Add-ons for Firefox

[victorvas]

After reading this and this, I'm trying to set up ghacks-user.js, it has some add-ons by default, which add-ons do I need for safe browsing?
Is just uBlock Origin enough?
Do I need also HTTPSEverywhere, Privacy Badger, PureURL, NoScript, DecentralEyes, uMatrix, Neat URL?
What's your recommendations?

[e1-531g]

Quote:

Originally Posted by Prevet

No matter what plugins you use or not use, if you check it with Panopticlick they say you are unique. If you want to be anon, use Tor browser for general browsing, and for online shopping use the most secure browser, and assume you are being tracked.

I always wondered what results Panopticlick generates on Safari and Firefox on Macs. It is very popular hardware+software (OS and browser) combination, so fingerprinting shouldn't be as effective.

Anyway probably the most private way is to disable Javascript or Javascript. That way Panopticlick test and any other client-side tracker wouldn't even run.

[e1-531g]

Quote:

Originally Posted by Prevet

They can track you without JavaScript. See these:

https://matt.traudt.xyz/posts/about-...-SkxEFK1m.html

The ways they track are listed here:
https://matt.traudt.xyz/p/24tFBCJV.html

This person has some knowledge about all that Web tracking, but I don't agree with some parts written here.

Quote:

The only people who have had significant JavaScript exploits used against them in Tor Browser were pedophiles using Windows

There are other examples. Look at Uyghur minority case: it was not about pedophiles and and exploits defeated also iOS security boundaries granting the attacker root access. JS in web browser were however first thing in the chain of exploits. There are many examples about use of NSO Group's tools to perform surveillance on activists.

I also think that when it comes to privacy it is impossible to achieve 100% effectiveness and really hard to achieve 95% effectiveness, but defeating 80% of tracking is good enough for me. I also think that Pareto principle fits here. 80% or more of tracking is done by 20% or less resources. Just disabling 100 most popular tracking scripts will make a significant difference how much data is being collected about you.

[e1-531g]

Quote:

Originally Posted by Prevet

If his 'About Me' page is true he is as expert as it gets.

https://matt.traudt.xyz/posts/about-me-6eKe2i5v.html



I didn't see that story. I assume the Chinese government caught some Uyghur dissidents? The CCP and USA have different priorities. Dissidents are disappeared in China, while in America they are protected from the government by their free speech law.

What is concerning is that threat actor used watering hole technique, that infected devices of whole group of people connecting to infected sites. It wasn't attack that was launched only against one specific person.

Frankly I think opinion is unbalanced: he downplays security risks and overstates privacy risks. I don't think that precise, fine-grained CSS-based tracking is present on most websites you visit. But 90% of them probably have Google Analytics and other popular scripts to track people.
I think it is easier to have bad luck and be targeted by exploit than have significant part of your web traffic tracked by CSS or HSTS.