Firefox Extensions - My Picks

Firefox Extensions
Contents show

Mozilla Firefox is a popular, extensible, open source (mostly) web browser that is highly configurable and easy to use. Somewhat bare out of the box however, its functionality is easily extended with add-ons, or 'extensions' if you prefer, of which there are many thousands.

Beware

AMO Malware
A typical day at the Mozilla Firefox Add-ons repository, 2019.

With so many "free" add-ons, the casual user might be tempted to install lots of them, however i would strongly suggest installing only those you really like or need since the potential to break things and compromise browser security and your privacy increases with every add-on you install.

Another problem is unethical developers who may include unwanted and unnecessary functionality which is not relevant to the primary purpose of the add-on. Often this results in data collection, tracking your web activities or worse, all of which i categorize as malware. The problem of malware in Mozilla's add-on repository (AMO) has grown exponentially as a result of an automated review process and the company's move to the WebExtension API which made it easy for unethical developers who have infected the Google Chrome Store to port their garbage to Firefox. Although the WebExtension API is greatly limited in its capabilities as opposed to the older XUL/XPCOM extensions, user tracking and advertising are permitted and, on occasion, far more dangerous add-ons escape detection.

Add-on selection guidelines

  • You've been warned. Many extensions will be accompanied by a warning on their AMO pages which indicates that the extension is not monitored by Mozilla and therefore is more risky to install. While monitored extensions are likely to be more trustworthy in general, there are many others which are perfectly fine to install as long as you trust the developer or review the code yourself.
  • Tool-bar or FOOL-bar? Be very wary of all tool-bar add-ons since many of these contain 3rd party spyware/malware components for monetization purposes.
  • 'We care about your privacy ... LOL' If an add-on has a privacy policy, read it and see if it contains anything that isn't related to the functionality of the add-on. In general, if the document is a wall of text (long), it's probably crap.
  • Permissions, permissions. The Mozilla add-on website lists the permissions that add-ons require, though there seems to be some major problems at this time in that all permissions used by an add-on may not be listed, or permissions which the add-on does not use may be listed, so don't trust this completely. That said, look for permissions that seem unnecessary given the expected functionality of the add-on.
  • The 0-day 'bonus'. Never install newly released add-ons from a developer you're not familiar with or who has no other add-ons in the AMO repository. Mozilla uses a deeply flawed automated system to evaluate add-ons, so wait at least a few days until others have had a chance to review it or flag it as abusive. If the add-on quickly disappears or gets poor reviews, be thankful you didn't install it.
  • When "free" isn't. Always check the software license and be wary of developers who use a restrictive license, such as 'All Rights Reserved'. Most ethical developers will use a liberal, open source license, such as the General Public License (GPL) or the Mozilla Public License (MPL).
  • What's under the hood? Avoid developers that attempt to hide their source code. Most ethical developers will publish their source code on platforms like GitLab or GitHub where users can submit proper bug reports and feature requests. In such cases there is usually a homepage and/or support link on the add-on page that leads to the source code repository. If the source code is not published, you can still view it by decompressing the add-on or by using the excellent Extension source viewer add-on, though you will need to have an understanding of JavaScript.
  • HELP!!! Be wary of developers that makes it difficult or impossible to contact them or submit bug reports.
  • He said she said. Always read the user reviews to see how well an add-on is liked and be wary if it is rated 3 stars or less, or not rated at all, or was rated highly by only a few people. Sometimes a developer will be the first to "review" their add-on, giving it 5 stars. Regardless of the rating however, always check the comments of the people that gave it the lowest rating to see if their gripes seem legitimate. There are many add-ons that have been highly rated by hundreds or thousands of people that contain malware.
  • Hey, who are you??? Always check to see what other add-ons the developer has created and how those are rated. Be wary when the developer is named as a company and not an individual, or when the name used is anonymous, such as "Firefox user" followed by a random string of numbers.
  • And where do you live??? See what kind of content is on the developers website if they link to one and look for marketing hype or other unethical activity.
  • But EVERYBODY'S using it! Many developers of hugely popular add-ons have been contacted by malware distributing 3rd parties wanting to buy their add-on or strike a deal with them. Adblock Plus by Eyeo GmbH (Wladimir Palant) is used by many millions of people and yet it is a glaring example of an unethical developer who created an ad blocking extension which allows ads by default. For larger entities, Eyeo GmbH charges advertisers 30% of the revenue from Adblock Plus users who click the ads, so not only does Adblock allow ads, it's also spying on its users. Giorgio Maone, the developer of the very popular NoScript add-on, engaged in similar chicanery a while back.
  • Automatic update mALwarE install. Automatic checking for add-on updates is fine, but always disable automatic installation of updated add-ons. Before updating an add-on, read the version history to see what has changed and make sure the privacy policy, if there is one, remains strong. The problem with automatic add-on updates is that a developer may decide to monetize their work at any time and without warning, or sell their extension to an unethical party such as the developer of Stylish apparently did. Ingo Wennemaring, the well liked developer of the once popular and much loved All-in-One Sidebar add-on, warned about this in a blog post:

It was always very important for me to be honest and fair to the users. I had very good offers to sell the extension, but I didn't want to see that AiOS turn into adware or spyware.

Add-ons

Add-ons are tagged with either [enhancement] or [privacy/security] in order to identify their primary role.

0T Reverse Image Search by ZcnS [enhancement]

0T Reverse Image Search is a privacy friendly add-on used to find different versions of a given image using 3rd party services such as TinEye. Reverse image searching is a great way to find higher resolution versions of an image or to find when an image may have first been published to the web, the latter of which can be beneficial for researchers.

CanvasBlocker by kkapsner [privacy/security]

CanvasBlocker blocks or fakes 'Canvas' which is a JavaScript API used to draw graphics on-the-fly. Canvas poses a substantial threat to privacy in that it can be used to fingerprint the browser.

Caveats: For advanced users. Will likely break some sites until settings are adjusted.

ClearURLs by Kevin R. [privacy/security]

ClearURLs replaces Neat URL as my preferred link cleaner. ClearURLs removes many tracking parameters from links you click, such as the Google utm_* garbage which is used to track where you go on the web. Unlike all of the other link cleaners i've seen and used, ClearURLs doesn't include a static list of parameters, nor does it have any options or whitelist that you need to mess with. This neat little extension pulls a file from the developers GitLab repository which negates having to update the extension when there's a change to the list of parameters. Though i was sure i was going to miss the ability to whitelist certain domains, i have yet to see anything break because of this extension.

CSS Exfil Protection by Mike Gualtieri [privacy/security]

CSS Exfil Protection prevents a certain CSS exploit that can be used to steal data from webpages.

Caveats: Could potentially break some websites, though it is easy to disable the add-on from its toolbar icon.

Dark Background and Light Text by Mikhail Khvoinitsky [enhancement]

Dark Background and Light Text replaces Dark Reader as my preferred add-on for darkening the entire web. These 'darkify' add-ons, of which there are many, change the colors used by all websites to a darker theme and this one seems to be the best of them.

Caveats: All of these 'dark web' add-ons fail miserably in some cases and this one is no exception, however it seems to work better overall than all of the others i've tested, and i've tested many. Also it offers a few different styles that can be assigned to specific websites when the default style fails.

Toggle Fonts by Manuel Reimer

Toggle Fonts provides a simple toggle switch that forces websites to use your preferred font settings as set in Firefox preferences.

Caveats: May occasionally break how a website is looks, however the font choice is easily toggled by clicking its toolbar icon. The add-on only dictates what fonts are used for displaying a webpage, it does not prevent the downloading of fonts, however uBlock Origin or uMatrix can do this.

Extension source viewer by Rob W [enhancement]

Extension source viewer is a handy and well thought out utility to quickly view the source code of a Firefox extension right from the Mozilla add-ons website without having to download and unpack it manually. The extension has the ability to search the contents of the files in the source code by prefixing the search with '!'.

Caveats: For advanced users.

FireMonkey by erosman [enhancement]

FireMonkey is a lightweight utility used to inject JavaScript and/or CSS styles into pages. Unlike Greasemonkey and other add-ons of this type, FireMonkey respects your privacy.

Caveats: For advanced users. Installing user scripts is a security and/or privacy risk. While this holds true for extensions as well, user scripts are generally not scrutinized to the degree that extensions are when they are download from Mozilla.

First Party Isolation by freddyb [privacy/security]

First Party Isolation simply toggles the privacy.firstparty.isolate preference. First Party Isolation, or FPI, is a Firefox privacy feature which plays a very important role in preventing browser tracking and fingerprinting.

Caveats: Could potentially break some websites, though it can be quickly toggled off by clicking its toolbar button.

Flagfox by Dave G [enhancement]

Flagfox is a neat utility that adds an icon to the address bar which represents the flag of the country in which the web server is located. When the icon is right-clicked, a context menu is revealed with many more tools, such as a WHOIS lookup, URL shortening services and more. You can also add your own services.

Caveats: If you choose to display the menu icons, they are not stored locally and have to be fetched the first time you open the menu which some might see as a privacy issue.

HTTPZ by claustromaniac [privacy/security]

HTTPZ is a very simple install-it-and-forget-it add-on that attempts to redirect all all HTTP (insecure) traffic to HTTPS (secure).

Link Text and Location Copier by William Groenendijk [enhancement]

Link Text and Location Copier allows to copy formatted text and a link for a webpage in various ways, plus you can define your own templates. You can also paste content as Rich Text, meaning you can paste the title of a page and its link directly into the visual WordPress editor for example.

LocalCDN by nobody42 [privacy/security]

LocalCDN, a fork of Decentraleyes, is a must-have privacy enhancing add-on that has the additional benefit of decreasing the load time for many websites which depend on 3rd party Content Delivery Networks (CDN) for various functionality. It accomplishes this by storing and loading several common JavaScript resources locally instead of having to fetch them from the server. The developer is also beginning to include common fonts with the add-on including Font Awesome which is widely used to display various icons.

Caveats: Could potentially break some websites, though this seems to happen very rarely in my experience, plus it's easy to white-list any affected domains.

Mark-It by Matt [enhancement]

Mark-It is a simple and handy add-on that replaces your new tab page with one that allows you to write notes in markup format.

Maximize All Windows (Minimalist Version) by ericchase [enhancement]

Maximize All Windows (Minimalist Version) does one thing and does it well, and that is to make sure the Firefox window starts in a maximized state. If you typically maximize Firefox and you have privacy.firstparty.isolate enabled, you may be annoyed when it fails to remember its state after a restart. This add-on solves the problem, but be aware that Firefox may be far more vulnerable to fingerprinting as a result (this is due to various window dimensions, not the extension).

mozlz4-edit by Siarhei Kuzeyeu [enhancement]

mozlz4-edit allows one to edit, format and otherwise manipulate several types of compressed files including the search.json.mozlz4 file which is where Firefox stores all of its search engine plugins.

Caveats: For advanced users.

Privacy Oriented Origin Policy by claustromaniac [privacy/security]

Privacy Oriented Origin Policy (POOP) helps protect your privacy by preventing Firefox from sending Origin headers, though how it works is configurable.

Caveats: For advanced users. May break some websites, though it is easily disabled and sites can be whitelisted. There is a lengthy discussion about what led to the development of this add-on on GitHub if you're interested.

Privacy Redirect by Simon Brazell [privacy/security]

Privacy Redirect redirects requests to several privacy-hating platforms to privacy-friendly alternatives. YouTube videos, including embedded, can be redirected to several alternatives, as can Twitter, Bibliogram and Google Maps requests.

Caveats: Sometimes the requested alternative service may be overloaded or down, however you can always switch to another provider very quickly from the toolbar icon.

Redirector by Einar Egilsson [enhancement]

Redirector automatically redirects selected pages, links and more to another resource of your choosing. For some examples of how you can use Redirector, see the Redirecting this to that section of the Firefox Tweaks and Fixes and Styles and Things page.

RSS Preview by Aurelien David [enhancement]

RSS Preview simply displays a styled and formatted version of news feeds like Firefox used to do before the geniuses at Mozilla removed it. In addition it has an option to provide your own CSS.

Scroll Up Folder by Bruce Bujon [enhancement]

Scroll Up Folder adds an icon in the address bar that, when clicked, opens a list of the segments of the current document address. Clicking the list items makes it really easy to navigate up to a higher level of the address without having to manually edit it.

Site Bleacher by wooque [privacy/security]

Site Bleacher automatically removes cookies, local storage, IndexedDB storage and service workers. It is not perfect, but given the limitations of the Web Extension API and Mozilla's foot-dragging in fixing its problems, it is the only add-on at this time that automatically cleans IndexedDB and Service Workers storage automatically on a tab by tab basis.

Caveats: May break some websites, however the add-on includes a whitelist.

Skip Redirect by Sebastian Blask [privacy/security]

Redirects sometimes happen when you click on a hyperlink expecting to go directly to the destination and, instead, your request is passed through an intermediary. Redirects are often used to track your browsing history or display ads before you are forwarded to the target domain. Skip Redirect simply tries to bypass this annoying behavior. I would suggest keeping the notification enabled when Skip Redirect does its thing as this makes it easy to troubleshoot a problem.

Caveats: May break the functionality of some websites in which case they can be added to a whitelist.

Smart RSS Reader by zakius [enhancement]

Smart RSS Reader is a 3-pane news feed reader and a pretty good one at that. It hasn't been around all that long and so there's some little niggles with it and it's missing some features, but it functions quite well as a basic reader. The developer is very friendly and open to suggestions.

While there is no default dark theme for Smart RSS yet, you can use my CSS for a custom dark theme. Just paste the following code in the 'User CSS' section of the options:

Smart RSS Reader dark theme

/*
 * Smart RSS Reader - CSS for 3-pane layout |feeds|titles|content|
 */

/* GLOBAL */
html, body {
    color: lightgray;
    background: #2f2f2f;
}
.context-menu {
    background: black;
}
.region:not(.focused) .selected {
    background: black;
}
a {
    color: lightgreen;
}
#properties {
    background: black !important;
}
#properties input, #properties select {
    background: #67ff91 !important;
}

/* TOP TOOLBAR */
.toolbar {
    background: lightgreen;
}
.toolbar > .button {
    border: 1px solid #2f2f2f;
}
.input-search {
    background: black;
    color: white;
}
input[type="search"] {
    max-width: 260px;
    width: 260px;
    border: unset;
}

/* FEEDS PANE */
.has-unread .source-title {
    font-weight: unset;
}
.source-counter {
    color: black;
    background: lightgreen;
}
.sources-list-item.selected:hover .source-title {
    color: white;
}
#indicator-progress {
    background: black !important;
}
#indicator-stop {
    background-color: red !important;
}

/* TITLES PANE */
#article-list > .unvisited, .unvisited .articles-list-item-author {
    color: lightgray;
}
#article-list > .unread {
    font-weight: bold;
    font-style: italic;
}
#article-list > .region:not(.focused) .selected {
    background: #2f2f2f;
    border-bottom-color: unset;
}
#article-list > .selected * {
    color: lightgray;
}
#article-list .item-author {
    color: darkgray;
    font-weight: normal;
}
#article-list .item-date {
    color: darkgray;
}

/* CONTENT PANE */
#content h1 {
    color: #fdfdfd;
    font-size: 1rem;
    max-height: unset;
}
#content > header p {
    color: darkgray;
    padding-bottom: 10px;
}
#content > header .pin-button {
    opacity: 1;
}
#smart-rss-article-body {
    color: white;
    background: #2f2f2f;
}
#smart-rss-content > .more-link {
    color: lightgreen;
}
#smart-rss-content-footer {
    border-top: 2px dashed darkgray;
    margin-top: 20px;
}
#smart-rss-content-footer a {
    background: #2f2f2f;
}

 

Stylus by Armin Sebastian [enhancement]

Stylus is used to write, store and apply custom CSS styles to websites, or even the entire web if you wish. Though you can use FireMonkey for this, working with Stylus is much nicer. Note: Do not use Stylish, a similar add-on which the developer sold to an unethical party.

uBlock Origin by Raymond Hill [privacy/security]

uBlock Origin is a superior content filter (or firewall, if you like) that can replace several other content/ad blockers including Adblock Plus/Edge, NoScript, etc.. It is capable of using the same filter lists as Adblock Plus/Edge as well as many more that they cannot. Two of the most welcome differences with uBlock Origin is that it does not slow page loading to any noticeable degree and it uses less memory then the competition. Another major advantage is that it can block both 1st and 3rd party requests for images, scripts and frames when configured to use its advanced mode. See my Firefox Configuration Guide for Privacy Freaks and Performance Buffs article for more information regarding uBlock Origin. Lastly, use only uBlock Origin by Raymond Hill and not any other ripoff.

Caveats: For advanced users. As with any content filtering extension, uBlock Origin has the potential to break website functionality until it is configured correctly.

uMatrix by Raymond Hill [privacy/security]

uMatrix is another powerful content blocker by Raymond Hill and though it is similar to uBlock Origin, it offers more granular control like blocking cookies, CSS, images, plug-ins, scripts, XHR, frames and more. You can use uMatrix and uBlock Origin together. See my guide, Firefox Configuration Guide for Privacy Freaks and Performance Buffs, for further information.

Caveats: For advanced users. As with any content filtering extension, uMatrix has the potential to break website functionality until it is configured correctly.

Web Archives by Armin Sebastian [enhancement]

Web Archives makes it easy to find archived version of webpages. It is fairly configurable, though it does not have an option to add your own archive resources, nor does it have an option to send a webpage to an archive, however i find the latter unnecessary since the archive sites i use allow you easily archive a page if one isn't isn't found.

Troubleshooting add-on related issues

See Firefox Tweaks and Fixes and Styles and Things.

Listing removed add-ons

While i'm sure there's a more geeky way of listing extensions which one has removed, this one works for me: In your Firefox profile folder, navigate to /extensions/staged and there should be folders with the names of the removed extensions. You can delete this folder if you like.

Doing it without an add-on

The fewer add-ons you install, the better, and there's a lot of things you can do to customize Firefox without add-ons.

Enhancing privacy and security

See: Firefox Configuration Guide for Privacy Freaks and Performance Buffs and The Firefox Privacy Guide For Dummies!

More tweaks

See: Firefox Tweaks and Fixes and Styles and Things

Giving back

If you like an add-on, or any other free and open source software, please donate to the developer. Trust me when i tell you that most developers of free software usually receive little or nothing for all the hours of hard work and support they provide. Developers are usually very appreciative of a donation regardless of how small it may be.

Recent changes

This list contains only the most recent changes

  • replaced 'Toggle Fonts' with 'Enforce Browser Fonts' which works per-domain (sorta)
  • ... and then replaced 'Enforce Browser Fonts' with 'Toggle Fonts' again - i didn't like the brief visual change when switching tabs between one which allows the font set by a website and one where i override the webpage font with Firefox's defaults

67 thoughts on “Firefox Extensions - My Picks”

  1. Do you perhaps know of a way to make the Smart RSS interface dark. No darkify add-on makes it dark as the page is protected.

    There is a “User CSS” option in settings but I am not sure how to work that.

    1. Thank you for sharing your css.

      I must be making a mistake ( I am also a little confused with the instructions in your css file.

      “* install: save as ‘/chrome/smart.rss’ – in ‘userContent.css’, add: @import “./custom/addon/smartrss.css”;”

      Should one not be saving your css as ‘/chrome/addon/smartrss.css’? And then importing it like you have it above.

      That is what I did and I edited the ‘@-moz-document url(“moz-extension://…”‘ and replaced the unique identifier with my own. But I get the default white.

  2. I’ve stopped using HTTPZ because sometimes the addon would just leak memory. HTTPZ also runs on all HTTPS pages, which doesn’t make much sense to me.

    I’ve resorted to using a user script to do the HTTPS redirection and am using custom rules to exclude various HTTP sites that do not support HTTPS.

    If you want to stick with addons, HTTPS Already does a similar job as my user script as it only runs on HTTP pages, but doesn’t offer a whitelist. HTTPtoHTTPS also looks like a potential good option, but I haven’t tested it.

    1. if you found an issue with HTTPZ you might want to report it – the developer is a great guy and heavily involved in the ‘ghacks’ user.js project – also the reason why it runs on https sites is explained on the GitHub repo…

      * When you navigate to a site over HTTPS by yourself, or because of some external factor (like HSTS preloading), HTTPZ does not do anything to that request, regardless of the outcome.
      * When you navigate to a site over HTTPS and the server downgrades the request to HTTP, the extension notices this and allows it. It adds that site to the list of known insecure sites, and does not try to load it over HTTPS for the next seven days.

  3. Hi
    regarding Privacy Redirect: when I go to Twitter ( = Nitter ) and click links: are they cleared from tracking or do they still point back to Twitter?
    I can’t tell, whether ClearURL does the job: when I paste a “dirty” link from Twitter in ClearURLs cleaning tool and press “Clean URLs” the link remains/look the same.
    I tried tracking-links from other sites and they also seem not to be cleaned.

    1. the Nitter links point to Nitter i believe – whether ClearURLs cleans Twitter links i don’t know – if you want to provide a sample link i can check (i don’t use Twitter)

        1. these t.co links are short links – short links cannot generally be ‘cleaned’ unless you rely on a 3rd party

          the sample you provided forwards to http://www.change.org – there’s no way for a typical link cleaner add-on to determine that t.co/KU0UqoiGiI points to change.org/p/jeff-bezos-make-jeff-bezos-redistribute-half-his-income-from-the-covid19-crisis

          if you have a link like example.com?utm_source=google, a link cleaner can remove the UTM tracking parameter (utm_source=google) because it can ‘see’ that it isn’t needed, but it cannot ‘see’ where the link you provided points to because the final target is completely different than the short link – does that make sense?

          there are add-ons for Firefox that can handle some short links, thereby bypassing the middle-man, but the only way they can do that (to my knowledge) is by sending the URL to another server that determines what the target is, then sending the target back to you – as you might imagine, this is a potential privacy risk

    1. there’s another CSP issue (1462989 – support merging content-security-policy headers provided by multiple extensions) that lands in v77 which is why i haven’t updated related content here – i’m also unclear as to what exactly is fixed, so i’m keeping an eye on this issue to see what they say – thanks for reminding me though

    1. well that was quick – here’s you’re answer from Kevin R. (ClearURLs)…

      > Both implementations are almost identical. I have oriented myself on the source code of claustromaniac and made some adjustments, so that for example the ETag Filtering can be switched off in the preferences and is included in the statistics of ClearURLs.

    1. so do i – i just started using it and am in contact with the developer to help improve it – i’ve been busy with a project which is why i haven’t added it to the list yet

      1. Please share your thoughts on, to which extend invidous helps preventing google privacy intrusion, i.e. fingerprinting and tracking.

        I ask because I see that I still have to allow access to Google Video in uMatrix for videos to play.

        I’ve researched a little but it’s above my level of comprehension, so I hope you would take the time to explain.

        Thanks in advance
        bytemybash

        1. if you don’t enable proxy mode then yes, you have to enable media for googlevideo.com, however you don’t have to enable JS for google and no connection is made to YT, so that alleviates that vast majority of tracking

          if you enable proxy mode then no connection is made to google either, however i would suggest donating to the invidious instance if you do that because you’d be using a lot of their bandwidth

          invidious isn’t perfect – the instances aren’t reliable and some requests will result in an error, such as for videos that are scheduled for a future time and i don’t think you can watch live streams – i’ve also seen where a video will play on one instance but not another – so just be aware of that if you have any problems

Leave a Reply to 12Bytes Cancel reply

Your email address will not be published. Required fields are marked *