Molestar is a Vivaldi extension that blocks specific sites unless you're on Mullvad VPN. The premise is simple: some sites you just never want open on a bare connection, and willpower makes a lousy firewall. So Molestar turns it into a hard rule instead of a good intention.
It's built and tested on Vivaldi, but should be fine on any Chromium browser (Chrome, Brave, Edge).
Give it a list of sites -- type them in, or point it at a bookmark folder. Try to open one while Mullvad is off and Molestar kills the request before it leaves the browser, then drops you on a warning page.
It checks your VPN against Mullvad's own API (am.i.mullvad.net/json). Nothing else is contacted, logged, or phoned home.
- Blocks at the request level (
declarativeNetRequest) -- the connection dies before your real IP ever reaches the site - Fails closed -- if it can't reach Mullvad's API, it assumes you're exposed and blocks anyway
- Whole bookmark folders -- point it at a folder and everything inside, subfolders included, is covered
- Re-checks often -- every 2 minutes, plus on every attempt to open a protected site
- Status badge -- the toolbar icon reads ON or OFF at a glance
- Download or clone this repository
- Open
vivaldi://extensions(orchrome://extensionsfor other browsers) - Enable Developer mode (top right toggle)
- Click Load unpacked and select the
Molestarfolder
Click the Molestar icon in your toolbar to open the popup:
- Add URLs -- type a domain (
example.com) or a domain with path (reddit.com/r/privacy) and click Add. Subdomains are matched automatically. - Add current site -- protect the domain of the tab you're on with one click, the keyboard shortcut
Alt+Shift+M, or the right-click "Protect this site with Molestar" menu item. You'll get a desktop notification, and if Mullvad is off the page reloads straight to the block screen so protection applies immediately. (Rebind the shortcut atvivaldi://extensions/shortcuts.) - Paste -- drop a copied link straight into the add field.
- Add bookmark folders -- select a folder from the dropdown. Every URL inside it (recursively) becomes protected.
- Filter & edit -- once the list grows, a filter box appears; click any entry to rename it inline.
- Backup -- Export your lists to a JSON file and Import (merge) them back -- handy for backups or moving between machines.
- Recheck -- manually trigger a VPN status check at any time.
Hit a protected site with Mullvad off and you land on a block page. Turn the VPN on and it sends you through the moment it's back -- no need to do anything, though Retry and Go Back are there if you want them.
| Permission | Why |
|---|---|
storage |
Stores your protected URL list and VPN status |
bookmarks |
Reads bookmark folders you choose to protect |
webNavigation |
Detects navigation to protected sites |
declarativeNetRequest |
Blocks requests before they leave the browser |
alarms |
Periodic VPN status checks |
contextMenus |
Adds the right-click "Protect this site" item |
clipboardRead |
Powers the Paste button (reads only when you click it) |
notifications |
Confirms quick-adds with a desktop notification |
<all_urls> (host access) |
Required for the block rule to redirect a protected site to the warning page -- declarativeNetRequest redirects only act on URLs the extension has host access to. Molestar never sends data to these sites; this access is only used to stop the request locally. |
am.i.mullvad.net |
The only external request Molestar actually makes -- Mullvad's connection check API |
The only thing Molestar ever talks to is am.i.mullvad.net. Nothing is collected, sent off, or shared -- your list and settings live in your browser's local storage and nowhere else. Full details in privacy-policy.html.
Molestar is free. If it saves you from yourself often enough to be worth it, you can chip in:
MIT