What firefox add-ons do you use?

beerhunter · 2020-05-27T09:30:36.227Z

shadomatrix:

AdBlock Plus allows acceptable ads and I actually used to use it years ago until I noticed it wasn’t blocking ads anymore.

The “Allow acceptable ads” option is not nice but I always turn it off so it doesn’t bother me very much.

Back when Firefox was not using WebExtensions, creating custom blocking rules with Adblock+ Element Hiding Helper was easier than doing it with uBlock Origin. That’s why I once used it exclusively instead of uBO. Nowadays it’s approximately equally easy with either add-on and I have started using uBO on some of my devices.

NoScript was once said to be harmful and malicious, and it’s content blocking is inferior to uMatrix (the addon that can replace all adblockers and NoScript).

I definitely have to take a look at uMatrix. It seems to provide more fine-grained control compared to NoScript.

I also remember that NoScript author had some shady stuff going on. I’m not sure if uMatrix was available, or why I didn’t switch to it back then.

If your VPN has IPv6 leak protection then this isn’t necessary. You could always set “network.dns.disableIPv6” to “true” in about:config, but disabling IPv6 is best done systemwide.

I use those add-ons just for curiosity, to see if a particular site supports IPv6 or not.

As for VPNs, I would not trust a VPN service that offers “IPv6 leak protection” instead of fully supporting IPv6. There should be no need to block or disable IPv6 connectivity if it’s properly routed through the VPN tunnel, just like IPv4.

beerhunter:

I’d like to find good, configurable referer and user-agent spoofing add-ons.

For referers, just use the about:config tweaks provided by PrivacyTools, some of which involve referers. For user-agents, use “general.useragent.override” or maybe try this addon.

You should also consider installing LocalCDN (fork of Decentraleyes with more active development)

Thanks, I’ll take a look… Many years ago, I used RefControl but I don’t know if it’s still being developed.

In my opinion, the referer and user-agent fields should be removed from the HTTP standards. Or, browser developers should start blocking/spoofing them. Firefox provides many tracking protection options out of the box and these two should definitely be included.

otaku-ccs.u · 2020-05-27T18:45:46.364Z

Aha.
That LocalCDN addon was the one I forgot about,
thanks :).

maricn · 2020-06-04T11:23:28.754Z

I find uMatrix not covering all the features of uBO+NoScript+ForgetMeNot, and not configurable enough. I also find it difficult to use uBO for NoScript’s functionality. So I use them and Decentraleyes, PrivacyBadger, Chameleon, CanvasBlocker and a few more for specific purposes, check out my list at https://addons.mozilla.org/en-US/firefox/collections/11298362/Privacy/ - I have detailed notes there.

Maybe someone can help but as of time of writing this, uBlock Origin seems to have much more detailed set of features than uMatrix. Am I missing something?

rokamakrofon · 2020-06-04T14:58:43.974Z

how you avoid the endless captchas ??

hauntsanctuary · 2020-06-04T21:33:49.779Z

You really dont. The sites you are visiting are not respectful of privacy. You may email them and request that they allow access to Tor. They may listen, or they may not (likely response). The only chance you get when you go through Tor is if someone just made a fresh exit node that for some reason isnt flagged as a Tor exit.

Same goes for going through free and popular VPNs. They get flagged somehow and trigger captchas.

The sites you visit like this are usually ones that offer online services and or online interaction. Best route of action is to find an alternative to this site if you can help it. For the VPNs, go for paid services. I rarely get catchas on sites.

a553d43c-f7fa-483a-8 · 2020-06-05T00:56:02.163Z

You don’t, your best bet is trying to not use as many shitty websites that depend on either Cloudfare (they generally block Tor’s IP completely) or reCaptcha since they bomb you with it.

sveik · 2020-06-25T11:30:36.077Z

Interesting… I have absolutely zero Firefox extensions as of this moment.

I was reading in few places, that when extension do that access all your data thing, it can also read all your passwords that you submit to the website. This could be a false claim, but I had no mental energy to investigate it further.

I don’t know, bu I’d love to see tech savvy people breaking down what is actually happening with extensions behind scenes.

PoorPocketsMcNewHold · 2020-06-25T13:01:29.470Z

sveik:

I was reading in few places, that when extension do that access all your data thing, it can also read all your passwords that you submit to the website. This could be a false claim, but I had no mental energy to investigate it further.

I don’t know, bu I’d love to see tech savvy people breaking down what is actually happening with extensions behind scenes.

I´ve did the search for you https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions

Access your data for all websites

The extension can read the content of any web page you visit as well as data you enter into those web pages, such as usernames and passwords.

Extensions requesting this permission might:
Read product and price information from a page to help find you the best price on items you're shopping for
Offer a password manager that reads and writes details of your username and password
Provide an ad blocker by reading the content of each web page you open to find and remove ad code

And from the Firefox develloper answer : https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions

The extra privileges include:

XMLHttpRequest and fetch access to those origins without cross-origin restrictions (even for requests made from content scripts)

the ability to inject scripts programmatically (using tabs.executeScript() ) into pages served from those origins

the ability to receive events from the webrequest API for these hosts

the ability to access cookies for that host using the cookies API, as long as the “cookies” API permission is also included.

bypassing tracking protection for extension pages where a host is specified as a full domain or with wildcards. Content scripts, however, can only bypass tracking protection for hosts specified with a full domain.