Site updates – 13-Jan-2020

On the page, FAQ: Firefox Hardening, i changed my stance on the CanvasBlocker add-on for Firefox. I think it’s still a beneficial addition to Firefox, however it should be configured to avoid the CSP issue if used in conjunction with uBlock Origin and/or uMatrix. To do this, you need to enable ‘Expert mode’ and then on the ‘Misc’ tab, disable the option ‘Block data URL pages’.

For the Firefox Configuration Guide for Privacy Freaks and Performance Buffs i updated the information for CanvasBlocker.

I updated and rearranged the add-ons on the Firefox Extensions – My Picks page. The list of recent changes can be seen at the bottom of the page.

Article update: uBlock Origin Suggested Settings

I updated the uBlock Origin Suggested Settings page again after i started seeing ads in YouTube videos. UN! AC! CEPTABLE! Turns out the AdGuard filters don’t block these ads, so i disabled them and re-enabled the Easy filters.

IMPORTANT: The caveat with the Easy filters is the CSP issue. If you don’t know what that is, don’t worry about it, just know that if you’re using both uBlock and uMatrix, you need to disable and then re-enable uMatrix (about:addons) as soon as Firefox starts and before visiting any website where you don’t want JS to run.

Article update: Firefox Tweaks and Fixes and Styles and Things

I updated Firefox Tweaks and Fixes and Styles and Things to include 2 different methods for updating the excellent CustomCSSforFx CSS styles for Firefox, both of which should save a lot of time when ‘Aris’ pumps out an update. By the way, CustomCSSforFx is by the same developer that produced the much loved Classic Theme Restorer add-on that no longer works with Firefox as of version 57 because of the huge changes Mozilla made to Firefox. Be sure to show your support for his work if you enjoy it.

Update: user-overrides.js for Firefox

I updated my user-overrides.js for Firefox. Many changes were made, however most of them were to instructions and preference descriptions.

Also i had been using the [SAFE=(value)] tag to mark preferences values that weren’t necessarily “safe” regarding privacy and so i added a new tag, [UNBREAK=(value)], which accompanies or replaces the ‘safe’ tag in order to make things clearer. The current tags used are:

* [SET]..............the value must be checked!!!
* [UNBREAK=(value)]..least likely to cause web breakage but more likely to compromise privacy
* [SAFE=(value)].....a safe value
* [PRIV=(value)].....a value which is more protective of privacy but may cause web breakage

Regarding changes in instructions and pref descriptions, i think i made several items more clear for users.

You can grab the file here (direct link) and the change logs here and here. There’s 2 change logs because i made a booboo on the first update. Remember to run both the ‘ghacks’ updater and prefsCleanr scripts.

If you’re lost, see one of my Firefox configuration guides here.

Content update: uBlock Origin Suggested Settings

I updated the uBlock Origin Suggested Settings page because it was slightly out of date. Now about that Content Security Policy thing…

At this time there’s a very nasty issue with Firefox regarding Content Security Policy headers and how add-ons interact with headers. You can read more about this on the FAQ: Firefox Hardening page (search for “CSP”). uBlock Origin uses CSP if you enable the option ‘Block remote fonts’. Also i found that CSP is used in both the EasyList and EasyPrivacy filter lists. If ‘Block remote fonts’ and the aforementioned filter lists are disabled, this seems to avoid any CSP issues with uBO, at least as long as you enable only the options i suggest in the uBlock Origin Suggested Settings guide and you use only the extensions recommended by myself in my Firefox configuration guides or those recommended by the ‘ghacks’ fellas, and you configure them as i/they/we suggest.

The problem here is that if you, like me, use the dynamic filtering ability of uMatrix to control JavaScript, along with uBlock Origin to control static filtering, then in-line JavaScript may run even if you have it blocked in uMatrix. The solution was to disable and re-enable uMatrix as soon as Firefox was started, however if we can avoid the CSP issue with uBlock, as i seem to have done in my case, then there’s no need to go through this rigamarole every time Firefox starts. This was my other reason for editing the uBlock Origin Suggested Settings page where now EasyList and EasyPrivacy are both disabled and i enabled other ad/tracking filters instead.

Regarding remote fonts, there is another way to block them in uBlock without enabling the ‘Block remote fonts’ option and this is outlined in the uBlock Origin Suggested Settings guide.