What firefox add-ons do you use?

12bytes.org · June 1, 2019, 10:56pm

yeah, there’s no granularity with Site Bleacher - it’s all or none - in my case that’s ok because i clear cache on exit and i enable first party isolation, etc.

you can ask the dev if he’ll add more features - he seems pretty responsive

Born2Choo · June 1, 2019, 11:20pm

I normally only use Tor Browser for everything, but for things like an I2P browser, I use firefox with ublock origin, noscipt security suite, and ghacks user.js tweaks.

wafiech · June 2, 2019, 3:44pm

I tried Site Bleacher but it didn’t seem to delete cookies after closing the tab. Not sure if there was a regression recently (on reviewer complained it didn’t work) or if it’s a conflict with my setup.

12bytes.org · June 2, 2019, 4:34pm

Site Bleacher deletes storage upon revisiting the domain, not when its tab is closed - not sure why he does it that way, but it may have something to do with removing indexedDB storage

wafiech · June 2, 2019, 4:39pm

That’s strange. Maybe I’ll play with it some more, though it is disconcerting seeing all those cookies. The delete-on-visit strategy makes it necessary to have first party isolate.

12bytes.org · June 2, 2019, 5:18pm

FPI is essential regardless IMO - either that or containers and that just complicates matters i think (Temporary Containers add-on)

there’s been discussion about what you’re experiencing with SB that may help you - see this

by the way, uBlock O doesn’t block cookies either … just sayin’ - it blocks the website from reading the data they stored though

the way i run is to set FF and uBO to allow 1st part cookies globally for hassle-free browsing, then let SB dump the data later (+ FPI of course)

to avoid excessive disk I/O i run my FF profile in RAM

wafiech · June 2, 2019, 6:55pm

Thanks for your reply and link. I also have FF in RAM and don’t depend on uBO for cookies. The dev of the Temp Containers addon claims more privacy through it than FPI, though I don’t recall where I read that.

I wonder if the IndexDB could merely be deleted every few minutes from outside FF with cron or systemd. Alternatively, perhaps an addon could use the native messaging protocol.

12bytes.org · June 2, 2019, 7:17pm

i recall reading that myself - i think in the ghacks user.js repo - though as i think the differences are somewhat negligible - also i think FPI is continuing to be improved in FF

TC works with FPI enabled i’m pretty sure, if you want the ultimate protection

the short answer is ‘yes, probably’, but it’s not something you’d likely want to do because some add-ons use IDB to store stuff - uBO defaults to IDB to store settings (and possibly filter lists), though it will fallback to other methods if IDB is disabled apparently (yes, you can disable it entirely if you want), or you can specify what storage it uses in the advanced settings, cacheStorageAPI, which defaults to ‘unset’

virticalizes · August 1, 2019, 2:14pm

Thanks to posts like these, I started using Privacy Possum, Decentraleyes, and w3af (which tells information about hosting).

shadomatrix · August 1, 2019, 3:39pm

I’ve never tried Privacy Possum, but from what I’ve seen, there are better ways to block trackers. I prefer uMatrix which does much more. NoScript is also usable, but it’s much harder to use and only allows/blocks scripts globally rather than on only one website.

Decentraleyes is pretty good.

I’ve never heard of w3af. Firefox and Pale Moon have page info built-in which you can open by pressing “Ctrl + I” or “Ctrl + Shift + E”.

virticalizes · August 4, 2019, 11:16am

Actually, I meant to say “W3Bin,” although I have tried w3af as well. w3af is an open source web application vulnerability scanner, kind of like Grabber or Vega. W3Bin is the one that gives hosting information. And thanks for the tip!

grahamperrin · December 26, 2019, 2:19pm

+1 to Malwarebytes Browser Guard, as it’s now called.

As an alternative to HTTPS Everywhere, people might like to try HTTPZ.

I also use legacy Fox Web Security:

From a privacy perspective, some people might question the use of DNS but (at least with Yandex DNS) Fox Web Security does seem to flag some domains that might be not otherwise flagged.