[Tfug] RequestPolicy: a Firefox extension for controlling cross-site requests

Jude Nelson judecn at gmail.com
Sun Nov 30 15:45:27 MST 2008


Hey Justin,

I've been working it over a few sites that I know request data from
other sites.  Looks good so far--it catches every cross-site request
that NoScript does.  I'll continue to use it throughout this week
instead of NoScript and see how it goes.

Regards,
Jude

PS:  TFUGers: this is my friend that I mentioned at one of our happy
hours earlier this year.

On 11/28/08, Justin Samuel <justin at justinsamuel.com> wrote:
> Hey All,
>
> New to TFUG, had a friend mention that some TFUG'rs had expressed
> interest in the Firefox extension I'm developing, so I figured I'd
> spread the word now that it's ready for usage.
>
> The extension is called RequestPolicy. It is an implementation of my
> belief that we should have more control over cross-site requests while
> browsing. What is a cross-site request? It's where a webpage you are
> visiting tells your browser to make a request to another site, for
> example, to retrieve additional content/ads for display or to track
> visitors. Cross-site requests can even be used for attacks (e.g.
> Cross-Site Request Forgery [CSRF]).
>
> Why would we want to block certain cross site requests? There are both
> privacy and security reasons for doing so, as you either already know
> or can see from the brief description above. If either greater privacy
> or security in your browsing is desirable, RequestPolicy may be of
> interest to you. (Of course, if privacy and security are of interest
> to you in your browsing, you probably also want to be using other
> extensions such as NoScript. The two complement each other well.)
>
> The Mozilla add-on page for RequestPolicy is here (currently requires
> registration as the extension is still classified as experimental):
>
> https://addons.mozilla.org/en-US/firefox/addon/9727/
>
> Here's the extension's own website where you can also download it from
> (though, you don't get to download it through https as you do from
> mozilla.org):
>
> http://requestpolicy.com/
>
> On the extension's site you can also find a more detailed discussion
> of the privacy and security reasons for using RequestPolicy.
>
> If anyone has any questions, let me know. I'm very grateful in advance
> for any feedback, suggestions, or bug reports you can offer. I'd like
> to soon take off the pre-release status I have set for it at
> mozilla.org in order to make it available to more people, so you all
> may be the last line of defense in terms of bugs, etc.
>
> Thanks, and I hope to make it to a happy hour one of these times (I've
> known about them for a while, but most of my laziness has been the
> biking home afterwards part).
>
> Justin
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>




More information about the tfug mailing list