The Firefox extension uMatrix (it is also available for Chrome and other browsers), gives users control over a website’s connections, and data that is loaded when the site is loaded in the browser.
The extension is developed and maintained by Raymond Hill (Gorhill), the developer of uBlock Origin, a popular content blocker that is also available for various browsers including Firefox.
Why two extensions and not just one? While both extensions can be used for the same purpose — blocking content — they are different when it comes to scope. Without going into too many details: uMatrix is like the advanced brother of uBlock Origin. It gives you more control, and comes with privacy enhancements on top of that.
uMatrix for Firefox
You can install uMatrix in any recent version of the Firefox web browser from Mozilla AMO. Simply visit the website, and click on the “add to Firefox” button to do so. I suggest you disable or remove any content blocker that is installed in the browser before you do so (e.g. NoScript, uBlock Origin, Adblock Plus) to avoid issues.
The extension adds an icon to Firefox’s main toolbar that you use to control what sites may load. Before you do, you may want to visit the options of the extension to make changes to the initial configuration.
The preferences are divided into tabs, similarly to how this is handled in uBlock Origin.
Here is a list of preferences that you may find useful. I suggest you go through them all though as you may find some useful that are not mentioned here.
- Settings > Convenience — Show the number of distinct requests on the icon.
- Settings > Convenience — Collapse placeholder of blocked elements. (If an element is blocked, placeholder is collapsed. May result in a cleaner site, may cause display issues on some sites.
- Privacy — Delete blocked cookies. uMatrix does not prevent sites from setting (blacklisted) cookies, but it blocks cookies from leaving your local system.
- Privacy — Delete local storage content set by blocked hostnames.
- Privacy — Spoof HTTP referrer string of third-party requests
- Privacy —Spoof User-Agent string by randomly picking a new one below every x minutes.
You may also check the list of hosts lists the extension uses by default, and may add new lists to it. It loads six lists by default to block malware, ads and tracking servers automatically.
Once you are done with that, you need to decide how to run uMatrix. You have two main options basically to do so: block all or allow all.
The interface may look intimidating on first glance. It lists all first party and third-party connections a web page makes, and data types such as cookies, CSS or script, that are loaded or blocked.
Colors are used to indicate loaded and blocked content, with green highlighting content that is loaded and red content that is blocked.
You may click on a header, e.g. cookie, to set up uMatrix to allow or disallow this type of data globally (with exceptions that you define). Green indicates that a content type is allowed, red that it is disallowed.
Tip: you set something to allowed (green) if you click in the upper half of a box, and to disallowed (red) if you click in the lower half. The difference between dark and light green, and dark and light red is the following one: Darker colors mean that there is a whitelist or blacklist entry assigned to the cell, lighter colors that the status is inherited.
Another option that you have is to allow or disallow for specific hostnames. You may block or allow all for a hostname, or use the granular controls to allow or disallow certain types of data, for instance frames.
If you set uMatrix to block all, all is blocked from being loaded except for the things that you whitelist. To enable the block all mode, blacklist (set to red) the “all” and “frame” cells of the table.
You may want to allow the “css” and “img” cells so that styles and images do get loaded when you connect to sites.
Click on the padlock icon to save the modified configuration.
This mode blocks all but CSS and images. It improves privacy and security, and is beneficial to the bandwidth on top of that. A downside to this is that you will run into sites that don’t render properly or at all so that you may need to allow certain things on particular sites to access them.
Allow all allows any connection and type to be loaded with the exception of hostnames that are blacklisted. This is better for compatibility purposes, but problematic from a privacy and security point of view.
To configure it, set the “all” cell to green, and make sure any other cell is set to green as well. Don’t forget to click on the padlock icon to save the new configuration.
The core advantage of allow all is that you won’t run into nearly as many rendering issues as with block all, but the effect on privacy and security is diminished.
How you configure uMatrix depends entirely on you. If you want maximum privacy and security, you should go with the block all approach and whitelist only hostnames that you trust. You can still allow certain things temporarily using uMatrix, or load a site in private browsing mode instead.
uMatrix resources and further reading