this post was submitted on 11 Apr 2024
60 points (100.0% liked)

Firefox

4123 readers
1 users here now

A community for discussion about Mozilla Firefox.

founded 1 year ago
MODERATORS
 

Yesterday I asked you guys what your favorite addons are. Here is a compiled list plus some of my own recommendations:

Essential:

uBlock Origin (ad + malicious content blocker)

Consent-o-matic (auto-decline cookies + tracking) recommended by @[email protected]

Privacy:

Multi-Account-Containers (isolate tabs and websites) recommended by @[email protected]

Temporary Containers (like Multi-Account-Containers, deletes cache & cookies automatically)

uMatrix (advanced content blocker)

ClearURLs recommended by @[email protected]

LocalCDN (use local frameworks) recommended by @[email protected]

CookieAutoDelete recommended by @[email protected]

YouTube:

SponsorBlock recommended by @[email protected]

DeArrow (replace obnoxious thumbnails) recommended by @[email protected]

Customization:

DarkReader recommended by @[email protected]

Midnight Lizard (like DarkReader with more customization)

nightTab (customizable startpage)

Sidebery (Tab list in sidebar) recommended by @[email protected]

Misc

Bypass Paywalls Clean recommended by @[email protected]

top 17 comments
sorted by: hot top controversial new old
[–] [email protected] 17 points 7 months ago* (last edited 7 months ago) (2 children)

Most of the "privacy" extensions do little to nothing to protecy your privacy as of today, due to them either being abandoned, replaced by features integrated in ublock origin or just not relevant anymore because of the actual fingerprinting strategies employed at the current time.

And it is not "random uhh acktshually🤓 lemmy user" who's saying this, but the wiki section of the arkenfox user.js project. https://github.com/arkenfox/user.js/wiki/4.1-Extensions

Installing them only expands the attack surface of your browser, consumes resources and makes you more fingerprintable.

They are remnants of a time when you needed a full day and a degree in CS to properly set Firefox for privacy. Luckily, things are more straightforward nowdays.

Temporary containers:

TC is no longer maintained. While TC provides sanitizing, and uses a dFPI-compatible API, this is not why it is recommended as optional [...]

️Sanitizing in-session is a false sense of privacy. They do nothing for IP tracking. Even Tor Browser does not sanitize in-session e.g. when you request a new circuit. A new ID requires both full sanitizing and a new IP. The same applies to Firefox.

uMatrix:

No longer maintained, the last release was Sept 2019 except for a one-off patch to fix a vulnerability Everything uMatrix did can be covered by prefs or other extensions: use uBlock Origin for any content blocking.

ClearURLs:

Redundant with uBlock Origin's removeparam and added lists. Any potential extra coverage provided by additional extensions is going to be minimal

LocalCDN:

Third parties are already partitioned if you use Total Cookie Protection (dFPI)

Replacing some version specific scripts on CDNs with local versions is not a comprehensive solution and is a form of enumerating badness. While it may work with some scripts that are included it doesn’t help with most other third party connections

CDN extensions don't really improve privacy as far as sharing your IP address is concerned and their usage is fingerprintable as this Tor Project developer points out. They are the wrong tool for the job and are not a substitute for a good VPN or Tor Browser. Its worth noting the resources for Decentraleyes are over three years out of date and would not likely be used anyway

Cookie autodelete

Sanitizing in-session is a false sense of privacy. They do nothing for IP tracking. Even Tor Browser does not sanitize in-session e.g. when you request a new circuit. A new ID requires both full sanitizing and a new IP. The same applies to Firefox

Cookie extensions can lack APIs or implementation of them to properly sanitize e.g. at the time of writing: Cookie Auto Delete

As of Firefox 86, strict mode is not supported at this time due to missing APIs to handle the Total Cookie Protection

Consent-o-matic:

No user.js reference here, but I expressed my doubts about it in the comments yesterday https://feddit.it/comment/6471917

Bypass paywalls clean:

While it's amazing, it's also available as a filter list, from the same author

In short, don't bother with more extensions. Just add ublock filters when/if needed, but this is one case where you get 80% of the result with 20% of the effort (FF strict privacy protection mode, ublock origin, switch search engine)

Also, weirdly enough, nobody mentioned the bitwarden extension. Thanks to that (but not only), they manage to provide an amazing password manager service for free, the paid options are cheap, it's full featured, well integrated with the browser, open source and self hostable.

[–] [email protected] 4 points 7 months ago (1 children)

Wow, thank you for your extensive review. So LibreWolf or Firefox with Arkenfox' config + uBlockOrigin is more than enough I guess.

[–] [email protected] 5 points 7 months ago* (last edited 7 months ago)

No problem, glad I could help!

Tbh vanilla Firefox + uBlock configured as advised in that user.js wiki page linked above is more than enough.

Librewolf is preferred but it's something you need to follow and be aware of. It's an indiependent fork of a browser, and as such you really don't want it to be discontinued without you noticing.

Which is why I would advise librewolf over Firefox only if you know you'll stay updated about the privacy "scene", if you're setting it up on someone else's computer, on a work device or you just want a "set it and forget it approach", definitely go with vanilla Firefox. Again, 80/20 rule.

About Arkenfox's user.js I remember reading it was meant to be a starting point, not to be used as it is provided but to be customized for it to suit your needs.

Personally I always thought it was not worth to invest the time, but I guess it's a good learning experience if you're interested in it.

[–] [email protected] 3 points 7 months ago (1 children)

Is there a replacement for uMatrix tho? I still use it because I haven’t found another extension that allows me to disable cookies, JS, and iframes per domain as easily as uMatrix does. And despite being unmaintained since 2019 it still works surprisingly well.

[–] [email protected] 2 points 7 months ago

Cookies (3rd and 1st party) can be disabled per site from your browser settings in any modern browser.

JS can be disabled per site using uBlock origin for sure, and I'm pretty sure you can disable iframes as well

I admit I've never used uMatrix, but from what I know ublock is the successor of the project (and is considered the state-of-the-art adblocking software), so I'd assume you can do everything uMatrix can and more.

I suggest looking up some tutorials for uBlock to get the grasp of the possibility of the software

[–] [email protected] 6 points 7 months ago

Oh and also bonus recommendation: LibreWolf (security hardened Firefox)

[–] [email protected] 3 points 7 months ago (1 children)

Is there something to serve all remote fonts from a local cache?

[–] [email protected] 3 points 7 months ago* (last edited 7 months ago) (1 children)

You can block remote fonts in uBlock Origin. Websites will display your default font. https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-remote-fonts

[–] [email protected] 4 points 7 months ago (2 children)

Then the page is messed up with mojibake because sites now encode their cutesy icons as fonts. Usually I just deal with it but sometimes the icons are needed to use the site.

[–] [email protected] 3 points 7 months ago* (last edited 7 months ago) (1 children)

I have found this rule template:

[DOMAIN]##*:style(font-family: "[FONT]" , !important; src: local([FONT]) !important;)

Of course you need to install the websites font locally before.

[–] [email protected] 2 points 7 months ago

Oh that's interesting. I'll look into how to do that. Thanks.

[–] [email protected] 1 points 7 months ago

Did not know that, sorry. Maybe someone else will be able to answer your question.

[–] [email protected] 2 points 7 months ago

Big fan of Simple Tab Groups. Puts the tabs to the side and helps organize the 1000 tabs you may have open into different categories. Auto tab discard is a good thing to combo with it

[–] [email protected] 2 points 7 months ago
[–] [email protected] 1 points 7 months ago (1 children)

Aside from uBlock, are any of these on the mobile version yet? They finally made it so that most extensions should work between both versions, but the mobile extension library is still pretty empty.

[–] [email protected] 3 points 7 months ago

I have Consent-O-Matic, ClearURLs and Dark Reader on mobile so I guess most of the others should work too

[–] [email protected] 1 points 7 months ago* (last edited 7 months ago)

Hoverzoom+ is mission, it's avast free. You think different if you have used it for a while. Else, good list.

Also https://addons.mozilla.org/de/firefox/addon/keepa/ if you ever buy on Amazon