New
#11
Also I guess you should read the extension's privacy policy if available. Like this:
Trace - Privacy
If you like, you can clean up the Extensions window in Firefox by eliminating the list of Recommended Extensions, and make it look like this.
I think the list is an annoying distraction. To get rid of it, you just have to toggle the following preference to false in about:config:
extensions.htmlaboutaddons.recommendations.enabled
I also get rid of targeted personalized suggestions in Recommendations by toggling the preference below to false:
extensions.htmlaboutaddons.discover.enabled
After you toggle that preference, there is still a list of extensions under Recomendations but at least is not based on what Mozilla thinks is good for you.
One important thing I learned about extensions and plugins a long time ago is, if you don't need it, don't install it. and if your browser installs an extension or plugin by default, if you have no use for it, you get rid of it.
Mozilla installs by default the plugins bellow. Is been doing it for years. I have always gotten rid of them as I have never had any use for them. Nothing has ever broken. You are more secure by not having them. So, if you dont use them, get rid of them.
To eliminate the plugins, just toggle the preference below to false:
media.gmp-provider.enabled
After you get rid of them, your plugin window will look as pretty and clean as mine, like this:
Bo
I only use an adblocker for routine browsing (currently uBlock Origin). When doing online banking, I open a new Chrome incognito windows which loads no extensions for extra security.
I don't use any adblocker extensions. There are other ways to achieve the same end but posting details would be against forum rules.
If you want to go one step forward and reduce the risk even more, you should consider doing banking on a separate windows account, which would be used only for transactions, purchases, banking etc..
- - - Updated - - -
would you be so kind to send me a PM about this? just a hint is enough if there is a lot of work to do, I'll google out the rest.
Extensions are tricky because of all the rights they have, however As long as you are downloading an extension that is either open sourced, (code viewable on github), or a extremely popular extension you "should" be fine.
Keeping an eye on the permissions is also key just like android. An extension that refreshes all the tabs in a window, what reasonable permission does that need? When you think about it, it does not need access to read site data, as it only need to refresh the page. It shouldn't need any special permissions at all since it is simply clicking refresh in each tab.
Example, this extension wants to read my browsing history, which does not make sense:
Reload All Tabs - Chrome Web Store
Where as this one does not and requires no extra permissions to work and works just fine:
Refresh 'Em All - Chrome Web Store
Could be the creator of the first extension is not as skilled as the other, requiring the unnecessary permission, or perhaps they are stealing and capturing your browser history. It's hard to say.
Using a little common sense with what permissions would be strictly necessary to allow them to work makes sense.
Just like you would not install a game on android and let it read your contacts or browsing history, it works the same with browsers. If that game has a facebook friend share feature, then it makes sense it would need that permission. But do you trust it to not read your contacts whenever it wants? This is why I would love it browser extensions were given permissions just like android where certain ones can be denied or allowed. That would be a very welcome feature. However, most extensions you can right click and block reading and changing site data unless clicked on, or only on certain sites, or on all sites. So that is nice. I would like to see this be taken further.
Any "security" extensions in your browser are all pretty much useless and just spy on you. Browsers these days have more protection built in then people give them credit for.
I will say though, if your worried about the privacy angle, this is kind of already a lost cause. Browsers themselves can be fingerprinted even without cookies or supercookies. Doesn't matter the browser. So you can still be tracked everywhere you visit. Your isp tracks you and knows every site you visit. Your router tracks you and knows all traffic going in and out from it, and some cloud routers are highly suspicious in there privacy policies. Unless you pay for a vpn and find an actual vpn that is secure itself that you can trust, (which is no guarantee) you're pretty much tracked no matter what you do.
If you want to put a lot of effort into preventing tracking, that is up to you. For most people, this is too much hassle and takes too much time.
As for how secure the extensions are as to compromising your browser security, most of these extensions are built on a sandbox layer for each tab they are activated on. So if an extension is exploited by a website, closing the tab will cause the exploit to be discarded in most cases. However, there is certainly still a risk. In short, installing them from the official store, using extensions that are extremely popular or made by firefox or google themselves is way less of a risk then installing a third party extension from an unknown party. Open source extensions are ones I put my trust in the most, as they lay there code out on github for anyone to look at and review. These are less likely to have issues or problems.
As already mentioned, going incognito or a private browser window does disable all extensions by default, (usually) though I would double check to make sure none were allowed in that mode by accident. Then you can do banking etc or whatever you are concerned about being tracked.
Just my thoughts.
-Andrew
Last edited by Andrew129260; 04 Feb 2020 at 12:12.