Poll How many extensions have you installed in your browsers, but above all, how many are usually enabled?

[ForgottenSeer 114717]

If a person does not have at least 20 security browser extensions, then they are not secure.

Ask Harbor Front.

H

Poll Post in thread 'How many extensions have you installed in your browsers, but above all, how many are usually enabled?'

Dec 15, 2025

I'm using for my Ungoogled Chromium browser the following extensions

IDN Safe
Cache Killer
CSS EXfil Protection
Font Fingerprint Defender
uBO Lite
Chrome History Cleaner
Cookie AutoDelete
I still don't care about cookies
IDM Integration Module
Dark Reader
Translate Web Page
Chromium Web Store

I have BitDefender Total Security with features like AV, Cryptomining, Online Threat Prevention, Advanced Threat Defense, Firewall, Ransomware Remediation, Anti-Tracker etc so most online threats are protected against

Later, if Adguard for Windows 8.0 released, I'll remove uBO Lite. The rest I...

• HarborFront

• 
• 

 

[HarborFront]

I'll insert two preliminary images.
Then copy/paste the rule, save it, and run the test:

View attachment 293834
View attachment 293835

Ping Spotter

---
action:
  type: block
condition:
  resourceTypes:
    - ping
    - object
    - csp_report
---

Thanks. Done it and works. Removed Ping Blocker

 

[SeriousHoax]

I have:

– uBlock Origin (obviously)
– Librezam (song discovery)
– Native HLS Playback (playing HLS streams)
– Search by Image (image search through multiple search engines)
– TWP - Translate Web Pages (website translation)
– Violentmonkey (user scripts)
– Urban VPN (free, totally not private VPN; disabled)

Hi! Your Urban VPN extension is in the news: Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats
I also see that ESET has started to detect it: https://forum.eset.com/topic/47675-jsurbancybera-from-msedgeexe-microsoft-edge/

 

[Marko :)]

Hi! Your Urban VPN extension is in the news: Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats
I also see that ESET has started to detect it: https://forum.eset.com/topic/47675-jsurbancybera-from-msedgeexe-microsoft-edge/

Thanks for the heads up!

I am aware that the extension is fishy, and it isn't available for download on Mozilla's Add-ons page anymore. Before it was removed, I downloaded it, extracted and analyzed the code–I didn't find anything suspicious except analytics (which I blocked).

So the version I use simply connects to their domain, downloads JSON file containing all the IP addresses and ports of proxy servers, and when I select a country, it just connects to the IP; that's all.

Even though I carefully analyzed the extension and blocked analytics, I still keep extension disabled at all times. When I need to use it, I connect to Cloudflare WARP first and then I start using the extension to protect/hide my IP address.

Don't worry, I'm not from yesterday; I know how these "free" VPNs work.

 

[SeriousHoax]

Thanks for the heads up!

I am aware that the extension is fishy, and it isn't available for download on Mozilla's Add-ons page anymore. Before it was removed, I downloaded it, extracted and analyzed the code–I didn't find anything suspicious except analytics (which I blocked).

So the version I use simply connects to their domain, downloads JSON file containing all the IP addresses and ports of proxy servers, and when I select a country, it just connects to the IP; that's all.

Even though I carefully analyzed the extension and blocked analytics, I still keep extension disabled at all times. When I need to use it, I connect to Cloudflare WARP first and then I start using the extension to protect/hide my IP address.

Don't worry, I'm not from yesterday; I know how these "free" VPNs work.

Yeah, I'm also of similar mindset. Only use VPNs when it's necessary and at the moment Cloudflare Warp gets the job done when I need it. I have even set up warp via wireguard on my router yesterday for only a couple of domains for testing where I face very slow download speed that warp fixes (sourceforge). So only those domains go through wireguard, the rest through ISP. Seems to be working great.
I have temporarily used free questionable VPNs in the past also. Using such VPN extension in a browser where no sites are logged in should mitigate risks.

 

[Marko :)]

Yeah, I'm also of similar mindset. Only use VPNs when it's necessary and at the moment Cloudflare Warp gets the job done when I need it. I have even set up warp via wireguard on my router yesterday for only a couple of domains for testing where I face very slow download speed that warp fixes (sourceforge). So only those domains go through wireguard, the rest through ISP. Seems to be working great.
I have temporarily used free questionable VPNs in the past also. Using such VPN extension in a browser where no sites are logged in should mitigate risks.

I use WARP through WireGuard app as well and instead of Cloudflare DNS, I set it to use ControlD HaGeZi Pro Plus (which I usually use). I didn't set it up on router because I prefer it to use it on device through app.

 

[Jonny Quest]

With Brave on my laptop, Brave blocks the YouTube ads, but is there anything that can be done on the Roku YouTube app to block the ads? I don't want to subscribe to Premium just for that, and Gemini essentially said good luck as Roku is a closed system without trying some sort of hack? It mentioned viewing from the Playlet app or cast from the PC (or smartphone) to the TV, which does work. I posted this here as Gemini mentioned there weren't any ad block extensions I could use in Roku. I'm sure it would be the same with the Hisense home screen apps?

1. The "Playlet" App (Easiest Workaround)​

There is a third-party app available directly in the Roku Channel Store called Playlet. It is a custom YouTube client designed to provide an ad-free experience.

• How to get it: Search for "Playlet" in the Roku Channel Store.
• Pros: It effectively skips YouTube ads and even supports "SponsorBlock" (which skips in-video sponsorships).
• Cons: The interface isn't as polished as the official app, and you may need to link your account via a web browser.

 

[Sampei.Nihira]

I have reduced the number of extensions that are always enabled in my two browsers:

Firefox = 1 (uBo)
Chrome = 2 (uBo or AG Browser Extension) + Bonjourr

P.S.

Uninstalled uBoL.
Without the script injection feature, which is requested but not yet implemented by Gorhill, it no longer holds any appeal for me, not even academically.

 

[Deletedmessiah]

Ublock origin, dark reader, bitwarden. Rest are youtube related: Enhancer for youtube, return youtube dislike and sponsorblock.

 

[Neno]

AdGuard AdBlocker
Dark Reader
IDM Integration
Proton Pass
Return YouTube Dislike
TrafficLight

 

[Gandalf_The_Grey]

uBlock Origin Lite
Consent-O-Matic
Bitdefender TrafficLight
Bitwarden

 

[lokamoka820]

Consent-O-Matic

Great extension, I liked it, but I found a similar built-in feature in the Waterfox browser, so I will use it with other browsers.

 

[Sampei.Nihira]

I've changed my vote.

Chrome:

7 extensions installed
4 extensions permanently enabled (uBo + uBoL + Bonjourr + Search Engine Blocker)


Firefox:

4 extensions installed
2 extensions permanently enabled (uBo + uBoL)

 

[LinuxFan58]

While I use Brave as browser, I normally run with Shields disabled (only on annoying website I switch to AGRRESSIVE ) For me ControlD with OISD small and Avira Browser Protection with (mild) tracking protection does it.

Switched from Brave (in flatpak sandbox) to Chrome (in firejail sandbox) for stronger vertical (between tabs and browser processes) isolation with two profiles both using only uBol (behind ControlD with OISD small).

Work profile only has uBol with custom rules (no filters) and runs in basic mode, surfing profile has EasyList plus AdGuard tracking and Kees1958 most used (for uBol) enabled and some security enhancing custom DNR rules and runs in optimal mode (similar to Sempei-san)

So I only have 1 extension with 2 different settings

 

[Sampei.Nihira]

Edit:

Chrome:

7 extensions installed
3 extensions permanently enabled (uBo + uBoL + Bonjourr)
1 extension (Search Engine Blocker) - enabled only on certain websites.

 

[Nunzio_77]

Bitdefender Traffic Light + uBOL

 

[Nautilus]

malwarebytes browser protection
netcraft
ublock origin lite
internet downnload manager
google translate

on both edge and brave

 

[HarborFront]

All extensions are enabled in Windows

For my Helium browser. Helium is a niche browser so adding extensions won't make it more unique than original

uBO
APIVoid Browser Protection
APIVoid Script Stop
Dark Reader
Cache Killer
I still don't care about cookies
CSS Sentry
TWP Translate This Page
Ping Blocker
Chromium Web Store
IDM Integration Module
Fingerprint Defender (for Font and WebGPU)
WebRTC Leak Shield
Disable Battery API

Use flags to set fingerprinting protection
- Canvas::measureText() fingerprint deception
- ClientRects() fingerprint deception
- Canvas pixel noising
- Jitter audio context data
- Randomize number of CPU c

Brave browser. I only added the below

APIVoid Browser Protection
APIVoid Script Stop
Dark Reader
IDM Integration Module
Ping Blocker

Brave has strong fingerprinting protection by default

Without Ping Blocker, when tested with Brave it shows

Can advise which extension(s) not needed?

 

[LinuxFan58]

@HarborFront

IDNsafe: this is also covered by API Void Browser Protection (warns for domains with punycode in it)
WebRTC leak shield: most chromium browsers hide your private IP, so it is probably redundant (blocking public IP in WebRTC only makes sense when you are using VPN)
Cache killer: most chromium browsers have an option to clear history (including cache) when you exit.
CSS sentry: it is so rare type of attack and with default CSP policies in Chromium browsers I doubt whether it can be succesfully used nowadays.

 

[HarborFront]

@HarborFront

IDNsafe: this is also covered by API Void Browser Protection (warns for domains with punycode in it)
WebRTC leak shield: most chromium browsers hide your private IP, so it is probably redundant (blocking public IP in WebRTC only makes sense when you are using VPN)
Cache killer: most chromium browsers have an option to clear history (including cache) when you exit.
CSS sentry: it is so rare type of attack and with default CSP policies in Chromium browsers I doubt whether it can be succesfully used nowadays.

OK, IDN Safe to be removed
I'm using a VPN
Cache Killer - This is to remove cookieless cookies. Normal cache clearing I doubt can remove them
CSS Sentry - Will keep it

Updated my list as above

Thanks