Changes
Appearance
More choices of text size for the matrix UI in the Settings pane (text size dictates the popup panel size).
Per-scope switches
New switch: "Forbid web workers"
Purpose should be obvious.
Note that nuisance coin miners typically use web workers, so forbidding web workers globally might be a good idea, though mind that there are legitimate use for web workers. Keep in mind many of these miners are launched as 1st-party, so the new switch allows you to forbid them even when you allow 1st-party scripts.
Update: blocking web workers everywhere by default should lower quite significantly the probability of falling prey to exploits taking advantage of Meltdown/Spectre vulnerabilities through your browser (assuming your browser is vulnerable). Mind that often sites legitimately do need web workers to work properly -- so if you forbid web workers in the global scope, don't forget about this when you are puzzled as to why a web site is still broken despite you allowing the needed resources.
uMatrix is able to detect when a web worker is being instantiated. However, this does not work for Firefox 57-58, but works fine in Firefox 59 (Nightly). The reason is that SecurityViolationPolicyEvent has been implemented just recently in Nightly.
So this means if you are using uMatrix with Firefox 57-58, uMatrix will be unable to report to you whether web workers are used by a page, though you will be able to block these fine with the new per-scope switch. With Nightly, use (or attempt to use) web workers is properly reported in the logger and in the popup panel.
Per-scope switches redesigned and renamed
"Strict HTTPS" has been renamed "Forbid mixed content": I see too many instances of people thinking this feature is a replacement for HTTPS Everywhere: it is not.
The new visual will now convey whether a switch is relevant for the current document. A dot in the toggle button means that the switch is relevant, i.e. uMatrix may affect the page if the switch is toggled on.
- Forbid mixed content: a dot means that mixed content has been detected on the page.
- Forbid web workers: a dot means that web workers have been detected on the page (as mentioned above, the detection does not work for Firefox 57-58).
- Spoof
referer
header: a dot means that 3rd-party referrer information has been seen in network traffic. - Spoof
<noscript>
tags: a dot means<noscript>
tags have been detected in the current page.
I added info links to each per-scope switch: the links are pages from Mozilla Developer Network, so this gives a chance for the page to load in the user locale.
Logger
Ability to open the logger in the sidebar. Sidebar API is only available in Firefox and Opera (I didn't try the feature in Opera yet):
Note that since the logger is unified, should you open additional logger views, these will be left unused, until the first view is closed. By design.