this post was submitted on 01 Apr 2024
113 points (89.5% liked)

Privacy

31872 readers
620 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I believe that the only two privacy extensions you really need to meet 90% of your privacy goals are uBlock origin + NoScript

uBlock origin is effective because it stops the injection of ads which might contain and inject code. NoScript forces you to look at which scripts you really need for the website to function. Say you visit a trusted site, like your lemmy instance, then you can enable running of javascript by default the next time you visit the site. You'll be surprised how functional some sites are even without javascript. I did not like the idea of browsers having Javascript: it's remote code execution and if there's anything malicious in there and your browser is not patched against it you're fucked. This way yeah it'll be annoying when you first visit a site but it remembers your settings for the next time you visit.

all 45 comments
sorted by: hot top controversial new old
[–] ExtremeDullard@lemmy.sdf.org 101 points 7 months ago (2 children)

You don't need Noscript anymore uBlock Origin handles everything Noscript handles and much more, and it affords more granular control.

[–] Undertaker@feddit.de 12 points 7 months ago* (last edited 7 months ago)

uBlocks handling is very bad. NoScript was superior. Especially I could only block partial JS after it was loaded in uBlock.

[–] the_post_of_tom_joad@sh.itjust.works 3 points 7 months ago (1 children)

I still use noscript and ublock. How is ublock "everything and more" than noscript? i would love to be corrected by you but far as i know they are very different programs, each with their place

[–] Tenkard@lemmy.ml 9 points 7 months ago (1 children)

Put ublock in advanced mode https://github.com/gorhill/uBlock/wiki/Advanced-user-features and test if it's enough for you. I use it this way and I'm pretty happy with it

Thanks, that does unlock new options!

[–] lemmyreader@lemmy.ml 43 points 7 months ago (3 children)

With uBlock Origin you can go Easy Medium and Hard mode https://github.com/gorhill/uBlock/wiki/Blocking-mode and also set your blocking preferences per site.

[–] something_random_tho@lemmy.world 11 points 7 months ago (1 children)

I've used uBlock Origin for years and never knew about this. Just enabled it. Thanks!

[–] bbigras@sh.itjust.works 7 points 7 months ago

Note that medium mode is a good compromise and is a lot less painful than hard mode.

[–] aldalire@lemmy.dbzer0.com 9 points 7 months ago

Huh. I stand corrected. You only ever do need uBlock. Thanks

[–] Tramort@programming.dev 2 points 7 months ago

This deserves its own post.

[–] DreadPotato@sopuli.xyz 32 points 7 months ago (2 children)

It's crazy just how much of a PITA it is to use the internet when using NoScript

[–] LWD@lemm.ee 22 points 7 months ago (1 children)

Using Noscript eventually causes me to give up using Noscript, which is probably the one thing I was supposed to avoid...

[–] DreadPotato@sopuli.xyz 16 points 7 months ago (1 children)

This was my experience as well, it was just way too inconvenient... Which is the crazy part, because it really shouldn't be.

[–] LWD@lemm.ee 9 points 7 months ago

That's why uBlock Origin is such a blessing: so many people have already contributed to figuring out what to block on so many websites.

[–] magikmw@lemm.ee 6 points 7 months ago (1 children)

Eh you can go with a blacklist approach and try to selectively block tracking instead of whitelisting everything until a site works.

[–] Patches@sh.itjust.works 2 points 7 months ago

But the worst scripts don't even have UI for you to see.

[–] Ebby@lemmy.ssba.com 27 points 7 months ago (2 children)

I use both, but a big complaint of noscript is the inability to tell what scripts were blocked. I end up unblocking ***CDN.com or ***static.com and if that doesn't work, check each until it does. Sort of defeats the purpose.

I installed it on my parents computers and trying to teach them how to get necessary function working again is beyond them.

I have instead installed privacy badger since I read it also blocks scripts.

[–] bravesilvernest@lemmy.ml 10 points 7 months ago (1 children)

Privacy badger combo'd with ublock has been my go-to for years ❤️

[–] ivn@jlai.lu 6 points 7 months ago (1 children)

Privacy Badger is pretty useless now.

[–] wagoner@infosec.pub 1 points 7 months ago (1 children)

Why do you keep saying this?

[–] ivn@jlai.lu 8 points 7 months ago (2 children)

You're right, I should have explained.

Privacy Badger was known to be able to learn what to block but local learning could be used to fingerprint you so it was removed. Nowadays it's only a list based blocker, while the list is still automatically generated on their side through learning it mostly overlap with regular tracking protection list used with uBlock Origin.

They also claim other features but they are either outdated (google outgoing link protection last update is 9 months old and is based on the old url schema) or already covered by uBlock Origin (uBlock Origin can now sanitize urls with the removeparam filter, facebook outgoing link protection is included in the "AdGuard URL Tracking Protection" filter list, for third party widget blocking enable the "EasyList – Social Widgets" list).

It's also in Arkenfox "Don't bother" extension list.

Better use Firefox in strict mode with uBlock Origin.

[–] wagoner@infosec.pub 3 points 7 months ago

Good and actionable info thanks

[–] Black_Gulaman@lemmy.dbzer0.com 2 points 7 months ago

Thank you for this.

[–] aldalire@lemmy.dbzer0.com 1 points 7 months ago

Oh this is really cool

[–] Quacksalber@sh.itjust.works 20 points 7 months ago

I much prefer uMatrix over NoScript, it is way more intuitive. And even though uMatrix is no longer updated, it still works better than NoScript for me. My Firefox Android has gotten soft-locked by NoScript in regular intervals. Since they enabled uMatrix for Firefox Android again, I have had no such issues.

[–] delirious_owl@discuss.online 12 points 7 months ago (4 children)

You can still be tracked with that.

I wouldn't run without Chameleon set to change my borwaser properties every 60 seconds, which makes tracking fingerprinting useless.

[–] PoorPocketsMcNewHold@lemmy.ml 7 points 7 months ago

Actually, tracking the extremely unique individual with sometime, nonsensical features is making you hyper-easy to track on websites. Maybe it could be useful per browsing sessions, but every 60 seconds in non-sensical, a compatibility nightmare and defeat even the deception method of faking your browser features.

[–] ivn@jlai.lu 4 points 7 months ago

In session sanitising seems pretty useless.

[–] MigratingtoLemmy@lemmy.world 1 points 7 months ago (1 children)

I need to learn Chameleon well, I tried it once but it seemed complicated so I gave up

[–] delirious_owl@discuss.online 1 points 7 months ago (1 children)

What's hard? After install the only thing I change is the drop down to 60 seconds.

[–] MigratingtoLemmy@lemmy.world 1 points 7 months ago

Did I mistake it for a different app? I use Librewolf with letterboxing, is using Chameleon more secure?

[–] Xer0@lemmy.ml 0 points 7 months ago

Sounds dumb.

[–] schwim@lemm.ee 12 points 7 months ago (1 children)
[–] n3m37h@lemmy.dbzer0.com 2 points 7 months ago (1 children)

NoScript is awesome, just learn to use it properly

[–] Patches@sh.itjust.works 10 points 7 months ago

Just spend hours pouring over JavaScript for every single website you ever visit. It absolutely won't consume you, or leave you constantly frustrated with broken websites

[–] Gargari@lemmy.ml 7 points 7 months ago

You don't need NoScript, unlock can do that too

[–] possiblylinux127@lemmy.zip 3 points 7 months ago (2 children)

Maybe shelterJS and Privacy badger

[–] ivn@jlai.lu 3 points 7 months ago

Privacy Badger is pretty useless now.

[–] bbigras@sh.itjust.works 2 points 7 months ago

Does shelterjs have a big impact on performance?

[–] sharkfucker420@lemmy.ml 0 points 7 months ago* (last edited 7 months ago) (2 children)

~~Adnauseum is also very good, its based on ublock but instead of just blocking ads it will also randomly "click" them to add noise to advertiser data~~

[–] SendMePhotos@lemmy.world 1 points 7 months ago (1 children)

I tried it but it didn't seem effective.

[–] PoorPocketsMcNewHold@lemmy.ml 2 points 7 months ago* (last edited 7 months ago)

It is as effective as uBlock with the same settings. The ad-deception "auto-clicking" method shouldn't and doesn't have any results to the end-user as it should just confuse the ads companies themselves. Still looking forward to potential documentation on how effective it may or may not be nowadays.

[–] ivn@jlai.lu 1 points 7 months ago (1 children)

Click fraud is a big thing with a lot of countermeasures, it's not as easy as adnauseum pretends it is. I doubt it does anything.

[–] sharkfucker420@lemmy.ml 2 points 7 months ago* (last edited 7 months ago)

Word? I wasnt aware of this, guess i will switch back to ublock