How to build a Firefox privacy arsenal

http://www.leavegooglebehind.com/how-tos/how-to-build-a-firefox-privacy-arsenal

 

nice website but they don't seem to allow comments(?) unless i'm blocking the comment scripts somehow.

 

I can't even get to the page?

 

Same case for me, site unavailable.

 

Can you post 6 of those addons CloneRanger

 

Hi guys, & sorry the www "appears" to have vanished of the face of the earth, since i posted. How strange !

It's still there in GC though

https://webcache.googleusercontent....irefox-privacy-arsenal&hl=en-GB&gbv=1&ct=clnk

@ rookieman

Hope that's ok for you Don't forget to check out the FF AddOns etc thread on here for more.

 

I've often wondered about the relationship between Mozilla and Google and why Google gives them so much money.

 

Thanks for this

 

source please.
I was not aware of this.

 

thats alot of wong for firefox, still one can goto Startpage and use there search engine as default and webpage as default

Oh and thanks for the link am now using few more addons then before and feel a lot more secure and better.

 

Thanks for the links.
I am worried about what's under the table. Money talks though, sigh.
I feel hilarious that google's motto: don't do evil. now who is the evil?

 

Site works fine for me...on FF and Chromium browsers.

How browsers make money, or why Google needs Firefox

 

Yeah it's back, wierd !

 

thanks for the link, insightful.

 

I'm doing some tests to determine which privacy extensions to use. This first series of tests were done with a default installation of Firefox 25.0.1 with no changed settings. I used Firefox's built-in Network Monitor to see what a given site is actually downloading. This first post will consider NoScript, Adblock Plus, RequestPolicy, TrackerBlock, Ghostery, DoNotTrackMe, and Disconnect. I'll use Nytimes.com as a test site. If RequestPolicy is being used, then assume that its whitelist contains the entry nytimes.com -> nyt.com, since this entry is necessary to view nytimes.com properly.

Q) Are there any relevant test results?
A) Yes, here.

Task: determine which of TrackerBlock, Ghostery, DoNotTrackMe, and Disconnect to not consider further. Unlike the other three extensions, TrackerBlock doesn't seem to visually indicate which site elements are being blocked, so it was dropped from further testing. TrackerBlock also fared poorly in the above test.

Q) Do RequestPolicy and NoScript overlap in functionality?
A) Not much. See https://www.requestpolicy.com/faq.html#faq-noscript.

Q) If I'm using RequestPolicy, is there any reason to also use one of (Ghostery, DoNotTrackMe, Disconnect)?
A) Yes. RequestPolicy allows you to block downloads from other domains that a given site wants to use, but not from the domain of the given site itself. Example: Using nytimes.com, compare RequestPolicy alone to Ghostery with max. protection settings; notice that Ghostery blocks some files that are downloaded when using RequestPolicy by itself. Similarly, if you need to whitelist a given destination domain in RequestPolicy in order to make a given site work, then one of (Ghostery, DoNotTrackMe, Disconnect) could still block undesirable elements from the whitelisted destination domain.

Q) If I'm using NoScript, is there any reason to also use one of (Ghostery, DoNotTrackMe, Disconnect)?
A) Yes. NoScript by itself doesn't necessarily stop non-script files from being downloaded. Also, for whitelisted domains, one of (Ghostery, DoNotTrackMe, Disconnect) could still block undesirable script elements from the whitelisted domain. Example: with no NoScript whitelisted domains, compare the files downloaded from non-nytimes.com domains with and without Ghostery with max. settings. Example, with nytimes.com whitelisted (because it's necessary to view comments there), compare the script .js files downloaded from nytimes.com with and without Ghostery with max. settings.

Q) If I'm using some of the other extensions mentioned in this post, is there any reason to also use Adblock Plus?
A) Yes. Adblock Plus is focused on blocking ads, even though it can block other elements as well (depending on the filter(s) used). Recall that ads can sometimes contain malicious content, so there is a security angle here as well.

Q) If I'm using NoScript and RequestPolicy, is there any reason to also use Adblock Plus?
A) Yes. Ads can be shown on the main domain of a given website. For example, nytimes.com delivers ads.

Q) If I'm using one of (Ghostery, DoNotTrackMe, Disconnect), is there any reason to not use Adblock Plus' EasyPrivacy filter also?
A) Maybe. If you run into a website that breaks, you probably will find (Ghostery, DoNotTrackMe, Disconnect) easier to troubleshoot than Adblock Plus.

Q) If I'm using one of (Ghostery, DoNotTrackMe, Disconnect), is there any reason to also use NoScript?
A) Yes. NoScript has security features. See http://noscript.net/features/. NoScript gives you whitelist control, as opposed to the blacklist control used by (Ghostery, DoNotTrackMe, Disconnect). For those who don't want whitelist control, NoScript still offers some security benefits when "Allow Scripts Globally" is on.

Q) If I'm using one of (Ghostery, DoNotTrackMe, Disconnect), is there any reason to also use RequestPolicy?
A) Yes. RequestPolicy gives you whitelist control, as opposed to the blacklist control used by (Ghostery, DoNotTrackMe, Disconnect). See https://www.requestpolicy.com/faq.html for other benefits.

Q) If I'm using Adblock Plus with the EasyPrivacy filter, is there any reason to also use one of (Ghostery, DoNotTrackMe, Disconnect)?
A) Maybe. (Ghostery, DoNotTrackMe, Disconnect) might block something not blocked with the EasyPrivacy filter. For example, for nytimes.com with Adblock Plus (with EasyList + EasyPrivacy filters) alone, Firefox downloads some files from Facebook that aren't downloaded when Ghostery (with max settings) is also used. Example: with Adblock Plus, with NoScript on and nytimes.com whitelisted, no files from non-nytimes.com or nyt.com domains were downloaded, either with or without Ghostery; however, without Ghostery 80 files were downloaded vs. 73 files with Ghostery.

Q) Which of (Ghostery, DoNotTrackMe, Disconnect) do you recommend?
A) For power users, I recommend Ghostery with max. settings. Ghostery has an option to show the exact URLs blocked, and seems to be the most configurable. Ghostery might be fine for the average user as well, but I'm not sure how many websites are broken with max. settings. DoNotTrackMe might be a better choice for the user who doesn't want to change settings, because it has an option to use vendor-suggested settings so that websites don't break. In my testing of just a few websites, I saw no examples of Disconnect blocking potentially unwanted material within a site's main domain, whereas Ghostery and DoNotTrackMe did. (In DoNotTrackMe, the nytimes.com intra-domain tracker is Webtrends.) Disconnect has a feature called "Secure Wi-Fi" described here that the others don't have.

Q) Based on the above, what are some good combinations of these extensions?
A) For users who don't want to change settings:
1. NoScript (allow scripts globally) + Adblock Plus (EasyList + EasyPrivacy)
2. NoScript (allow scripts globally) + Adblock Plus (EasyList + EasyPrivacy) + one of (Ghostery, DoNotTrackMe, Disconnect)
3. NoScript (allow scripts globally) + Adblock Plus (EasyPrivacy) + one of (Ghostery, DoNotTrackMe, Disconnect)

For users willing to use NoScript whitelisting:
1. NoScript + Adblock Plus (EasyList + EasyPrivacy)
2. NoScript + Adblock Plus (EasyList + EasyPrivacy) + one of (Ghostery, DoNotTrackMe, Disconnect)
3. NoScript + Adblock Plus (EasyList) + one of (Ghostery, DoNotTrackMe, Disconnect)

For users willing to use NoScript whitelisting and RequestPolicy:
1. NoScript + RequestPolicy + Adblock Plus (EasyList + EasyPrivacy)
2. NoScript + RequestPolicy + Adblock Plus (EasyList + EasyPrivacy) + one of (Ghostery, DoNotTrackMe, Disconnect)
3. NoScript + RequestPolicy + Adblock Plus (EasyList) + one of (Ghostery, DoNotTrackMe, Disconnect)

Q) Do I get any reward for reading this far?
A) No, except maybe a cookie (the browser type) .

 

List seems kinda dated. There is no CookieSafe anymore AFAIK (could be wrong though), but only "CS Lite Mod". BetterPrivacy is obsolete now that FF handles Flash cookies like a normal cookie, plus you can block them in the first place. Ghostery is pretty big overlap with CS Lite Mod & the normal ABP filters (EasyList/Privacy). But now that NoScript no longer blocks web bugs it may be less overlap. Not sure I trust it though.

And even bigger privacy measures can be had via the about:config probably. This should be mentioned more places and readily available for people to utilize.

All in all I think you can make Firefox the more secure, private, and most responsive browser with the right tweaks, add-on's, search engine, and software.

 

Some notes on cookie management:

• If you want to keep a given cookie permanently, specify those in cookie Exceptions in Options->Privacy tab. You also need to change the cookie "Keep until" setting to "I close Firefox" for this to work. This only works with normal cookies, not Flash cookies. Use the BetterPrivacy extension to deal with Flash cookies in a similar way.
• If you explicitly delete cookies, all cookies (normal and Flash) are deleted, including those that you specified in cookie Exceptions. There is a setting in BetterPrivacy for whether this applies to Flash cookies or not.
• If you want to explicitly control when cookies are deleted, you can use CCleaner to specify cookie (normal and Flash) exceptions.
• Extension Self-Destructing Cookies can be used to clean cookies that aren't needed anymore. This extension is supposed to be able to delete Flash cookies also, but it didn't work in my test.
• "Accept third-party cookies" now has 3 possible states: "Always," "From Visited," and "Never."

 

thx nice write up MrBrian. Quick glance tells me just use all of them

 

I was wrong about that. Self-Destructing Cookies isn't supposed to be able to clean Flash cookies.

---

I've found that the combination of extensions CookieCuller and BetterPrivacy can be used to delete all cookies on demand with user-specified exceptions. However, clearing the cookies on demand is a two step process: clear the normal cookies in CookieCuller, and then use Firefox's "Clear Recent History" to clear "Flash Cookies" (BetterPrivacy has an option to add "Flash Cookies" to the list in "Clear Recent History.") CookieCuller and BetterPrivacy both also have an option to clear unprotected cookies at Firefox startup.

Does anyone know of an extension that modifies the behavior of Firefox so that deleting "Cookies" via "Clear Recent History" doesn't delete cookies that I want to keep?

 

You're welcome .

Of the extensions mentioned in that post, I'll probably use NoScript + RequestPolicy + Adblocker Plus (EasyList) + Ghostery and see how that works out. I'm not sure if I'll use Adblocker Plus' EasyPrivacy filter, since there is a lot of overlap with Ghostery.

 

That is pretty much what I use atm

 

Do you use Ghostery? If so, do you have it set to maximum settings?

 

I use Disconnect instead

Seems to be fine but never messed about with it so all set to defaults.