-
Notifications
You must be signed in to change notification settings - Fork 84
Per page permissions: an example
HTTP Switchboard supports per-page permissions. Here is a typical case example to illustrate why per-page permissions are useful, and how to use per-page permissions.
Some hostnames are ubiquitous on the internet.
For example, assets from facebook.com
are pulled from countless web pages. Whenever a web page request assets from facebook.com
, Facebook, through its logs, has the ability to use plenty of metadata from your IP (or yourself if you are logged in permanently) to infer a pretty good picture of your browsing habits.
Not everybody is comfortable with this and for good reasons. If you are not comfortable with this, it is nice to be able to blacklist facebook.com
using HTTP Switchboard:
But now what if you want to visit a web page on facebook.com
or if you have an account on facebook.com
which you still want to use?
This is the dilemma: preventing facebook.com
from tracking you, while being able to visit web pages on facebook.com
itself. This is where HTTP Switchboard's per-page permissions come to the rescue:
Here, per-page permissions for https://www.facebook.com
are created. Notice the visual cue: when per-page permissions are active, the top of the pop-up menu is blueish, and the badge on the extension icon is blue.
Whatever you whitelist/blacklist in per-page permissions mode will apply strictly to https://www.facebook.com
in the above example. Any page which does not start exactly with https://www.facebook.com
will not use the permissions specific to https://www.facebook.com
.
The specific permissions created above will not apply to http://www.facebook.com
, https://facebook.com
, https://www.facebook.net
, etc.
Per-page permissions must also be padlocked to stick, just like global permissions.
After you have created whitelist permissions specific to https://www.facebook.com
, facebook.com
is still blacklisted globally:
So Facebook is from then on forbidden to log which web pages you are visiting, except when you visit web pages on https://www.facebook.com
.
You can do the same for other ubiquitous hostnames which serve as assets store for countless web pages (ex. google.com
), while these hostnames also have web pages providing useful services: "blacklist google.com
except when I use a web page on https://www.google.com
". Etc. etc.