Librewolf with Ublock + privacy redirect
this post was submitted on 24 Feb 2024
0 points (NaN% liked)
Technology
58009 readers
2984 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
Libredirect is the updated version of privacy redirect
Firefox
• Multi-Account Containers
• uBlock Origin
• NoScript
• Cookie AutoDelete
• Link Text and Location Copier
• DownThemAll!
I also made multiple Firefox profiles and made desktop shortcuts to launch each profile using these switches:
-P ProfileName
-no-remote
And I’ve got ad-blocking enabled on my UniFi router. Probably set up a PiHole later this year.
On KDE you can create a desktop entry with actions so you can launch a profile using right click and the list, very cool
Mobile: (android) mull browser with ublock origin, adguard adblocker, privacy badger along with privacy settings on strict. Also, access youtube using the app tubular. PC: (windows) : Firefox with ublock origin and privacy badger.
You dont need adguard, just add its blocklist to ublock origin
Daily Driver - Vivaldi with any applicable EFF plugins and custom settings aimed at security and privacy.
2nd Daily Driver (usually on a separate screen) - Firefox configured with any applicable EFF plugins and settings put at the most restrictive and forgetful to facilitate privacy and security.
Mobile - Literally the same as above to the extent i have the ability to ^^
Instead of forget everything I recommend to keep session and create cookie exceptions for selected sites. So you will stay logged in there and have a normally working browser, that is just as private
Good advice, but for how i have my workflow set up, it makes more sense for me to have it set on full amnesia. Vivaldi is what i use if i need persistence.
You can use profiles if you want different use cases. I dont think "increased attack surface" is the biggest problem, but you have 2 browsers that are both updated, take up RAM etc.
You could just use different Firefox profiles, using a custom desktop entry with actions and one action for every profile, example:
desktop entry
[Desktop Entry]
Name=Firefox
Comment=Web Browser
GenericName=Web Browser
Exec=firefox %u
Type=Application
Icon=firefox
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
Actions=Private;Work;PrivateWindow;Insecure
[Desktop Action Private]
Name=Open Private Profile
Exec=firefox -p private %u
[Desktop Action Work]
Name=Open Work Profile
Exec=firefox -p work %u
[Desktop Action PrivateWindow]
Name=Open Private Window
Exec=firefox -p private --private-window %u
[Desktop Action Insecure]
Name=Open Insecure Profile
Exec=mullvad-exclude firefox -p insecure %u
This was so cool to find out, and in KDE (and likely other desktops) you can access those actions using right click.
You can also change such a workflow to do
launch app && rm -rf ~/appdirectory which will enforce to always delete everything without needing to trust that app. I do that for the flatpak app "Decoder" which is great but wants to save a history without an opt-out, and as I use it for password sharing (generate a QR code locally on my phone)
Edge. I simply disable what I don’t use.
And if a site has ads that I can’t ignore, I just close that browser tab.
You really cant rely on GUI settings at all. Edge cannot be made private very likely.
Using Christitus WinUtil you can remove edge entirely, reinstall the webview afterwards its needed, replace it with Librewolf, Brave, thats basically it.
Odd that you trust Brave but not Edge.
I dont, but Brave at least has no Google and MS tracking and their own stuff seem to be possible to disable entirely via bravs:flags or a policy.
They only have Windows docs though and I use firefox with hardening, compiled myself to work with hardened_malloc
Plain chromium with uBlock Origin, Sponsorblock and Return YouTube dislike.
I recommend running googerteller. Chromium, even after applying all degoogle policies, using without account, no google search etc, connect to Google every few seconds. Especially when launching the profile chooser, loading the addons, viewing some settings and your password list.
What kind of data does it leak?
Googerteller just shows connections.
Maybe there is a traffic analysis, you need to install a custom public https certificate for that and intercept using a middle server. MITM attack so to say.
Safari with 1Blocker, Adblock Pro, AdGuard, Consent-o-matic, Ghostery, and Vinegar
Ghostery is extremely shady and should not be used. Also piling up adblockers is really bad, use one and that should be enough.
Look at badness enumeration to understand that reasoning.
What is shady about Ghostery?
https://en.m.wikipedia.org/wiki/Ghostery#Criticism
They tracked users by sending every domain to their servers even though using dumb badness enumeration (possible via a quickly updated local blocklist).
Phone: firefox android with ublock origin, darkreader, privacy badger, ruffle, and search by image
Laptop: firefox linux with ublock origin, darkreader, privacy badger, ruffle, search by image, multi-account containers, and flagfox
I recommend Mull and Librewolf for the respective platforms. They are way more private.
Flagfox should not be used, it sends every site you visit to random servers of theirs, which is basically really invasive tracking.
Just Firefox/Librewolf with uBlock Origin is enough. The more extensions you add, the larger the attack surface and chance of site breakage. A common mistake many do is to add multiple blockers on top of uBO which will decrease uBO's ability to defuse various anti-adblocks. This also includes addons like Privacy Badger, Ghostery, DuckDuckGo Privacy Essentials, etc. uBO have good enough privacy protection enabled by default. If you want more, enable some other privacy filter lists. And if you know what you're doing, enable hard mode by blocking all 3rd party requests and JavaScript.
If you want to feel more secure when adding more extensions to your browser, then only use Firefox addons that are recommended by Mozilla. Those extensions have gone through a review process to make sure they don't contain anything malicious.
If you're like me and don't care about recommendations and being able to comment, then use Freetube with sponsorblock enabled.
NoScript is missing a lot here. Ublock doesnt really block much tracking, you need to break every site by default and then allow javascript only from trusted origins. This is the opposite of UBlocks badness enumeration, it is manual work and is waaaay more secure and private.
No Browser without noscript to block everything by default, manually allowing all trusted sites, is private. Ublock may allow this but the UI is too slow to use it generally
There only is a lack of a database or something to share such a config. I use it for years so my noscript list is quite big
Librewolf/Firefox+Arkenfox
Addons:
- Ublock origin
- noscript (default to block everything, trusted still blocks "LAN, other, ping"
-
- fingerprint defender (multiple addons)
- add custom search engine
- temporary container, multi account containers
- dark background light text
- undo close tab
- simple tab groups
- offline qr code generator
- libredirect (updated version of privacy redirect)
Android: Mull with my custom Addon collection and mostly the same addons, Firefox Translate installed manually
Use Profiles for different setups, not different browsers. firefox -p. I have one seperated for Captive portals (doesnt enforce HTTPS) and Netflix (DRM, unhardened because Netflix sucks)