Mozzarella

Home

WebAPI Manager

Web API Manager
===


Note
---
By default, this extension does not make any changes. No aspects of the Web API are affected until you start creating custom rule sets, or modifying what Web API standards sites have access to by default. You can start creating these rules through the site's configuration pane.


Overview
---
This extension allows users to selectively allow different hosts on the web to have access to different types of browser functionality. Doing so allows security and privacy sensitive web users to limit the attack surface presented to websites, and to limit websites to the functionality they actually need to carry out user-serving purposes.


Background
---
Web browsers gain staggering numbers of new features, without their users knowing what new functionality is being pushed into their trusted base. While some of this functionality is broadly useful for things commonly thought of as "web" related, a large amount of it is useful in only rare situations, if ever. Examples of this rarely-needed functionality includes the low level audio synthesis capabilities of the Web Audio API, the low level graphics capabilities of WebGL, or the light sensing capabilities of the Ambient Light Sensor API. Such complex-but-rarely-used functionality has been often used in attacks on the security and privacy of the web.

Other functionality is frequently used by web sites, but for non-user-serving purposes, like fingerprinting anonymous users and tracking them across websites. Examples of such functionality includes parts of the SVG API, parts of the the Canvas Element's functionality, and the Beacon standard, among many others.

This extension helps users stay private and secure online by limiting websites to only the functionality they need, and prevent them from accessing rarely needed and/or privacy violating functionality.


Functionality
---
The extension currently includes the following functionality:


The following functionality is not currently implemented, but is being considered for future inclusion:



Background
---
This extension is based on research conducted at the BITSLab at the University of Illinois at Chicago. Further information on the measurements and techniques used in this extension can be found in the following papers.

Install
Control which domains and sites have access to which portions of the web API.  You can, for example, prevent facebook.com from having access to the Ambient Light Sensor. The extension also gives you an overview of which domains are executing code, and which rule set is being applied to each domain.