trash
31
@Seirdy
link
11
edit-2
3M

Given the attack surface of addons, I’ve downsized my addon usage.

  • I’ve replaced HTTPS-Everywhere with the built-in HTTPS-first/only modes in FF and Chromium.

  • In FF, I use userContent.css instead of Stylus.

  • I use uBlock Origin’s url-rewriting filters in place of redirection addons.

  • In Chromium, you can choose to have an addon only be enabled on certain sites. I do this with Stylus and Dark Background Light Text.

EDIT: more information:

  • I have a shell script that uses regex to “clean” urls in the clipboard and remove tracking params instead of the CleanURLs addon, since this is most useful when sharing links with others. I’ve gotten in the habit of previewing URL content before navigation (e.g. with a mouseover or by pasting into the URL bar) as well. If I want to navigate to a messy url, I just copy it and enter a keybind to clean the copied URL.

I use multiple browsers and profiles.

  • Normal browsers: Firefox with Cookie Autodelete, uBO, Stylus, Dark Background and Light Text; Chromium with uBO and Stylus. Stylus is only selective enabled.

  • For security-sensitive non-anonymous stuff, I run Chromium with flags to disable JIT and to disable JS by default, in a bubblewrap sandbox. This browser profile has no addons.

  • For peak anonymity (e.g. when using one of my anon alts), I run the Tor Browser in a Whonix VM. For quick anonymity I just use the regular Tor Browser Bundle in a bubblewrap sandbox. In an act of mercy towards my weak 2013 Haswell laptop’s battery, I no longer run Qubes. The Tor Browser should not ever be used with custom addons if you want anonymity.

Because the Tor browser should never run with addons and because I use a browser profile that has none, I don’t want addons to be a “crutch” that I depend on too much.

I do global hostname-blocking at the DNS level, so I can live without an adblocker. DNS blocking doesn’t do fine-grained subpage-blocking, conditional blocks, cosmetic filtering, redirects, etc. so a more complete solution is still worthwhile.

I also try to avoid injecting content into webpages with JS enabled, since that is extremely fingerprintable and opens a can of (in)security worms.

Some addons that I do not recommend at all:

  • Canvas Fingerprinting Defender: injects JS into pages, which is very fingerprintable and can trigger a CSP report if you don’t disable those. CSP reports can identify you even if you disable JS execution.

  • Anything that you can do without an addon, TBH. They do weaken the browser security model.

@jazzfes
link
53M

Didn’t realize you can redirect using ubo… How do you do that? :)

@Seirdy
link
33M

Check out the removeparam and redirect directives in the static filter syntax docs.

@Helix@feddit.de
link
33M

Given the attack surface of addons, I’ve downsized my addon usage.

That’s pretty good advice :)

The more you can do with the tools you already have installed, the less additional code you have to run which could cause more bugs and security holes.

mickie
link
93M
  • vim-vixen make your browser keyboard-oriented (vim keybinding).
  • ublock-origin wide-spectrum content blocker (not just ad’s).
  • copy-plaintext avoid a lot of garbage formatting.
  • privacy-redirect redirect twitter, reddit, youtube, etc to their alternative (privacy friendly) frontends, like nitter, invidious, etc.
  • Fedishare to share pages to the fediverse.
@onlooker
link
93M

In Firefox I have:

  • uBlock Origin: For blocking ads
  • uMatrix: for blocking all kinds of stuff and to see what kind of connections each site uses (usually a ton)
  • HTTPS Everywhere: to have https everywhere. According to @Jojonintendo this is already integrated into Firefox though, so I might delete it.
  • Cookie Autodelete: pretty self-explanatory.
  • Decentraleyes: to prevent websites from loading unnecessary resources.
  • Privacy Redirect: mostly used to open Youtube links in Freetube, but also to redirect Reddit and Twitter links to libredd.it and Nitter respectively, when needed.
Tmpod
link
53M

Decentraleyes is dead, swap it for LocalCDN, an actively maintained fork.

@onlooker
link
53M

Really? Their repo seems to be fairly active, though.

https://git.synz.io/Synzvato/decentraleyes

IngrownMink4
link
5
edit-2
3M

LocalCDN supports more CDN resources and other features that Decentraleyes didn’t implement yet. P.S. It works better in Firefox.

@onlooker
link
43M

Good to know. I’ll be switching to LocalCDN then. I honestly wasn’t aware Decentraleyes had a fork.

Tmpod
link
33M

Must be recent then. It was stopped for a big while. Either way, as the other commenter said, LocalCDN supports more stuff and works better.

AceKat
link
5
edit-2
3M

This kind of extensions don’t need several commits every week, for example updating a software once per month could mean that it’s more stable and has less bugs than one that updates every day. About the feature though, you’re right, localCDN does block a lot more CDN requests

Tmpod
link
43M

You make a good point yeah. However, I believe it went radio silent for a considerable amount of time. Not a big deal though.

@KLISHDFSDF
link
23M

Decentraleyes is not dead, it’s feature scope is just more narrow, meaning it’s reached “product maturity” quicker.

Think of it as running Debian stable vs Arch Linux - Debian isn’t dead it just progresses at a slower and more stable pace than Arch. Slow & steady gives you tremendous stability at the cost of missing out on a few features.

Some people, like myself, prefer stability over fancy new features. I’ve tried LocalCDN, but found it interfered with a lot more websites than Decentraleyes, which is a “set and forget” addon. Not to say the LocalCDN project is bad; its not, its great and I would like to switch back to it at some point; but in my testing, it’s not something I would set for my parents, and found it more of a hassle for myself so I switched back to Decentraleyes.

Tmpod
link
13M

Ah, I thought it was really abandoned for a while. Thanks for the clarification!

@Fakefunk
link
83M
  • uBlock Origin (obviously)
  • Stylus (quick user styles)
  • Archive Page (one click archive.today)
  • SingleFile (archive HTML pages locally)
  • ARIA DevTools (for quick a11y audits)
anarcomrade
link
8
edit-2
3M

uMatrix - To block any unnecessary requests. Js, CSS, etc. Https Everywhere - For https everywhere possible. Tree style tabs - I find it more comfortable. Dark Reader - So that my eyes don’t hurt.

anarcomrade
link
1
edit-2
3M

Lemmur isn’t registering line breaks :(

@ksynwa
link
23M

Line
Break

You need two spaces at the end of the line you want to break. Did Lemmur eat those spaces?

@xarvos
link
73M

I use literally a dozen of them so I had to look at about:addons lol

  • Basic JSON Formatter: Installed by default, quite useful to me as I deal with JSON API quite often.
  • ClearURLs: remove tracking URL params
  • Geminize: open Gemini links in a proxy
  • HTTPS Everywhere: helps me redirect HTTP to HTTPS, but it breaks xkcd random button, sadly. I guess I should contact Randall.
  • KeePassXC-Browser
  • Native MathML: use MathML instead of the JS-rendered for math stuff
  • Privacy Badger: Trackers blocking
  • Privacy Redirect: redirect links to Reddit, Twitter, YouTube
  • Read Aloud: TTS reader, because Firefox’s Reader mode TTS is somehow broken
  • Redirector: For redirects that can’t be done with Privacy Redirect
  • Stylus: Custom stylesheet, because some websites suck at styling
  • uBlock Origin: beside trackers blocking, it also helps blocking sites I don’t want to visit, such as web scrapers or sites that are blocked by my ISP (e.g. medium blogs)

FYI there’s a mode native to Firefox to enable https everywhere now. I also personally recommend Disconnect instead of privacy badger as I loosely remember the latter having controversies, while disconnect is open source

@nour@lemmygrad.ml
link
73M

Of those not mentioned yet:

NoScript, to block any JavaScript except from sites that I explicitly allowed. Note that when you install the extension, you should go to the settings and remove most of the sites allowed by default, since there’s no good reason to actually have them allowed.

@southerntofu
link
43M

Most solid piece of advice. Especially if you have limited resources (< 2GB RAM || < 2 CPU cores || > 100ms latency), disabling JS will make your navigation so much smoother! Gitea and Lemmy are the only two sites i really need JS to use at the moment, though.

@KLISHDFSDF
link
63M

One that I haven’t seen mentioned yet is Snowflake. An addon that allows you to help people defeat internet censorship by routing censored users to your Snowflake proxy.

From their site:

There is no need to worry about which websites people are accessing through your proxy. Their visible browsing IP address will match their Tor exit node, not yours.

The addon tells you how many people you’ve helped in the last 24 hours - In the few weeks I’ve had it, I’ve only had a handful of users, so it’s not very resource intensive, but allows you to help without having to do anything.

@peppermint
link
6
edit-2
3M

Firefox

  • Ad nauseum - like ublock
  • temporary containers - this is a must, separates cookies
  • foxyproxy - pattern-based proxy redirection. I use it to make .onion and .i2p sites go through specific ports
@Jeffrey
link
43M

I haven’t heard of adnauseum in a long time! How well does it work for you compared to uBlock Origin?

For the uninitiated it’s an adblocker that loads and clicks ads securely and hidden from view. Instead of trying to block ads outright, an adnauseum user will provide so much data to the ad companies that it pollutes their datasets. When you click on every single ad that is no more helpful than when you don’t click on any ads. With adnauseum the site operators and content creators get their ad revenue, too!

@peppermint
link
33M

I don’t know how to use ublock origin, so I use ad nauseum :)

Tmpod
link
63M

I use Firefox.

Privacy related: uBlock Origin, LocalCDN (active Decentraleyes fork), PrivacyPossum (don’t have it enabled all the time), CanvasBlocker, ClearURLs (cleans tracking query params).

Convenience: BitWarden, Firefox containers, Temporary containers, Privacy reditect (super handy), ToS;Dr, RES, Stylus and Dark Reader (with the new DR version I sometimes save the generated “dynamic” style after navigating some pages of a website, and then shove it into Stylus for better performance).

Absolutely need this, I don’t even know how to browse without this anymore lol: Tree Tabs (this specific one: https://gitlab.com/kroppy/TreeTabs ; I dislike all others; I also remove the normal tab view at the top with user css) and AutoTab Discard (I tend to open a lot of tabs and without this my RAM goes bye bye; TT has this but it’s not as good)


Additionally, I have a second Firefox profile that I can quickly bring up with Ctrl+Alt+F (akin to getting a terminal) and that sort of emulates Firefox Focus on desktop. Essentially it doesn’t store cookies between sessions, there’s no history, and all tabs are temporary containers. I don’t have as strict rules in uBlock and whatnot in that profile and I often use it for stuff that breaks a lot with my normal setup, or for things that I really don’t want to run on my normal profile (like Google). Also, I enabled DRM in it because some platforms I use require it. I try to minimize that usage though. I even made a little theme for the profile using color.firefox.com :D

@ksynwa
link
63M

Ublock origin, privacy badgers, the containers extension, stylus

@Whom
link
5
edit-2
3M
  • Absolute Enable Right Click & Copy
  • Amazon Container
  • Augmented Steam
  • BazQux Reader: open links in background tab
  • Bitwarden
  • ClearURLs
  • GNOME Shell integration
  • Google Container
  • LocalCDN
  • Privacy Redirect
  • ProtonDB for Steam
  • Purple Ads Blocker (twitch)
  • uBlock Origin
@Helix@feddit.de
link
23M
  • Amazon Container
  • Google Container

Why not use Temporary Containers and the Multi-Account Container plugin? It’s basically the same, but configurable for more websites.

@Whom
link
33M

Because I don’t care to configure them :P

@KLISHDFSDF
link
13M

You forgot the “And why” part. Now I gotta DDG what “Absolute Enable Right Click” does lmao. I’m lazy, but thanks for your input.

@Whom
link
43M

It’s for making it so you can right click on sites that grab it and replace it with their own shit. Or if they block it. I think the rest are fairly self explanatory? Augmented Steam and ProtonDB for steam just add a bunch of additional shit to steam pages like Is There Any Deal links, Bitwarden is my password manager, the containers keep the few Google and Amazon sites I do find myself on isolated, etc.

It’s for making it so you can right click on sites that grab it and replace it with their own shit. Or if they block it.

iirc you can shift click and get the same effect

@Helix@feddit.de
link
13M

It’s for making it so you can right click on sites that grab it and replace it with their own shit. Or if they block it.

Usually I can just hold Shift and right click instead and it works (Firefox). I think I never had it not work this way, even though some people say it’s possible to disable the Shift+Click feature with JavaScript.

明-3 NOMAD
link
5
edit-2
3M

I use what the Arkenfox project recommends:

This list covers privacy and security related extensions only. While we believe these are the very best of the best, this can be subjective depending on your needs. We are also not saying you have to use all these extensions.
Extensions (in no particular order...)
  • uBlock Origin ✔ Privacy
    
  • Temporary Containers ✔ Privacy
      This can achieve almost everything First Party Isolation (FPI) does without breaking cross-domain logins. And (with or without FPI), in a hardened TC setup, this can even isolate repeat visits to the same domain, which FPI alone cannot.
      Required reading: [1] AMO description [2] Article [3] TC's Wiki
    
  • Smart Referer ✔ Privacy
    
  • Header Editor
      Allows you to run Rules to modify modify the request header and response header, cancel a request and redirect a request. Be careful not to alter your passive fingerprint
    
  • Skip Redirect
    
  • ClearURLs ✔ Privacy
    
  • Request Control
    
  • Redirector ✔ Privacy
    

Plus I also use Gesturefy and Behind!

@Dreen
link
33M

I filtered out some that are purely just for web development

  • Don’t Fuck With Paste
  • Easy Auto Refresh
  • EditThisCookie
  • GoFullPage - Full Page Screen Capture
  • JSONView
  • New Tab Redirect
  • Pushbullet
  • Remove Element
  • uBlock Origin
@ethicallypulmonary
link
43M

I use uBlock Origin on Firefox with Javascript, remote fonts, and all 3rd party resources blocked by default, and I also use Yomichan with several J-J and J-E dictionaries for quick, high-quality lookups and making Anki cards.

I have another profile with no extensions aside from cookies.txt to extract cookies so that I can use youtube-dl for those sites.

And, if you can call it an add on, I use custom search engines for a lot of sites. As for the extensions I don’t use, I’ve disabled and removed the EME and Widevine DRM modules that Firefox ships by default because it’s proprietary and…it’s DRM. DRM is ridiculous and bad, and it only ever punishes people who don’t pirate content. It also empowers monopolies.

A loosely moderated place to ask open ended questions

If your post is

  1. Open ended
  2. Not offensive
  3. Not regarding lemmy support (c/lemmy_support)
  4. not ad nauseam inducing (please make sure its a question that would be new to most members)

it’s welcome here!

  • 0 users online
  • 6 users / day
  • 54 users / week
  • 153 users / month
  • 524 users / 6 months
  • 2.14K subscribers
  • 675 Posts
  • 8.7K Comments
  • Modlog