I think you can remove CSS Exfil Protection because FF 57 and above already has new XSS/CSS (cross-site scripting) protection
Firefox 57 to Get New XSS Protections | SecurityWeek.Com
LDoggs Security Setup
- Thread starter LDogg
- Start date
Firefox 57 to Get New XSS Protections | SecurityWeek.Com
My apology.
I mixed up FF's XSS (cross-site scripting) with the CSS Exfil Protection extension's CSS which stands for Casading Style Sheets
CSS Exfil Protection extension is still needed
I mixed up FF's XSS (cross-site scripting) with the CSS Exfil Protection extension's CSS which stands for Casading Style Sheets
CSS Exfil Protection extension is still needed
Last edited:
@LDogg
Since you are using Skip Redirect & IDN Safe on your PC for FF Quantum here's something for you
Try the Third-Party redirection test
title
if after the test it comes to either of the below sites
A record breaking domain?
㯙㯜㯙㯟.com <=== IDN Safe will block and show this site sometimes
Then the redirection test fails i.e. Skip Redirect fails....and this applies to similar redirect block extensions
Unfortunately, there's no flag setting in FF Quantum for PC (and android) to block redirections.
FYI, Chrome browser (for desktop and android) passed the redirection test with flying color because an experimental flag setting prevents redirection
Since you are using Skip Redirect & IDN Safe on your PC for FF Quantum here's something for you
Try the Third-Party redirection test
title
if after the test it comes to either of the below sites
A record breaking domain?
㯙㯜㯙㯟.com <=== IDN Safe will block and show this site sometimes
Then the redirection test fails i.e. Skip Redirect fails....and this applies to similar redirect block extensions
Unfortunately, there's no flag setting in FF Quantum for PC (and android) to block redirections.
FYI, Chrome browser (for desktop and android) passed the redirection test with flying color because an experimental flag setting prevents redirection
Last edited:
You'll need to disable other protection like your AV, ScriptSafe etc to show that you are just using ONLY Skip Redirect or IDN Safe separately.
My ESET IS also blocked and I "passed" the test which in fact Skip Redirect didn't
- May 4, 2018
- 2,261
- May 4, 2018
- 2,261
Added to FF Quantum: Norton Safe Web extension
Added searx.me to search engine list on FF Quantum
Added: Bleachbit
Added: PrivaZer
Added: UnChecky
Windows Defender is turned on.
Removed from FF Quantum: Removed PureVPN Extension
Removed: CCleaner
Removed: Ricochet
Never going to use a PW Manager though, I do not trust them. xD
Added searx.me to search engine list on FF Quantum
Added: Bleachbit
Added: PrivaZer
Added: UnChecky
Windows Defender is turned on.
Removed from FF Quantum: Removed PureVPN Extension
Removed: CCleaner
Removed: Ricochet
Never going to use a PW Manager though, I do not trust them. xD
- May 4, 2018
- 2,261
Updared 18/06/2018.
Added Glary Utilities 5.9.
Any more reccommendations on FF Quantum extensions @HarborFront?
~LDogg
Added Glary Utilities 5.9.
Any more reccommendations on FF Quantum extensions @HarborFront?
~LDogg
- May 4, 2018
- 2,261
Bleachbit is no longer on my system. PrivaZer does a deeper clean then Wise Disk Cleaner, I use Wise everyday. Glary isn't just for cleaning, it's for other system related aspects too. They all serve a massive purpose.
~LDogg
~LDogg
@LDogg
You can have a look at some useful filters recommended by @Evjl's Rain in post #152 to be used in uBlock Origin.
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings
You can have a look at some useful filters recommended by @Evjl's Rain in post #152 to be used in uBlock Origin.
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings
Also, a new FF extension, Chameleon for you to try. Likely not needed if you are using Trace, ScriptSafe and Cydec
Review here
Chameleon for Firefox: user agent and data spoofer - gHacks Tech News
Review here
Chameleon for Firefox: user agent and data spoofer - gHacks Tech News
Last edited:
- May 4, 2018
- 2,261
First, let's start off with what we want to protect from the web. Here's the list I believe we need protection from.
- ads & ad trackers
- malicious sites
- analytics
- browser fingerprinting
- social widgets
- microphone (disabled in Windows)
- webRTC leak
- unwanted cookies
- webbugs
- clickbait links
- in-browser cryptojackers
- browser hijackers
- browser lockers
- phishing and online scams
- PUPs, toolbars and pop ups
- overlays
- CSS (Cascading Style Sheets)
- CDNs (Content Delivery Networks)
- redirects (setting flag in Chrome browser)
- session replay scripts (protected by Keyboard Privacy + Ghostery + EasyPrivacy filter)
- spoofing/randomizing user-agent/timezone/header(etag and referer)/geolocation
- clean URL tracking
- WebGL
- other web annoyances
- ultrasonic tracking (not needed). If you need protection then you can use TunnelBear Blocker (Chrome)/Silver Dog (FF)
Then you decide what extensions are need
For Chrome, by default, it protects against
- CSRF/XSRF (cross-site request forgery). Disabling 3rd-party cookies helps in preventing CSRF
- XSS (cross-site scripting)
- Clickjacking (aka UI redressing)
- Punycode
so there's no need of any extensions
Privacy extensions I'm using for Chrome are
1) Decentraleyes
2) MalwareBytes
3) Ghostery
4) AdBlock (with only EasyList + EasyPrivacy + AdBlock custom filters)
5) Auto Overlay Remover
6) Cookie AutoDelete
7) CSS Exfil Protection
8) Keyboard Privacy
9) minerBlock
10) ScriptSafe
11) Privacy Possum
12) Pure URL
13) Random User Agent
14) TrackMeNot
15) Noiszy
16) I don't care about cookies
17) Auto History Wipe
For FF Quantum I try to get the similar extensions for Chrome. By default FF protects against
- CSRF/XSRF (cross-site request forgery). Disabling 3rd-party cookies helps in preventing CSRF
- XSS (cross-site scripting)
- Clickjacking (aka UI redressing)
- Punycode (not very effective. I rather use IDN Safe)
Privacy extensions I use
1) Decentraleyes
2) MalwareBytes
3) Ghostery
4) AdBlock (with only EasyList + EasyPrivacy filters)
5) Behind the Overlay
6) Cookie AutoDelete
7) CSS Exfil Protection
8) Keyboard Privacy
9) minerBlock
10) ScriptSafe
11) Trace
12) ClearURLs
13) CyDec Platform Anti-Fingerprinting
14) TrackMeNot
15) IDN Safe
16) I don't care about cookies
17) Skip Redirect
18) YouTube Container
19) Temporary Containers
For History I set 'Clear history when FF closes'
Notes:-
1) I disabled Google Safe Browsing/Tracking Protection in Chrome/FF
2) I blocked ALL 3rd-party cookies in Chrome/FF setting
3) Have Do-Not-Track disabled as it'll depend on the site in not tracking you. You think the site won't track you even with the setting enabled?
4) Expect some compatibility issue with extensions in Chrome like between ScriptSafe/Trace/Cydec or between Ghostery/TunnelBear Blocker
5) I don't use any Popup Blocker. That's because in FF Quantum you can enable a setting to completely remove popups. In Chrome, so far, I have not encounter any popups so not using one for the moment. Also, in Chrome, I have Fanboy's Annoyances List in my AdBlock to handle this
6) I find Smart HTTPS/HTTPS Everywhere not so useful as most sites are HTTPS nowadays. Also, if the site cannot be forced to changed from HTTP-to-HTTPS then the site still will be using HTTP.
7) I use VPN to increase my privacy
8) Security settings/extensions is another matter like Strict Site Isolation and AppContainer in Chrome and Enabling 1st-Party Isolation and DNS-over-HTTPS (for privacy as well) settings in FF
9) Make sure you are not bogged down by the extensions/filters you installed
For Overlays you can test at the below sites. Just make sure you disable other adblockers
1) Work In Progress - Adolescent Brains Are A Work In Progress | Inside The Teenage Brain | FRONTLINE | PBS
2) Pinterest
You can either use overlay blocker extensions or adblocker (uBO, AdBlock, ABP, AdBlocker Ultimate etc) which comes with element hiding feature to remove them
And if you are really serious with your privacy I'll suggest you try out the high privacy Ungoogled Chromium browser instead of Chrome. Use with searx.me search engine and there goes your high privacy.
2 disadvantages though
1) Its version release is behind Chrome. Security can be an issue here if version lacks too far behind
2) A bit of hassle regarding the installation of the extensions. You can't install extensions directly from Chrome Play Store. You'll need to extract the crx file for each extension and there's no auto update for the extensions. You'll also need to monitor and update manually with new extracted crx files
Ungoggled Chromium
Last edited:
- May 4, 2018
- 2,261
Updated FF Quantum 20/06/2018.
Removed: Poper Blocker
Added: minerBlock, TrackMeNot, Malwarebytes & BehindTheOverlay.
Thank you again, @HarborFront
~LDogg
Removed: Poper Blocker
Added: minerBlock, TrackMeNot, Malwarebytes & BehindTheOverlay.
Thank you again, @HarborFront
~LDogg
this extension is totally unneeded because you already have malwarebytes and ublock origin
ublock, make sure you enable: uBlock filters – Resource abuse & EasyPrivacy
if you do so, ublock can block much much more cryptominers than any any extension combined. Trust me
those extensions copy and paste each others and they are useless against new miners
optional, you can replace Easylist by English filter (by adguard), which also some extra cyrptominer protection
Last edited:
Similar threads
