I am curious, I have 5 extensions that I have been using for the past two years since I discovered them. But I want to know if they are secure, how secure are they, and what rights do the developers or extensions themselves have to our internet traffic data?
Seems to me, the way the IC works, companies that want your data work, is they will target whatever the users use the most. Its effective at capturing as much data as possible. So does it make sense to not use them? But to use other means for security or privacy?
Uh you can just download the .crx extension and extract them like a zip archive and check the sourcecode if you want, or search them up on github/gitlab and check the sourcecode there and then compile them yourself, no other way to be 100% sure but to check yourself.
These three addons are practically obsolete. EFF has formally closed HTTPS everywhere and the primary dev of Privacy Badger has said that using this product has actually increased your tracking now.
You should probably add NoScript or uMatrix in the mix.
These are all available in the Mozilla addon page. A lot of security people that actually know how these works (excluding me) are using this. If something is up, people will know and complain in the interwebs. People are very good at complaining over the internet. They will scream it in your face if you are doing it wrong.
If you use NoScript, it wonāt detect much. Your fingerprint becomes less obvious. Also, most fingerprinting is done via 3rd party JS, but not always. If you allow a website to use JS, you may get fingerprinted. uMatrix helps by giving you options to no save cookies and more. I use both, because if one fails, another one can kick in. I also have uBlock Origin, in case I want to disable both of them temporarily (which only happened at the beginning, after I made my profiles, I rarely ever need to mess with them).
Bonus MO shilling:
Edit: regarding one failing, for example, the author of NoScript allows NoScript on his website by default, so just in case one gets compromised, the other will block the spooky sites.
Iām gonna be real, if you want to not be tracked on websites, the only way to do it is to not use the website.
I work for a company whoās main product is to know as much about you as we can. We get data from your cable box, pretty much all streaming websites, tons of online stores and the credit bureaus.
Our online tracking pixel is not blocked (and weāre fairly confident would not be able to be effectively blocked) by ublock and requires no javascript. With it, we get all the info we need about you to:
serve targeted ads
build a profile of who you are
predict your buying habits
estimate exposures required to purchase a product.
Iād like to see you try to serve me targeted ads when I donāt have JS enabled in my browserā¦
I forgot about adding a few add-ons that I think are necessary:
universal bypass
clearURLs
Keep in mind that another fingerprinting method is checking what extensions / add-ons one has installed, so the more you add, the more unique you become. Obviously you need JS for that to work, so if you block it, you may not get as much fingerprinted, but if you allow a website because you want to see whatās on it, well, youāre out of luck.
Ah Firefox? Iām using Edge / Safari on my personal machines, so I donāt think they have this
@Vr234btXx These are my default extensions for any browser I currently use; should probably add an agnostic tab manager that works for all browsers, but too lazy to find one Iike vs just always leaving tabs open (āā _ā )
Well that is pretty sad. Instead of respecting humans and their privacy and personal security, you work for an institution that seeks to profit from invading their identity and relating data.
Yea, it is pretty sad that people are now just a product used for institutional exploitation. And even worse than the governments making an effort to collect this data, arguably even, is that regular everyday people are doing it. And with a smile. You may be good with computers sir, but you lost all respect from me as a human being. I can only hope this all comes back to haunt yall. You all surely deserve it.
I think youāre really jumping to conclusions here. People have to make a living. The internet as it stands has been based on this type of revenue It would not be here and you would not be here making this comment without it. In fact I understand your frustration but I do not support this comment in any way In fact itās distasteful both to a lot of professionals that work on this forum and for yourself
If The advertisement-based model for the internet bothers you, You shouldnāt use the internet at all.
Thereās both good and bad that you can do from being on the inside of things that people may find subjective. For example Iām a fedā¦ an engineer for the DOD. I never really hide that fact. Thereās a lot of people who have a problem with that and I realize that and itās going to make certain people not like me especially given that I work for the intelligence side (C3I)ā¦ the man, Iām a glow in the dark, etc but you know what I do everyday. I ignore that and I get up every single day knowing that I need to do my job perfectly because there are people relying on this. Other engineers are allowed to screw up and sometimes they do. Iām not You can think of me like a surgeon is to a doctorā¦ but people judge me simply because of who I work forā¦ Ultimately thereās a responsibility in a job whether it be for the government or for a company that is providing analytics for other companies.
Itās no longer about exploiting somebody or trying to do the perfect right thing. Thereās going to be a lot of times in life where you donāt do that and sometimes you canāt do that but you can do something thatās better. So in his case for example he still has to do his job reliably there are people that depend on him within the company and outside of it. You know why he has to do that job reliably and good. Because the very data that he is working with can ruin somebodyās life if itās released. The data that they have is very sensitive and Iām not just talking ad data. Do you know how many people are fired before I breach even occurs at Google or an accident is made. So before you go judging somebody maybe you should sit in their shoes. Itās part of growing up I suppose Youāre not always going to do the right thing but you try to stay as right as you can but reading all of this it makes me come to the following conclusion:
It shows to me exactly how young you are. Which isnāt inherently a bad thing by itself but being so judgmental before youāve even been in the fire, Man if anybodyās lost any respect itās you.
To answer your original question thereās nothing inherently insecure about running a plugin. Can it improve or detriment your privacy absolutely. As to whether you could figure that out thatās going to be a lot of time or you can trust other people Itās your choice Itās your browser
You know why Iām working there? Iām trying to change the industry for the better. Iām working on a tool to effectively target ads while gathering less information.
Frankly, I donāt care if you respect me. What I care about is teaching people, helping people and living a fulfilling life. Working at this company enables me to do all that while changing the industry for the better. There is no shortage of workers for this industry, especially when they respect NYC salaries worldwide.
So my options are to not participate and nothing changes and it probably gets worse, or work there and maybe improve things.
I havenāt given up hope for a world where privacy is the norm, but I have accepted the reality of today.
Thatās what some of them are doing, yes. We consulted on an implementation, they were talking about wanting to avoid adblockers. I had to mention the adblockers can just remove elements from the DOM, so it wonāt be very effective.
I canāt speak to its merit but you can also take this approach.
Iām not sure that I would run this on my laptop, but if I was using a VPS as a VPN endpoint, I would consider putting a VM on the VPN that generated garbage data like this.