What Extensions Do You Use?

The days where you needed 10 extensions just to get privacy. What extensions are you currently using? I am using:

  1. Dark Reader (Global Dark Mode)
  2. Multi-Account Containers (Separate school, work, and personal logins)
  3. Facebook Container (Blocks the “Log in with Facebook” and “Share with Facebook” buttons)
  4. PWAsForFirefox (Use webapps like Discord while blocking tracking)
  5. Redirector (auto redirect sites to privacy respecting ones)
  6. Return YouTube Dislike (Has it really been a year already?)
  7. SponsorBlock (Skips product placements built into the videos
  8. uBlock Origin (The only needed one)
  9. Country Flags and IP Whois (Lets you know where the server is)

What are some extensions you recommend adding in or removing due to redundancy? I have gotten rid of ClearURLS by using uBlock. I have decided that the extensions that attempt to block browser fingerprinting were not worth using because even with a fully hardened arkenfox + uBlock Firefox profile I still had 17 bits of identifying information on the EFF’s Cover Your Tracks test page.

1 Like

Bitwarden and LanguageTool

This provides nothing but cosmetic benefits and actively hurts your privacy/security. It makes you more fingerprintable and adds another possible security risk.

I personally would forgo the extension and just use separate profiles. You can use Firefox’s built-in profile manager and Total Cookie Protection to achieve this same effect (although you’ll have to start a new session for every profile).

This extension is unnecessary. Use uBlock to block 3rd-party Facebook domains.

I’m unfamiliar with this extension, but from what I’ve seen, I would definitely avoid. Installing websites as web app into Firefox creates a lot of new attack vectors. In my opinion, the potential gain in privacy isn’t worth it and you can achieve better results with uBlock and NextDNS, anyway.

Excluding uBlock, this is the one other extension I had installed for awhile. I like the idea of being able to use privacy respecting front ends, but ultimately deleted it as I didn’t like the list of random instances and didn’t consider it worth the extra fingerprintability. You can always just copy the Reddit or YouTube link and manually change the URL to your preferred Libreddit or Invidious instance. The extra three seconds isn’t that big of a hassle.

Again, this has no privacy/security benefits and is a pure a convenience thing. Is it really worth the extra extension?

Not to keep beating a dead horse, but this also provides zero privacy/security benefits. Skip buttons are wonderful things.

The pinnacle of extensions. It does all you need it to do plus more. If you haven’t done so already, I’d suggest skimming through the wiki to see some of the incredible things it can do. The page on blocking mode might be particularly helpful since a few of your extensions can be eliminated by using a stricter blocking mode.

I’m a bit confused by need the know the location of a given server. The level of detail implies quite a strict a threat model, but I doubt that’s the case based on some of the other extensions. Even so, if your threat model really does call for knowing the locations and details of the servers you interact with, I’d suggest learning how to do that on your own. I can’t provide any resources on how to go this route, but I’m sure someone else here can.

It’s impossible to make Firefox (or any browser) unfingerprintable. See this recent thread on fingerprint protection in Firefox. Fingerprinting websites are pretty much useless for real world applications. I personally wouldn’t lose sleep over 17 bits of data, but if your threat model calls for it, then I’d suggest looking into Tor.

1 Like

I use uBlock Origin for Ad blocking and JavaScript blocking and Bitwarden as my password manager. I don’t like to use too much extensions.

I only have Bitwarden.

It’s not a good idea to use a whole lotta extensions, the less is more. Use no extensions if you want to maximize your security and privacy on the internet, since extensions will always be a attack vector.

If you need to use an ad-blocker, go with UBlock Origin. And if you are already using it, consider using UBlock Origin Lite, which is an ManifestV3 version of the famous ad blocker. The Lite version has less permissions granted to it by default, so Malicious 3rd parties won’t be doing anything sus. It’s also in beta testing, so I urge everyone to try it out and give feedback to the dev.

As I stated trying to block fingerprinting was not worth it, when I ran the EFF test before and after installing the extra extensions it went up a negligible amount. Dark Reader extension is a good example of this thought process and as it is open source, I was able to check if the extension claimed it was doing.

I used to use different profiles in Firefox until I found out about the extension and I think Nathan from TheNewOil also uses it. if I simply blocked the Facebook domain from uBlock I don’t think I ever would have found out one of my admin panel dependencies was relying on Facebook.

The Progressive Web App extension I use makes a new FireFox install and you can make different profiles for each webapp you make. If you try to launch the webapps without an internet connection it will show the can’t connect page as if you were in the browser, and right now I mainly use it for Discord blocking the tracking routes and ProtonMail because there is no actual desktop app as of now.

I don’t know what you mean when you say “I didn’t like the list of random instances” maybe you are thinking of LibreRedirect? I use Redirector for more than just privacy frontends and it is so useful now that I know about it.

Return YouTube Dislike and SponsorBlock give a sad reminder to how YouTube was many years ago where you could just click on a video and glance at the dislikes to see how useful and skip the 15% of entire videos that are sponsored. Some YouTube frontends either include these API directly or allow extensions to work on their site as well.

It is amazing how much uBlock can do and I have read through the wiki. I will see if it is possible to include some of these extensions into it.

With the Country Flags and IP Whois I am able to know which country the server is located in, or if they are using Cloudflare. This come in handy if you land on a phishing page for PayPal but the country says it is in the Czech Republic, or if you don’t like using services in the “14 eyes” countries and would like to know if the service is being truthful about their claims. I like it for an additional reason because I use the SPN and this lets me generally know where my exit node for that service is.

Extensions will always be an entry point, but everything will also be entry points. Attackers will always use the easiest way to get into systems. for most users that would be installing a malicious extensions but for targeted attacks you have to think about everything installed on the system, what runs with privilege, the operating system and its configuration, the app configurations. If you use brain.bat or brain.sh you should be able to avoid 90% of threats, its the last 10% that are difficult to detect avoid and protect from.

I mainly use Bitwarden. As I use Brave, the adblocker is built-in.

I am on Safari as my main browser. I use Wipr for ad blocking which works extremely well (including Youtube ads) and Bitwarden.

Not an extension, but i consider NextDNS part of my browsing toolkit.

1 Like

uBlock’s overview panel lists all the requests and domains on any page. This can let you know which websites use Facebook, Cloudflare, or any other service you’d like to avoid.

My apologies. I was definitely thinking of LibreRedirect. This extension seems more useful than I thought, but I still don’t know if it provides any benefit besides convenience.

As for the other extensions, they are clearly. Like everything else, you just have to find your balance between privacy/security and convenience.

I agree with your sentiment that our brains are our best resource in preventing a lot of attack; however, I still think there’s something to be said about “less is more” in regards to extensions, especially when a lot of them are redundant.

Canvas fingerprint defender
WebGL Fingerprint Defender
One of these means every time I go to my bank, it’s the first time they have ever seen me on this browser.

Extensity so I can turn on and off addon without going into the add and remove stuff
I normally keep development tools, cookie manager, Save My Tabs, turned off

Disable HTML5 to stop auto play of videos

NordVPN to flip on VPN for the just the browser

I believe these are built into many browsers now (definitely Firefox & Brave), so you might not need them anymore!

Autoplay should be a permission in your browser settings that you can disable to stop sites being able to autoplay videos

2 Likes

Currently I use

  • Ublock Origin
  • Bitwarden
  • LibRedirect
  • Sponsorblock
  • DarkReader
  • Librewolf Updater
  • Canvas Blocker

I would recommend switching to LibRedirect, Redirector’s github hasn’t been updated in a while.

I have Return Youtube Dislike but I currently have it disabled, and just re-enable it when I want to see a video’s like-dislike ratio. There’s another extension that’s good called FastForward that tries to get around those shitty URL shorteners and ad pages like ad.fly.

Also, I’ve heard that EFF’s fingerprint tool isn’t as good anymore and that AmIUnique.org is a more accurate tool. Not sure if that really is the case but just throwing that out there.

I also use Safari as my personal browser as I prefer the minimalistic design. I do not use any extensions. Just AdGuard DNS.
I don’t mind advertising when it is not intrusive. So, Safari’s built-in protection works fine for me (it is like Firefox without UBO)

Less is more even in privacy & security.

What Extensions Do You Use?

I use the following extensions

I previously used the following extensions

Why I stopped using these extensions
Dark Reader
Because I don’t find the dark mode benefit worth the privacy risk. Besides the extensions takes up a lot of resources and slows down my device (no matter what filter mode).

Sponsorblock
Piped has removed the need for Sponsorblock since instances have all it’s functionality built into the website.

Return YouTube Dislike
Again, Piped has removed the need for Return YouTube Dislike since instances have all it’s functionality built into the website.

Bypass-paywalls
12ft.io has allowed me to not need this add-on to remove paywalls from articles.

Don’t use password manager’s extensions. When you use a browser extension password manager, you give attackers an API to interact with your password manager via JavaScript or the DOM of the browser leaving you open to all kinds of threats.

Use a desktop password manager, Keepass and Bitwarden desktop clients are both good options.

What about apps gaining access to passwords from clipboards?

Check the ‘Clear after clipboard after X minutes’

1 Like

Thanks, I did not think about the fact that password manager’s extensions are a big security risk. I have been thinking about switching to KeepassXC this might make me do it.

Bitwarden and dark mode