Chris's Wiki :: blog/web/Firefox12Extensions Commentshttps://utcc.utoronto.ca/~cks/space/blog/web/Firefox12Extensions?atomcommentsDWiki2012-05-25T15:31:18ZRecent comments in Chris's Wiki :: blog/web/Firefox12Extensions.By Chris Siebenmann on /blog/web/Firefox12Extensionstag:CSpace:blog/web/Firefox12Extensions:79cbefbd61186fc49cb76f672365499dc70776d1Chris Siebenmann<div class="wikitext"><p>A slow follow-up: I tried <a href="https://addons.mozilla.org/en-us/firefox/addon/certificate-patrol/">Certificate Patrol</a>
in one of my testing Firefox instances and found it had too many false
positives in day to day usage. Specifically, Google properties seem
to give it indigestion with hopping certificates and it was forever
bothering me about them, even after I did some things it suggested to
try to make it quieter.</p>
</div>2012-05-25T15:31:18ZBy Chris Siebenmann on /blog/web/Firefox12Extensionstag:CSpace:blog/web/Firefox12Extensions:f00ec6c98c4a7365bc4f0b2801a30fb7073bcefcChris Siebenmann<div class="wikitext"><p>I took a look at the <a href="https://www.requestpolicy.com/">RequestPolicy</a>
documentation and I don't think it's for me; I think it would take too
much work to maintain the approve and block lists. For now, this is a
general issue that I'd rather fix with my filtering proxy (by screening
out bad places entirely, usually).</p>
</div>2012-05-17T20:21:10ZFrom 121.45.242.234 on /blog/web/Firefox12Extensionstag:CSpace:blog/web/Firefox12Extensions:91d8a179af837989f510bfd0c735f7fad50043deFrom 121.45.242.234<div class="wikitext"><p>Along with NoScript, I add two others:</p>
<ul><li>RequestPolicy, which controls third-party requests. Helps control information leaking to external third-parties such as facebook or twitter or an ad server.<p>
</li>
<li>RefControl, which controls what referer header you send to prevent your browsing history from leaking to third parties. You can specify different header contents per website (so that your banking works fine, for example), along with global default options.</li>
</ul>
<p>Re Ghostery, I find it not bothersome provided I set the pop-up timeout to a short period like a few seconds. It is useful for stopping facebook, twitter, etc third-party requests and does away with the need for add-ons such as Facebook Disconnect, Twitter Disconnect, etc.</p>
<p><a href="http://www.nickcoleman.org/blog/index.cgi?post=googlechrome-to-firefox%21201205101149%21general%2Cinternet">My full list of plugins.</a></p>
<p>Nick Coleman</p>
</div>2012-05-17T02:00:59ZFrom 115.70.177.211 on /blog/web/Firefox12Extensionstag:CSpace:blog/web/Firefox12Extensions:758fbf374585149808c776248c43d8db7aefb8fcFrom 115.70.177.211<div class="wikitext"><p>Certificate Patrol is a super great addon! (IMO)</p>
<p>My top favoutites are:</p>
<ul><li>noscript (ff); scriptno(chrome)</li>
<li>certificate patrol (really good!)</li>
<li><a href="https://www.eff.org/https-everywhere">https://www.eff.org/https-everywhere</a></li>
<li><a href="https://disconnect.me/">https://disconnect.me/</a> (great!) (written by some ex googlers),</li>
<li>SPDY indicator (am i using the new SDPY protocol?)</li>
<li>Xmarks</li>
<li>Ad Block Plus</li>
<li>collusion (<a href="https://disconnect.me/tools">https://disconnect.me/tools</a>)</li>
<li>Better Privacy (remove LSO cookies) (FF)</li>
<li>Cookie Muncher (FF)</li>
<li>Foxy Proxy (FF)</li>
</ul>
<p>I also strongly recommend you have a look at fiddler <a href="http://webdbg.com/Fiddler/essentials.asp">http://webdbg.com/Fiddler/essentials.asp</a> (fiddler is written by a fairly senior IE hacker for microsoft).</p>
<pre>
-Alex
</pre>
</div>2012-05-16T13:28:45ZBy Chris Siebenmann on /blog/web/Firefox12Extensionstag:CSpace:blog/web/Firefox12Extensions:4f1cedea1bc4ead588d9c5de14a44f7e4a22bb6cChris Siebenmann<div class="wikitext"><p><a href="https://addons.mozilla.org/en-us/firefox/addon/certificate-patrol/">Certificate Patrol</a>
looks quite interesting; thanks for mentioning it. Unfortunately some
experimentation suggests that it may be too noisy for me in practice
(because too many people do vaguely odd things with their SSL
certificates that it warns about). I may have to experiment.</p>
<p>I've looked at <a href="https://addons.mozilla.org/en-US/firefox/addon/ghostery/">Ghostery</a>
before (and discussed it <a href="https://utcc.utoronto.ca/~cks/space/blog/web/Firefox7ExtensionsII">here</a>); the short version
is that it's too noisy for me (or was the last time I looked) and I'm not
entirely sure I trust it. I don't want to be told how many things it's
blocking, I just want them to be blocked.</p>
<p>(I can make Ghostery disappear entirely, I think, but then I lose any
way of easily controlling it if it does something I don't like.)</p>
</div>2012-05-15T15:58:13ZFrom 146.6.208.14 on /blog/web/Firefox12Extensionstag:CSpace:blog/web/Firefox12Extensions:dcf5b2d03eae52b471c3078d78e036101e797eeaFrom 146.6.208.14<div class="wikitext"><p>Thanks for sharing.</p>
<p>You might also have a look a ghostery which is a third-party js/cookie blocker as a possible alternative to (or use in conjuction with) NoScript.</p>
<p>Also Certificate Patrol is on my list of essentials. It keeps a local data base of SSL certificate fingerprints, and warns you when the id changes (as in a MITM attack).</p>
</div>2012-05-15T15:05:27Z