FOSS, privacy

Own your browsing with Firefox Quantum

In this blog we focus on controlling our software. We believe that we need to be in control of the actions that our computers,  phones and gadgets perform at all times. It needs to be the user the one to allow software to run, the one that needs to have a saying in how it will run, and definitely the first one to know what is running on the system and why.

I wanted to write this post because Firefox 57 has finally arrived! This historic release is a great leap forward for us Free Software lovers, because we need the existence of a strong browser whose development is not directly dictated by corporate agendas to keep an open and free internet.

After a long time carrying a lot of extra weight in the form of legacy code, antiquated architecture and the need for backwards compatibility for the old XUL addon system, Mozilla has been able to do no less than create an awesome languaje with concurrency in mind that is safe by default, completely rebuild their architecture and come back in the game.

The price has been high: compatibility with old addons has been dropped.

It has been painful to say goodbye to many of them, but after seeing the results we can only conclude that it was a good move. To my surprise there were Web Extensions replacements for most of my addons, with a really painful exception, so it will be exciting to see how fast firefox is going to continue improving now that it carries less weight and has the right tools for the job.

With this change, I had to revisit my staple tools for daily browsing, so let’s see how we can control our browsing in the new Quantum era.

Whitelist control

What do we mean by controlling our software? Whenever we open websites, many things happen that we don’t have a say on:

  • Pieces of information called cookies are stored in our computer. These can keep track of our usage of the website and are available for the website to be retrieved at a later time. There are different kinds of cookies, and while some are necessary for example to log into a web, others just collect information about our patterns.
  • Websites are able to load javascript code without our consent. Good webs use it to provide things such as menus and dynamic content, but some webs are particularly obnoxious with ads, popups, animations or other forms of uninvited distraction, not to mention malicious code.

I believe that the best way of dealing with this situation is to block everything by default, and only manually allow specific parts of the websites that are needed to work.

This is a bit involved at first, because initially nothing will work until we polish our ruleset, but in the end we only regularly visit a bunch of complex websites, and we can always temporarily accept all when we want to see a website.

Also, we achieve faster browsing in the process, because many sites and most advertisement is quite heavy on resources.

Traditionally, I have been using three addons for this:

NoScript came a few days late to the party, so I decided to try uMatrix, and see what all the fuss is about. I am really impressed and I highly recommend it, because it does the job of my three old addons quite nicely, and the information is presented on a more clear way, once you grasp how the matrix works.

The key is to understand that the lower half of each cell denies permissions and the upper half grants them. You can configure the matrix for all sites ( represented with * ), and hierachically for particular domains and subdomains. Just forbid everything at the highest level and start whitelisting from there.

It also allows you to “accept all” easily when we don’t want to spend time configuring things, and deletes temporarily accepted cookies afterwards.

Additionally, it provides some other nice privacy features, and it brings blacklists for advertising and privacy unfriendly sites. You can even export and import your configuration. Great addon!

Advanced control

Taking the concept of user control a step further, here are some other cool tools to show the web who is in control here.

We can control how things look with Stylus. This addon allows us to modify the CSS styles of the websites we visit, which is really nice. You don’t like that annoying banner? hide it. You don’t like that side bar, or it’s too big? change it. You are into purple? change every corner of your favourite websites.

You don’t need to spend hours and hours doing this, because you can share browse what others have to offer.

I mainly use it to remove distractions, even though Reader View has rendered many of my old styles unnecessary.

Finally, the mother of all geekiness is to change the behaviour of the websites themselves by adding javascript code to them. The addon that will allow you to do this is ViolentMonkey. You can also explore what other geeks have to offer.

Privacy

While uMatrix will already make browsing more private for you, here are other suggestions

Use HTTPS everywhere. With this addon your sessions will default to encrypted HTTPS where possible.

For those cookies that you decide to accept, you can use Firefox Containers to avoid agregation of data that can be collected by a third party. For example, you could use one container for online shopping, and another one for social media and thus prevent some filter bubble and targeted advertising.

Where possible, I also recommend to use  Tor for enhanced anonymity. This will make it harder for our ISPs and others to collect information about what sites we visit or how we use internet, at the cost of some browsing speed. For this, the addon FoxyProxy can help make it easy to switch Tor browsing, or even do so selectively.

Keep in mind that browser fingerprinting can still make it easy for end sites to detect you, so for a more complete anonymity it is recommended to use the Tor Browser.

The only problem is that it is based on Firefox ESR, so it won’t be available in the Quantum architecture for a while.


As a final note, I would like to encourage everybody to pitch in and donate a few bucks to Mozilla, because it is a monumental project and it requires resources to be in good shape.

References

uMatrix guide

Author: nachoparker

Humbly sharing things that I find useful
[ github dockerhub ]

Leave a Reply

Your email address will not be published. Required fields are marked *