this post was submitted on 09 Oct 2023
198 points (87.8% liked)

Privacy

32177 readers
417 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I'm sure a lot of us are already using Firefox with uBlock Origin, and I'm also sure that most of us already know about Arkenfox.

Despite this, one thing that I'm still noticing on the internet are people recommending extensions that, as per the Arkenfox wiki, are frankly just not needed anymore.

So people, please stop using:

  • Cookie extensions like Cookie Auto Delete
  • URL cleaning extensions like ClearURLs
  • Anti-fingerprinting extensions
  • Redundant privacy extensions like Ghostery or Privacy Badger
  • NoScript

And also please note that Firefox Multi-Account Containers is probably overkill for most threat models, and that Firefox's builtin Total Cookie Protection is probably just fine.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 73 points 1 year ago (1 children)

Multi account containers are super useful for managing multiple accounts though. Keeping work/personal/hobby stuff separate is awesome.

[–] [email protected] 2 points 1 year ago

I find the temporary containers extension essential. Set automatic mode and forget.

[–] [email protected] 37 points 1 year ago (3 children)

How exactly are my URLs going to be cleaned without ClearURLs?

My extensions are:

  • UBlock Origin
  • Dark Reader
  • ClearURLs
  • NoScript
  • Multi-Account Containers
  • Cookie Quick Manager (probably not required since I don't deal much with cookies other than flushing them)
  • LocalCDN
[–] [email protected] 4 points 1 year ago (1 children)

The option in uBlock Origin should really be baked-in and more prominent IMO, also I think I had some issues with the shortener not working on, e.g. Amazon in the past, but things might be working fine now, idk

[–] [email protected] 1 points 1 year ago (1 children)

Funny how even when I toggle the "advanced user" option on, I still can't see any interactive menu/console to work with individual scripts. This is what prompted me to install NoScript in the first place. Am I using an old version?

[–] [email protected] 2 points 1 year ago

Sorry, don't know about that, I was talking about the ClearURLs replacement

[–] [email protected] 3 points 1 year ago

According to the wiki through ublock but I honestly don’t know how to do that

[–] [email protected] 33 points 1 year ago (1 children)

NoScript and Cookies Auto Delete are very much needed. uBlock's JavaScript control is extremely basic and doesn't toggle WebGL.

As for cookies, I only set them for sites I have accounts or ones that need to remember user data in Chromium. I personally don't use CAD but I can certainly appreciate its convenience.

[–] [email protected] 2 points 1 year ago

Any references you can give? I would like to research this a bit more.

[–] [email protected] 29 points 1 year ago* (last edited 1 year ago) (1 children)

Yes but...

  • Most people want a quick-fix.... "just install these extensions and all your web privacy issues will be handled automatically, in the background and you don't ever have to do anything at all." The "no user effort required" approach isn't realistic and arkenfox is not a quick-fix. It's a lot of tough love imo.
  • To use arkenfox and also not get frustrated that the entire internet is broken you will need to create a good user-overrides.js file. Creating a good one takes time. So take it and create a good one.
  • RFP breaks a lot of things. If you choose to disable RFP, the arkenfox wiki suggests you use the anti-fingerprinting extension, CanvasBlocker.
  • If you use arkenfox's user.js you'll probably want to create multiple profiles with different levels of arkenfox strength, which can be determined by your user-overrides.js file.

I mostly use arkenfox... but I also have a TCP + uBO only profile for when I need it.

[–] [email protected] 5 points 1 year ago (1 children)
[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (1 children)
[–] [email protected] 1 points 1 year ago
[–] [email protected] 29 points 1 year ago (3 children)

The link says that NoScript is "redundant with uBlock Origin"

I like NoScript because I can click on its icon on the toolbar, and easily select which scripts on a given page to whitelist, or which to whitelist temporarily (until browser quit.) And on any page, I can select which set of scripts (by domain name) on that page to run or whitelist.

With uBlock Origin, it's only "all script on the page" or "no scripts on the page", right?

[–] [email protected] 27 points 1 year ago (1 children)

With uBlock Origin, it’s only “all script on the page” or “no scripts on the page”, right?

nope. You should read the uBO wiki's pages about medium mode and hard mode. You have pretty granular control if you're using uBO in "I am an advanced user" mode.

[–] [email protected] 2 points 1 year ago

Oh, thanks, I didn't realize that about advanced user mode, I'll look into it!

[–] [email protected] 10 points 1 year ago
[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Ublock Origin allows that as well, but it's not as easy as NoScript. So, IMO that's a perfectly valid reason to prefer NoScript.

[–] [email protected] 23 points 1 year ago (1 children)

I've never heard of Arkenfox or user.js. what do they do?

[–] [email protected] 6 points 1 year ago (1 children)

Also wondering how much more effective Arkenfox is to tightened security settings, uBlock, Decentraleyes, Ghostery, etc. on Firefox?

[–] [email protected] 7 points 1 year ago (1 children)

Isn't Privacy Badger better than Ghostery?

[–] [email protected] 11 points 1 year ago (2 children)

Yes, ghostery was purchased by a spammer or something like that IIRC

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago)

Ah, damn. I didn't know that. Coincidentally, I also already have Privacy Badger.

Thanks, by the way!

[–] [email protected] 8 points 1 year ago

Ghost constantly tries to phone home I've noticed. Maybe for good reason but it freaked me out.

[–] [email protected] 20 points 1 year ago (1 children)

I personally prefer NoScript not for just the privacy stuff, but for the security of knowing that an accidental click to a malicious site using some zeroday JavaScript exploit won't kick in like it would, had it not been default blocked.

My NoScript profile is also fairly populated with things I've trusted over the years, so it's really only new websites that require JavaScript that I have to worry about.

Maybe just me being over cautious, but just keeps me at ease, personally.

[–] [email protected] 7 points 1 year ago

NoScript is fantastic.

As a web developer, I have to build tools for the SEO/ad team to turn my beautiful optimized sites to be ad-filled garbage. And frequently, that involves fetching data from third party sites that even I feel disgusted by, that can be easily blocked with NoScript.

[–] [email protected] 20 points 1 year ago* (last edited 1 year ago) (1 children)

This is likely a very unpopular opinion, but I'm not a fan of the "only use uBlock origin" view that seems to be going around, yes using just that makes you less fingerprintable, but you're also just giving yourself a single point of failure and giving full control of your privacy to whatever the uBlock Origin devs want to add or refuse to add, who are at the end of the day still only human and can make mistakes.

[–] [email protected] 6 points 1 year ago

Agreed. Ideally, any such single point of failure needs to be under a distributed or accountable kind of control. Perhaps EFF could take over uBO, for example.

[–] [email protected] 18 points 1 year ago

Okay, which settings specifically replace these extensions? They usually also have a nice GUI with validation which is a better UX than editing text files and checking if it works by yourself.

[–] [email protected] 10 points 1 year ago (2 children)

To add to the other fine points here, I almost exclusively do all my personal browsing on my phone. Arkenfox isn't designed to work on Firefox mobile.

[–] [email protected] 8 points 1 year ago

Like the other poster said, Mull is a fork of Firefox for Android that includes tweaks from the Arkenfox user.js.

[–] [email protected] 6 points 1 year ago (1 children)

My personal view is that anyone who forks a browser is probably not experienced enough to know how much work it is to patch security holes in a timely manner in such a large code base.

[–] [email protected] 3 points 1 year ago

Good thing arkenfox is not a FF fork and you still get the same updates from Firefox main.

[–] [email protected] 4 points 1 year ago

Is it possible to limit permissions for an extension to just a few domains? Most of them I'm using just for specific sites

[–] [email protected] 3 points 1 year ago (1 children)

Just use LibreWolf. It has everything already set up and it includes uBlock Origin by default.

[–] [email protected] 7 points 1 year ago (1 children)

I used to use Librewolf but found it lagged behind Firefox too much when it came to security updates. But I agree with you that it does take the work out of configuring Firefox, which is convenient.

load more comments (1 replies)
[–] [email protected] 3 points 1 year ago

Love when you install a boring extension on vscode and it has a telemetry setting…

load more comments
view more: next ›