Blocker addons for Firefox

Slickone · Jun 26, 2013

I have Noscript and AdBlockPlus (with EasyPrivacy+EasyList subscription), and Betterprivacy installed. Would there be any advantage to installing DoNotTrackPlus or RequestPolicy?
Is Betterprivacy worth using if I have any of the others installed?
And would any of these cover what ShareMeNot does?

One concern is that in Noscript, I've had to permanently allow some google sites for certain things to work. I've allowed google.com, google-analytics.com (arg!), googleapis.com, and googleusercontent.com. But not googlesyndication.com

I thought about using Ghostery as well but after reading a bit, I don't think I will. But someone said if you do allow a site with Noscript, you can still use Ghostery to not be tracked by it.

I read most of this, which is mainly opinions.
http://www.schneier.com/blog/archives/2012/06/ghostery.html
But one person says Ghostery slows down the browser a lot. Someone says Ghostery doesn't do anything that ABP doesn't. And some people question the practices of the company that owns Ghostery.
Some more info:
http://forums.mozillazine.org/viewtopic.php?f=7&t=1905935
http://forums.mozillazine.org/viewtopic.php?f=38&t=2125163
https://adblockplus.org/forum/viewtopic.php?f=2&t=9246

Chiefcrowe · Jun 26, 2013

on Betterprivacy - AFAIK that is the only add-on that blocks/deletes flash cookies.

lxskllr · Jun 26, 2013

I use Adblock+ with Fanboys Ultimate list
Better Privacy
Request Policy 1.x beta
NoScript(I block everything google but google.com)
CertificatePatrol. Somewhat tedious, but is good for high value sites like banks. You can ignore most alerts, but banking certificates are worth a look to make sure things are cool.
HTTPS Everywhere - get it from eff.org
Block third party cookies

Slickone · Jun 27, 2013

lxskllr, do you have a google account? I do for Google Docs, Youtube and Gmail. Although I don't use gmail. I just tried it, and don't like it.

lxskllr · Jun 27, 2013

Slickone said:
lxskllr, do you have a google account? I do for Google Docs, Youtube and Gmail. Although I don't use gmail. I just tried it, and don't like it.

I do, but I'm moving away from Google. I guess my biggest use in Gmail, but It's relegated to "legacy" contacts until I completely get out. I have several other accounts with different providers.

The biggest contenders for "good" mail are Lavabit and Yandex. Lavabit's paid service offers serverside encryption, but is hosted in the USA. Yandex, while corporate like Google, is hosted in Russia. I'm awaiting StartPage's and Mega's email services. They may be a good solution too. Self hosting is the best option, but judging by what I've seen it's difficult to properly setup. I'll look into that more in the future.

Since I have Gmail, I technically have every other Google service except +, but I don't login anymore. Sometimes I will to watch a restricted Youtube video, but I get a little more pissed every time I do that, so I may just close the whole mess.

I'm philosophically opposed to "cloud" computing, so that option is completely off the table as far as docs, and stuff like that goes. I use my software, on my computer.

Slickone · Jul 17, 2013

If using Google Docs and/or Youtube, wouldn't you have to allow scripts on more than just google.com? Those are the only two Google pages with an account that I use. Don't some other non-google pages not work unless scripts from some of the other google pages are allowed?

Should I install DoNotTrackPlus, RequestPolicy, or ShareMeNot, or am I covered?

lxskllr · Jul 17, 2013

Slickone said:
If using Google Docs and/or Youtube, wouldn't you have to allow scripts on more than just google.com?

Should I install DoNotTrackPlus, RequestPolicy, or ShareMeNot, or am I covered?

You're right. I need youtube.com and ytimg.com enabled for Youtube to work. Don't know about GoogleDocs, as I don't use it.

For the other addons, I guess just try them, and see if they're useful to you. I think ABP and the Fanboy ultimate list covers things well enough, and with little overhead. Perhaps one of the other addons would give you interesting information that isn't specifically security related. For example, Ghostery makes a nice list of trackers on a page. ABP already blocks them, but it's interesting to see what sites try to foist on you. Unfortunately, Ghostery slows browsing a bit, and while I believe they're freeing the code, it's currently proprietary.

I'm considering dropping RequestPolicy. Keeping an eye on it, it doesn't seem to help when combined with NoScript. Setting it to the old default backlist mode will prevent attacks, but it more than doubles the work required to view a site. Any asset that isn't hosted on the visited domain gets blocked, so that means all scripts, images, and everything. You have to chase them all down to allow them; Tedious... Whitelisting by default is much easier, but if a threat gets through, later blacklisting it isn't much good. Dunno... I'll have to play with it some, and see if there's a sane compromise between the two extremes.

John Connor · Jul 17, 2013

Doesn't Noscript handle XSS? Why would I need Request Policy?

lxskllr · Jul 17, 2013

John Connor said:
Doesn't Noscript handle XSS? Why would I need Request Policy?

I'm thinking yes, they duplicate coverage. The one difference is RequestPolicy can block *everything* that comes from a different domain. Not sure how valuable that is. I wonder if a browser could get pwned by a malicious .jpg, or something like that. You'd have to load the .jpg, and it would have to get a script through without NoScript seeing it. Doable? I don't know, and if so, which .jpg do you block?

I need yo study it some more. Right now I'm leaning towards disabling it.

Edit:
Q: Is RequestPolicy an alternative or competitor to NoScript?

A: No!

NoScript is a tool that gives you a default deny policy for JavaScript, Java, Flash and other plugins. NoScript allows you to whitelist scripts and objects from domains you trust.

RequestPolicy is a tool that gives you a default deny policy for cross-site requests. RequestPolicy allows you to whitelist cross-site requests you trust.

How does RequestPolicy help you where NoScript does not? RequestPolicy will protect you from various attacks that NoScript will not (such as CSRF attacks, though there some special cases that NoScript protects against) and will give you greater privacy while browsing.

Also, RequestPolicy will give you finer-grained control over JavaScript and plugins when you use it with NoScript. For example, if you whitelist a domain with NoScript to allow it to run JavaScript, then that domain will also be allowed to run JavaScript when you are on any other site that you have whitelisted with NoScript. RequestPolicy makes sure that when it is JavaScript from a third-party site, it will still be restricted unless you have allowed those cross-site requests.

Conversely, NoScript gives you protection that RequestPolicy does not. RequestPolicy will not keep you safe from malicious JavaScript or vulnerable plugins on the current site you are visiting, So, NoScript is absolutely essential for browser security.

Having two separate tools that each do their specific jobs well is the best approach. NoScript is an amazing extension and is absolutely essential (like RequestPolicy) to using Firefox securely. It is best to use both RequestPolicy and NoScript.

https://www.requestpolicy.com/faq.html

John Connor · Jul 18, 2013

Interesting! I shall use Request policy now. I have like 7 security add-ons thus far. Firefox has got to be one of the best browsers on earth! Many replicate it with the Mozilla code.

Search

Blocker addons for Firefox

Slickone

Diamond Member

Chiefcrowe

Diamond Member

lxskllr

No Lifer

Slickone

Diamond Member

lxskllr

No Lifer

Slickone

Diamond Member

lxskllr

No Lifer

John Connor

Lifer

lxskllr

No Lifer

John Connor

Lifer

TRENDING THREADS