when Haketilo itself is allowed to run in private windows.
The following solutions exist.
1. Don't use Private Browsing mode¶
This is probably not what you are interested in, so let's move ahead.
2. Enable IndexedDB access in private windows¶
The relevant setting is controlled by "dom.indexedDB.privateBrowsing.enabled" preference. You need to navigate to about:config
URL, click through the warning that appears, find the preference and set it to "true".
Warning¶
This will also give pages browsed in Private Browsing mode the ability to use IndexedDB. In practice, pages that are going have their scripts blocked will not be able to access the IndexedDB database anyway. This means you have to carefully consider what remote JavaScript (if any) you're going to allow to execute. Only you can decide whether it is the right choice to toggle this preference.
3. Access Haketilo's settings page from non-private windows¶
Other parts of Haketilo work properly regardless of IndexedDB settings for private windows. If you open Haketilo's settings page in a non-private window, configuration you make there will affect script blocking and injection in both private and non-private windows.
Gratulations¶
That's it. You can now play a bit with the extension and learn how it works. Also, make sure you realize its limitations.
Updated by koszko over 1 year ago · 17 revisions