Hacker News new | past | comments | ask | show | jobs | submit login

What's the alternative to this?

This was on all my browsers, with ublock origin, the first extension I install. Now what?

I'm not a good enough programmer to take this on but I suggest 'uMatrix Reloaded' as the new name.




NoScript or ηMatrix which is a fork of uMatrix, if you're using pale moon.

https://addons.palemoon.org/addon/ematrix/

https://forum.palemoon.org/viewtopic.php?p=199714#p199714


> ηMatrix which is a fork of uMatrix, if you're using Pale Moon

Yeah! I switched to ηMatrix year ago without any issues ;)

Pale Moon + µBlock Origin + ηMatrix = <3

For more safe browsing just use Links2.[0]

Links2 is my default browser for the first time visit unknown sites & Pale Moon is my second browser for browse the Web.

Has Firefox too, but I'm using it only for few specific sites.

[0] https://news.ycombinator.com/item?id=16191843


uBlock Origin in hard mode[0] (plus I set it to not run any js by default on top of that) is, while not exactly a replacement in terms of functionality, a really good alternative. It's all the granularity that most users could really need, I think.

[0] https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-m...


There's noscript.

https://noscript.net/


It's not a complete replacement, though. For example, a couple of months ago we had a discussion about websites scanning local ports, prompted by [1]. This can in fact be done without Javascript, in which case uMatrix would still protect you, whereas NoScript would not.

[1] https://nullsweep.com/why-is-this-website-port-scanning-me/


How can this be done without JavaScript in such a way that uMatrix could still block it?


If you wanted to check if port 42 is open, have a

    <link rel="stylesheet" href="http://127.0.0.1:42">
followed by an

    <img src="http://example.org/?port=42">
The <img> won't be requested until the stylesheet has failed to load, which takes a different amount of time depending on whether there was something listening on that port, or not.

uMatrix won't allow the request to the local machine to go through.


Are there any issues with uMatrix that you are looking for alternatives?

Only the repo has been archived. The extension is perfect. Just think you haven't seen this post and continue to use it.


Mozilla has modified their extensions API pretty regularly (with major changes every few years at least, recently), and they're also still in the process of developing the API for the Android browser, which is likely to remain incomplete and different from the desktop API for the forseeable future. Granted, maybe not a lot of people use uMatrix on their phone, but both of these seem like valid reasons to worry.


Wait.. wasn't the a good chunk of the "webextension" transition to allow better interoperability?

After some time, it looks to me as if no real change has happened. The webextension model is still too weak in several areas to allow for some old extensions to function properly (keyboard handling is a major, major PITA), and at the same time a lot of work is still being spent to support cross-browser (and to a lesser extent, cross-version) functionality.

Forward-compatibility on the same browser seems to be the only good point, until you realize it's also how chrome can pull the plug on request filters and kill extensions on a whim anyway.

I didn't even know you needed mozilla's blessing for extensions on android. Not so different than Chrome here, Mozilla. Not at all. First, the useless signing requirement, then this? :(


You can't use uMatrix on phone. Mozilla updated their browser right? Also very few can manage it on such a small screen.

>they're also still in the process of developing the API

The API is there. They are just whitelisting addons.


> You can't use uMatrix on phone.

You can't use it currently if you have a release version of Firefox after 68, yes. The API is buggy and in fact quite a few extensions don't work, even if you force-install them. It's still unclear if they will ever whitelist stuff that's outside of their "recommended extensions" program, and presumably the best chance it would have of getting whitelisted is if it were actively maintained and bugs encountered with the new FFA could be worked on in coordination with the developer.


People want to know about alternatives for the inevitable day when the extension API changes and there it no longer works so they won't get caught with their pants down.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: