4.1 Extensions
github.com
Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening - arkenfox/user.js

I’m sure a lot of us are already using Firefox with uBlock Origin, and I’m also sure that most of us already know about Arkenfox.

Despite this, one thing that I’m still noticing on the internet are people recommending extensions that, as per the Arkenfox wiki, are frankly just not needed anymore.

So people, please stop using:

  • Cookie extensions like Cookie Auto Delete
  • URL cleaning extensions like ClearURLs
  • Anti-fingerprinting extensions
  • Redundant privacy extensions like Ghostery or Privacy Badger
  • NoScript

And also please note that Firefox Multi-Account Containers is probably overkill for most threat models, and that Firefox’s builtin Total Cookie Protection is probably just fine.

  • AtHeartEngineer@lemmy.worldEnglish
    731·
    1 year ago

    Multi account containers are super useful for managing multiple accounts though. Keeping work/personal/hobby stuff separate is awesome.

    • fnie@lemm.ee
      2·
      1 year ago

      I find the temporary containers extension essential. Set automatic mode and forget.

  • MigratingtoLemmy@lemmy.world
    381·
    1 year ago

    How exactly are my URLs going to be cleaned without ClearURLs?

    My extensions are:

    • UBlock Origin
    • Dark Reader
    • ClearURLs
    • NoScript
    • Multi-Account Containers
    • Cookie Quick Manager (probably not required since I don’t deal much with cookies other than flushing them)
    • LocalCDN
  • hottari@lemmy.ml
    352·
    1 year ago

    NoScript and Cookies Auto Delete are very much needed. uBlock’s JavaScript control is extremely basic and doesn’t toggle WebGL.

    As for cookies, I only set them for sites I have accounts or ones that need to remember user data in Chromium. I personally don’t use CAD but I can certainly appreciate its convenience.

  • Sinnerman@kbin.social
    301·
    1 year ago

    The link says that NoScript is “redundant with uBlock Origin”

    I like NoScript because I can click on its icon on the toolbar, and easily select which scripts on a given page to whitelist, or which to whitelist temporarily (until browser quit.) And on any page, I can select which set of scripts (by domain name) on that page to run or whitelist.

    With uBlock Origin, it’s only “all script on the page” or “no scripts on the page”, right?

  • dampfnudel@lemmy.zipEnglish
    301·
    1 year ago

    Yes but…

    • Most people want a quick-fix… “just install these extensions and all your web privacy issues will be handled automatically, in the background and you don’t ever have to do anything at all.” The “no user effort required” approach isn’t realistic and arkenfox is not a quick-fix. It’s a lot of tough love imo.
    • To use arkenfox and also not get frustrated that the entire internet is broken you will need to create a good user-overrides.js file. Creating a good one takes time. So take it and create a good one.
    • RFP breaks a lot of things. If you choose to disable RFP, the arkenfox wiki suggests you use the anti-fingerprinting extension, CanvasBlocker.
    • If you use arkenfox’s user.js you’ll probably want to create multiple profiles with different levels of arkenfox strength, which can be determined by your user-overrides.js file.

    I mostly use arkenfox… but I also have a TCP + uBO only profile for when I need it.

    • ikiru@lemmy.ml
      82·
      1 year ago

      Also wondering how much more effective Arkenfox is to tightened security settings, uBlock, Decentraleyes, Ghostery, etc. on Firefox?

  • Mikelius@lemmy.ml
    20·
    1 year ago

    I personally prefer NoScript not for just the privacy stuff, but for the security of knowing that an accidental click to a malicious site using some zeroday JavaScript exploit won’t kick in like it would, had it not been default blocked.

    My NoScript profile is also fairly populated with things I’ve trusted over the years, so it’s really only new websites that require JavaScript that I have to worry about.

    Maybe just me being over cautious, but just keeps me at ease, personally.

    • Potatos_are_not_friends@lemmy.world
      7·
      1 year ago

      NoScript is fantastic.

      As a web developer, I have to build tools for the SEO/ad team to turn my beautiful optimized sites to be ad-filled garbage. And frequently, that involves fetching data from third party sites that even I feel disgusted by, that can be easily blocked with NoScript.

    • JubilantJaguar@lemmy.world
      71·
      1 year ago

      Agreed. Ideally, any such single point of failure needs to be under a distributed or accountable kind of control. Perhaps EFF could take over uBO, for example.

  • Helix 🧬@feddit.de
    18·
    1 year ago

    Okay, which settings specifically replace these extensions? They usually also have a nice GUI with validation which is a better UX than editing text files and checking if it works by yourself.

  • bobby_hill@lemmy.world
    9·
    1 year ago

    To add to the other fine points here, I almost exclusively do all my personal browsing on my phone. Arkenfox isn’t designed to work on Firefox mobile.

  • taladar@sh.itjust.worksEnglish
    82·
    1 year ago

    My personal view is that anyone who forks a browser is probably not experienced enough to know how much work it is to patch security holes in a timely manner in such a large code base.

    • Lemongrab@lemmy.one
      31·
      1 year ago

      Good thing arkenfox is not a FF fork and you still get the same updates from Firefox main.

    • blarp@lemmy.mlOPEnglish
      7·
      1 year ago

      I used to use Librewolf but found it lagged behind Firefox too much when it came to security updates. But I agree with you that it does take the work out of configuring Firefox, which is convenient.

      • Free Palestine 🇵🇸@sh.itjust.works
        1·
        1 year ago

        The update schedule used to be pretty bad, but they have really improved. They usually release patches within 1-2 days, but recently, I’ve often seen them release an update on the same day. It’s not that bad, especially when you combine it with just general good security practices. Block known malware on DNS/firewall level, run your browser in a sandbox and just be cautious when clicking on links. Blocking JavaScript as much as possible also reduces attack surface. For high security stuff I just use Vanadium on my phone which is hardened Chromium by GrapheneOS.

  • sub_ubi@lemmy.ml
    51·
    1 year ago

    Is it possible to limit permissions for an extension to just a few domains? Most of them I’m using just for specific sites

    • dampfnudel@lemmy.zipEnglish
      15·
      1 year ago

      Cookie management is now handled by firefox natively. In your FF browser bar, go to about:preferences#privacy and choose Strict. Then you can remove AutoCookie Delete extension. If you want to know more, find the the Firefox blog posts about Total Cookie Protection. There are multiple posts on the topic.

      Edit: If you want to be super intense, you can also check the box, “Delete cookies and site data when Firefox is closed” although that isn’t strictly necessary if your ETP is set to strict.