Should We Be Using Add-on Extensions In Browser

I am curious, I have 5 extensions that I have been using for the past two years since I discovered them. But I want to know if they are secure, how secure are they, and what rights do the developers or extensions themselves have to our internet traffic data?

Https Everywhere
Ublock Origin
Privacy Badger
Cookie Autodelete
Decentraleyes

Seems to me, the way the IC works, companies that want your data work, is they will target whatever the users use the most. Its effective at capturing as much data as possible. So does it make sense to not use them? But to use other means for security or privacy?

Thanks

1 Like

Uh you can just download the .crx extension and extract them like a zip archive and check the sourcecode if you want, or search them up on github/gitlab and check the sourcecode there and then compile them yourself, no other way to be 100% sure but to check yourself.

1 Like

These three addons are practically obsolete. EFF has formally closed HTTPS everywhere and the primary dev of Privacy Badger has said that using this product has actually increased your tracking now.

You should probably add NoScript or uMatrix in the mix.

These are all available in the Mozilla addon page. A lot of security people that actually know how these works (excluding me) are using this. If something is up, people will know and complain in the interwebs. People are very good at complaining over the internet. They will scream it in your face if you are doing it wrong.

5 Likes

I use both of these.

You can set it to break the internet by default.

It does not stop the big ad companies tracking you, but it Feels like it reduces it.
Even if it is false comfort.

2 Likes

IDK why would you use it if it didnā€™t work?

1 Like

For the false sense of security of course.

If all the ads are blocked, It give the feeling that the ad companies donā€™t get the impression with my ip, a timestamp and metadata, etc.

Of course, they still get the info, but not from as many sources, so less correlation.

2 Likes

This^

Also use both. Use

https://amiunique.org/
https://deviceinfo.me
to check your browser privacy protections.

If you use NoScript, it wonā€™t detect much. Your fingerprint becomes less obvious. Also, most fingerprinting is done via 3rd party JS, but not always. If you allow a website to use JS, you may get fingerprinted. uMatrix helps by giving you options to no save cookies and more. I use both, because if one fails, another one can kick in. I also have uBlock Origin, in case I want to disable both of them temporarily (which only happened at the beginning, after I made my profiles, I rarely ever need to mess with them).

Bonus MO shilling:

Edit: regarding one failing, for example, the author of NoScript allows NoScript on his website by default, so just in case one gets compromised, the other will block the spooky sites.

Can you expand on why those are obsolete?

I still use HTTPS Everywhere and Cookie Autodelete

I also use uBlock instead of uMatrix as even the maintainer has said uMatrix isnā€™t really needed or worth it in comparison;

Iā€™m gonna be real, if you want to not be tracked on websites, the only way to do it is to not use the website.

I work for a company whoā€™s main product is to know as much about you as we can. We get data from your cable box, pretty much all streaming websites, tons of online stores and the credit bureaus.

Our online tracking pixel is not blocked (and weā€™re fairly confident would not be able to be effectively blocked) by ublock and requires no javascript. With it, we get all the info we need about you to:

  • serve targeted ads
  • build a profile of who you are
  • predict your buying habits
  • estimate exposures required to purchase a product.

Woah, you work for the bad guys? I thought it was gonna be the nsa at worst, but sheesh manā€¦

/s

6 Likes

Use Strict mode under Enhanced Tracking Protection - this puts cookies in their own ā€œcookie jarā€


Sarge makes me want to block all images from websites and load it up as needed.

3 Likes

Iā€™d like to see you try to serve me targeted ads when I donā€™t have JS enabled in my browserā€¦


I forgot about adding a few add-ons that I think are necessary:

  • universal bypass
  • clearURLs

Keep in mind that another fingerprinting method is checking what extensions / add-ons one has installed, so the more you add, the more unique you become. Obviously you need JS for that to work, so if you block it, you may not get as much fingerprinted, but if you allow a website because you want to see whatā€™s on it, well, youā€™re out of luck.

Ah Firefox? Iā€™m using Edge / Safari on my personal machines, so I donā€™t think they have this

image

@Vr234btXx These are my default extensions for any browser I currently use; should probably add an agnostic tab manager that works for all browsers, but too lazy to find one Iike vs just always leaving tabs open (āŒā– _ā– )

Well that is pretty sad. Instead of respecting humans and their privacy and personal security, you work for an institution that seeks to profit from invading their identity and relating data.

Yea, it is pretty sad that people are now just a product used for institutional exploitation. And even worse than the governments making an effort to collect this data, arguably even, is that regular everyday people are doing it. And with a smile. You may be good with computers sir, but you lost all respect from me as a human being. I can only hope this all comes back to haunt yall. You all surely deserve it.

1 Like

I think youā€™re really jumping to conclusions here. People have to make a living. The internet as it stands has been based on this type of revenue It would not be here and you would not be here making this comment without it. In fact I understand your frustration but I do not support this comment in any way In fact itā€™s distasteful both to a lot of professionals that work on this forum and for yourself

If The advertisement-based model for the internet bothers you, You shouldnā€™t use the internet at all.

Thereā€™s both good and bad that you can do from being on the inside of things that people may find subjective. For example Iā€™m a fedā€¦ an engineer for the DOD. I never really hide that fact. Thereā€™s a lot of people who have a problem with that and I realize that and itā€™s going to make certain people not like me especially given that I work for the intelligence side (C3I)ā€¦ the man, Iā€™m a glow in the dark, etc but you know what I do everyday. I ignore that and I get up every single day knowing that I need to do my job perfectly because there are people relying on this. Other engineers are allowed to screw up and sometimes they do. Iā€™m not You can think of me like a surgeon is to a doctorā€¦ but people judge me simply because of who I work forā€¦ Ultimately thereā€™s a responsibility in a job whether it be for the government or for a company that is providing analytics for other companies.

Itā€™s no longer about exploiting somebody or trying to do the perfect right thing. Thereā€™s going to be a lot of times in life where you donā€™t do that and sometimes you canā€™t do that but you can do something thatā€™s better. So in his case for example he still has to do his job reliably there are people that depend on him within the company and outside of it. You know why he has to do that job reliably and good. Because the very data that he is working with can ruin somebodyā€™s life if itā€™s released. The data that they have is very sensitive and Iā€™m not just talking ad data. Do you know how many people are fired before I breach even occurs at Google or an accident is made. So before you go judging somebody maybe you should sit in their shoes. Itā€™s part of growing up I suppose Youā€™re not always going to do the right thing but you try to stay as right as you can but reading all of this it makes me come to the following conclusion:

It shows to me exactly how young you are. Which isnā€™t inherently a bad thing by itself but being so judgmental before youā€™ve even been in the fire, Man if anybodyā€™s lost any respect itā€™s you.


To answer your original question thereā€™s nothing inherently insecure about running a plugin. Can it improve or detriment your privacy absolutely. As to whether you could figure that out thatā€™s going to be a lot of time or you can trust other people Itā€™s your choice Itā€™s your browser

4 Likes

You know why Iā€™m working there? Iā€™m trying to change the industry for the better. Iā€™m working on a tool to effectively target ads while gathering less information.

Frankly, I donā€™t care if you respect me. What I care about is teaching people, helping people and living a fulfilling life. Working at this company enables me to do all that while changing the industry for the better. There is no shortage of workers for this industry, especially when they respect NYC salaries worldwide.

So my options are to not participate and nothing changes and it probably gets worse, or work there and maybe improve things.

I havenā€™t given up hope for a world where privacy is the norm, but I have accepted the reality of today.

5 Likes

No JavaScript definitely helps that, Iā€™d say 90% coverage. Some sites are starting to bake the ads into html, like it was in the old days.

3 Likes

Yeah, but unless itā€™s some server-side hackery, I doubt itā€™s going to be targeted for my ad profile.

1 Like

Thatā€™s what some of them are doing, yes. We consulted on an implementation, they were talking about wanting to avoid adblockers. I had to mention the adblockers can just remove elements from the DOM, so it wonā€™t be very effective.

2 Likes

I canā€™t speak to its merit but you can also take this approach.

Iā€™m not sure that I would run this on my laptop, but if I was using a VPS as a VPN endpoint, I would consider putting a VM on the VPN that generated garbage data like this.

3 Likes