My Firefox 29 extensions and addons

May 3, 2014

It's been a few years since I last did a comprehensive inventory of my Firefox addons (here, then updated here and here due to memory issues), so it's about time for another go around. Besides, Firefox 29 has come out and upended the Firefox UI again. As before this is for my main browser instead of my testing browser, although the testing version has almost all of them too.

Safe browsing:

  • NoScript to disable JavaScript for almost everything. I browse with JS blocked and only enable it selectively on sites when I have to (and almost always temporarily). I consider this more an issue of safety than of performance; I simply don't trust most JavaScript from most sites to not do things that will make me unhappy. These days my strategy for dealing with most JavaScript based websites that I actually want to use is my Chrome incognito hack.

    (NoScript also takes care of blocking Flash, Java, and so on. I also have Firefox's own preferences set to 'ask before running' for them, which NoScript seems to usually override when I tell it to go ahead with Flash stuff. This doesn't worry me because the Firefox setting is a fallback precaution in case something sneaks past NoScript.)

  • CookieSafe 3.0.5, with the actual addon here. I browse through a filtering proxy and it blocks ordinary cookies, but it can't do anything about cookies I get over HTTPS or via JavaScript. I use CookieSafe to block those (there's some more explanation here). For me, CookieSafe 3.1a10 has an explosive interaction with NoScript that hangs Firefox in some sort of infinite JavaScript loop, so I am still on 3.0.5 aka the 2011-12-10 version of CookieSafe.

CookieSafe hasn't been updated recently and apparently still has issues. If I didn't browse behind a filtering proxy I'd probably switch to Self-Destructing Cookies, which I'm actually experimenting with in my testing browser. Honestly, one of the reasons I don't switch anyways is just the hassle of figuring out which of my current cookies I want to whitelist permanently.

I've experimented with Ghostery. It works and I like the idea, but I don't have much use for it in my main browser (which is already protected against basically everything Ghostery would block) and I don't completely trust the business model involved in its development and thus it (I worry about the Chrome extensions problem). The EFF's Privacy Badger sounds nice but it's only just been announced and it's in alpha (and again I don't have much use for it in my main browser).

User interface:

  • FireGestures. I believe the only customizations I've made have been to change what gestures map to what (for reasons described here). It's worked great and has been free of both trouble and memory bloat. I really like how it can export and import your configured gestures, making it very easy to have the same set of gestures on all of the copies of Firefox that I wind up using (home, office desktop, office laptop, sometimes Firefox on servers).

Improving my life:

  • It's All Text! handily deals with how browsers make bad editors. The more I have it available the more I use it (and the longer comments and so on I wind up leaving, because I can actually edit them sensibly; this may not be a plus, all things considered).

  • Open in Browser. You know all of those annoying websites that insist that patches are not plain text that the browser can show or are sure that you want to download that PDF instead of viewing it in the browser? This fixes them. It's so discreet an addition that you may even forget that you have it installed (this happened to me once and was vaguely embarrassing).

I view PDFs in the browser with Mozilla's PDF Viewer, which I believe is now normally packaged with Firefox.

Miscellaneous:

  • CipherFox gives me access to more information about TLS connections. It's not perfect (partly because Firefox plain doesn't make certain information available to extensions) but I'll take what I can get here. The one thing I really miss is simple information about whether the connection has perfect forward secrecy.

I've experimented with a number of the SSL/TLS certificate monitoring extensions like Certificate Patrol and Perspectives. None of them worked well in my environment with the amount of work I was willing to put into tending them.

This set of extensions is stable and doesn't lead to memory bloat. I can and do leave my main Firefox running for weeks without any problems (on my home machine I started the current instance on April 17th, when I last rebooted). In fact I should probably restart more frequently than I do; I have a couple of pending extension updates at the moment that have been patiently waiting for me to get around to quitting and restarting.

Although I would still like to be able to use GreaseMonkey and Stylish, they still seem to cause memory bloat problems for me as before. I haven't tested things on Firefox 29, but I did retest with a previous version of Firefox a couple of months ago and still saw my old problems. Maybe someday.


Comments on this page:

By Frank Ch. Eigler at 2014-05-04 07:31:29:

Instead of cipherfox, see the Calomel SSL Validation widget. Perhaps see also the DNSSEC/TLSA validation add-on.

By Anonymous at 2014-05-05 04:13:10:

Instead of CookieSafe I've been happy with Cookie Whitelist:

https://addons.mozilla.org/en-US/firefox/addon/cookie-whitelist-with-buttons/

By default disabled all cookies but for the sites where you really need them you can easily allow permanent or session cookies (or allow all cookies for a session if needed).

By James (trs80) at 2014-05-05 11:57:31:

I am dreading the upgrade for Firefox 29, but no doubt I'll get used to it (or switch to Seamonkey). OTOH version 28 crashes a couple of times a week on me which is somewhat worse than previous versions. I'm going to put that down to the hundreds if not a thousand plus tabs I have though.

By cks at 2014-05-05 12:47:27:

I gave the Calomel SSL Validation addon a try and then remembered why I dropped it after a previous look: its always-present big icon is just too obtrusive for what I want. I'd be pretty happy with it otherwise.

(I can make the icon go away but then I don't think I can get at the information it offers.)

Written on 03 May 2014.
« An important addition to how ZFS deduplication works on the disk
How I set up my Firefox 29's UI »

Page tools: View Source, View Normal.
Search:
Login: Password:

Last modified: Sat May 3 00:47:36 2014
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.