Tool in the Spotlight: uMatrix

This month’s Tool in the Spotlight is another Firefox extension: uMatrix.

uMatrix is a tool we love because it puts you back in control of where your browser will connect to when you visit a web page instead of handing that control over to whoever created the web page. Without it, your browser will just connect to and download everything and anything the page tells it to connect to or download. uMatrix gives you back the control to specify what you want your browser to connect to (and thus spend your bandwidth on) and what you don’t want your browser to connect to.
The benefits of uMatrix are that it significantly enhances your security, privacy and greatly reduces your network usage (i.e. your browsing becomes faster since requests that are not made, are requests you don’t have to wait for).

By default, uMatrix works in a ‘relax block-all/allow-exceptionally mode’. What this means is that only ‘first party’ assets, namely those directly related to what you’re visiting, are allowed to be downloaded. Anything else that is attempted to be downloaded will be blocked.
In this mode, you’re really telling your browser to “go get this specific thing and make sure you get just that thing, don’t bother with anything else“. These ‘anything else’ could be third party scripts, trackers (like cookies, tracking pixels or any other analytics code), images, etc.
Sometimes this will break a web page that really does rely on these third parties, but you is easily fixed by the ‘allow-exceptionally’-part of this mode: the matrix lets you specify which types of assets (scripts, images, cookies, etc.) you are allowing to be downloaded from other places for this specific site. There is an excellent write-up at https://github.com/gorhill/httpswitchboard/wiki/How-to-use-HTTP-Switchboard:-Two-opposing-views about how to do this.

NOTE: we are entirely unaffiliated with whoever produces this tool, we receive no compensation whatsoever from them.

Web-of-Trust add-on caught selling out its users

The Web-of-Trust (WoT) add-on for Firefox and/or Chrome has been removed from the add-on repositories for Firefox and Chrome. Some excellent sleuthing(*) by the Norddeutscher Rundfunk revealed that the WoT add-on was selling data which can uniquely identify its users to other parties, without ever asking for consent for this, let alone in a clear and proper way.
On top of this, WoT made claims about anonymizing the data but, as is almost always the case, the data was either not anonymized at all or the anonymization is useless and individual users can be deduced from the data.
If the article is correct, then it appears that the latter is the case, that these claims appear to be unsubstantiated and grossly misleading, and that WoT is no different from other privacy-invaders.

This is just another example of the kind of limitations that you face when you try to enhance your privacy through browser add-ons or extensions: they see everything you see and it only takes a single, rogue add-on to compromise you, your privacy and your security. And while most of these tools are valuable and useful, you need a more comprehensive tool to secure you, your on-line safety and your privacy.
This is where IvyDNS comes in: it prevents connections to undesirable domains and it does it on a deeper, more fundamental networking level than browser add-ons.
IvyDNS’ Internet Intelligence contains comprehensive information about the purpose of domains and blocks access to those that are undesirable, whether that is because the domain is used in tracking you, serves malware, serves advertising, invades your privacy, etc… IvyDNS is there to protect you.

IvyDNS is also built so that it does not ever receive the kind information from you that WoT is reselling. This is because IvyDNS receives only DNS requests: ‘What is the IP address for domain X‘. It never receives information about which page you are requesting, or even which protocol you will be using to talk to that server. You could be asking for the IP address of a domain because you want to check your e-mail, you want to visit a web page on it, or there’s an app that pulls data from there, etc… IvyDNS does not ever see or receive the purpose of your request (nor requests made to non-IvyDNS servers).

The reason for this is simple! It is none of our business, and it would be wrong to pull ‘stunts’ as described in the linked articles! We built IvyDNS with these considerations in mind. It offers deep protection from top to bottom and it keeps you secure, undisturbed and as private as it can, while you are on-line!

You can read the original article on NDR.de (in German) about WoT selling out its users, and read about it over at The Register.

You can learn more about IvyDNS here or sign up and enjoy a faster, more secure, ad-free and undisturbed internet.