How to build a Firefox privacy arsenal

Discussion in 'privacy technology' started by CloneRanger, Aug 14, 2013.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    http://www.leavegooglebehind.com/how-tos/how-to-build-a-firefox-privacy-arsenal
     
  2. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    nice website but they don't seem to allow comments(?) unless i'm blocking the comment scripts somehow.
     
  3. rookieman

    rookieman Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    409
    I can't even get to the pageo_O?
     
  4. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    837
    Location:
    Québec, Canada
    Same case for me, site unavailable. o_O
     
  5. rookieman

    rookieman Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    409
    Can you post 6 of those addons CloneRanger :thumb:
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  7. merisi

    merisi Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    316
    I've often wondered about the relationship between Mozilla and Google and why Google gives them so much money.
     
  8. rookieman

    rookieman Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    409
  9. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    source please.
    I was not aware of this.

     
  10. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,956
    Location:
    U.S.A.
  11. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    thats alot of wong for firefox, still one can goto Startpage and use there search engine as default and webpage as default :)

    Oh and thanks for the link am now using few more addons then before and feel a lot more secure and better.
     
  12. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
  13. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,956
    Location:
    U.S.A.
    oliverjia, you're welcome! Take care.
     
  14. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Site works fine for me...on FF and Chromium browsers.

    How browsers make money, or why Google needs Firefox
     
  15. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Yeah it's back, wierd !
     
  16. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
  17. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I'm doing some tests to determine which privacy extensions to use. This first series of tests were done with a default installation of Firefox 25.0.1 with no changed settings. I used Firefox's built-in Network Monitor to see what a given site is actually downloading. This first post will consider NoScript, Adblock Plus, RequestPolicy, TrackerBlock, Ghostery, DoNotTrackMe, and Disconnect. I'll use Nytimes.com as a test site. If RequestPolicy is being used, then assume that its whitelist contains the entry nytimes.com -> nyt.com, since this entry is necessary to view nytimes.com properly.

    Q) Are there any relevant test results?
    A) Yes, here.

    Task: determine which of TrackerBlock, Ghostery, DoNotTrackMe, and Disconnect to not consider further. Unlike the other three extensions, TrackerBlock doesn't seem to visually indicate which site elements are being blocked, so it was dropped from further testing. TrackerBlock also fared poorly in the above test.

    Q) Do RequestPolicy and NoScript overlap in functionality?
    A) Not much. See https://www.requestpolicy.com/faq.html#faq-noscript.

    Q) If I'm using RequestPolicy, is there any reason to also use one of (Ghostery, DoNotTrackMe, Disconnect)?
    A) Yes. RequestPolicy allows you to block downloads from other domains that a given site wants to use, but not from the domain of the given site itself. Example: Using nytimes.com, compare RequestPolicy alone to Ghostery with max. protection settings; notice that Ghostery blocks some files that are downloaded when using RequestPolicy by itself. Similarly, if you need to whitelist a given destination domain in RequestPolicy in order to make a given site work, then one of (Ghostery, DoNotTrackMe, Disconnect) could still block undesirable elements from the whitelisted destination domain.

    Q) If I'm using NoScript, is there any reason to also use one of (Ghostery, DoNotTrackMe, Disconnect)?
    A) Yes. NoScript by itself doesn't necessarily stop non-script files from being downloaded. Also, for whitelisted domains, one of (Ghostery, DoNotTrackMe, Disconnect) could still block undesirable script elements from the whitelisted domain. Example: with no NoScript whitelisted domains, compare the files downloaded from non-nytimes.com domains with and without Ghostery with max. settings. Example, with nytimes.com whitelisted (because it's necessary to view comments there), compare the script .js files downloaded from nytimes.com with and without Ghostery with max. settings.

    Q) If I'm using some of the other extensions mentioned in this post, is there any reason to also use Adblock Plus?
    A) Yes. Adblock Plus is focused on blocking ads, even though it can block other elements as well (depending on the filter(s) used). Recall that ads can sometimes contain malicious content, so there is a security angle here as well.

    Q) If I'm using NoScript and RequestPolicy, is there any reason to also use Adblock Plus?
    A) Yes. Ads can be shown on the main domain of a given website. For example, nytimes.com delivers ads.

    Q) If I'm using one of (Ghostery, DoNotTrackMe, Disconnect), is there any reason to not use Adblock Plus' EasyPrivacy filter also?
    A) Maybe. If you run into a website that breaks, you probably will find (Ghostery, DoNotTrackMe, Disconnect) easier to troubleshoot than Adblock Plus.

    Q) If I'm using one of (Ghostery, DoNotTrackMe, Disconnect), is there any reason to also use NoScript?
    A) Yes. NoScript has security features. See http://noscript.net/features/. NoScript gives you whitelist control, as opposed to the blacklist control used by (Ghostery, DoNotTrackMe, Disconnect). For those who don't want whitelist control, NoScript still offers some security benefits when "Allow Scripts Globally" is on.

    Q) If I'm using one of (Ghostery, DoNotTrackMe, Disconnect), is there any reason to also use RequestPolicy?
    A) Yes. RequestPolicy gives you whitelist control, as opposed to the blacklist control used by (Ghostery, DoNotTrackMe, Disconnect). See https://www.requestpolicy.com/faq.html for other benefits.

    Q) If I'm using Adblock Plus with the EasyPrivacy filter, is there any reason to also use one of (Ghostery, DoNotTrackMe, Disconnect)?
    A) Maybe. (Ghostery, DoNotTrackMe, Disconnect) might block something not blocked with the EasyPrivacy filter. For example, for nytimes.com with Adblock Plus (with EasyList + EasyPrivacy filters) alone, Firefox downloads some files from Facebook that aren't downloaded when Ghostery (with max settings) is also used. Example: with Adblock Plus, with NoScript on and nytimes.com whitelisted, no files from non-nytimes.com or nyt.com domains were downloaded, either with or without Ghostery; however, without Ghostery 80 files were downloaded vs. 73 files with Ghostery.

    Q) Which of (Ghostery, DoNotTrackMe, Disconnect) do you recommend?
    A) For power users, I recommend Ghostery with max. settings. Ghostery has an option to show the exact URLs blocked, and seems to be the most configurable. Ghostery might be fine for the average user as well, but I'm not sure how many websites are broken with max. settings. DoNotTrackMe might be a better choice for the user who doesn't want to change settings, because it has an option to use vendor-suggested settings so that websites don't break. In my testing of just a few websites, I saw no examples of Disconnect blocking potentially unwanted material within a site's main domain, whereas Ghostery and DoNotTrackMe did. (In DoNotTrackMe, the nytimes.com intra-domain tracker is Webtrends.) Disconnect has a feature called "Secure Wi-Fi" described here that the others don't have.

    Q) Based on the above, what are some good combinations of these extensions?
    A) For users who don't want to change settings:
    1. NoScript (allow scripts globally) + Adblock Plus (EasyList + EasyPrivacy)
    2. NoScript (allow scripts globally) + Adblock Plus (EasyList + EasyPrivacy) + one of (Ghostery, DoNotTrackMe, Disconnect)
    3. NoScript (allow scripts globally) + Adblock Plus (EasyPrivacy) + one of (Ghostery, DoNotTrackMe, Disconnect)

    For users willing to use NoScript whitelisting:
    1. NoScript + Adblock Plus (EasyList + EasyPrivacy)
    2. NoScript + Adblock Plus (EasyList + EasyPrivacy) + one of (Ghostery, DoNotTrackMe, Disconnect)
    3. NoScript + Adblock Plus (EasyList) + one of (Ghostery, DoNotTrackMe, Disconnect)

    For users willing to use NoScript whitelisting and RequestPolicy:
    1. NoScript + RequestPolicy + Adblock Plus (EasyList + EasyPrivacy)
    2. NoScript + RequestPolicy + Adblock Plus (EasyList + EasyPrivacy) + one of (Ghostery, DoNotTrackMe, Disconnect)
    3. NoScript + RequestPolicy + Adblock Plus (EasyList) + one of (Ghostery, DoNotTrackMe, Disconnect)

    Q) Do I get any reward for reading this far?
    A) No, except maybe a cookie (the browser type) :p.
     
    Last edited: Nov 29, 2013
  18. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    List seems kinda dated. There is no CookieSafe anymore AFAIK (could be wrong though), but only "CS Lite Mod". BetterPrivacy is obsolete now that FF handles Flash cookies like a normal cookie, plus you can block them in the first place. Ghostery is pretty big overlap with CS Lite Mod & the normal ABP filters (EasyList/Privacy). But now that NoScript no longer blocks web bugs it may be less overlap. Not sure I trust it though.

    And even bigger privacy measures can be had via the about:config probably. This should be mentioned more places and readily available for people to utilize.

    All in all I think you can make Firefox the more secure, private, and most responsive browser with the right tweaks, add-on's, search engine, and software.
     
  19. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Some notes on cookie management:
    • If you want to keep a given cookie permanently, specify those in cookie Exceptions in Options->Privacy tab. You also need to change the cookie "Keep until" setting to "I close Firefox" for this to work. This only works with normal cookies, not Flash cookies. Use the BetterPrivacy extension to deal with Flash cookies in a similar way.
    • If you explicitly delete cookies, all cookies (normal and Flash) are deleted, including those that you specified in cookie Exceptions. There is a setting in BetterPrivacy for whether this applies to Flash cookies or not.
    • If you want to explicitly control when cookies are deleted, you can use CCleaner to specify cookie (normal and Flash) exceptions.
    • Extension Self-Destructing Cookies can be used to clean cookies that aren't needed anymore. This extension is supposed to be able to delete Flash cookies also, but it didn't work in my test.
    • "Accept third-party cookies" now has 3 possible states: "Always," "From Visited," and "Never."
     
  20. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    thx nice write up MrBrian. Quick glance tells me just use all of them ;)
     
  21. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I was wrong about that. Self-Destructing Cookies isn't supposed to be able to clean Flash cookies.

    ---

    I've found that the combination of extensions CookieCuller and BetterPrivacy can be used to delete all cookies on demand with user-specified exceptions. However, clearing the cookies on demand is a two step process: clear the normal cookies in CookieCuller, and then use Firefox's "Clear Recent History" to clear "Flash Cookies" (BetterPrivacy has an option to add "Flash Cookies" to the list in "Clear Recent History.") CookieCuller and BetterPrivacy both also have an option to clear unprotected cookies at Firefox startup.

    Does anyone know of an extension that modifies the behavior of Firefox so that deleting "Cookies" via "Clear Recent History" doesn't delete cookies that I want to keep?
     
  22. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :).

    Of the extensions mentioned in that post, I'll probably use NoScript + RequestPolicy + Adblocker Plus (EasyList) + Ghostery and see how that works out. I'm not sure if I'll use Adblocker Plus' EasyPrivacy filter, since there is a lot of overlap with Ghostery.
     
    Last edited: Nov 30, 2013
  23. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    That is pretty much what I use atm :)
     
  24. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Do you use Ghostery? If so, do you have it set to maximum settings?
     
  25. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    I use Disconnect instead

    Seems to be fine but never messed about with it so all set to defaults.
     
Loading...
Thread Status:
Not open for further replies.