What firefox add-ons do you use?

Another reason why tor browser is so nice, proper fingerprinting protection without tons of addons.

1 Like

I currently use ;

  • Bitwarden
  • CanvasBlocker
  • Cookie auto delete
  • Decentraleyes
  • Fire fox multi account container (set up so i have my main sites (facebook,twitter, reddit, youtube etc) in their own containers)
  • First party isolation
  • HTTPS everywhere
  • I dont care about cookies
  • RES (im not sure about this one its very useful but i dont know how secure or privacy focused it is)
  • Ublock origin
  • Umatrix
    Do people use both Ublock(advanced mode) and umatrix or just one?
    Also is it just me or is umatrix quite resource hungry?

personal preference really - i use both - uBO in easy mode as an ad/tracking blocker and uM for filtering resources, JS, etc. - this may answer some questions

unfortunately you sort of have to if you’re concerned with privacy/tracking - i think maybe some people misunderstand what is often meant by “cookies” - there several kinds of web storage and cookies are just a part of that - there’s web cache, e-tags, indexedDB storage, service workers, etc.

what i do personally is allow all 1st party cookies in uBO for a more hassle-free browsing experience, but then i use Site Bleacher to clean most of the storage stuff, including cookies - for sites where i want to keep cookies, like this one, i whitelist the domain in Site Bleacher

no cookie cleaners (inc. CAD) address indexedDB storage at this time - only Site Bleacher does

having FPI enabled as you do is also a really good idea

Oh no sorry i should have been more clear, i use an extension called “i dont care about cookies” It automatically accepts the cookie accept pop up, which i think is okay as i have auto cookie delete and umatrix/ublock.

  • uBlock Origin ( with Adblock warning removal list and no WebRTC)
  • HTTPS Everywhere (with EASE turned on)
  • Decentraleyes
  • Cookie Autodelete
  • Multi-account containers

And now for the ones that have nothing to do with privacy:

  • Nuke Anything
  • Wayback Machine
  • Reddit Enhancement Suite
  • Enhancer for Youtube

hi @shadomatrix - here’s my personal feelings regarding some of your add-ons if interested…

Cookie Autodelete - none of the storage managers have the ability to remove indexedDB storage at the moment (API limitations) except for Site Bleacher - personally the way i set this up is to allow 1st party cookies globally in uBO, then let Site Bleacher do the cleaning

Wayback Machine - if that works only for archive.org and you want to make it easy to access other services, have a look at View Page Archive & Cache

I really need to start using this setup. UBO is pretty darn good even in its “EZ mode,” but it would be awesome to use a whitelist-based system for everything else. There is so much trash on the web right now, it really makes no sense to allow random garbage to load unless there is a reason to do so.

you can do that with either uBO or uMatrix, or if you use both you can just do the static filtering with uBO (filter lists) and the dynamic with uMatrix - i block JS, frames, XHR and ‘other’ globally with uM, but allow CSS and images globally - then i unblock JS, etc., as needed per domain

i see more websites using JS and some CSS to hide everything until the content is fully loaded apparently - annoying as hell, but you can get around that much of the time without enabling JS - see here: Display website content hidden by JavaScript

2 Likes

I just added Decentraleyes to Firefox, and will probably be adding some of these other extensions. I had used NoScript for a while, but it made it a little difficult to browse!

unfortunately one has to sacrifice a bit of convenience to protect privacy - there’s no way around it

i think the key is employing the right add-ons and configuring them properly to avoid as much extra hassle as possible - i don’t know how well i’ve succeeded in that regard, but you can take a look at my guide which may help you

JS in particular is a huge offender in the privacy/tracking dept. - it must be disabled globally and then allowed on a per-domain basis - virtually every website used JS, but probably the majority of them will function for reading without having to allow JS - so yeah, browsing is a little more work in general, but it becomes quite routine after a while

1 Like

That’s really useful, thanks.

haven’t seen site bleacher before, I found Forget me not a year ago which lists indexedDB storage, however it was broken until mozilla/firefox fixed it.

big +1 for View page archive (it’s a good one!)

i should correct myself - when i refer to cleaning storage, i mean automatic cleaning on a domain basis after the tab is closed (or before the domain is visited again as is the case with Site Bleacher)

Forget Me Not cleans IDB and workers only once per session it seems and that’s not optimal from a privacy perspective IMO

1 Like

yah, it only cleans cache, iDB, workers, plugin data, and form data on browser restart (other things like cookies, local storage, history and downloads can be ‘clean on domain leave’ or ‘block/remove on creation’).

I did install Site Bleacher and disabled after seeing settings is basically only an allow/whitelist? or am i missing something :confused:

yeah, there’s no granularity with Site Bleacher - it’s all or none - in my case that’s ok because i clear cache on exit and i enable first party isolation, etc.

you can ask the dev if he’ll add more features - he seems pretty responsive

1 Like

I normally only use Tor Browser for everything, but for things like an I2P browser, I use firefox with ublock origin, noscipt security suite, and ghacks user.js tweaks.

1 Like

I tried Site Bleacher but it didn’t seem to delete cookies after closing the tab. Not sure if there was a regression recently (on reviewer complained it didn’t work) or if it’s a conflict with my setup.

Site Bleacher deletes storage upon revisiting the domain, not when its tab is closed - not sure why he does it that way, but it may have something to do with removing indexedDB storage

That’s strange. Maybe I’ll play with it some more, though it is disconcerting seeing all those cookies. The delete-on-visit strategy makes it necessary to have first party isolate.