Alternative Information Directory
Coronavirus information & resources
Vaccines - What You Need To Know

Firefox Extensions - My Picks

Firefox Extensions

Mozilla Firefox is a popular, extensible, open source (mostly) web browser that is highly configurable and easy to use. Somewhat bare out of the box however, its functionality is easily extended with add-ons, or 'extensions' if you prefer, of which there are many thousands in the Mozilla add-on repository at (AMO).


AMO Malware
A typical day at the Mozilla Firefox Add-ons repository, 2019.

With so many "free" add-ons you might be tempted to install a ton of them, however i would strongly suggest installing only those you really like or need since the potential to break things and compromise browser security and your privacy increases with every add-on you install.

Another problem is unethical developers who include unwanted and unnecessary functionality which is not relevant to the primary purpose of the add-on. Often this results in data collection, tracking your web activities or worse, all of which i categorize as malware.

The problem of malware at AMO has grown exponentially as a result of a very flawed automated review process for add-ons and the company's move to the WebExtension API which made it easy for unethical developers who have infected the Google Chrome Store to port their garbage to Firefox. Indeed, probably at least half of the add-ons at AMO are garbage. Although the WebExtensions are greatly limited as opposed to the older XUL/XPCOM extensions, tracking, data collection and advertising are permitted and, on occasion, far more dangerous add-ons escape detection.

Add-on selection guidelines

You've been warned! Many extensions are accompanied by a warning on their AMO pages which indicates that the extension is not monitored by Mozilla and therefore is more risky to install. While monitored extensions (those with a 'recommended' label) are scrutinized more carefully and are likely to be more trustworthy in general, many others are perfectly fine as long as you trust the developer and/or review the code yourself.

Tool-bar or FOOL-bar? Be very wary of all tool-bar add-ons since many of these contain 3rd party spyware/malware components for monetization purposes.

Who the hell are you??? Always check to see what other add-ons the developer has created and how those are rated. Be wary when the developer is named as a company and not an individual, or when their name is anonymous, such as "Firefox user" followed by a random string of numbers. See what kind of content is on the developers website if they link to one and look for marketing hype or unethical activity. Also be wary of developers that make it difficult or impossible to contact them or submit bug reports.

The 0-day 'bonus'. Never install newly released add-ons from a developer you don't trust, especially if it's their only add-on. Mozilla uses a deeply flawed automated system to evaluate add-ons, so wait at least a few days until others have had a chance to review it or flag it. If the add-on quickly disappears or gets poor reviews, be thankful you didn't take the bait.

When "free" isn't. Always check the software license and be wary of developers who use a restrictive license. Most ethical developers will use a liberal, free software license, such as the General Public License (GPL) or the Mozilla Public License (MPL).

'We care about your privacy' ... LOL. If an add-on has a privacy policy, read it and see what data the add-on may collect, where it's sent and how it's used. In general, if the document is a wall of text (long), it's probably a poor privacy policy. One of the best privacy policies i've run across is that written by the developer for the Stylus add-on who writes:

Unlike other similar extensions, we don't find you to be all that interesting. Your questionable browsing history should remain between you and the NSA. Stylus collects nothing. Period.

Yes it can/no it can't. The Mozilla add-on website lists the permissions that add-ons require, though there seems to be some major problems at this time in that all permissions used by an add-on may not be listed, or permissions which the add-on does not use may be listed, so don't trust this completely. That said, look for permissions that seem unnecessary given the expected functionality of the add-on.

What's under the hood? In general it's best to avoid developers that attempt to hide their source code. Most ethical developers will publish their work on platforms like GitLab, GitHub or Codeberg where people can submit proper bug reports and feature requests. In such cases there is usually a homepage and/or support link on the add-on page, or a link somewhere in the add-on settings, menus, etc., that leads to the code repository. If the source code is not published, you can still view it by decompressing the add-on or by using the excellent Extension source viewer (CRX Viewer) add-on.

You should always check is the extensions manifest.json file and you don't have to be a geek to do so. Open the address about:debugging#/runtime/this-firefox in Firefox (or just remember the address about:about from where you will find the debugging page) and click on the 'Manifest URL' link for the extension you want to inspect. What you want to look for are any network links for unexpected addresses. For example, an add-on like Maximize All Windows (Minimalist Version) only modifies the behavior of Firefox, therefore there shouldn't be any remote addresses in the manifest. On the other hand, an add-on like uBlock Origin needs to communicate with every tab you open, as well as be able to download fresh filter lists and so on, and so its manifest contains http://*/* , https://*/* . and <all_urls> . Other add-ons may be dedicated to a single website, such as BitChute, and so should be the only remote address in the manifest. Also see the Extension source viewer add-on below.

He said, she said. Always read the user reviews to see how well an add-on is liked and be wary if it is rated 3 stars or less, or not rated at all, or was rated highly by only a few people. Sometimes a developer will be the first to "review" their add-on, giving it 5 stars. Regardless of the rating however, always check the comments of the people that gave it the lowest rating to see if their gripes seem legitimate and whether they were addressed. That said, there are many add-ons that have been rated very highly by hundreds or thousands of people that contain malware, so don't give too much weight to user ratings alone.

But everybody's using it! Many developers of hugely popular add-ons have been contacted by malware distributing 3rd parties wanting to buy their work or influence its development. Adblock Plus by Eyeo GmbH (Wladimir Palant) is used by millions of people, yet it is a glaring example of an unethical developer who created an ad blocking extension which allows ads by default. For larger entities, Eyeo GmbH charges advertisers 30% of the revenue from Adblock Plus users who click the ads, so not only does Adblock allow ads, it's also spying on its users. Giorgio Maone, the developer of the hugely popular NoScript add-on, engaged in similar chicanery a while back.

Should i or shouldn't i? If you're not sure whether you'll like an add-on, test it by downloading the .xpi file, then opening about:debugging#/runtime/this-firefox in Firefox and clicking the 'Load Temporary Add-on' button.

Automatic update MALWARE. Automatic checking for add-on updates is fine, but always disable automatic installation of updated add-ons. Before updating an add-on, read the version history to see what has changed and make sure the privacy policy, if there is one, remains strong. The problem with automatic add-on updates is that a developer may decide to monetize their work at any time and without warning, or sell their extension to an unethical party such as the developer of Stylish apparently did. Ingo Wennemaring, the well liked developer of the once popular and much loved All-in-One Sidebar add-on, warned about this in a blog post:

It was always very important for me to be honest and fair to the users. I had very good offers to sell the extension, but I didn't want to see that AiOS turn into adware or spyware.

Lastly, i would strongly suggest avoiding any add-on that asks for or requires personal information or other data which could be used to identify, track, or profile you, or which could be monetized in any way. Such extensions include, but are not limited to, those which promote coupons, discounts and free services, certain automatic form fillers, any add-on which store data remotely such as many password, bookmark and synchronization add-ons, cryptocurrency, banking and other financial related add-ons, website/service specific add-ons marketed by corporations and many VPN (Virtual Private Network) add-ons.

Regarding VPN add-ons, there are 172 of them at the time of this writing and most of them are highly suspect, yet millions of clueless people use them. Furthermore, a VPN add-on for a web browser may protect only browser traffic while leaving all other network traffic unprotected, such as email if you use a local email client and, potentially, DNS look-ups. If you want to use a VPN, and i would certainly recommend considering it, it should be incorporated at the system level or, even better, at the router level.


ClearURLs by Kevin R. [privacy/security]

ClearURLs automatically removes tracking parameters from clicked hyperlinks. This add-on is not needed if using uBlock Origin with the ClearURLs for uBo filter list (see the suggested settings for uBlock Origin page for more information).

Dark Background and Light Text by Mikhail Khvoinitsky [enhancement]

Dark Background and Light Text replaces Dark Reader as my preferred add-on for darkening the entire web. These 'darkify' add-ons, of which there are many, change the colors used by all websites to a darker theme and this one seems to be the best of those i have tested and i've tested many.

Caveats: All of these 'dark web' add-ons fail miserably in some cases and this one is no exception, however it seems to work better overall than all of the others i've tested and it does offer a few different styles that can be assigned to specific websites when the default style fails. Due to a shortcoming in the code, this add-on cannot be disabled for local content, such as paths beginning with file:// .

Enforce Browser Fonts by Jayesh Bhoot [enhancement]

Enforce Browser Fonts allows one to choose whether to use the fonts specified by the website, or those that you have defined in Firefox preferences (Language and Appearance). Personally i hate when websites override my personal font choices and this extension takes care of that. Enforce Browser Fonts defaults to enabled and will remember the websites for which you disable it.

Caveats: For the privacy minded that enable privacy.resistFingerprinting , forcing the use of your preferred fonts will increase the likelihood of your browser being uniquely identified. It can also uglify some websites.

Extension source viewer by Rob W [enhancement]

Extension source viewer is a handy and well thought out utility to quickly view the source code of a Firefox extension right from the Mozilla add-ons website without having to download and unpack it manually. The extension has the ability to search the contents of the files in the source code by prefixing the search with ' ! '.

Caveats: For advanced users.

Flagfox by Dave G [enhancement]

Flagfox is a neat utility that adds an icon to the address bar which represents the flag of the country in which the web server is located. When the icon is right-clicked, a context menu is revealed with many more tools, such as a WHOIS lookup, URL shortening services and more. You can also add your own services.

Caveats: If you choose to display the menu icons, they are not stored locally and have to be fetched the first time you open the menu which some might see as a privacy issue.

Format Link by Hiroaki Nakamura [enhancement]

Format Link offers flexible solutions for copying content and formatting it in different ways, such as HTML, markdown, plain text, , etc., before pasting it somewhere. For example, i use it a lot to copy a linked headline/page title and excerpt from articles that i paste in my News Bytes posts. I don't like it as much as Link Text and Location Copier, however that add-on is unmaintained and bugs are a problem.

Caveats: Format Link is a little buggy and needs some attention, but it's still a better solution than Link Text and Location Copier. If you have trouble copying content, try pausing for just a second after initiating Format Link. I've found that if you switch tabs too soon, the content may not be placed on the clipboard.

LocalCDN by nobody42 [privacy/security]

LocalCDN, a fork of Decentraleyes, can increase privacy and decrease page load time for many websites which depend on 3rd party Content Delivery Networks (CDN) for various functionality. It accomplishes this by storing and loading several common JavaScript and font libraries locally instead of having to fetch them from the server.

From a privacy/tracking point of view, LocalCDN is not strictly needed if the following two preferences are enabled, though you will still enjoy faster page loads:


Caveats: Can break some websites, though this seems to happen very rarely in my experience. There are 'Filter HTML source code' and whitelist options to address such problems.

Mark-It by Matt [enhancement]

Mark-It is a simple, handy add-on that replaces your new tab page with one that allows you to write notes in markup format. I find this add-on to be really handy for storing commonly used bookmarks, notes and text that i paste frequently in forums and such.

You could play with the CSS i use to divide the page into two columns for less wasted space, plus make some other changes. You'll need to open about:debugging#/runtime/this-firefox and replace <Internal UUID> in the first line with the the Internal UUID for Mark-It. If the CSS doesn't load, be sure toolkit.legacyUserProfileCustomizations.stylesheets is set to true in about:config:

Click to expand...
@-moz-document url("moz-extension://<Internal UUID>/newTab/newTab.html") {
/* display notes */
html.dark, body.dark, textarea.dark {
background-color: #252525 !important;
color: #c8c8c8 !important;
#markdownTarget {
width: 90% !important;
padding-left: 1% !important;
padding-right: 1% !important;
font-family: unset !important;
font-size: unset !important;
a {
color: #97ff8d !important;
text-decoration: none !important;
code {
background-color: #000 !important;
color: #ffa93b;
ul, ol {
padding: 0 !important;
margin-left: 20px !important;
#changeModeButton {
background-color: #929292 !important;
left: unset !important;
font-family: unset !important;
right: 33px !important;
bottom: 90px !important;
#savingIndicator {
bottom: 0px !important;
left: unset !important;
right: 0px !important;
.left {
display: block;
float: left;
width: 49%;
.right {
display: block;
float: right;
width: 49%;
/* edit notes */
textarea {
width: 90% !important;
padding-left: 5% !important;
padding-right: 5% !important;
font-size: unset !important;
font-family: unset !important;

mozlz4-edit by Siarhei Kuzeyeu [enhancement]

mozlz4-edit allows one to edit, format and otherwise manipulate several types of compressed files including the search.json.mozlz4 file which is where Firefox stores all of its search engine plugins. If this is too much for you, try the Search Engines Helper add-on below.

Caveats: For advanced users.

Privacy-Oriented Origin Policy by claustromaniac [privacy/security]

Privacy Oriented Origin Policy (POOP) helps protect your privacy by preventing Firefox from sending Origin headers, though how it works is configurable.

Caveats: For advanced users. May break some websites, though it is easily disabled and sites can be whitelisted. There is a lengthy discussion about what led to the development of this add-on on GitHub if you're interested.

Privacy Redirect by Simon Brazell [privacy/security]

Privacy Redirect redirects requests to several privacy-hating platforms to their privacy-friendly alternatives. YouTube videos, including embedded, can be redirected to several alternatives, as can Twitter, Bibliogram and Google Maps requests.

Caveats: Sometimes the requested alternative service may be overloaded or down, however you can always switch to another provider very quickly from the toolbar icon.

Redirector by Einar Egilsson [enhancement]

Redirector automatically redirects selected pages, links and more to another resource of your choosing. For some examples of how you can use Redirector, see the Redirecting this to that section of the Firefox Tweaks and Fixes and Styles and Things page.

Reverse Image Search by Andreas Bielawski [enhancement]

Reverse Image Search is a privacy friendly add-on used to find different versions of a given image using 3rd party services such as TinEye. Reverse image searching is a great way to find higher resolution versions of an image or to find when an image may have first been published to the web, the latter of which can be beneficial for researchers. Reverse Image Search also allows to add custom services to its menu.

RSS Preview by Aurelien David [enhancement]

RSS Preview simply displays a styled and formatted version of news feeds like Firefox used to do before the geniuses at Mozilla removed it. In addition it has an option to provide your own CSS. Here's the CSS i use if you'd like a dark theme:

custom CSS
html {
font: unset;
background-color: rgb(0, 0, 0);
color: rgb(252, 252, 252);
#feedBody {
background-color: black;
color: white;
h2 {
color: lightgray;
.enclosures {
background-color: rgb(22, 31, 56);
.entrytitle {
color: #97f674 !important;

Scroll Up Folder by Bruce Bujon [enhancement]

Scroll Up Folder adds an icon in the address bar that, when clicked, opens a list of the segments of the current document address. Clicking the list items makes it really easy to navigate up to a higher level of the address without having to manually edit it.

Search Engines Helper by Soufiane Sakhi [enhancement]

Search Engines Helper makes it really easy to add, import and export custom search engines for Firefox. It also allows using base64 code (data URLs) for the site icons.

simple-modify-headers by Didierfred [enhancement]

simple-modify-headers allows one to modify request and response headers. For example, i use this add-on to remove the style-src policy of the Content Security Policy (CSP) response header for websites that prevent CSS injection ( being one of them).

Caveats: For advanced users only! It is very easy to compromise security and break things with this add-on.

Skip Redirect by Sebastian Blask [privacy]

Redirects sometimes happen when you click on a hyperlink expecting to go directly to the destination and, instead, your request is passed through an intermediary. Redirects are often used to track your browsing history or display ads before you are forwarded to the target domain. Skip Redirect simply tries to bypass this annoying behavior. I would suggest keeping the notification enabled when Skip Redirect does its thing as this makes it easy to troubleshoot a problem.

Caveats: May break the functionality of some websites in which case they can be added to a whitelist.

Smart RSS Reader by zakius [enhancement]

Smart RSS Reader is a 3-pane news feed reader and a pretty good one at that. There are some little niggles with it and it's missing some features, but it functions quite well as a basic feed reader and the developer is friendly and open to suggestions.

While there is no default dark theme for Smart RSS yet, it does have an option to add your own CSS. Here's my CSS for a dark theme. This works for the vertical 3-pane layout:

Smart RSS Reader dark theme

* Smart RSS Reader - dark theme for 3-pane layout |feeds|titles|content| (30-DEC-2020)
html, body {
color: lightgray;
background: #2f2f2f;
.context-menu {
background: black;
.region:not(.focused) .selected {
background: black;
a {
color: lightgreen;
#properties {
background: black !important;
#properties input, #properties select {
background: #67ff91 !important;
.toolbar {
background: lightgreen;
.toolbar > .button {
border: 1px solid #2f2f2f;
.input-search {
background: black;
color: white;
input[type="search"] {
max-width: 260px;
width: 260px;
border: unset;
.has-unread .source-title {
font-weight: unset;
.source-title {
font-size: unset;
.source-counter {
color: black;
background: lightgreen;
.sources-list-item {
font-size: unset;    
.sources-list-item.selected:hover .source-title {
color: white;
#indicator-progress {
background: black !important;
#indicator-stop {
background-color: red !important;
.date-group {
background: black;
.item-title {
font-size: unset;
.full-headline > .item-title {
white-space: break-spaces !important;
overflow: hidden;
#article-list > .unvisited, .unvisited .articles-list-item-author {
color: lightgray;
#article-list > .unread {
font-weight: normal;
color: lightgreen;
#article-list > .region:not(.focused) .selected {
background: #2f2f2f;
border-bottom-color: unset;
#article-list > .selected * {
color: lightgray;
#article-list .item-author {
color: darkgray;
font-weight: normal;
#article-list .item-date {
color: darkgray;
#content h1 {
color: #fdfdfd;
font-size: 1rem;
max-height: unset;
#content > header p {
color: darkgray;
padding-bottom: 10px;
#content > header .pin-button {
opacity: 1;
#smart-rss-article-body {
color: white;
background: #2f2f2f;
font-family: unset;
font-size: unset;
#smart-rss-content > .more-link {
color: lightgreen;
#smart-rss-content-footer {
border-top: 2px dashed darkgray;
margin-top: 20px;
#smart-rss-content-footer a {
background: #2f2f2f;

Stylus by Armin Sebastian [enhancement]

Stylus is used to write, store and inject custom CSS styles into websites, or even the entire web if you wish. Though you can use FireMonkey for this, working with Stylus is so much nicer. Note: Do not use Stylish, a similar add-on which the developer sold to an unethical party.

Caveats: For advanced users that have at least a basic knowledge of CSS.

uBlock Origin by Raymond Hill [privacy/security]

uBlock Origin is a superior content filter (or firewall, if you like) that can replace several other content/ad blockers including Adblock Plus/Edge, NoScript, etc.. It is capable of using the same filter lists as Adblock Plus/Edge as well as many more that they cannot. Two of the most welcome differences with uBlock Origin is that it does not slow page loading to any noticeable degree and it uses less memory then the competition. Another major advantage is that it can block both 1st and 3rd party requests for images, scripts and frames when configured to use its advanced mode. See my Firefox Configuration Guide for Privacy Freaks and Performance Buffs article for more information regarding uBlock Origin. Lastly, use only uBlock Origin by Raymond Hill and not any other ripoff.

Caveats: For advanced users. As with any content filtering extension, uBlock Origin has the potential to break website functionality until it is configured correctly.

Web Archives by Armin Sebastian [enhancement]

Web Archives makes it easy to find archived version of webpages. It is fairly configurable, though it does not have an option to add your own archive resources, nor does it have an option to send a webpage to an archive, however i find the latter unnecessary since the archive sites i use allow you easily archive a page if one isn't isn't found.

Using add-ons on

By default Firefox does not allow add-ons to run on if you want to override this behavior you can add the the following preferences to your user.js file or your user-overrides.js file if you're using the 'arkenfox' user.js:

user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
user_pref("extensions.webextensions.restrictedDomains", "");

Troubleshooting add-on related issues

See Firefox Tweaks and Fixes and Styles and Things.

Listing removed add-ons

While i'm sure there's a more geeky way of listing extensions which one has removed, this one works for me: In your Firefox profile folder, navigate to /extensions/staged and there should be folders with the names of the removed extensions. You can delete this folder if you like.

Doing it without an add-on

The fewer add-ons you install, the better, and there's a lot of things you can do to customize Firefox without add-ons.

Enhancing privacy and security

See: Firefox Configuration Guide for Privacy Freaks and Performance Buffs and The Firefox Privacy Guide For Dummies!

More tweaks

See: Firefox Tweaks and Fixes and Styles and Things

Giving back

If you like an add-on, or any other free and open source software, please donate to the developer. Trust me when i tell you that most developers of free software usually receive little or nothing for all the hours of hard work and support they provide. Developers are usually very appreciative of a donation regardless of how small it may be.

Recent changes

  • re-added ClearURLs along with a note about using the ClearURLs for uBO filter list as an alternative
  • added a CSS example for the Mark-It add-on
  • minor edits
  • removed unnecessary text from Dark Background and Light Text description - thanks to commenter "Nikola Tesla"
  • added section: Using add-ons on
  • minor edits
  • removed Cookie AutoDelete
  • removed ClearURLs since it's unnecessary given the 'arkenfox' user.js (see: The Firefox Privacy Guide for Dummies!) and suggested settings for uBlock Origin
  • removed CSS Exfil Protection

106 thoughts on “Firefox Extensions - My Picks”

  1. privacytools, which is a reliable site like yours, suggests to add on uBlock Origin, Decentraleyes, ClearURLs, xBrowserSync, Cookie AutoDelete, SponsorBlock, many of the things you have deleted from your own list, which are considered obsolete and useless

    1. * Decentraleyes/Decentraleyes simpler/JSLibCache/LocalCDN is not strictly needed if Firefox is configured for privacy as outlined in my config guides – they can speed up page loading, however they can also cause problems on occasion

      * ClearURLs isn’t needed if using the ClearURLs for uBO filter list (see my uBO settings guide), however i re-added it largely just to make a note of that, so thanks for mentioning it

      * xBrowserSync – i don’t use it which is why it’s not listed – i might also recommend hosting your own sync software rather than relying on a 3rd party to handle sensitive data – even though their privacy policy is very strong at the moment, they could start collecting data and change it at any time

      * Cookie AutoDelete – except for special use cases CAD is not needed if Firefox is configured for privacy as outlined in my config guides

      * SponsorBlock looks sort of interesting, but i don’t use it – also while relying on crowd-sourced data can be hugely beneficial, it can also be problematic (as seen here) and used for censorship by skipping key parts of a video

  2. I still prefer Dark Reader to darkify the interwebs for me, but the hack to modify the header with simple-modify-headers doesn’t seem to make one iota of a difference. Would you perhaps know why? I configured it with the example you give in the Dark Background and Light Text section, so I assume the header was modified correctly.

    BTW, Dark Background and Light Text doesn’t seem to require modifying the header anymore. I installed it on a new install and the addons.mozilla… pages are darkified without modifying headers.

    1. the hack i provided will allow 3rd party style sheets (CSS) regardless of whether the server allows it – most sites don’t set this CSP (Content Security Policy) directive so it’s unlikely you would notice anything

      neither Dark Reader nor Dark Background and Light Text (nor any other “dark web” add-on) require that CSP override – it is only useful if you run into a site where the “dark” add-on fails to work because of CSP and you want to override that

      1. That is sort of what i meant without explaining it properly. Dark Reader does fail to darkify the addons.mozilla website, i can only think it is because of CSP. Which is why I tried correcting it using simple-modify-headers and your suggested settings in the Dark Background and Light Text section. However Dark Reader still fails to darkify addons.mozilla. I was wondering if you know why that could be?

        But I further pointed out that without the simple-modify-headers addon Dark Background and Light Text darkified the addons.mozilla pages. So it appears as this addon doesn’t require CSP override.

        1. addons.mozilla forbids add-ons to run by default – has nothing to do with headers – if you’re using the arkenfox user.js, don’t modify it – stick your custom prefs in a user-overrides.js (see their wiki if you need help), otherwise, these are the settings you want:

          user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
          user_pref("extensions.webextensions.restrictedDomains", "");

            1. the DR dev decided to be nice and obey AMO – the DBLT dev didn’t (and i agree with his choice) – i forget how a developer can override AMO’s default, but they can if they wish

              1. I honestly didn’t that was the answer since you specifically refer to this in your guide.

                “If you want this extension to work on domains owned by Mozilla, such as, you will need an extension that can modify HTTP headers, such as simple-modify-headers by Didierfred.”

                What you describe in the DBLT section above tells me that the DBLT addon will not work to darkify the addons.mozilla pages unless one modifies the headers. Which isn’t about the developer obeying AMO.

    1. very amusing email address :)

      no, there isn’t, but i’ll comment on the 2 you mentioned…

      * CSS Exfil exploit is apparently extremely rare, and it appears something in the arkenfox user.js defeats it, but i didn’t narrow it down – you can test here:

      more info here:

      * Cookie Autodelete is not needed with Firefox + Enhanced Tracking Protection set to ‘strict’ (+ arkenfox user.js preferably)

      1. :)

        Cool thanks, i wasn’t aware this is now covered with the Enhanced Tracking Protection set to ‘strict’ (+ arkenfox user.js preferably + your, combined with some of my own, user-overrides.js) :)

        With CAD you can set a time limit on when autoclean runs, how does this new way handle this? CAD also has quite a few additional settings that don’t jump out at me in about:preferences#privacy, are they tuned in the arkenfox user.js or user-overrides.js

        1. how FF handles it depends on how you have it configured – with ETP set to strict, most all storage (think “cookies”, but there is much more) is isolated by site which prevents one site from ‘talking’ to another

          with the arkenfox js pretty much all storage is dumped when the browser exits, except for sites where you allow exceptions, like if you wanted to avoid logging on to a site every time you start the browser

          unless you have some special reason, a timer isn’t needed

          as for the “additional settings” you mention, you didn’t say what they are – i also get the feeling you haven’t read the arkenfox wiki and i would highly suggest doing so – it may answer some of your questions

          1. I have read it, i have been a user of your guides for several years now. Cookie Auto Delete has quite a few options (additional settings) that I don’t see in the ETP section of about:preferences#privacy. For example:

            Enable Cleanup for Discarded/Unloaded Tabs – useful if your browser stays open for well a very long time

            There are many other customizations that you can do in the Settings section of Cookie Auto Delete. But with cookies now unable to ‘talk’ to each other i guess it doesn’t really make a difference anymore if cookies are not cleaned up immediately.

            I can generally see my Cookies Auto Delete working as I am switching to new tabs and the old tabs becoming in active. Then Cookies Auto Delete cleaned the cookies that tab created within 15 seconds of the tab going inactive.

            1. > i guess it doesn’t really make a difference anymore if cookies are not cleaned up immediately.


              you can deny all cookies by default, then add exceptions where needed (Ctrl+I > Permissions tab is a quick way to get there) but “cookies” includes multiple kinds of storage and with default deny some websites won’t work until you add an exception – personally i prefer default allow, but that’s entirely up to you – ‘Pants’ (arkenfox dev) prefers default deny i believe

  3. What are your views about xBookmarks (saw the recommendation on .How do you keep your bookmarks? Also I wanted to ask how private are these RSS Softwares like Akregator? How do you keep up with your favourite news sites and related RSS/updates?

    1. i don’t know anything about xBookmarks – i store all my data locally and for bookmarks i use the built-in bookmark manager

      for news feeds i use Smart RSS Reader which, again, stores its data locally (i’d link to it but AMO isn’t working at the moment)

  4. I cannot find the source for Firemonkey. The ‘github’ page listed in amo is just for ‘support’. Having a github link doesnt mean that it is open source. It is a huge mistake to suggest Firemonkey. Please remove it.

    1. Firemonkey is released under the MPL license – it is open source software

      there are 2 easy ways to view the code; 1) using the ‘Extension source viewer’ add-on listed here or 2) decompressing the .xpi

      i don’t know whether the source is published elsewhere (i raised an issue about this just now) and the MPL states:

      > 3.2. Distribution of Executable Form
      > If You distribute Covered Software in Executable Form then:
      > a. such Covered Software must also be made available in Source Code Form …

      thus why i opened an issue, because far as i know, the code must be published, however i’m not sure that i’m interpreting the license correctly

        1. i’m trying to move away from uM actually – i’ve been running uBO exclusively for a few days – it’s taking some getting used to because i just don’t find it as intuitive to use as uM, but we’ll see

    1. if you’re using my user-overrides.js, i set extensions.update.enabled to false – you can set that to true so that Firefox can check for add-on updates if you wish – this will only check for updates, not install them

      1. I’m not quite there yet regarding user-overrides.js. I circle round it: it’s complicated stuff. I do know about basic configuration settings however and how to act in about:config.
        as for the gear-icon: I do know how to check for updates. It’s the steps hereafter I can’t figure out. lots of these extensions have github/gitlab homepages. Am I supposed to download the latest release via github/gitlab?

        1. > Am I supposed to download the latest release via github/gitlab?

          where are you seeing links to their gitlab/githup pages?

          you want to get them from AMO which is where i link them

          for example, for uBlock Origin, you’ll see the link “Add to Firefox” near the top of the page

          1. I’m fully aware of only to download extensions from AMO. This is not a question of how/where to download extensions. its about updating those already installed
            My confusion regarding how to update on my own when automatic updates are disablded is due to the dropdown menu when I click the gear icon:

            Check for updates
            view recent updates
            install add-on from file
            debug add-ons
            ubdate add-ons automatically
            reset all add-ons to update automatically
            manage extension short-cuts

            I don’t see an option to update, plain and simple, formulated?

            that’s why I wondered if I was supposed to go to the very source of the homepage of a given extension and update from here. homepages linked to from AMO, of course.

            I’m sure all of this bewilderment is due to the fact that english is not my first language plus a lack of fully understanding technical terms.

            1. i have a modified theme so i’m not sure what the default looks like, but when an update is available for an extension a new menu item (updates available) will appear in the left sidebar of about:addons – click that and you will see some sort of button or icon on the extension tiles themselves – i think it’s button that says ‘update’ – once all extensions are updated that ‘updates available’ menu item will disappear again



        2. ..also – i don’t know where you’re at, but if you’re using the ‘arkenfox’ user.js and then changing some of those settings in about:config, all those changes will be lost when you update the user.js – all of your changes need to go in a user-overrides.js (see either one of the Firefox guides)

          1. I’m not using the arkenfox user.js nor your overrides, and I do know not to make any changes.
            I’ve read both your section/guide about user.js as well as the wiki on arkenfox(pants) github site.
            this is way out of my leak. at least for now.

  5. Version 3.5.0 of the AutoDelete Cookie will allow some specific data like IndexedDB to be deleted, as well as the site bleacher. I believe it will be a better option as it is constantly being updated, the site bleacher has not received any updates for 8 months. The github issues are not answered either.

    1. thanks for the comment – that extension is actually named Cookie AutoDelete and i don’t know how or when it handles IDB storage (domain leave? browser (re)start?)

      the one i’m waiting on to replace Site Bleacher is Forget Me Not – this one will auto-clear IDB per-domain

  6. Do you perhaps know of a way to make the Smart RSS interface dark. No darkify add-on makes it dark as the page is protected.

    There is a “User CSS” option in settings but I am not sure how to work that.

    1. Thank you for sharing your css.

      I must be making a mistake ( I am also a little confused with the instructions in your css file.

      “* install: save as ‘/chrome/smart.rss’ – in ‘userContent.css’, add: @import “./custom/addon/smartrss.css”;”

      Should one not be saving your css as ‘/chrome/addon/smartrss.css’? And then importing it like you have it above.

      That is what I did and I edited the ‘@-moz-document url(“moz-extension://…”‘ and replaced the unique identifier with my own. But I get the default white.

  7. I’ve stopped using HTTPZ because sometimes the addon would just leak memory. HTTPZ also runs on all HTTPS pages, which doesn’t make much sense to me.

    I’ve resorted to using a user script to do the HTTPS redirection and am using custom rules to exclude various HTTP sites that do not support HTTPS.

    If you want to stick with addons, HTTPS Already does a similar job as my user script as it only runs on HTTP pages, but doesn’t offer a whitelist. HTTPtoHTTPS also looks like a potential good option, but I haven’t tested it.

    1. if you found an issue with HTTPZ you might want to report it – the developer is a great guy and heavily involved in the ‘arkenfox’ user.js project – also the reason why it runs on https sites is explained on the GitHub repo…

      * When you navigate to a site over HTTPS by yourself, or because of some external factor (like HSTS preloading), HTTPZ does not do anything to that request, regardless of the outcome.
      * When you navigate to a site over HTTPS and the server downgrades the request to HTTP, the extension notices this and allows it. It adds that site to the list of known insecure sites, and does not try to load it over HTTPS for the next seven days.

  8. Hi
    regarding Privacy Redirect: when I go to Twitter ( = Nitter ) and click links: are they cleared from tracking or do they still point back to Twitter?
    I can’t tell, whether ClearURL does the job: when I paste a “dirty” link from Twitter in ClearURLs cleaning tool and press “Clean URLs” the link remains/look the same.
    I tried tracking-links from other sites and they also seem not to be cleaned.

    1. the Nitter links point to Nitter i believe – whether ClearURLs cleans Twitter links i don’t know – if you want to provide a sample link i can check (i don’t use Twitter)

        1. these links are short links – short links cannot generally be ‘cleaned’ unless you rely on a 3rd party

          the sample you provided forwards to – there’s no way for a typical link cleaner add-on to determine that points to

          if you have a link like , a link cleaner can remove the UTM tracking parameter ( utm_source=google ) because it can ‘see’ that it isn’t needed, but it cannot ‘see’ where the link you provided points to because the final target is completely different than the short link – does that make sense?

          there are add-ons for Firefox that can handle some short links, thereby bypassing the middle-man, but the only way they can do that (to my knowledge) is by sending the URL to another server that determines what the target is, then sending the target back to you – as you might imagine, this is a potential privacy risk

    1. there’s another CSP issue (1462989 – support merging content-security-policy headers provided by multiple extensions) that lands in v77 which is why i haven’t updated related content here – i’m also unclear as to what exactly is fixed, so i’m keeping an eye on this issue to see what they say – thanks for reminding me though

    1. i don’t have an answer yet, but i am trying to find out – i’m using only CearURLs at the moment, but then i also clear cache at regular intervals with uMatrix

    2. well that was quick – here’s you’re answer from Kevin R. (ClearURLs)…

      > Both implementations are almost identical. I have oriented myself on the source code of claustromaniac and made some adjustments, so that for example the ETag Filtering can be switched off in the preferences and is included in the statistics of ClearURLs.

    1. so do i – i just started using it and am in contact with the developer to help improve it – i’ve been busy with a project which is why i haven’t added it to the list yet

      1. Please share your thoughts on, to which extend invidous helps preventing google privacy intrusion, i.e. fingerprinting and tracking.

        I ask because I see that I still have to allow access to Google Video in uMatrix for videos to play.

        I’ve researched a little but it’s above my level of comprehension, so I hope you would take the time to explain.

        Thanks in advance

        1. if you don’t enable proxy mode then yes, you have to enable media for, however you don’t have to enable JS for google and no connection is made to YT, so that alleviates that vast majority of tracking

          if you enable proxy mode then no connection is made to google either, however i would suggest donating to the invidious instance if you do that because you’d be using a lot of their bandwidth

          invidious isn’t perfect – the instances aren’t reliable and some requests will result in an error, such as for videos that are scheduled for a future time and i don’t think you can watch live streams – i’ve also seen where a video will play on one instance but not another – so just be aware of that if you have any problems

Leave a Reply

Your email address will not be published. Required fields are marked *