one day i got hyperfixated for a few hours tweaking firefox, looking at addons, reading about vulnerabilities, removing addons with sketchy permissions, and opting out (mirror) of advertising personalization. this is something i’d wanted to look into for awhile and then, with the stims flowing, i went down that rabbit hole finally 😵
i’d used ublock origin for years, but knew it wasn’t quite all encompassing. this started as a tricked; later, i disabled webrtc when getting into consumer vpns (mirror) to prevent network leaks. see draft-ietf-rtcweb-ip-handling (mirror) to learn more than you ever wanted to about this!
i knew i didn’t want to go crazy with this though, and resolved to never install umatrix (rip) or noscript. i simply don’t have the energy, patience or dilligence to curate my own js whitelist. i’ve got a life to live, and others have already done this adequately for me.
ublock does a good job as a base. it generally, functions as a generic blocker with extensibility through custom filter lists. it comes equipped with several of these lists enabled by default, catching malicious assets, and third party annoyances such as ads and image/cookie/js trackers/analytics/etc.
stuff that gets through ublock which i dont like, i take a little time to add through the block element chooser. recently ive also taken to tampermonkey scripts to augment functionality of major social media sites, because if my last post is any indicator, more than just phones aren’t made for me :^)
anyway, there’s been a bunch of features added to firefox over the years. privacy orgs have made their own plugins to enhance tracker blocking heuristically. requests can be dynamically rewritten to remove identifying metadata, or uris shared from your browser cleaned to remove tracking nonsense.
i’d been a supporter of privacytools.io for awhile and thought to check them out. their browser addons and tweaks pages were where i started. mozilla’s own addons repo has a whole topical section (mirror) too, but i found those not as helpful or diverse.
so i made up a list, installed some things, and went on my way. it was a bit more involved than that, as i did try not to simply Do All The Things. i’d already read a lot about what might break and how some of these features and tech are used to know some of the tradeoffs. it was sorta frustrating, honestly, and made me uncomfortable to, for example, willingly leave browser fingerprinting enabled.
each user’s needs and tolerances are different though, and im not gonna post my list of decision. those interested ought to understand the implications of each choice before making them. trust me, this will help you out considerably when something breaks!
and of course shit broke for me, too, cause a few hours investment isnt enough to turn me into an expert or principal full stack engineer to fully comprehend all of these intricacies. without further ado, read on for the ensuing fallout over the next month 🙃
dom.event.clipboardevents.enabled
this breaks Twitter’s compose box. pasting into it results in the ‘something went wrong!’ error. read a report on reddit (mirror).
this sucks because of all the news sites that inject bullshit into your clipboard on copy events
privacy.firstyparty.isolate
ran into issues with sso on the common web - i couldn’t log in to pay with paypal or stripe on marketplaces or webshops.
great essay at ctrl.blog (mirror) on this topic, and associated HN post (mirror). not sure if all of what’s detailed here is still applicable. personally, i didn’t run into captcha issues.
(track current FPI issues at bugzilla)
privacy badger
didn’t expect eff’s addon to cause issues, thinking it was just a blocker for trackers. again though, payment gateways were mad.
this time, it had to do with setting an api from an integrator’s site. apparently it removes referrers (mirror), sometimes?? seems like its falsely identifying tracker functionality and breaking CORS validation when an API gets hit 🤕
disabling webrtc
i haven’t personally ran into issues here, but im pretty sure it’d break some web-based messengers like slack, discord, etc from being able to make audio/video calls.
comment sections
i noticed this a long time ago.. it’s probably ublock, but i never really looked into what caused it cause,,, if we’re being honest here, comment sections are usually Bad, and shouldn’t be read.
convenience addons
if you take the stance not to let megacorps and other orgs with sketchy privacy practices track you, that’s gonna limit your options. a lot of these great utilities that are super handy require permissions to read all of your tabs and inspect the contents of pages you visit.
that’s fine if they’re responsible with such power, or their code is open source/audited but alas, not always the case!
i uninstalled the amazon assistant, and had to find another way to track third party items within the context of a wishlist. truth be told, there aren’t many alternatives, and their functionality is limited. i also don’t feel confident that they’ll survive the test of time, and feel like this is another thing i should probably maintain on my own.
« Choosing a smartphone in 2020 ✧ breaking sms receipt on the op8p »
