Librefox
Librefox copied to clipboard
Further addon suggestions
Add on suggestions [and other privacy related suggestions] mentioned at the following websites for consideration/integration:
Prism Break: https://prism-break.org/en/categories/windows/#web-browser-addons
- Cookie AutoDelete
- Decentraleyes
- HTTPS Everywhere
- Mailvelope
- NoScript
- Privacy Badger
- uBlock Origin
Privacy Tools: https://www.privacytools.io/#addons
- Privacy Badger
- uBlock
- Cookie AutoDelete
- HTTPS Everywhere
- Decentraleyes
- uMatrix
- NoScript Security Suite
IMHO Privacy Badger is superseded by ublock origin, here it has been asked:
Do uBlock just do that same job as privacy badger or should I use both?
uBo does more and all the features of PB are included. PB deals with 3rd party tracking only.
If you have customized your adblocker settings to block trackers as well, Privacy Badger may be partially redundant
^ Source
Also see: https://github.com/ghacksuserjs/ghacks-user.js/issues/598#issuecomment-447567241 https://github.com/privacytoolsIO/privacytools.io/issues/335
there is also privacy possum which is supposedly more advanced
on top of those i have those privacy addons: ClearURLs UntrackME Clean Links ScriptSafe Skip Redirect Pure URL Luminous
and those useful addons:
Violentmonkey Redirector Stylus Chrome Store Foxified Video DownloadHelper Terms of Service: Didn't Read
@Atavic
uBlock Origin protects using blacklists. Privacy Badger protects by automatically learning about trackers as you browse, which means Privacy Badger might catch things that uBlock Origin doesn't know about.
IMHO, uMatrix does this job better, since it can block things that these two addons don't know about. But it's only effective against 3rd party tracking too. That's why I think uBlock is a good addition to uMatrix.
I don't know where you guys are going with this. What's the point of adding extensions you like to a list?
People are capable of installing the extensions they like. That's what made Firefox big. I don't disagree with a list of good extensions, but maybe you should ask yourself if this is really that relevant right now when thinking about what a "Librefox" differentiates from a Firefox.
Suggesting a few extensions may help in debugging issues for those that use them. Regarding ClearURLs, Clean Links, Skip Redirect and Pure URL I have substituted them with: https://github.com/tumpio/requestcontrol
these addons are also a source of inspiration for features that could become a browser core functionality. there is a lot of potential for synergies and performance improvements. addons were originally meant as niche additions that only some users need. these addons however add core features from a privacy standpoint. making those work together and possibly integrate better in the future makes a truly private and practical web experience a reality.
Extensions suggestion/recommendation will be removed from the project on next release, recommended and reviewed addons will probably be kept on an open issue like this one.
One single extension (that should include most needed privacy features) will be kept on the main project page...
Libefox needs to find its way as a browser.
Also a lot of settings will be integrated directly to the browser, and yes a list base could be helpful to shape what feature will be integrated on the browser.
a browser integration should be the final goal. privacy is a core feature and should not be treated like it's an optional extra. combining all the privacy addon features into a single addon or directly into the browser will remove many redundancies, improve control and performance. it is the right approach but also a very ambitious goal. many addons are big projects just for themselves. so maybe try to focus on providing better interfaces to the addons first and help addon developers implement them. this way you can already test the interfaces under practical conditions without having to write all the addon code first to get any feedback. there are many limiting factors in the webextension implementations. asking the addon developers what stops them from making a better addon also gives you a good hint what you have to modify for your own addon/browser integration.
@elypter Great reply in response to @samuel8941's comment. Couldn't have said it better myself. I haven't even heard of any of the addons you mentioned, but, I know stylUS : )
Further, Firefox itself has made some privacy related changes, that was previously possible only with addons. For example, I think Firefox does HTTPS by default now. Another thing is "referrer getting stripped" was also added (not sure if is the same as pure URL), etc. Overlap is another problem... we have quite a few addons that do the same thing like ad-blocking, but not all function similarly!
I think this "these addons are also a source of inspiration for features that could become a browser core functionality. " should be on a TODO list... There should be a table of sorts so users can see which privacy features are included (what is in the core), which addons are recommended, which addons are under review and which addons not to use (and why) <-- looks like table columns :)
So, having a wiki page with the "master chart for addons" is one way to do it. Another suggestions is to have users submit addons for review. So, having another repo for addon suggestions by users and then, they go into review... similar to chocolatey package request, but maybe that is too much ; )
@intika
Wow... I had no idea (I am not using LibreFox) that there was a place for users to submit addon suggestions. Having this is a good idea...
Reason is take for example user agent spoofer. Chameleon is a WebExtension port of the popular Firefox addon Random Agent Spoofer... https://addons.mozilla.org/en-US/firefox/addon/chameleon-ext/ https://github.com/sereneblue/chameleon and LibreFox has its own recommendation: https://github.com/intika/Librefox/#librefox-addons
So, how does a user know, if a newer addon is better than existing one or takes care of something completely new (or is crap)? You want users to submit new addons and the tech. team to review. And, perhaps a wiki page can show that the addon was reviewed and recommended or not recommended, or is redundant because such functionality is built into the LibreFox browser.
With so many addon options, it is overwhelming, therefore, I think this is important. LibreFox WILL find its way, the clearer it is to the users how privacy options are set up, whether to user addons or not, and which ones, and overall how easy it is to use the browser, out of the box.
And lastly, I know this is asking much, as addons is just a smaller part of the core function of the browser : )
What's a minimal list of must have extensions?
gorhill uBo decentraleyes noscript (or uMatrix) as discussed here one for cookies on/off one for trimming/clearing URLs?
Notices: Too many addons may lead to problems: https://github.com/pyllyukko/user.js/issues/348#issuecomment-420322549
and also may lead to unique fingerprinting, particularly for the extensions that modify the page's DOM, as explained in the XHOUND research PDF linked here
The upstream project's related issue hasn't lead to a minimal must-have extensions list (yet).
@elypter
"combining all the privacy addon features into a single addon or directly into the browser " -- sounds ambitious, I am not sure this is possible. Then, again, maybe with how WebExtensions work, it is!
"many addons are big projects just for themselves" -- absolutely. NoScript looks complicated as a user, can't imagine what the dev. feels like :-)
My suggestions has been to have a wiki page which shows by category, for example,
adblocker user agent spoofer cookie handler etc.
and for each category a list of:
addons recommended addons not recommended addons under review addons redundant etc.
so, the process is transparent to users. They know they can suggest if they see something new or review if they have any doubts about an addon/privacy feature.
gorhill uBo decentraleyes noscript (or uMatrix) as discussed here one for cookies on/off one for trimming/clearing URLs?
there should also be an addon to clear referrers and headers and all those addons/features should be capable of using white&blacklist, asking the user as well as detecing patterns themselves like privacy badger or privacy possum which monitor third party scripts to see if they are used on multiple sites and what they are doing.
^ That's the one for trimming/clearing URLs, See: https://github.com/intika/Librefox/issues/39#issuecomment-449867379
Temporary Containers - this and, optionally, privacy.firstparty.isolate
should eliminate the need for any cookie/storage/canvas cleaners, which can't clean everything by domain anyway (IndexedDB)
ClearURLs - dynamically updated list of URL param cleaning (tracking)
Decentraleyes - already mentioned - apparently loading local web fonts is on the to-do list
Privacy-Oriented Origin Policy POOP - strip origin headers
Skip Redirect - already mentioned
uBO and/or uM - already mentioned
i would like to suggest a concept that is not quite functional yet but has some potential. there is a project called truthbot(unfortunately discontinued now). its goal was to show users the ownership relation of a website. todays big corporations usually own hundreds of daughter corporations which themselves own many domains. it has come so far that the average user doesn't notice anymore who a website really belongs to and thus are less suspicious of potentially biased information. it however can be important information for privacy concerns as well. it can make blocking content based on company much easier and it can also make container isolation work with less breakage by automatically putting every company in its own container. i made a suggestion for containerise a while ago here: https://github.com/kintesh/containerise/issues/33#issuecomment-437074155
@b16r05
"combining all the privacy addon features into a single addon or directly into the browser " -- sounds ambitious, I am not sure this is possible. Then, again, maybe with how WebExtensions work, it is!
The main browser extension i am thinking of would just bring important features not everything other extension would always be needed... it would be just a must have extension to make Librefox complete
My suggestions has been to have a wiki page which shows by category, for example,
After the release of the next version any PR for that would be welcome but all those extensions etc. have to be limited because the most important thing is the core Librefox... it's why i thought of a future open issue, where main post would have a list that would be updated over time while user post what they want to add to that list in the issue itself or something else i did not yet decided how to go for this, and would probably needs help to review this growing list because a good review need a lot of time at least 1h per addon depending on the size
Privacy-Oriented Origin Policy POOP - strip origin headers
i havent heared of this one yet. thanks
i would like to suggest a concept that is not quite functional yet but has some potential. there is a project called truthbot(unfortunately discontinued now). its goal was to show users the ownership relation of a website. todays big corporations usually own hundreds of daughter corporations which themselves own many domains. it has come so far that the average user doesn't notice anymore who a website really belongs to and thus are less suspicious of potentially biased information. it however can be important information for privacy concerns as well. it can make blocking content based on company much easier and it can also make container isolation work with less breakage by automatically putting every company in its own container. i made a suggestion for containerise a while ago here: kintesh/containerise#33 (comment)
Let keep things cool right now and not overwhelm too much the to-do list
@intika
Ah... now I understand about the main browser extension. So, just the fact that other browser extensions/addons will be needed, makes this issue still relevant : )
Yes, I understand about focusing on LF core... and "limiting extensions or else getting fingerprinted" : )
I want to just leave another suggestion on here... which is to take a look at how chocolatey-package-requests works: https://github.com/chocolatey/chocolatey-package-requests. This is probably very elaborate, but could be simplified as far as "Addons Review" is concerned, as it is not the main focus of LF. This method might still help with the review process. Of course, people will help as new requests come in... or addon status will continue to say "Under Review" : )
Ah... now I understand about the main browser extension. So, just the fact that other browser extensions/addons will be needed, makes this issue still relevant : )
it's why it's still open :) :+1:
I'd suggest only having uBlock Origin and maybe HTTPS Everywhere bundled and everything else shall be installed by the user if he wants.
@theel0ja uBlock Origin would be a lot for maintenance i prefer keeping that out... the main addon would just provide what can not be done on the core settings, kind of an addition to the core settings for an easy way to switch on/off like some anti fingerprinting features
personally i would not suggest HTTPS Everywhere - it relies on an imperfect 3rd part list which, in my opinion, is a super-dumb way to handle the problem - and Smart HTTPS doesn't work with containers, as i was informed - that leaves a brand new one - HTTPZ - by claustromaniac - it's simple and (so far) it works and there's nothing to configure, so it should be completely transparent to the user
as for uBO - its simple mode makes it pretty manageable and transparent for most people i would think, with just a little careful setup (or pre-configured perhaps)
@atomGit HTTPZ is great, but it uses a list of ignored hosts which is temporary (unlike Smart HTTPS). It is not very convinient, IMHO.
actually i see that as a plus - with Smart HTTPS, if an https site takes too ling to load, by default it's added to a list, redirected to http, and will always load as http from then on - not good - i actually used to dump that list every so often to avoid the problem - HTTPZ works like Smart HTTPS without the whitelist
personally i don't mind hitting http sites with https requests because i think every admin should be using SSL, especially since Let's Encrypt certs are free
I personally use uBlock Origin with default settings with few extra lists added, while uMatrix handles third-party script blocking etc. Just a personal preference.
(...oh and I wouldn't suggest uMatrix for non-techies, but uBlock Origin is no problem for them)
I wouldn't suggest uMatrix for non-techies
however the approach to be able to set each rule for each resource is something very powerful and understandable by everyone. it's just that a giant colored table overwhelms them. alternatively you could just show the tree of resources and when clicking on one a dialog shows up that allows to set individual rules.
@intika
I am still reading the Readme.MD (quite long : ) and the addons sections...
Question 1: You mention that recommended addons must be installed manually. Can this be automated? Or, is it too much? What I mean is... whichever addons are recommended, they could be automatically installed in bulk. Perhaps, you could give users the option to check/uncheck for individual recommended addon options. Same goes for recommended addon settings. If users want to use the recommended settings, they simply check/uncheck a box, and recommended settings are applied. [Should this be another issue?]
Question 2: No where did I see (CTRL+F on readme.md) anything about in-built password manager and Firefox sync? Will these work the same as standard Firefox?