mikaela.github.io/pages/browser-extensions.markdown

16 KiB
Raw Blame History

https://addons.mozilla.org/firefox/addon/text-link/ - doubleclick plaintext link to use

Firefox containers

Name Link Source Comment
Facebook Container Firefox Add-ons TBD nice when clicking Facebook links even while not being a Facebook user
Google Container Firefox Add-ons TBD
Firefox Multi Account Containers Firefox Add-ons TBD

Others:

Firefox language packs

Passwords

Name Firefox Chromium Source
Bitwarden Firefox Add-ons Chrome Web Store TBD

Privacy

Tor

Productivity

Misc

Usability

Videos

Firefox Dictionaries

TODO: Sort this list.


Firefox about:config

  • layout.css.devPixelsPerPx to 1.25 or 2.0 on macOS Retina to increase font size.
    • Warning: very likely increases fingerprintability
  • privacy.firstparty.isolate to true for preventing domains from accessing each others data.
    • If something breaks, its most likely related to this. I am yet to test if this Surprisingly it doesnt breaks Finnish strong electric authentication.
  • privacy.resistFingerprinting = true multiple effects to make your browser appear less unique, the ones I have found/understood:
  • privacy.trackingprotection.cryptomining.enabled = true so cryptomining on some websites gets blocked and wont waste resources.
  • privacy.trackingprotection.fingerprinting.enabled = true I am not entirely sure what this does, but as I already recommend privacy.resistFingerprinting, why not?
  • intl.accept_languages to en-US, en
    • see above.
  • extensions.pocket.enabled to false so the Pocket integration goes away
  • On Linux widget.content.gtk-theme-override (a string that has to be created by user) to Adwaita:light so text boxes in dark themes become readable, thank you Dovydas Venckus
  • image.animation_mode to once in order to have gifs play once and then stop everywhere (none to never have them play).
  • geo.wifi.uri to https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY% in order to send nearby WiFi networks to Mozilla instead of Google. See also MLS Software.
  • network.IDN_show_punycode to true in order to see punycode instead of UTF-8 in case of spoofing attempt
  • ui.systemUsesDarkTheme missing context
  • extensions.webextensions.restrictedDomains - protected domains where extensions arent allowed
  • network.security.esni.enabled to true in order to enable encrypted SNI.
    • Requires DoH, see the next section!

Future note: network.dns.blockDotOnion;false ?

DNS over HTTPS

  • network.trr.bootstrapAddress DNS server to use for resolving the DoH name, e.g. 149.112.112.112 (Resolver 2 of Quad9)
  • network.trr.mode depends, 2 to prefer DoH, but fallback to system resolver (or 3 to enforce DoH without fallback). If there is system encrypted DNS, just take 5 to at least benefit from the system DNS cache.
    • DoH is required by Firefox ESNI support which encrypts SNI which would still leak which sites you visit. Another bug about ESNI + Android DoT
    • I have ended up to recommending 2 as otherwise the DoH server going down stops DNS from working on your Firefox entirely, which may be more of a problem than unencrypted SNI as not everyone supports it.
      • since then I have decided that 5 is the best option, because otherwise it goes past my Unbound setup. I hope Mozilla/Firefox will fix the two bugs linked above, so I dont have to choose between DNS under my control vs encrypted SNI.
  • network.trr.early-AAAA true to hopefully prefer IPv6
  • network.trr.uri for the actual resolver address, e.g. https://dns.quad9.net/dns-query or https://149.112.112.112/dns-query (removes the need for network.trr.bootstrapAddress and allows ǹetwork.trr.mode3`?) or check privacytools.io DNS section

Some notes: * You can confirm TRR working by visiting about:networking#dns where you should be seeing DNS cache of Firefox and a lot of TRR: true. * Quad9 became my preferred resolver through anxiety about other options being small (and possibly more likely to go down) or commercial while Quad9 is non-profit organization and 2019-03-20 apparently the default fallback resolver of dnscrypt-proxy (at least in Debian). * Quad9 while having filtering of malicious domains should be easy to figure out as the problem if something doesnt work on my computers as due to the previously mentioned bug I am mainly using it on Firefox. * While investingating how Android 9 Private DNS works, I also wrote a DNS provider comparsion here

SSDs

This information is from Arch Wiki on Firefox tweaks

  • browser.cache.disk.enable to false to only cache to RAM.
  • (browser.cache.memory.enable to true which should be default)
  • browser.sessionstore.interval to 600000 in order to only store open session every ten minutes (instead of 15 seconds) in case of crashes.
    • alternatively browser.sessionstore.resume_from_crash to false to not store the session data for crash recovery at all. I think this may be the more healthy option with all the information flood and dozens of tabs.

Why?

Every object loaded (html page, jpeg image, css stylesheet, gif banner) is saved in the Firefox cache for future use without the need to download it again. It is estimated that only a fraction of these objects will be reused, usually about 30%. This because of very short object expiration time, updates or simply user behavior (loading new pages instead of returning to the ones already visited). The Firefox cache is divided into memory and disk cache and the latter results in frequent disk writes: newly loaded objects are written to memory and older objects are removed.

Firefox stores the current session status (opened urls, cookies, history and form data) to the disk on a regular basis. It is used to recover a previous session in case of crash. The default setting is to save the session every 15 seconds, resulting in frequent disk access.

and this is the reason why Firefox is at times accused of killing SSDs.


Changelog: GitHub.com commits | gitea.blesmrt.net commits