My Firefox 12 extensions and addons

May 14, 2012

In light of yesterday's entry about my failed Firefox Nightly experiment and the potential that some of my extensions are the root cause of my Firefox problems, I'm going to run down the current set of Firefox extensions that I use in my main browser (updating previous discussions from the Firefox 7 era, which alarmingly was less than a year ago). This time around I'm going to group them by purpose:

Safe browsing:

  • NoScript to disable JavaScript for almost everything. I browse with JS blocked and only enable it selectively on sites when I have to (and almost always temporarily). I consider this more an issue of safety than of performance; I simply don't trust most JavaScript from most sites to not do things that will make me unhappy.

    (NoScript also takes care of blocking Flash, Java, and so on.)

  • CookieSafe 3.0.5, with the actual addon here. I browse through a filtering proxy and it blocks ordinary cookies, but it can't do anything about cookies I get over HTTPS or via JavaScript. I use CookieSafe to block those (there's some more explanation here).

    (For me, CookieSafe 3.1a10 has an explosive interaction with NoScript that hangs Firefox in some sort of infinite JavaScript loop, so I am still on 3.0.5 aka the 2011-12-10 version of CookieSafe.)

User interface:

  • All-in-One Gestures (specifically my tweaked version of it). I turn off A-i-O autoscroll because the native Firefox autoscroll is better (and has been for years). A-i-O hasn't been updated in ages but still seems to be the best, most reliable gesture extension in my brief experimentation.

    (FireGestures is actively developed but the last time I tried it there was an odd bug with changing font size settings; however, that was a while back. It would be my leading alternate here.)

    Update: All-in-One Gestures seems to have been a major cause of my Firefox memory bloat problems. I've now replaced it with FireGestures; see this update. I can no longer recommend it.

  • Status-4-Evar restores the old Firefox bottom status bar so that I can see the full display of link targets and have a useful page load status display.

Fixing annoying websites, especially Google's:

  • GreaseMonkey combined with the Google Link Cleanup user script to remove Google's tracking links from search results. I hate these tracking links with a burning passion for two reasons; first, I have no interest in letting Google know what search results I've followed and second, Google's tracking links screw up my history so that I can't see which search results I've already read and which are new.

  • Stylish combined with a number of mostly personally written styles to fix various website misdesigns. The most important is a version of this user style to disable the left option sidebar in Google searches (because I hate it and I use Google all the time). I also have Compact Google Reader in the Firefox instance I use with Google Reader, for similar reasons.

    (This entry and its comments have a bunch of discussion about ways to fix Google's layout issues.)

    I could probably replace my use of Stylish with more GreaseMonkey user scripts, but I started with Stylish and I prefer fixing things with CSS alterations than with JavaScript (even if the JavaScript just inserts CSS alterations). Certainly there seem to be plenty of 'fix Google stuff' GreaseMonkey user scripts, eg this one for Google Reader (which I have not tried).

Improving my life:

  • It's All Text! handily deals with how browsers make bad editors. The more I have it available the more I use it (and the longer comments and so on I wind up leaving, because I can actually edit them sensibly; this may not be a plus, all things considered).

Modern versions of Firefox also give you a JavaScript based PDF viewer addon for free. I have not done much with this and in fact currently have it turned off.

Of these extensions, I consider NoScript, All-in-One Gestures, GreaseMonkey, and Stylish to be completely essential. I can sort of live without the others, so as an experiment I am trying that to see if it makes a difference in Firefox memory usage and the number of zombie compartments that build up. If I am serious about this, I probably should migrate away from Stylish to GreaseMonkey for everything on the grounds that the latter is probably more actively used and maintained and so any leaks it has are more likely to get fixed promptly.

(Unfortunately I suspect that A-i-O is a likely candidate to be a leaky extension, since it hasn't been updated in ages.)

Comments on this page:

From at 2012-05-15 11:05:27:

Thanks for sharing.

You might also have a look a ghostery which is a third-party js/cookie blocker as a possible alternative to (or use in conjuction with) NoScript.

Also Certificate Patrol is on my list of essentials. It keeps a local data base of SSL certificate fingerprints, and warns you when the id changes (as in a MITM attack).

By cks at 2012-05-15 11:58:13:

Certificate Patrol looks quite interesting; thanks for mentioning it. Unfortunately some experimentation suggests that it may be too noisy for me in practice (because too many people do vaguely odd things with their SSL certificates that it warns about). I may have to experiment.

I've looked at Ghostery before (and discussed it here); the short version is that it's too noisy for me (or was the last time I looked) and I'm not entirely sure I trust it. I don't want to be told how many things it's blocking, I just want them to be blocked.

(I can make Ghostery disappear entirely, I think, but then I lose any way of easily controlling it if it does something I don't like.)

From at 2012-05-16 09:28:45:

Certificate Patrol is a super great addon! (IMO)

My top favoutites are:

I also strongly recommend you have a look at fiddler (fiddler is written by a fairly senior IE hacker for microsoft).

From at 2012-05-16 22:00:59:

Along with NoScript, I add two others:

  • RequestPolicy, which controls third-party requests. Helps control information leaking to external third-parties such as facebook or twitter or an ad server.

  • RefControl, which controls what referer header you send to prevent your browsing history from leaking to third parties. You can specify different header contents per website (so that your banking works fine, for example), along with global default options.

Re Ghostery, I find it not bothersome provided I set the pop-up timeout to a short period like a few seconds. It is useful for stopping facebook, twitter, etc third-party requests and does away with the need for add-ons such as Facebook Disconnect, Twitter Disconnect, etc.

My full list of plugins.

Nick Coleman

By cks at 2012-05-17 16:21:10:

I took a look at the RequestPolicy documentation and I don't think it's for me; I think it would take too much work to maintain the approve and block lists. For now, this is a general issue that I'd rather fix with my filtering proxy (by screening out bad places entirely, usually).

By cks at 2012-05-25 11:31:18:

A slow follow-up: I tried Certificate Patrol in one of my testing Firefox instances and found it had too many false positives in day to day usage. Specifically, Google properties seem to give it indigestion with hopping certificates and it was forever bothering me about them, even after I did some things it suggested to try to make it quieter.

Written on 14 May 2012.
« My experiment with Firefox Nightly builds: a failure
Some stuff on 'time since boot' timestamps »

Page tools: View Source, View Normal, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Mon May 14 15:24:58 2012
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.