Advice Request What Browser Extensions are you using in 2020?

[blacksheep]

Just trying to update my own list and see, if there something new worth installing. Let's go.

1. uBlock Origin
2. PrivacyBadger
3. BitWarden
4. I don't care about cookies
5. Firefox containers

 

[Arequire]

Suggested reading for anyone debating whether to use HTTPS Everywhere or not:

How HTTPS Everywhere Keeps Protecting Users On An Increasingly Encrypted Web

Way back in 2010, we launched our popular browser extension HTTPS Everywhere as part of our effort to encrypt the web. At the time, the need for HTTPS Everywhere to protect browsing sessions was as obvious as the threats were ever-present. The threats may not be as clear now, but HTTPS...

www.eff.org

 

[oldschool]

Always trust @Arequire to do the research!

 

[DSD27]

And if you use DNS over https? Is it related?

 

[oldschool]

And if you use DNS over https? Is it related?

I don't think so.

 

[S M G]

Firefox 76 will get HTTPS-only mode

Firefox 76 gets optional HTTPS-only mode - gHacks Tech News

Mozilla plans to introduce an optional HTTPS-only mode in Firefox 76 which only allows connections to HTTPS sites.

www.ghacks.net

 

[Lenny_Fox]

I read the article and can someone explain how a redirect on the same server from HTTP to HTTPS gives hackers plenty of time to do their evil?

HTTPS everywhere is as usefull as anti conception for a 60 year old woman.

As with pregnant 60 year olds, it does happen from time to time. But the chance you winning the lottery IS WAY HIGHER THAN making a 60 year old pregnant again.

In short: HTTPS EVERYWHERE? Nah not for me, but feel free to check your chances with the next 60 year old you encounter.

 

[Arequire]

can someone explain how a redirect on the same server from HTTP to HTTPS gives hackers plenty of time to do their evil?

1. Does an MITM on the HTTP connection
2. Replaces all the HTTPS links with HTTP ones but remembers the links which were changed
3. Communicates with the victim client on an HTTP connection for any secure link
4. Communicates with the legitimate server over HTTPS for the same secure link
5. Communication is transparently proxied between the victim client and the legitimate server
6. Images such as the favicon are replaced by images of the familiar "secure lock" icon, to build trust
7. As the MITM is taking places all passwords, credentials etc are stolen without the Client knowing

Not sure if this is the explanation you wanted or not. I believe this would require the attacker to compromise your machine/router or the server you connect to.
I don't know how prevalent this attack is or the percentage of servers vulnerable to it nowadays, but back in 2016 only 5% of HTTPS servers implemented HSTS. With that said, 5% still means tens to hundreds of thousands of websites have implemented it.

 

[Handsome Recluse]

I read the article and can someone explain how a redirect on the same server from HTTP to HTTPS gives hackers plenty of time to do their evil?

HTTPS everywhere is as usefull as anti conception for a 60 year old woman.

As with pregnant 60 year olds, it does happen from time to time. But the chance you winning the lottery IS WAY HIGHER THAN making a 60 year old pregnant again.

In short: HTTPS EVERYWHERE? Nah not for me, but feel free to check your chances with the next 60 year old you encounter.

Tor browser uses it which have users of some high risk people. It must be useful.

 

[Lenny_Fox]

@Arequire

The first step is the 60 year old successful inception. Considering it is a redirect on the same server (from HTTP to HTTPS)

1. Does an MITM on the HTTP connection

@Handsome Recluse

Every additional security helps. But when the magic "Does an MITM on the HTTP connection" is that easy, HSTS still keeps that window open, see explanation (link), only difference is that the browser remembers it for the time (max-age) set in the header time, which closes down the window of opportunity from each time the address is typed in the adddres bar to once.

To be honest a MITB (man in the browser) attack would be easier, just develop an extension and update it to go bad. People love to stack extensions to protect themselves against all sorts of unlikely events (like playing soccer in knight's armor)

 

[SeriousHoax]

like playing soccer in knight's armor

Don't call it soccer It's football

 

[Handsome Recluse]

Emsisoft - I don't care about cookies - No, thanks - IMHO the less extensions the better, or you are heading to overkill as you can with AV program of sorts.

Much less and much less intrusively than a local program however.

Don't call it soccer It's football

It's putball.

People love to stack extensions to protect themselves against all sorts of unlikely events (like playing soccer in knight's armor)

The stores would quickly remove that though and they'd have to regain followers.

 

[ForgottenSeer 85179]

Is Https Everywhere still worth it?

No. You can easily block http sites in edge

 

[ForgottenSeer 85179]

And if you use DNS over https? Is it related?

This doesn't matter. Two different shoes

 

[DSD27]

No. You can easily block http sites in edge

How?

 

[DDE_Server]

No. You can easily block http sites in edge

What about blocking port 80 firewall will block all http connection of the browser if browser is support using port 443 (https protocol )I think it will be blocked without any problems while access to https still provided what do you think??

 

[ForgottenSeer 85179]

Suggested reading for anyone debating whether to use HTTPS Everywhere or not:

How HTTPS Everywhere Keeps Protecting Users On An Increasingly Encrypted Web

Way back in 2010, we launched our popular browser extension HTTPS Everywhere as part of our effort to encrypt the web. At the time, the need for HTTPS Everywhere to protect browsing sessions was as obvious as the threats were ever-present. The threats may not be as clear now, but HTTPS...

www.eff.org

HTTPS everywhere is from EFF. Of course they make it better then it is nowadays

Tor browser uses it which have users of some high risk people. It must be useful.

Tor browser not even use nor had a Adblocker. Also they can't protect you against fingerprinting.

How?

You can read about that in edge and AdGuard thread can't post it here from mobile

What about blocking port 80 firewall will block all http connection of the browser if browser is support using port 443 (https protocol )I think it will be blocked without any problems while access to https still provided what do you think??

Should work but I guess it can make some trouble.
you can't then make easy exceptions at browser level for sites which still not use https

 

[DDE_Server]

You can read about that in edge and AdGuard thread can't post it here from mobile
Should work but I guess it can make some trouble.
you can't then make easy exceptions at browser level for sites which still not use https

if you donot want to use HTTP then why you want to make exception

also i see adguard desktop there is option for for HTTPs filtering but not HTTP may i will search again for that
or you mean using adguard DNS that is another method
i trust HTTPs for encypted connection filtering but may be add some exclusions

 

[SeriousHoax]

i see adguard desktop there is option for for HTTPs filtering but not HTTP

This means Adguard will MITM the encrypted HTTPS connection between the server and your browser. It needs to do this for it to block ads properly. Some AV like Kaspersky, ESET, Bitdefender does this too by default to scan webpages.
HTTP is not encrypted so it doesn't require such method.

 

[Cortex]

I have few extensions but I do use AdGuard for desk with additions & anti-tracking on IVPN which gives somewhat unknown anti-tracking I must say, contacting support wasn't very helpful regarding what is & isn't tracked, (support should be in secret service) though it does block Spotify & upsets Office 365 (good) Having no need for MS Office moved again to Softmaker so what O&O blocks is now irrelevant.

 

[ForgottenSeer 85179]

View attachment 238807
also i see adguard desktop there is option for for HTTPs filtering
i trust HTTPs for encypted connection filtering but may be add some exclusions

Don't use https filtering. This break all your https security and integrity!