Over the years, the list of browser plugins worth talking about has shifted around.

A year ago, it was Adblock (Plus) and Noscript. Currently, its https-everywhere, Privacy Badger, Self-destructing cookies, and uBlock Origin (all of which are easily found in the “Get Add-ons” section of “Add-ons” in the Tools menu). The big question is, what convenience do I have to give up for this increased security or privacy? Are we better off?

First, lets have a quick overview of what each plugin does. Then we’ll get back to answering the question of what (if anything) we have to give up, and are we better off.

Quick screenshot of what the list of Firefox plugins looks like:

Https-everywhere

Created by the EFF. Https-everywhere1 is a browser plugin that tries to connect to every website with HTTPS. If it works, remember it so we don’t need to test it next time. If it doesn’t work, fall back to unencrypted HTTP. It also includes the SSL Observatory. The SSL Observatory checks, and validates certificates, as well as submits them (to the EFF). This can provide information such as if somebody were to offer an SSL cert they shouldn’t (an easy example is if you connect to a proxy and they have a “valid” cert for Google, but the proxy isn’t affiliated with Google.

Screenshot showing where to enable/disable/set defaults, and access the settings for the SSL Observatory.

Screenshot showing the settings for the SSL Observatory. I don’t bother with self-signed certs, or certs for non-public names (for example, if I help a small business setup an internal domain of .work and setup certs for that domain).

Privacy Badger

Also created by the EFF. Privacy Badger2 is a browser plugin that blocks advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser.

There are some specifics on what a company can do so that Privacy Badger will “get out of the way”. It essentially comes down to 3 things:

  1. Honor the DNT (Do Not Track) settings in a browser.
  2. Provide a DNT policy on your website
  3. Abide by your policy.

There are specifics, things are well documented, and you can read more about it on the EFF’s website.

Granular per-site configuration

Whitelisted domains

Miscellaneous other settings

Self-destructing Cookies

Self-destructing cookies[^Self-destructing cookies] is a new way of doing cookie policy. By default, it removes a site’s cookies and LocalStorage as soon as you close its window(s) or tab(s). This protects against trackers and zombie-cookies. If there are either sites you trust, or sites that need to maintain some persistence across closing and reopening of the browser, you can whitelist sites. In general, I’ve not found this to be terribly obnoxious, because I can trivially login using a password manager.

Quick per-site settings, and easy access to temporary suspension and undelete

Customizing (global) settings, whitelist, and statistics

uBlock Origin

uBlock Origin3 is an effective, efficient, and lightweight content blocker. In general, it works the same as any other content blocker. It looks for 3rd party sites content that a page is trying to pull in and stops those connections. It offers a fairly extensive list of filters or lists that you can choose among. There is also a super convenient on/off button that applies to sites (yes, you can disable the plugin, just like any other plugin in Firefox). I really like that the off switch only applies to the site I’m browsing. It makes it very straight forward to use.

Illustrated overview of its efficiency

Power button, enable/disable per site

Power button, plus granularity of what to enable/disable per site

Global settings

Choosing which 3rd party filters to enable (or disable)

Custom filters (I haven’t had a need to dig into this yet)

My rules (I haven’t needed this one yet either)

Whitelist (I’ve added a couple sites here, but not many)

Convienience or “what have I given up?”

What’s changed in how I browse? So far, I haven’t had to do anything with either https-everywhere, or Self-destructing cookies. They haven’t gotten in the way for any site I’ve visited. Privacy Badger and uBlock Origin are a different story. Most of the time, they don’t get in the way, but sometimes (for example), images from a 3rd party may not load because of Privacy Badger. Some sites now request that you disable your adblocker in order to view the content on the site. You have the choice of going elsewhere, or disabling the adblocker. I don’t want to get into a discussion about whether adblocking is good/bad/other, that’s a discussion that probably should be had over an adult beverage. uBlock makes this easy because you disable it and by default, the choice only applies to the site you’re on. There have been a few (very) rare times when I have had to disable both Privacy Badger and uBlock. In general, I spend far less time working with the browser to display the content I want, and more time consuming content, and then moving on. I like this solution much better.


  1. https://www.eff.org/https-everywhere ↩︎

  2. https://www.eff.org/privacybadger ↩︎

  3. https://github.com/gorhill/uBlock ↩︎