FireFox, Top Security/Privacy Extension

[zpro]

Thought I would ask the group, what would be your top 5 or 10 or more firefox extension to harden for security and privacy, against attack or trackers or hackers..etc

noscripts
ghostery
https everywhere
https finder
do not track plus
calomel ssl validation
quickjava
search engine security
askforsanitize
secure sanitizer
user agent switcher
adblocker plus
adblocker plus pop-up addon

Well thats mine list, what yours !!!
cheers

[Kees1958]

Switch to Chrome and use build in features like
- block HTTP cookies, allow session HTTPS cookies
- allow data (File:///*) for current session only
- click to play plug-ins (flash)
- deny javascript except from few high level domains (mine com, nl, org and net)
- default flash and pdf ppapi plug-ins (fully sandboxed)
- chrome safe browsing (websites and reputation scoring of downloads)
- check invalid certificates (chrome will warn you)
- no JAVA

You will only need three extensions:
- referer control, allow from/to https only block all others
- KB SSL enforcer (or HTTPS everywhere which uses FF db).
- Webutation (same as FF equivalent)

[arran]

Firstly I use the Jon Do Fox profile google if you haven't heard of it before.

Instead of "user agent switcher" I would use Secret agent https://www.dephormation.org.uk/index.php?page=81 which is what I use, It automatically Randomizers you user agent every time you click a new link or even refresh the webpage.

For Flash cookies some people use Better Privacy or have their browsers Sandboxed and have the contents deleted on exit, how ever this does not prevent Tracking during the actual browsing session. But I have since found a better solution which blocks the creation of flash cookies on your OS in the first place and that is to instead create a zero byte file named macromedia and replace it with the macromedia folder and no new flash cookies can ever be created.

anyway my other addons are
cookie monster to block normal cookies.
noscript
ghostery
perspectives

https everywhere. I only use this when not connected thru VPN otherwise it defeats the purpose of VPN because every site I connect to with https sees my real IP address.

And I use Admuncher for ad blocking.

[m00nbl00d]

Quote:

Originally Posted by Kees1958

Switch to Chrome and use build in features like
- block HTTP cookies, allow session HTTPS cookies
- allow data (File:///*) for current session only
- click to play plug-ins (flash)
- deny javascript except from few high level domains (mine com, nl, org and net)
- default flash and pdf ppapi plug-ins (fully sandboxed)
- chrome safe browsing (websites and reputation scoring of downloads)
- check invalid certificates (chrome will warn you)
- no JAVA

You will only need three extensions:
- referer control, allow from/to https only block all others
- KB SSL enforcer (or HTTPS everywhere which uses FF db).
- Webutation (same as FF equivalent)

Those measures do take care of some tracking, but not all tracking. I personally use Do Not Track Plus and Nimi Cleanser.

@ zpro

From those you mention, I've tried and am using the following in my Firefox Nightly build: Do Not Track Plus, HTTPS Everywhere + HTTPS Finder (I wish there was such an extension for Google Chrome ), Adblock Plus and RequestPolicy. I'm also using BlockSite Plus to allow connections only to specific TLDs and/or websites.

I also have HTTPFox to assist me with what kind of connections are happening. It's useful, IMHO.

[zpro]

Quote:

Originally Posted by arran

Firstly I use the Jon Do Fox profile google if you haven't heard of it before.

Instead of "user agent switcher" I would use Secret agent https://www.dephormation.org.uk/index.php?page=81 which is what I use, It automatically Randomizers you user agent every time you click a new link or even refresh the webpage.
.

Thats for the tip of Secret Agent, I will sure check this out,
as for right now, I just trying to harden firefox as much as I can, for surfing, and banking... check with others to see what security and privacy extension they have install, and why.

Thanks Again.

[Kees1958]

@Moon

Yes my friend you are correct

Some advertising networks place tracking and referer cookies on every kind of traffic (also https), so indeed not all coockies, but simply blocking those few (e.g. H TTPS://www.doubleclick.net) in the cookie list stops them dead, at least the most common cookies.

See pic after visiting some cookie infested websites

Off course there is no 100% defense against png cookies containing only a few pixels (often two, one from the network and one to ID you). The RGB color code of those pixels contains of three values each containing 3 digits (so 1 pixel = a nine digit code). Do Not Track or any other of the Anti-Tracking tools you use, will protect you against those smart cookies.

So I can say the same of your setup also

Quote:

Originally Posted by m00nbl00d

Those measures do take care of some tracking, but not all tracking

[tlu]

Quote:

Originally Posted by Kees1958

Switch to Chrome and use build in features like
...
- allow data (File:///*) for current session only

Is this documented somewhere?

[focus]

[quote=arran]https everywhere. I only use this when not connected thru VPN otherwise it defeats the purpose of VPN because every site I connect to with https sees my real IP address.

Are you sure about this arran? Every site that uses https will know your real IP address when using a VPN? I have never heard of this and would be very interested in any references that show that this is happening.

[happyyarou666]

[quote=focus]

Quote:

Originally Posted by arran

https everywhere. I only use this when not connected thru VPN otherwise it defeats the purpose of VPN because every site I connect to with https sees my real IP address.

Are you sure about this arran? Every site that uses https will know your real IP address when using a VPN? I have never heard of this and would be very interested in any references that show that this is happening.

lols im sure he was just joking ...i hope or he is simply ill informed

[Chiron]

[quote=focus]

Quote:

Originally Posted by arran

Every site that uses https will know your real IP address when using a VPN? I have never heard of this and would be very interested in any references that show that this is happening.

I was under the impression that this was the case as well. Is it not?

I've seen it with multiple VPN's.

[luciddream]

Well every addon I have is to harden for security/privacy, and I have 10, so I'd just list them all... but that'd be too easy.

So I'll go with a top 5 instead. In order of my favorite:

1. Adblock Plus
2. NoScript
3. CS Lite Mod
4. WOT
5. HTTPS-Everywhere

I didn't list Keyscrambler because it's a program primarily, that just so happens to require an add-on to function properly. Not a pure add-on. Or it'd been in there at #4.

[0strodamus]

Any advantages to CS Lite Mod over Cookie Monster?

[focus]

[quote=Chiron]

Quote:

Originally Posted by focus

I was under the impression that this was the case as well. Is it not?

I've seen it with multiple VPN's.

I've just tested this with one of my VPN's, AlwaysVPN, with HTTPS-Everywhere on and when visiting grc.com, in https mode, it reports the VPN IP not my real IP. I checked a couple of other https sites with the same results. perhaps there are some VPN providers that are not handling SSL connections correctly? With which VPN's have you seen this happening?

[luciddream]

I've never used Cookie Monster, but I imagine all these cookie managers accomplish about the same thing. The only advantage would be the fact that you're comfortable/familiar with what you're using. And I've been a CS user for a long time. So when I saw that someone was continuing support for it I was ecstatic. It looked like it was going to die along with FF3.

[Warlockz]

Quote:

Originally Posted by m00nbl00d

..........I've tried and am using the following in my Firefox Nightly build: Do Not Track Plus, HTTPS Everywhere + HTTPS Finder (I wish there was such an extension for Google Chrome ), ......................

I know its kinda offtopic to the op Q but to answer m00nbl00d......

HTTPS Everywhere has an alpha version for chrome, and their is also HTTPS Enforcer for chrome, and if you need anti-tracking Ghostery has a version for chrome.
.....................................................................................................

Quote:

https everywhere. I only use this when not connected thru VPN otherwise it defeats the purpose of VPN because every site I connect to with https sees my real IP address.

must be some janky crap wannabe VPN from lala land lol

[klarm]

Quote:

...I didn't list Keyscrambler because it's a program primarily, that just so happens to require an add-on to function properly. Not a pure add-on. Or it'd been in there at #4.

Hi. I'm not sure what you mean. Is there some kind of add-on needed in FireFox to use keyscrambler properly ?
I've been using it for some time and didn't notice any problems.
thanks.

[Kees1958]

Quote:

Originally Posted by tlu

Is this documented somewhere?

Just found it somewhere, from memory (first have 2 /, last have 3 /)

HTTP://*
HTTPS://*

FILE:///*
VPN:///*

[m00nbl00d]

Quote:

Originally Posted by Warlockz

I know its kinda offtopic to the op Q but to answer m00nbl00d......

HTTPS Everywhere has an alpha version for chrome, and their is also HTTPS Enforcer for chrome, and if you need anti-tracking Ghostery has a version for chrome.

Oh... I know those extensions exist for Chrome. I wasn't aware of HTTPS Enforcer, though.
When I said I wish there was such an extension for Google Chrome, I was talking about HTTPS Finder. Sorry for the confusion.

[Chiron]

[quote=focus]

Quote:

Originally Posted by Chiron

I've just tested this with one of my VPN's, AlwaysVPN, with HTTPS-Everywhere on and when visiting grc.com, in https mode, it reports the VPN IP not my real IP. I checked a couple of other https sites with the same results. perhaps there are some VPN providers that are not handling SSL connections correctly? With which VPN's have you seen this happening?

I think you may be correct.

I've found that Cyberghost, Spotflux, and SecurityKISS do anonymize https.

However, Hotspot Shield does not. I must have tested this with Hotspot Shield previously. Shame on them.

[Warlockz]

My List for Firefox & Iron/chrome. Yes the 7 in this first list have versions compatible with Both Browser's.

• HTTPS Everywhere
• Adblock Plus
• Ghostery
• Click & Clean
• Facebook Disconnect
• F.B. Purity
• Lastpass

........................................
Other

• Calomel SSL Validation
• Redirect Remover
• NoScript

• FireGloves -

A Firefox plugin to impede fingerprinting-based tracking while maintaining browsing experience.

Quote:

About this Add-on

Never heard of fingerprint-based tracking techniques?
Try out these academic demonstrations and read more:

Cross-browser fingerprinting test 2.0 (fingerprint.pet-portal.eu)
Panopticlick (panopticlick.eff.org)

........................................................................................
Web Proxy for quick anon to safe sites I dont want my IP to be recorded on.

• Hide My Ass! Web Proxy

I know their is debate about this one, just dont use it to Hack or terrorize, or for Illegal Pron and youll be alright lol
.......................................................................................
Search Plugins https/ssl

• StartPage
• Ixquick
• DuckDuckGo

............................................................................................
More Anonymity

• JonDoFox
• TorBrowserBundle

..............................................................
Not an Addon but a must have and use.

• Sandboxie

Did you know you can create your sandbox in an Encrypted Container, go settings and change sandbox location to match your encrypted container location then your Sandboxed Browser activity is Encrypted in a container not copied to your main HardDrive.

..................................................

EDIT: Added More fixed post!

[arran]

[quote=Chiron]

Quote:

Originally Posted by focus

I think you may be correct.

I've found that Cyberghost, Spotflux, and SecurityKISS do anonymize https.

However, Hotspot Shield does not. I must have tested this with Hotspot Shield previously. Shame on them.

sorry for the confusion, generally vpn's do hide your real ip when connected thru https. at the time of my posting I was thinking of another proxy set up which I used to use which I had on my mine at the time, I still don't always use
https on this machine because ad muncher can't filter https until v5 comes out.

[Q Section]

Just imagine.......

You have spent and continue to spend many, many hours/months/years of research to find and configure the very best security software and practices.

You purchase a new computer and get it home.
You immediately reinstall the Operating System to make a "clean install" without the bloat/ad/tracking/trialware.
You change the settings within the Operating System to make the computer more secure.
You then install and configure Firefox with all the best add-ons using the best practices for security (or you install some other browser with it's best security configurations).
You install and configure the best antivirus software.
You install and configure the best firewall.
You may even add and configure an additional HIPS program and perhaps other additional security programs.
You even block any outbound attempts of the built-in firmware of Lojack that some computer manufacturers have so graciously added via a chip that cannot be turned off.
You are now using the best proxy setup that you can configure and use.
You may even be using a doubly secure VPN.

Well guess what?You are not secure whatsoever.

You can be tracked fairly easily by certain entities. What has been forgotten? No one knows how to obtain your IP address, correct? Cookies including the super cookies (flash) are disabled, right? You think you are not leaving any tracks anywhere. Hmmmm?

Your browser is leaving a clear fingerprint.

This subject has been mentioned already here in Wilders.
For more information and a free test please visit the Electronic Frontier Foundation's site here ---> https://panopticlick.eff.org/

[Cutting_Edgetech]

I saw all the ones I use already mentioned except for Flashblock, and I only use it when surfing anonymously. I use flagfox, and Grease Monkey also, but not so much for security except flagfox gives good info about a site that can be useful when deciding wether to trust a site or not.

[Amit]

Quote:

Originally Posted by Kees1958

You will only need three extensions:
...............- Webutation (same as FF equivalent)

it is one of the worst extensions I've ever used.

[Amit]

My top add-ons are AdBlock Plus, NoScript, RequestPolicy and Do Not Track Plus