I generally donât like to have too many browser add-ons enabled at a time, because they can get slow. However, add-ons for improving web privacy and security should be essential.
There are many aspects of web security that can be addressed with add-ons: malware, intrusive ads, trackers, untrustworthy websites. In this blog post Iâm going to discuss my favorite tools for dealing with these issues.
Note that while I use and recommend Firefox (Mozilla advocates for privacy and does great work on web technologies), all the add-ons mentioned here are available for other browsers as well.
DuckDuckGo
Supported by: All major browsers (and some minor ones)
DuckDuckGo is an alternative search engine with a focus on privacy: it doesnât store your search history or use trackers (obviously, the latter is less important if youâre using some kind of script blocker, but itâs the principle that counts, right?)
DuckDuckGo is not as effective as Google, but unless youâre searching for something obscure itâs usually just fine. If youâre having troubling finding what youâre looking for, append !g to the end of the search query and it will search with Google instead.
This add-on makes DuckDuckGo the default search engine in Firefox, so any searches you make via the address bar or search bar will go through DuckDuckGo instead of Google. Instructions for achieving the same result in other browsers can be found here.
WOT (web of trust)
Supported by: All major browsers
WOT is a unique add-on designed to show you at a glance whether a link is safe to visit, and itâs perfect for exploring obscure corners of the internet via a search engine.
Itâs based on community ratings of websites, and provides two metrics: âtrustworthinessâ and âchild safetyâ (the latter is pretty much the same as âsafe for workâ).
As stated by the WOT website, this add-on doesnât just warn you about malicious sites, but also provides ratings based on âthreats that only humans can spotâ including âbad online shopping experiencesâ. How cool is that!
When you install WOT, a colored circle appears next to every link in search results. A green circle means a safe/trusted website, orange means a website of dubious reputation, red means positively terrible, and grey means there havenât been enough ratings to make a judgement.
The great thing is anyone can contribute ratings without needing to sign up for anything: if a website you know well has a grey circle, go contribute!
Adblock Plus
Supported by: All major browsers
This add-on hides most advertisements on the web, and is almost guaranteed to make your browsing experience more relaxing. It has simple, self-explanatory settings and is easy to use without any special configuration.
These days, many sites that rely heavily on advertising will detect the existence of an adblocker and refuse to show you any content until you disable it. Fortunately, Adblock Plus can easily be disabled on a site-by-site basis, so itâs definitely still worth using.
uMatrix
Supported by: Firefox, Chrome, Opera
uMatrix is not for the faint-hearted. If you know what youâre doing, it could eliminate the need for any other security add-ons, but finding the right settings to do so would be time-consuming.
uMatrix allows you to individually block or allow every single request made by a website. You can block/allow particular kinds of content, particular kinds of content from particular domains, all content from particular domainsâŠthe possibilities are endless, intimidating, and need a lot of tweaking if you want anything to work.
But for the paranoid, nothing else will do.
As suggested by its name, the uMatrix interface is a grid. The columns represent different kinds of content (css, images, scripts). The rows represent domains from which content originates (like google.com and various subdomains). It would take far too long to explain its usage here, but in spite of this complexity the uMatrix interface is actually quite intuitive.
However, it can be hard to know where to start, so here are some suggested default settings:
- Allow all CSS and Images (by default, some of these requests may still be blocked by uMatrixâs built-in anti-malware blacklist, which is a good thing)
- Block all cookies, XHR (AJAX) and âotherâ request types
- Allow only 1st-party media, scripts and frames (requests originating from the same domain)
If you find that these settings are causing certain sites to misbehave, you can make uMatrix less restrictive for those specific sites. You can also disable it entirely with the click of a button.
I may write an in-depth blog post on how to use the basic features of uMatrix in the future, because itâs really worth learning about. In the meantime, you can refer to this documentation.
Firefox multi-account containers
Supported by: Firefox
Unfortunately this add-on is, at present, only a feature of Firefox. But itâs such an awesome feature! While thereâs a little bit of a learning curve, if youâre security conscious, need to manage multiple accounts on social media sites, and/or love to keep things very organised (i.e. putting things in boxes), multi-account containers are a dream come true.
From a security perspective, this add-on allows you to sandbox cookies for different types of browsing activity, like banking and watching Youtube videos. This theoretically makes it harder for sites to âspyâ on each other and could prevent some web-based attacks like cross-site request forgery and cookie theft.
From a usability perspective, the most obvious advantage this add-on provides is enabling you to be logged in to, say, several different Twitter accounts in the same browser. (For the paranoid: it also lets you work around Googleâs native multiple account management, since you can separately log in to each of your accounts without them being linked in Googleâs account management page.)
Hereâs an overview of how all these add-ons fit together during my daily internet usage.
Searching the web with DuckDuckGo, Iâm free from that disturbing, Googley sensation of being followed. Browsing the search results, I can make an informed decision about which ones to click thanks to the WOT rating, and if a website turns out to be bad after all, uMatrix will block any trackers or malicious scripts. Itâs often necessary to partially or completely disable uMatrix in order for some sites to work, but Firefoxâs multi-account containers provide peace of mind by separating the data for different areas of my browsing activity. Meanwhile, this whole time Iâve seen only peaceful whitespace in place of ads (this is Adblock Plusâs doing, although depending on the website and the configuration, uMatrix can have the same effect).