[sf-lug] An unpleasant experience

Rick Moen rick at linuxmafia.com
Thu Sep 8 22:24:46 PDT 2016 

Quoting aaronco36 (aaronco36 at linuxwaves.com):

> FWIW, the webpage 'Completely Secure: 11 Must-Have Firefox Addons For
> Security' at
> http://www.makeuseof.com/tag/completely-secure-11-must-have-firefox-addons-security/
> *also* recommends NoScript for this.

It's a worthwhile rundown.  I notice:

They recommend Firefox because it's the 'only true open source browser
of the major five' -- but then recommend extensions with no disclosure
whatsoever of some of those being proprietary.  Which probably means
author/editor Joel Lee doesn't _know_.  This is common, e.g., the
https://addons.mozilla.org/ Web site rather obscures that information
and permits terms like 'Custom License' that obscure the issue.

Point is, it's a bit silly to make a point of using an open source Web
browser and then load it up with proprietary extensions.


o  HTTPS Everywhere:  GPLv3 and above.  (addons.mozilla.org says only
   'Custom License'.)
   RM comment:  essential!

o  Ghostery:  proprietary.  (addons.mozilla.org says only 'Custom License'.)

o  Disconnect Private Browsing & Disconnect Private Search:  GPLv3
   RM comment:  These look promising.  Hadn't seen before.

o  NoScript:  GPLv2
   RM comment:  essential!

o  uMatrix:  GPLv3
   RM comment: Again, not seen before, looks promising.

o  Abine Blur (formerly DoNotTrackMe):  proprietary.  (addons.mozilla.org
   says only 'Custom License'.)

o  KeeFox:  GPLv2
   RM comment:  IMO, no significant passwords should be stored in a Web 
   browser, extension or no extension.

o  LastPass:  proprietary.  (addons.mozilla.org
   says only 'Custom License'.)

o  BetterPrivacy:  proprietary  (addons.mozilla.org has a blank where the 
   licensing information normally would be)

o  Self-Destructing Cookies:  GPLv2
   RM comment:  recommended if not essential

o  Bloody Vikings!:  GPLv3
   RM comment:  The hitch is that these throwaway mail services are 
   widely blacklisted, so they're of doubtful utility.

o  Clean Links:  MPLv2
   RM comment:  Very good idea.


And ditto _mostly_ your good feelings about Adblock Plus -- though
maintainer Wladimir Palant lost a lot of my respect when he started
accepting whitelisting requests from firms whose ads he deemed to be
'non-intrusive' (e.g., Google AdWords) and in particular doing that for
a fee in the case of large advertising companies. 

At bare minimum, I recommend _very_ skeptical attention to the Options
settings, and keep an eye on functional equivalents that aren't
compromised by consorting with the enemy, like uBlock Origin (GPLv3 and
above).  https://github.com/gorhill/uBlock

Adblock Edge (MPLv2) was a fork of ABP to specifically eliminate the
advertising sellout, but I hear it's no longer maintained.

More information about the sf-lug mailing list