Jump to content
Not connected, Your IP: 3.91.157.213
OmniNegro

Firefox extensions how-to guides.

Recommended Posts

https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/

https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/

https://www.eff.org/privacybadger

https://www.eff.org/https-everywhere

https://www.requestpolicy.com/

https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/

https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/

https://addons.mozilla.org/en-US/firefox/addon/privacy-settings/

 

Three of these have been suggested to need a how to guide. (Including one I did not have in the list for just this reason.)

https://airvpn.org/topic/17983-anonymity-and-machine-identification/?do=findComment&comment=43344

 

First of all is Ublock Origin. It is a classic adblocker that can do much more than most other such extensions. Here is how to configure it.

 

Click the Ublock Origin icon in the browser.

Step_one.jpg

(Obviously it is the icon surrounded in green.)

 

That brings this little menu down. Click the title of the menu where it says Ublock Origin.

Step_two.jpg

(Again, the green highlight shows where to click in case I am being too unclear.)

 

That brings us to the Ublock Origin Dashboard. Click the "3rd-Party Filters" tab and set it similar to this. You have a lot of options here, but this seems to work everywhere I go on the Internet. Your mileage may vary.

Step_three.jpg

Once you change, add, or remove any filters, you will see "apply" in the upper right corner. Click that to save your changes. It will automatically update the filters for you.

 

Now Request Policy and NoScript work almost identically. So I am just providing instructions for Request Policy. Too many sites fail to work as desired with NoScript, so I do not use it most of the time.

 

Lets say you open Random.org and want to see how it works.

Step_four.jpg

Like the last few images, the green highlight is around the icon to click for this extension to do what it does best. That brings you to this.

 

Step_five.jpg

It shows you each domain attempting to load content into the page. See the options at the very bottom? Those are the only ones you should ever use unless you are really certain you know what you are doing.

 

If you load a site and the images do not load with the text, or the formatting is all messed up, it is likely because it is being blocked by this. Use the Temporarily Allow option on the very bottom to see if that fixes it. If not, you may have more domains to permit. But be warned not to use the "Allow Requests from" option on any site you are not certain you trust. Temporarily allowing a bad site will usually not be a terrible choice, but if you set it to allow them without using the temporary option, you will have to hope the site does not mess things up that you cannot fix, and it will remember all but the temporary permissions assigned here next time you load the browser too.

 

Be warned in advance that some sites will have dozens of sites they attempt to load content from. These are almost always clickbait sites, and if you see one like that, you should close that tab and never go back. NoScript works almost the same, except it only prevents sites from using javascript.

 

Questions? Ask away.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

Thank you for following my advice. It's good to have an insight into uBlock for example.

 

You all really need to know that NoScript and Request Policy are advanced tools intended for advanced users to alter the browser's networking behavior. NoScript will prevent executing scripts on a domain-based scheme - Request Policy goes a step further and even prevents asking for content.

 

When you browse to a website, your browser will make many requests for content. It's not like "I want this website, tell me what to display". It's like this, B being the browser and S the server:

 

 

B: "I want this HTML file"

S1: "Okay, here you are."

B: "Thanks. It seems I also need this CSS layout file."

S1: "I hoped you'd say that :)"

B: "Hmm, in the HTML it's clear that you want this picture to be shown. I want it."

S1: "Roger that."

...

 

Three requests, for a description/text of the site, it's layout and a simple picture. It goes on like that, and it just gets more complicated. Request Policy for example changes the behavior of the browser and can "disallow" it to initiate a request for something, for example, for the picture. The browser won't point out there is a picture in the HTML. It will probably notice it but decide to not ask the server for it. More or less.

 

Since the majority of the big websites out there don't use just one server but many of them for different kinds of content, it will definitely have an impact on your browsing experience. Because you never know how the site you browse to organizes its content, you will have a difficult time in finding out what things of a webpage are crucial to display it correctly but were blocked due to these powerful addons. In the end it's a simple choice: The path of least resistance, or the more difficult but more secure/private way. These three addons compliment the latter.


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP

Share this post


Link to post

I use NoScript and uBlock together and many layouts are not too bad, and put the "temporary allow scripts" button of NoScript in my toolbar for easy clicking. And uBlock makes it easy to allow ads from favorite sites to keep them in business.

I also use Ghostery with these, which has nice categories of what trackers/cookies to allow in a session.

And keep another "virgin" browser with no addons to check or handle odd things, which does not get used for most activity. I use Vivaldi which is chromium based to check any firefox only or addon incompatibilities which are now rare.

Back to surfing with sharks and giant squids 8-0

Share this post


Link to post

"temporary allow scripts" button

Aark! Not that one IDIOT.

"temporarily allow all this page" button is what I meant.

At least it feels better to smash your head on a laptop keyboard than a mobile phone.

Share this post


Link to post

Ghostery? Aark! Not that one IDIOT :DDD We've had a discussion about it in the past and someone pointed out they collect user data.

 

(Sent via Tapatalk - this generally means I'm not sitting in front of my PC)


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP

Share this post


Link to post

The one thing I can think to point out is that Ublock is entirely different from Ublock Origin. The latter is the actual first one made by the author of both of them. The former is effectively a long story. The short version is that the author gave the source away, and it was taken and published as its own thing. If you meant Ublock Origin, please forgive my insanity.

 

Ghostery is pure garbage in more than one way. That it collects and sells user information is more than enough reason to never use it. But to be fair, it was not always this way. And I can not entirely blame them for their motives. But I cannot endorse it either.

 

For now, I am inclined to believe the discussion of these things is helpful. Please do not hesitate to say your piece here. Give us your thoughts on how to use the extensions we are discussing, or if you prefer, tell us what extensions you think work better and how you use them.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

Thank you for your contribution, cm0s, but since this is an explanatory thread, you might give a how-to as well. And PLEASE, when you do that, use punctuation. It's very difficult to tell apart the end of one sentence and the beginning of another. No offense.

 

(Sent via Tapatalk - this generally means I'm not sitting in front of my PC)


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP

Share this post


Link to post

i thought this was omninegros thread ?

not sure what mohr info ya want giganerd that 'find a url you don't want in about:config' and remove it

that's all over google and how to use addons and extensions is really all over google

i like a good spoon feeding myself once in a while, enjoy my diaper at times but wow, kinda over kill right ?

i mean, i do have mohr respect for the folks here than thinking they are so stupid that they can't figure a google

search out!  lol

if you need mohr explicit instructions yourself giganerd get a hold of me, i'll share my binky and play pen

hahahahaha

we can poo our britches together and dance through google search land

see if you can help spoon feed me on my conky post giganerd, i'm feeling white trash lazy on that one

that goes into awk and all that cody stuff jibber dribble blah blah punctuation kinda thingymajiggersdoflickyz

know what i mean right ?

glad ya came back gigglez, cheerz

Share this post


Link to post

I bet you'd say that to people looking for help with those addons.. "if you need more explicit instructions, get in touch with me and we can dance through google search together".. Brilliant first impression of your qualities as a helpful being around here.

I know what my next thought after this statement would be..

 

With due respect, "find a url you don't want in about:config" contains three elements an average user wouldn't understand right away:

- What URL shall I find?

- Which are URLs I don't want?

- WHAT IS ABOUT:CONFIG?

 

You can't deny there are users who don't know the answers to this question. Even here. Show them some respect, man! -,-

 

(Sent via Tapatalk - this generally means I'm not sitting in front of my PC)


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP

Share this post


Link to post

As far as I am concerned, the thread belongs either to no-one or to everyone. I am just another person.

 

I get help from others too. I just try to return the favor when I can.

 

And as giganerd suggests, we often feel the least compulsion to help the people that need it the most. (Because they are the people who need everything explained in detail.)


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

I would not use Google if my life depended on it. Duckduckgo and Ixquick are the two search engines I would use.

 

I can just about guarantee that many users cannot use any search engine to setup some addons/extensions. A good example is Form History Control. It is unsigned, and as such requires a user to go to about:config and set "xpinstall.signatures.required" to false. Sadly many users do not even understand simple steps like this. And it does not matter if a search engine explains it in detail. They will continue to misunderstand it until someone makes the effort to explain it specifically for them.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

I bet you'd say that to people looking for help with those addons.. "if you need more explicit instructions, get in touch with me and we can dance through google search together".. Brilliant first impression of your qualities as a helpful being around here.

I know what my next thought after this statement would be..

 

With due respect, "find a url you don't want in about:config" contains three elements an average user wouldn't understand right away:

- What URL shall I find?

- Which are URLs I don't want?

- WHAT IS ABOUT:CONFIG?

 

You can't deny there are users who don't know the answers to this question. Even here. Show them some respect, man! -,-

 

(Sent via Tapatalk - this generally means I'm not sitting in front of my PC)

 

In a way, I personally haven't poked around much in the about:config when I was using firefox but the sentence confuse me due to the fact what is urls doing in about:config, which is the configuration for the browser not URL history

Share this post


Link to post

Nobody likes a help vampire, and those who are help vampires should be encouraged to do some independent searching, googled or otherwise (I prefer otherwise).

 

The best thing about this forum is its a great place to get some friendly and helpful advice from folks in the know about privacy related issues. People's efforts range from the small to the sometimes epic (like OmniNegro's above), but they are always appreciated by different folks at their different levels of knowledge. Someone doesn't want to write a detailed guide/ explanation about something? Fine. Whatevs. Who cares? No one's got a gun to your head. But those who do take the time are pretty awesome, and the community does notice their effort. That work should be encouraged, not ridiculed.

Share this post


Link to post

Hello cm0s.

This is indeed a privacy/anonymity/hacktivist/geek/cryptonerd community, but since it is, don't you think

that any personal accusations are totally misplaced, so to speak?

Your technical contributions to the threads in this forum so far were great, thank you for that.

You don't have to like every member, in fact it would be very natural if you don't.

But please, can we maintain a healthy community and forget about bashing each other for whatever

reasons? Personally, as a maintainer of many tech communities, I believe that the more we stick to

purely tech and less about judging each other, whatever the (valid) reason is, the more healthy the

discussions are, and as a result, the community itself will be much more pleasant to read.

 

Thanks in advance.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

 

I bet you'd say that to people looking for help with those addons.. "if you need more explicit instructions, get in touch with me and we can dance through google search together".. Brilliant first impression of your qualities as a helpful being around here.

I know what my next thought after this statement would be..

 

With due respect, "find a url you don't want in about:config" contains three elements an average user wouldn't understand right away:

- What URL shall I find?

- Which are URLs I don't want?

- WHAT IS ABOUT:CONFIG?

 

You can't deny there are users who don't know the answers to this question. Even here. Show them some respect, man! -,-

 

(Sent via Tapatalk - this generally means I'm not sitting in front of my PC)

 

In a way, I personally haven't poked around much in the about:config when I was using firefox but the sentence confuse me due to the fact what is urls doing in about:config, which is the configuration for the browser not URL history

The URLs are related to the way Firefox handles Updates to the extensions. They can be found with a nauseating amount of digging in about:config.

 

So you are certainly right that it is the browser configuration, but URLs are involved too. And some of us prefer to only ever manually update extensions. And even leaving the URLs in place does put us at a trivial risk. Allow me to show you an example where it can defeat anonymity.

 

Let's say there is an extension that only you use. The "OnlyYouExtension". If you are the one and only person who uses it, then if you connect to a VPN server with a dozen or even a hundred people, you are still the only person who has this extension. If the update URL for this extension is ever looked up, then anyone looking to identify you now knows what server you are on. And if for instance there are only a dozen people on this server then let's say half of them use the same OS, while others use different OSes. Now a dozen is only six. Now let's say that half of them use a different browser. Now six is three. Checking three identities on one VPN server is a very trivial thing, especially if you already know something unique like the update URL to an extension only you use.

 

None of this reveals your true IP address, but it certainly makes it easy to figure out identifying information that can easily be used to help find an exploit to reveal you IP.

 

Please bear in mind this example is fiction. I literally made it up. And much of it is not the way things actually work. But it is simple enough to explain to anyone. So forgive the fiction. It is only to help explain.

 

The risk is real. But probably will never matter without another problem like the OpenSSL Heartbleed vulnerability. But that one existed for a number of years before discovery. So many here prefer to be safe even if it is not needed. (Or not believed to be needed.)


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

 

 

I bet you'd say that to people looking for help with those addons.. "if you need more explicit instructions, get in touch with me and we can dance through google search together".. Brilliant first impression of your qualities as a helpful being around here.

I know what my next thought after this statement would be..

 

With due respect, "find a url you don't want in about:config" contains three elements an average user wouldn't understand right away:

- What URL shall I find?

- Which are URLs I don't want?

- WHAT IS ABOUT:CONFIG?

 

You can't deny there are users who don't know the answers to this question. Even here. Show them some respect, man! -,-

 

(Sent via Tapatalk - this generally means I'm not sitting in front of my PC)

 

In a way, I personally haven't poked around much in the about:config when I was using firefox but the sentence confuse me due to the fact what is urls doing in about:config, which is the configuration for the browser not URL history

The URLs are related to the way Firefox handles Updates to the extensions. They can be found with a nauseating amount of digging in about:config.

 

So you are certainly right that it is the browser configuration, but URLs are involved too. And some of us prefer to only ever manually update extensions. And even leaving the URLs in place does put us at a trivial risk. Allow me to show you an example where it can defeat anonymity.

 

Let's say there is an extension that only you use. The "OnlyYouExtension". If you are the one and only person who uses it, then if you connect to a VPN server with a dozen or even a hundred people, you are still the only person who has this extension. If the update URL for this extension is ever looked up, then anyone looking to identify you now knows what server you are on. And if for instance there are only a dozen people on this server then let's say half of them use the same OS, while others use different OSes. Now a dozen is only six. Now let's say that half of them use a different browser. Now six is three. Checking three identities on one VPN server is a very trivial thing, especially if you already know something unique like the update URL to an extension only you use.

 

None of this reveals your true IP address, but it certainly makes it easy to figure out identifying information that can easily be used to help find an exploit to reveal you IP.

 

Please bear in mind this example is fiction. I literally made it up. And much of it is not the way things actually work. But it is simple enough to explain to anyone. So forgive the fiction. It is only to help explain.

 

The risk is real. But probably will never matter without another problem like the OpenSSL Heartbleed vulnerability. But that one existed for a number of years before discovery. So many here prefer to be safe even if it is not needed. (Or not believed to be needed.)

 

Yes I prefer to update extensions myself manually as well however I did not know firefox stored those URLs in the configuration I figured it was elsewhere.

Share this post


Link to post

Want to see a sickening amount of useless URLs that are in Firefox? Go to about:config and search for URL. And there are many more that do not have URL as part of the search phrase.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

yeah nobody should step in and act like they own the damn forum or have the right to tell others what to say or how to say it

and sometimes the person that is acting like they care don't really care, sometimes that is just a person wanting attention

for whatever reason, i've posted my firewall conky helped others out here off and on i totally get how a forum operates, i've also

built a couple forums and ran them, so totally get it

what i don't like and won't put up with is someone like giganerd or gigglez or gigaterd

absolutely give two shits about that asshole and you can hammer my account or dox or whatever

and since this is about extensions and this is a hacktivist forum about encryption and anonymity maybe you should do your homework a

little better coz as far as i'm concerned what i posted up is about the only post that makes sense on a encryption anonymous forum

give two shits if you like how i put it or not, you got a tutorial up here that is bleeding info back to 'list' servers basically self hack

and you want to thank someone for that ? coz they took the time ? that is already all over the net how to set up noscript, google it

so now you got someone hitting a privacy forum thinking that is the right way to run that kind of deal

and what does bleeding your vpn ip back to those servers to get some kind of list do for you anyway ? 

huh ?  nothing, no why ? coz you gotta click whatever page you are on anyway to allow something

so that click right that you think is awesome that you didn't have to do now coz you got someone else thinking for you

telling you what they think is ok to run on whatever page you are on just bled credz

and in some parts of the world, where they take anonymity and encryption serious, some parts of the world, that can cause serious harm

to either the person on the box or the person's family or friends

have a good day

 

So let me sum this up (as hopefully the last off-topic post in this thread, since I cannot reach you privately). You think you can offend me by posting this shit here instead of just answering my personal message (which you just left without any words) and help clearing this situation. You are not interested in doing so. You cross the line and take it to the public.

 

And after all this, you say you don't want to mess with people like me and you reserve the right to do, say and write what you want? No comment.


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP

Share this post


Link to post

Well, after reading this thread i made a few changes to my plug-ins.

 

was already running https everywhere, ublock origin and NOSCRIPT. But have now replaced this with Request Policy, which even after short use i can see is much better. I like also how it instead of noscript saying " temporarily allow website x ", request policy will say " temporarily allow requests from website a to website b ". so thanks bros!

 

I actually also run another plugin called Disconnect , that seems to block out alot of other stuff that ublock origin and noscript (previously) didn't seem to pick up on.

 

Any opinions on Disconnect from the more learned people in the community here? or is it duplication that i dont really require and should remove?

 

 

also, I've followed this guide here to set my browser up to be a bit more secure. I've got it all running perfectly except for facebook, it wont show pictures or anything on the frontpage, however if i click onto a blank picture for example, it'll open in a new window.

 

i've tried enabling all available connections in request policy, unblocking in https everywhere, i still cant work out how to restore it back to normal. has anyone got any ideas as to what might cause that?

Share this post


Link to post

There's one thing I'd like to ask:

Can uBlock be seen as a replacement for NoScript? It sure is one for Disconnect.


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...