Tasks for the Weekend – December 5, 2020

Topic

New Reply

Youtube link – Tasks for the Weekend December 5, 2020 Extensions.  I am not convinced that browser extensions are a good thing.  You are dependent upo
[See the full post at: Tasks for the Weekend – December 5, 2020]

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

abbodi86

Reply | Quote

Replies

The ONLY extensions I would ever consider using are uBlock and uMatrix, which both seek to increase security (and as a side effect performance) of your browsing activity.

uBlock averts your browser from visiting sites blacklisted by a variety of sources. This is cool because it’s excluding things various people and groups worldwide have determined to be malicious. Depending on which blacklists you configure it to use, it will block many ads, tracking sites, etc. NOT visiting sites that don’t add value TO YOU also has the benefit of reducing your network traffic, meaning the stuff you DO want to see shows up faster.

uMatrix, which sadly I think may be reaching a status where it is no longer actively maintained, simply disallows scripts to be loaded from other than the very one you’re visiting. This blocks all kinds of junk such as trackers, ads, potentially malicious spyware, and breaks the operation of many sites, as web programmers tend to grab script data from a variety of sources. The good news is that once you get used to seeing broken site data, you can easily reprogram uMatrix to avoid blcoking scripts from specific other sites on a site by site basis by clicking an icon and changing cells in a matrix from red to green. You would be amazed at how many sites DON’T need to be contacted AT ALL in order to see the website data you really want to see.

It’s possible to almost set uBlock to be “set it and forget it”. In fact, if it breaks a site you really want to think twice about pushing forward through reconfiguration to allow visiting it.

Some might say by blocking ads one has removed a source of income from site maintainers. I say too bad to that. Ads are almost never delivered securely. While I might be willing to ignore a benign attempt to sell me something, I certainly choose NOT to trade additional RISK for site data.

-Noel

2 users thanked author for this post.

Tom-R, Cybertooth

Reply | Quote

Noel, I haven’t tried using uBlock or uMatrix yet.  But I’ve been using NoScript in Firefox for several years now.  I was wondering if you had any experience yourself with NoScript; and if you had any thoughts on how uBlock/uMatrix compares with it.  What motivated you to settle on uBlock/uMatrix rather than NoScript or other similar extensions?

Reply | Quote

NoScript sounds at first blush like something similar to uMatrix. If it blocks 3rd party scripts, as long as it’s easily configurable it’s probably worth looking at. With such configuration you get to choose what you allow, but deny-by-default is a beautiful thing for increasing safety.

uBlock might be a worthy add-on to use in addition to NoScript in that it denies any web page from visiting up to hundreds of thousands of sites that are deemed bad by various authorities around the web. I can’t praise their efforts enough, in that a) based on my experience “less is better” and b) the lists are constantly being updated.

-Noel

1 user thanked author for this post.

Tom-R

Reply | Quote

uBlockOrigin (uBO) with the dafault settings is an ad blocking tool roughly equivalent to Adblock Plus (ABP). However it is possible to increase its functionality and tweak uBO into “medium mode”. See  https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium-mode  for details.

In the words of the uBO creator and maintainer uBO in “medium mode” is “roughly similar to using Adblock Plus with many filter lists + NoScript with 1st-party scripts/frames automatically trusted. Unlike NoScript however, you can easily point-and-click to block/allow scripts on a per-site basis.”

For many years I had used a combination of NoScript and ABP, but when I discovered I could achieve roughly the same thing with 1 extension rather than a combination of 2 from different developers which could have conflicted (although to be fair I don’t remeber them conflicting), I changed over to uBO in “medium mode”.

For people who want even more restriction and control, uBO also provides a “hard mode” and a “nightmare mode” (see links on right hand side at the above link), but I haven’t looked at those.

I have no experience of uMatrix, but my guess, is that it might provide more granular control of things on a site by site basis, whereas “medium mode” uBO has more coarse control. (My thinking: uMatrix gives you a 3-Dimensional matrix of options, uBO provides two 2-D arrays of options i.e. fewer options overall. But this is just my guess.) As an intermediate level browser user “medium mode” suits me fine.

In the uBO options it is possible to add some extra site lists beyond the default lists. I had previously used the Disconnect add-on for a time, so I’ve added the Disconnect originated lists to uBO in addition to its default lists. There are some other optional lists I’ve not added – click on the ‘+’ thing to see the full list options in each category.

BTW: I browse inside a Sandboxie sandbox most of the time, so I decided that an add-on which learns over time such as Privacy Badger would not be suitable for me, because on empting the sandbox at the end of each session whatever had been learnt that session would be lost. For the same reason I have the uBO automatic list update switched off and every few days I open the brower and update the uBO lists manually.

HTH. Garbo.

 

2 users thanked author for this post.

Tom-R, Cybertooth

Reply | Quote

I couldn’t live without ABP, or a suitable alternative. It keeps me safe from the despicable people who so desperately want to sell me stuff I don’t want to buy

I also use DDG Privacy Essentials, but I visit so few sites I could probably live without that one, to be honest

Reply | Quote

Just the other day Edge removed some extensions from their “store” which then removed them from your computer.

And that’s just one more reason to avoid using Edge or the Microsoft “Store”.  If I’ve added an extension to my browser, it should be up to me — not Microsoft or anyone else — as to whether or not I keep using that extension.  Quite probably I would remove the extension if there were concerns about security issues with it.  But I can assess the risks myself and make my own decision about whether or not to get rid of it.  I don’t need mother Microsoft deciding for me.

1 user thanked author for this post.

Cybertooth

Reply | Quote

If the browser publisher’s code review finds that I’ve installed something malicious, I want them to remove it. I don’t have time to dig into the source code of everything I use, and even though I’m fairly well-experienced in programming and administration, I have been conned into clicking something I shouldn’t have. I simply cannot know everything that every piece of software I use is doing behind the scenes.

Group K(ill me now)

Reply | Quote

I use Basilisk as my default browser BECAUSE of extensions I can no longer get with the ever increasingly poor Firefox browser. I have other browsers (Firefox, IE, Edge, Brave, Vivaldi, etc) but I rarely use them. Basilisk is outstanding. It’s far superior to Pale Moon which its authors are better known for. I used Pale Moon as my default browser from its inception until it began to lose quality extensions. I switched to Basilisk. I have 25 extensions for Basilisk. All other browsers pale in comparison to it because they are so pathetic without decent extensions.

I am not an ignorant computer user nor an idiot so I don’t see why I should deprive myself of what I consider to be basic tools. Plus, I haven’t seen an ad on my computers since about six months after I got my first computer back in 1999.

Reply | Quote

A few decades ago, when we weren’t nearly as worried about malicious actors, the only reason I would hesitate to use someone’s shared code was if I was worried about bugs corrupting my data. But I was rarely worried. There were so many people making so many useful things, it was fun just exploring what was available.

I’ve found many browser extensions useful and that make make browsing more fun for me. I’ve used ad blockers since forever, and I’ll uninstall uBlock Origin only at the point of a gun. The same goes for Privacy Badger or Privacy Possum (which one I choose for a new installation depends mostly on the phase of the moon that day). And Tab Activate is mandatory for Chrome (requiring unnecessary clicks and taps should be declared a crime against humanity — not kidding).

There are other extensions that I depend on, too. I use KeePass, so a connector is essential. Dark Reader has absolutely saved my eyes, and Simple Tab Groups has saved my sanity (I hope). There are a few others, although I try to use only add-ons that are recommended by the developer. If I can’t trust them, then what’s the use? But until Mozilla incorporates bookmark sorting into their browser (why on Earth do they not do that????), I’m stuck using an extension that’s simply popular. (I looked at the code once. I’m okay with it.) Moreover, I don’t consider all recommended add-ons to be “safe”. There are recommended add-ons that would make YouTube, for instance, a lot better for me, but there’s no way they aren’t harvesting user data.

I have great respect the ingenuity of the malicious hackers trying to break into my systems. I’ve seen too many really nasty attacks. But all I can do is take reasonable precautions, and keep myself informed. If I cripple myself by being too defensive, then the bad guys win, anyway.

If the code has been reviewed and a lot of people have looked at it, I’m fine with it. If it’s worth the effort to find an add-on to do something and it looks safe, I might give it a try. Maybe it will do what I hope it will do. My biggest problem with extensions is that so many of them are c**p. They either don’t work or they’re more trouble than they’re worth. But if someone writes a Neko add-on for Mozilla, I’m installing it. I don’t care what happens. I loved that cat.

I’m also a hypocrite, and a sysadmin, body and soul. Users get uBlock Origin and Privacy Badger in a locked-down browser, and that’s all. If they want something else, I’m out to lunch. Send me an email. Maybe I’ll read it some day.

Group K(ill me now)

Reply | Quote

I’ll uninstall uBlock Origin only at the point of a gun.

I’m curious about your point of view here…

What do you find wrong with leveraging other folks findings about what sites online are bad to visit? Do you find it breaks your browsing experience too often (I’m very curious about this if so, as I have very little trouble with uBlock Origin myself; uMatrix is most often the one I need to tweak).

-Noel

Reply | Quote

I don’t think I understand your question. I absolutely rely on the community of rule makers. I also think that uBlock Origin is the best at implementing those rules. That’s why you’d have to have a gun to make me uninstall it.

Group K(ill me now)

Reply | Quote

Only extension I use are:

• Adblocker (too many ads on internet)
• NoScript
• Greasemonkey
• User agent switcher since use WIndows XP and need to fool site that have Windows 10 for them to work.

Reply | Quote