Lately, I find myself using more and more plugins to make the "modern web" tolerable. To list a few:
Channel Blocker (lets me block channels from search results on Youtube); uBlock Origin; Disconnect; F.B Purity; Consent-O-Matic (auto fill cookie consent forms); Kagi Search; PopUpOFF; Facebook Container; Privacy Badger; ClearURLs; Return YouTube Dislike
Basically, if I visit a website and don't like the experience, I either never go back (Kagi lets me exclude it from search results) or find a plugin to make it tolerable.
What I really want now is the ability to exclude entire websites from any permissions I grant to plugins. I feel like in the last year, I've read a couple stories about companies buying successful plugins and then using them to track you or show ads or whatever. I'm worried this will be the next stage in the battle for our attention -- best case: companies will buy popular plugins to track us and show us intrusive ads; worst case: nefarious actors will buy them to scrape information we think is private and collect it.
IE: I just want to be able to say "Hey, Firefox... those permissions that I granted to plugins x, y, and z? They don't apply to www.myfavoritebank.example.com"
Is there a browser that has that feature yet? I spent a few hours trying to figure out if Firefox did. It did not appear to.
edit: Added semicolons to separate plugins in list b/c HN stripped the newlines from my comment.
In absolutely no way is it the plugin's decision where it should be allowed to run. It's great if it self-restricts and we should encourage that, but it's absurd in the extreme that any version of plugin support ever shipped without a way for users to override and restrict them further. Trusting the author of a thing to do what they claim to do is literal security insanity, and it always has been.
Chrome is sightly improving here, with click-to-activate extensions, but it's still pretty far from just giving me a frickin list field.
I believe this will be supported by manifest v3 extensions in Firefox[1] which is one of the features I'm looking forward to for the same reason.
[1]: https://blog.mozilla.org/addons/2022/10/31/begin-your-mv3-mi...
Consent-O-Matic: use annoyances filter list PopUpOFF: sounds useless, use filter list Privacy Badger: sounds useless, use filter list ClearURLs: use url cleaning filter list
You might be wrong about PopUpOFF, though. I started using it as a solution to websites that pop-up an overlay asking me to subscribe to their newsletter when I mouse-out of the window. It is fantastic at putting an end to that.
For reference, ClearURLs can bypass redirects, has etags protection, both features which uBlock origin does not have (or at least didn't have last time I checked). Privacy Badger removes outgoing link tracking by Facebook and Google, has custom well-tested lists to block cookies or blocking third-party without blocking them entirely when necessary/useful. It also has quite a few smart learning features (not the ones Google tells are "fingerprinting" you) such as blocking canvas-based fingerprinting on the go.
uBlock Origin is awesome. The default blocking lists are great. The other ones provided with the extension are even better. But it's not a magic silver bullet. What you're going to use really depends on what you want out of your browsing experience, what your threat model is, etc.
That said, URL filtering isn't necessarily effective at keeping your behavior private either. There's an argument to be made about ClearURLs and URL filtering in general being counter intuitive, as you might stick out among a sea of other users with marketing params in their URLs.
Still wishing for a Tor-like solution to anonymizing all users on a browser configuration level.
I wish this were possible for the phone app. Every now and then I am recommended a video from one YouTuber in particular that I can't stand. Is there an app for that? I don't think you can block within YouTube, which would be great.
If so, how do you ensure that none of these plugins and extensions steal your data?
> Original commenter is right about the feature obsolescence and didn't seem condescending to me
> That said, URL filtering isn't necessarily effective at keeping your behavior private either. There's an argument to be made about ClearURLs and URL filtering in general being counter intuitive, as you might stick out among a sea of other users with marketing params in their URLs.
> Still wishing for a Tor-like solution to anonymizing all users on a browser configuration level.
What frustrates me the most is that this is one place where mine and Google's interests actually align! Let me help train them to not show me crap I don't want to see... then I'll use their products (YouTube and Search) more and give them more opportunities to show me ads! (Well, theoretically -- I block as many ads as I can right now).
That was one of the big reasons I looked for an alternative to Google search. IIRC, you used to be able to exclude results from Google search. In order to do so, you HAD TO LOGIN TO GOOGLE (another huge win for Google!). Now I use Kagi -- primarily because they allow me to exclude sites from their search results.
Simply put, I trust the password manager. Recently, however, I have considered uninstalling that plugin and using only the desktop version of the password manager -- and then copy/pasting username/pw from the password manager to websites.
One reason I don't do that, though... is because having the password manager as a browser plugin guarantees (?) that the password it presents to me is for the site I am visiting. If I end up on a webiste with an IDN that was chosen very carefully to look like my bank's domain, my password manager plugin won't present me with a password -- which will trigger my paranoia.
If you can't tell, I wrestle with this decision pretty regularly...
Not the same, COM handles far more than the annoyance feature list.
This will modify the browser fringerprint making you more unique.
I would not install so many extensions as you're trusting a huge number of organizations/people with privileged access to your browser. Anything that modifies CSS, Document Object Model (DOM) will make your browser stand out.
We wrote a blog post about this: https://blog.privacyguides.org/2021/12/01/firefox-privacy-20...
That includes any extensions that modify what is requested etc. See:
https://github.com/arkenfox/user.js/wiki/4.1-Extensions
See https://www.privacyguides.org/desktop-browsers/#firefox, you really don't need to do anything more than that.
> Facebook Container
etc, not needed unless you login to multiple Facebook accounts.
> Disconnect
Not needed, you should enable Firefox's ETP Enhanced Tracking Protection, this includes anything on that list. https://support.mozilla.org/en-US/kb/enhanced-tracking-prote...
Once upon a time, we used programs to guard against malware. AdAware, ccleaner, a whole bunch of them. I feel so old calling them "programs" here, instead of apps or extensions.
I also like Awesome RSS to bring back Firefox's RSS feed finder, Old Reddit Reddirect (brings back old reddit), Search By Image, Theater Mode For Youtube, User-Agent Switcher, Youtube-shorts Blocker (you can still view them, but the layout is the same as a normal video), View Image Context Menu, Smart Referer (adds a bit of privacy)
I really like the idea about a sort of global blacklist for your permissions.
I use a separate portable FF[0] for that. That makes "cross contamination" impossible.
cp -a /my/firefox/profile/template "$TMPDIR"
firefox --no-remote --profile "$TMPDIR"
For everyone else: you're going to leak identity information one way or another, and it's going to get correlated. The more plugged-in and connected you are, the harder it is to remain anonymous.
If you really value your privacy, don't use the internet or any types of computers, including phones, and never go outside.
It's a cat and mouse game, and the cats have won.
The more feeds you subscribe to, the more unique your fingerprint.
I know by experience that the key isn't about refusing them, but letting them having those "user accepted" KPI values, even if it goes nowhere behind.
But that's mostly just a habit of mine that I know is pretty useless, as websites don't need cookies to track you, and I really don't know why they even bother anymore.
> Is there a browser that has that feature yet? I spent a few hours trying to figure out if Firefox did. It did not appear to.
Safari has the ability to enable/disable extension on a per-site basis... Even on a "ask every time" basis. Thankfully the ask shows up as a lock badge on the extension's icon rather than a popup.
If you like a site to go back to it repeatedly don't you think it would be fair to "pay the fee" of seeing the ads, thus supporting that site, however annoying they are?
For the rest of the web in my Default browser profile, I do have ad-blocker extensions installed (uBlock Origin, some Violentmonkey scripts), but they're not linked to the Chrome store. I prefer loading them as unpacked extensions and updating them once in a while manually. Mainly in case some malicious actor takes control of these extensions pushes an update that does something wild.
They really don’t. Some YouTube videos (and channels) are way more profitable for Google than others, on a CPM basis. I think there are even some videos that are just plain money losers (long videos that aren’t packed with mid rolls).
Google wants to steer you towards the most profitable videos and away from the unprofitable ones. They don’t care about your interests. They’d rather trick you into watching videos you don’t like and that get you angry (but keep you engaged) than to watch videos you’re really interested in but are too long and niche and unprofitable.
Try to remember that policy, law, and major social trends tend to have slower feedback loops than other machines. It's hard to know today where we will innovate that will ultimately make a contribution to societal progress, but I can tell you with pretty high certainty that giving up won't help change anything for the better.
Like the lady said, "We live in capitalism, its power seems inescapable--but then, so did the divine right of kings."
I struggle with this. Of course I want the producers of content that I like to make money. And it seems obvious to me that if I'm one of the people consuming (and liking) that content... some of that money I want them to make should come from me.
But the pipeline that the "modern web" provides to complete that transaction is openly hostile towards me. It makes content creators that I want to support participants in a giant machine designed to build a dossier on me (and every other user of the "modern web"). It also encourages VERY LARGE numbers of content creators I do not want to support -- those whose primary goal is to be participant in that machine; who only produce content because the machine requires it.
I would argue that this machine has never built this dossier with my "informed" consent (but lawyers could make the case that it has). But now, the machine builds it without even bothering to get my "uninformed" consent. For example: Facebook is known to build profiles on people that don't have Facebook accounts -- ie: people that could never have agreed to their TOS.
The top priority of this giant machine is putting ads in front of my face. Helping me discover content that I want to consume is only a secondary priority.
And there is a GOOD reason for why this machine evolved: people don't want to pay money _directly_ to content creators, so a way evolved for them to receive compensation _indirectly_. So yes, this is -- at least in part -- my (our) fault.
But I really feel like things have shifted to the point where the large majority of compensation that content creators receive is a function of their value to that machine... not a function of the value they create for the people who consume their content.
This is all a very long way of saying: I don't believe the value of a content creator _to me_ should be calculated based on their value _to this machine_.
I don't know what the solution is. Find a way to accurately assess the value _to me_, not _to the machine_ -- and then provide a way for me to pay the content creator directly. If I like the content enough -- and IF I'm not shown ads or tracked once I'm a paying customer -- I will pay. This is how newspapers worked for... centuries? (Save that newspapers did show ads, though they did not track you).
The problem is... I think that being part of the machine is more lucrative than selling content directly to consumers. And the hostility of this machine towards me has turned this into a fight. Of course I'm going to fight back.
> ...however annoying they are?
This is where you start to lose me. I don't think "annoying" captures just how "hostile" this machine has become.
I'm old enough to remember switching from Yahoo Search to Google Search -- NOT because the results were better, but because Google's ads were less intrusive. I never blocked those ads. I even clicked a few...
It's excellent. I have needed to disable it occasionally to make basic site functionality work on some sites that I absolutely need to use, though I'm forgetting which ones.
1. I was all but certain it couldn't provide worse search results than Google (that bar is pretty low now).
2. I knew it would let me exclude websites from search results.
The fact that it provides pretty decent search results and a nice user experience were just icing on the cake.
https://www.androidpolice.com/i-dont-care-about-cookies-acqu...
Or, perhaps, take a bit of a more nuanced view of things. Perfect privacy, exactly like perfect security, is and always has been an unattainable ideal. But less than perfection is still very useful.
Locking your front door won't stop someone with a battering ram, but you might want to do it anyway.
I also used to use Chaff (https://chrome.google.com/webstore/detail/chaff/jgjhamliocfh...), which opens up a tab and browses on its own when the browser is idle and disappears when you start using it again. As with Ad Nauseam, the means of protecting privacy behind it is not anonymity, but rather obfuscation - muddifying your actual browsing behavior by flooding the data you leave behind with junk data (at which point it ceases to be data, I suppose). The problem with that extension was that I would sit back and wait for it to start browsing, and then I’d waste too much time watching it / customizing its behavior.
The book _Obfuscation: A User's Guide for Privacy and Protest_, written by the authors who developed Ad Nauseam and TrackMeNot, has a great chapter on chaff (the obfuscation tactic, not the Chaff extension mentioned above).
Don't do this, you're not making your browser any more private than just blocking using uBlock Origin.
Any kind of "obfuscation" extensions that change browsing behavior significantly modify the fingerprint. There are a lot of uBO and other adblocking users but very few Ad Nauseam users or users of other weird extensions.
I also wouldn't be surprised if there isn't a way to filter out those "clicks" anyway from the ad provider's side.
They are risky and mostly written by people who think they sound cool without thinking of the side effects.
Don't bother with this extension as it can't delete other storage locations where there is persistant storage. Also Firefox has TCP, Total Cookie Protection so you don't need them anyway.
https://blog.mozilla.org/security/2021/02/23/total-cookie-pr...
Better to just sanitize on close https://www.privacyguides.org/desktop-browsers/#sanitize-on-... and maybe keep history.
If you want to keep persistent logins then whitelist those specific cookies to those specific sites or use a password manager.
The extra functionality provided by ClearURLs is not not needed with Ublock Origin's removeparam feature.
But what if I want actually use the web instead of just blocking ads. Sponsorblock, TamperMonkey, 1Password, CamelCamelCamel, etc are all useful extensions as well that make browsing the web specifically for me better.
There are so many fingerprinting techniques that it seems pointless to have a detrimental experience generally instead of using a sandboxed computer for specific dangerous activities.
I'll continue to use Ad Nauseum, despite your recommendations against it, because I'd rather have a known worthless profile than a worthless browser.
>I also wouldn't be surprised if there isn't a way to filter out those "clicks" anyway from the ad provider's side.
Theres no evidence supporting this, but Google blocking it from the Chrome store is strong evidence that filtering out those clicks is actually difficult
Edit: Also its a moot point as extensions can't be used for fingerprinting if you just don't use Chrome https://github.com/z0ccc/extension-fingerprints#extension-fi... . I assume any activity I do in Chrome is sent back to Google (or Microsoft or Brave) regardless of plugins installed.