I only have Bitwarden.
It’s not a good idea to use a whole lotta extensions, the less is more. Use no extensions if you want to maximize your security and privacy on the internet, since extensions will always be a attack vector.
If you need to use an ad-blocker, go with UBlock Origin. And if you are already using it, consider using UBlock Origin Lite, which is an ManifestV3 version of the famous ad blocker. The Lite version has less permissions granted to it by default, so Malicious 3rd parties won’t be doing anything sus. It’s also in beta testing, so I urge everyone to try it out and give feedback to the dev.
As I stated trying to block fingerprinting was not worth it, when I ran the EFF test before and after installing the extra extensions it went up a negligible amount. Dark Reader extension is a good example of this thought process and as it is open source, I was able to check if the extension claimed it was doing.
I used to use different profiles in Firefox until I found out about the extension and I think Nathan from TheNewOil also uses it. if I simply blocked the Facebook domain from uBlock I don’t think I ever would have found out one of my admin panel dependencies was relying on Facebook.
The Progressive Web App extension I use makes a new FireFox install and you can make different profiles for each webapp you make. If you try to launch the webapps without an internet connection it will show the can’t connect page as if you were in the browser, and right now I mainly use it for Discord blocking the tracking routes and ProtonMail because there is no actual desktop app as of now.
I don’t know what you mean when you say “I didn’t like the list of random instances” maybe you are thinking of LibreRedirect? I use Redirector for more than just privacy frontends and it is so useful now that I know about it.
Return YouTube Dislike and SponsorBlock give a sad reminder to how YouTube was many years ago where you could just click on a video and glance at the dislikes to see how useful and skip the 15% of entire videos that are sponsored. Some YouTube frontends either include these API directly or allow extensions to work on their site as well.
It is amazing how much uBlock can do and I have read through the wiki. I will see if it is possible to include some of these extensions into it.
With the Country Flags and IP Whois I am able to know which country the server is located in, or if they are using Cloudflare. This come in handy if you land on a phishing page for PayPal but the country says it is in the Czech Republic, or if you don’t like using services in the “14 eyes” countries and would like to know if the service is being truthful about their claims. I like it for an additional reason because I use the SPN and this lets me generally know where my exit node for that service is.
Extensions will always be an entry point, but everything will also be entry points. Attackers will always use the easiest way to get into systems. for most users that would be installing a malicious extensions but for targeted attacks you have to think about everything installed on the system, what runs with privilege, the operating system and its configuration, the app configurations. If you use brain.bat or brain.sh you should be able to avoid 90% of threats, its the last 10% that are difficult to detect avoid and protect from.
I mainly use Bitwarden. As I use Brave, the adblocker is built-in.
I am on Safari as my main browser. I use Wipr for ad blocking which works extremely well (including Youtube ads) and Bitwarden.
Not an extension, but i consider NextDNS part of my browsing toolkit.
uBlock’s overview panel lists all the requests and domains on any page. This can let you know which websites use Facebook, Cloudflare, or any other service you’d like to avoid.
My apologies. I was definitely thinking of LibreRedirect. This extension seems more useful than I thought, but I still don’t know if it provides any benefit besides convenience.
As for the other extensions, they are clearly. Like everything else, you just have to find your balance between privacy/security and convenience.
I agree with your sentiment that our brains are our best resource in preventing a lot of attack; however, I still think there’s something to be said about “less is more” in regards to extensions, especially when a lot of them are redundant.
Canvas fingerprint defender
WebGL Fingerprint Defender
One of these means every time I go to my bank, it’s the first time they have ever seen me on this browser.
Extensity so I can turn on and off addon without going into the add and remove stuff
I normally keep development tools, cookie manager, Save My Tabs, turned off
Disable HTML5 to stop auto play of videos
NordVPN to flip on VPN for the just the browser
I believe these are built into many browsers now (definitely Firefox & Brave), so you might not need them anymore!
Autoplay should be a permission in your browser settings that you can disable to stop sites being able to autoplay videos
Currently I use
- Ublock Origin
- Librewolf Updater
- Canvas Blocker
I would recommend switching to LibRedirect, Redirector’s github hasn’t been updated in a while.
I have Return Youtube Dislike but I currently have it disabled, and just re-enable it when I want to see a video’s like-dislike ratio. There’s another extension that’s good called FastForward that tries to get around those shitty URL shorteners and ad pages like ad.fly.
Also, I’ve heard that EFF’s fingerprint tool isn’t as good anymore and that AmIUnique.org is a more accurate tool. Not sure if that really is the case but just throwing that out there.
I also use Safari as my personal browser as I prefer the minimalistic design. I do not use any extensions. Just AdGuard DNS.
I don’t mind advertising when it is not intrusive. So, Safari’s built-in protection works fine for me (it is like Firefox without UBO)
Less is more even in privacy & security.
I use the following extensions
I previously used the following extensions
Why I stopped using these extensions
Because I don’t find the dark mode benefit worth the privacy risk. Besides the extensions takes up a lot of resources and slows down my device (no matter what filter mode).
Piped has removed the need for Sponsorblock since instances have all it’s functionality built into the website.
Return YouTube Dislike
Again, Piped has removed the need for Return YouTube Dislike since instances have all it’s functionality built into the website.
12ft.io has allowed me to not need this add-on to remove paywalls from articles.
Use a desktop password manager, Keepass and Bitwarden desktop clients are both good options.
What about apps gaining access to passwords from clipboards?
Check the ‘Clear after clipboard after X minutes’
Thanks, I did not think about the fact that password manager’s extensions are a big security risk. I have been thinking about switching to KeepassXC this might make me do it.
Bitwarden and dark mode
On Firefox, I use
On Brave, I have 2 profiles for different use cases : Accounts and Work.
On the “Accounts Profile” I use :
On the “Work” profile I use :
I try to minimize my digital life so I use no extensions I was able to achieve this with brave’s built in ad blocking.
Firefox with the gnome theme on linux is kinda spicy so I respect the choice. But from my testing brave is the best browser in the fingerprinting department a lot of information seems to be randomized. I also thought that this browser could serve as TOR for normal people if we all use the same browser we are harder to identify or weed out. Just like TOR if you make no changes the users will have the same fingerprint. Brave has dark mode but its under an experimental chrome flag. I’ll always be a big proponent for making privacy easy so that’s why I support brave it’s stupid simple just the way I like it.
12ft does work on new york times rest in pizza pies https://www.nytimes.com/2023/02/12/us/politics/bernie-sanders-help-committee.html
There are many different factors to fingerprinting a browser, and realistically only the original Tor software bundle could achieve anonymity. Any other browser or setup just can’t do it. (I won’t go into the whys, you can look it up on tor hompage or other reliable sources). Anonymity should not be your expectation when using any other browser other than Tor.
I’m not comparing TOR for anonymity I’m aware brave doesn’t make a user anonymous. I was making a comparison against browser fingerprinting. What brave is good for is privacy most people are better off with privacy. If brave is downloaded and untouched it should have the same fingerprint as all other users.