[arch-general] opinion request about Firefox add-ons
Hi. Firefox 44.0 does not seem to allow installing the firefox-adblock-plus addon package from the Arch community repository. Instead, Firefox states that it only allows addons "signed" by Mozilla to be installed. That seems to exclude the package mentioned. I could install the adblock-plus addon version available from Mozilla, directly through Firefox. But is this okay, or a bad idea, or is there a better idea? Any opinions?
On Sun, 2016-01-31 at 11:45 -0500, Francis Gerund wrote:
is there a better idea? Any opinions?
uBlock Origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
On 01/31/2016 11:52 AM, Jonathan Roemer wrote:
On Sun, 2016-01-31 at 11:45 -0500, Francis Gerund wrote:
is there a better idea? Any opinions?
uBlock Origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
Way to go on not answering the question in any way, shape, or form... -- Eli Schwartz
On Mon, Feb 01, 2016 at 01:52:03AM -0500, Eli Schwartz wrote:
Way to go on not answering the question in any way, shape, or form...
uBlock Origin is a less resource intensive, more thorough solution than Adblock Plus. The relevant performance statistics are below. https://github.com/gorhill/uBlock#performance https://github.com/gorhill/uBlock/wiki/uBlock-vs.-ABP:-efficiency-compared Additionally, it contains none of the "acceptable ads" whitelisting that Adblock Plus has added, and provides more privacy-protecting features, if those are important. As the user's current Adblock Plus solution is broken, and they specifically asked for other opinions or options, I figured I would offer them an objectively better adblocking experience within Firefox. Both a release and developer version of uBlock Origin are signed and available on the Firefox addons site.
Mon, 1 Feb 2016 09:46:33 -0500 Jonathan Roemer <jon@roemersoftworks.com>:
On Mon, Feb 01, 2016 at 01:52:03AM -0500, Eli Schwartz wrote:
Way to go on not answering the question in any way, shape, or form...
uBlock Origin [blurp]
Again, this thread is not a discussion about add-ons, but what to do about Mozilla's new policy of enforcing signing and how it affects seperately packaged add-ons. I won't collect all the relevant links again. --byte
On 02/01/2016 09:46 AM, Jonathan Roemer wrote:
On Mon, Feb 01, 2016 at 01:52:03AM -0500, Eli Schwartz wrote:
Way to go on not answering the question in any way, shape, or form...
uBlock Origin [random screed follows]
As the user's current Adblock Plus solution is broken, and they specifically asked for other opinions or options, I figured I would offer them an objectively better adblocking experience within Firefox. Both a release and developer version of uBlock Origin are signed and available on the Firefox addons site.
So I guess you really didn't read the user's post after all. Or you would have noticed the part where he explicitly stated that Adblock Plus works fine. In fact, Adblock Plus too has both Release and Developer versions signed and available on the Firefox addons site. What the user was talking about, is the firefox-adblock-plus package from the Arch Linux community repos. Which doesn't work, on account of not being from the Firefox addons site and thus not being signed. A problem which is already reported on the Arch Linux bugtracker (with a fix). Thus answering the user's question of "should I use the Arch Linux package or simply install Adblock Plus from the Firefox addons website". Thank you for your recommendation to install the firefox-ublock-origin package as a replacement (or interim solution), unfortunately, I ran into some trouble doing so, as there is no such thing... -- Eli Schwartz
Am 2016-01-31 um 17:45 schrieb Francis Gerund:
Hi.
Firefox 44.0 does not seem to allow installing the firefox-adblock-plus addon package from the Arch community repository. Instead, Firefox states that it only allows addons "signed" by Mozilla to be installed. That seems to exclude the package mentioned.
I could install the adblock-plus addon version available from Mozilla, directly through Firefox. But is this okay, or a bad idea, or is there a better idea?
Any opinions?
Well, I would personally also like to see the most used as well as some security relevant Firefox addons to be packaged including AdBlock Plus, the Extended DNSSEC Validator, a good http2https plugin and possibly even FireFTP and Flagfox. Though all these addons should to my believe be available via https getting them looked after and signed by the Arch security team would certainly improve the security when using Firefox. Besides this I would suggest some improvements in the default settings so that users may enjoye a more secure browsing experience. However the question always remains on how readily Arch maintainers would adopt these suggestions. P.S.: what about uBlock Origin; is it better/simpler/more secure than AdBlock Plus? perhaps get this one pre-packaged instead of AdBlock Plus.
On Sun, 31 Jan 2016 17:58:57 +0100, Elmar Stellnberger wrote:
Besides this I would suggest some improvements in the default settings
Defaults that differ from Upstream, such as removing everything Google related from about:config or what kind of "improvements"? I guess Arch users expect to get defaults that most closely correspond to Upstream.
On Sun, 2016-01-31 at 18:07 +0100, Ralf Mardorf wrote:
I guess Arch users expect to get defaults that most closely correspond to Upstream.
Yes. The relevant bug report is here. https://bugs.archlinux.org/task/45900 This was also covered in a mailing list thread earlier this month. https://lists.archlinux.org/pipermail/arch-general/2016- January/040372.html
On Sun, 31 Jan 2016 12:15:13 -0500, Jonathan Roemer wrote:
On Sun, 2016-01-31 at 18:07 +0100, Ralf Mardorf wrote:
I guess Arch users expect to get defaults that most closely correspond to Upstream.
Yes. The relevant bug report is here. https://bugs.archlinux.org/task/45900
To disable "official-branding" by the build options is ok, I'm just surprised about Elmar's "Besides this I would suggest some improvements in the default settings, so that users may enjoye a more secure browsing experience".
Am 2016-01-31 um 18:07 schrieb Ralf Mardorf:
On Sun, 31 Jan 2016 17:58:57 +0100, Elmar Stellnberger wrote:
Besides this I would suggest some improvements in the default settings
Defaults that differ from Upstream, such as removing everything Google related from about:config or what kind of "improvements"? I guess Arch users expect to get defaults that most closely correspond to Upstream.
By the time various security suggestions about Firefox settings are reaching me at least every now and then like f.i. * Some time ago EFF said f.i. that security.ssl3.dhe_rsa_aes_128/256_sha should be set to false see: https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attac... * Some more hints can be found at privacytools.io not all of which may be appropriate for a default configuration. https://www.privacytools.io/#about_config * There are even more recommendations out there not all of which I do currently have handy. In my opinion collecting and considering all of that advice may be worth the work of the Arch security team. * Removing Google as the default default search engine as well as other Google related stuff would be a good point to me as well. Endorsing ultimate trust to Google services while Google has received lots of money from intelligence services and the Pentagon should be considered a bad idea. There are plenty of alternatives like f.i. duckduckgo, qwant or ixquick. I mean we should give the user an informed choice on what services and search engines to use or not to use. Finally we could distribute more restrictive default settings f.i. disabling flash, webgl, etc. as an additional package.
On Sun, 31 Jan 2016 18:38:15 +0100 Elmar Stellnberger <estellnb@elstel.org> wrote:
Am 2016-01-31 um 18:07 schrieb Ralf Mardorf:
On Sun, 31 Jan 2016 17:58:57 +0100, Elmar Stellnberger wrote:
Besides this I would suggest some improvements in the default settings
Defaults that differ from Upstream, such as removing everything Google related from about:config or what kind of "improvements"? I guess Arch users expect to get defaults that most closely correspond to Upstream.
By the time various security suggestions about Firefox settings are reaching me at least every now and then like f.i.
* Some time ago EFF said f.i. that security.ssl3.dhe_rsa_aes_128/256_sha should be set to false see: https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attac...
* Some more hints can be found at privacytools.io not all of which may be appropriate for a default configuration. https://www.privacytools.io/#about_config
* There are even more recommendations out there not all of which I do currently have handy. In my opinion collecting and considering all of that advice may be worth the work of the Arch security team.
* Removing Google as the default default search engine as well as other Google related stuff would be a good point to me as well. Endorsing ultimate trust to Google services while Google has received lots of money from intelligence services and the Pentagon should be considered a bad idea. There are plenty of alternatives like f.i. duckduckgo, qwant or ixquick. I mean we should give the user an informed choice on what services and search engines to use or not to use.
Finally we could distribute more restrictive default settings f.i. disabling flash, webgl, etc. as an additional package.
Convince upstream to make the changes and Arch will follow suit.
On Sun, 31 Jan 2016 18:38:15 +0100, Elmar Stellnberger wrote:
duckduckgo
For me duckduckgo is completely useless.
ixquick
Most of the times I'm using startpage. However, I'm not talking about the Google search engine, but about "safe browsing" and other Google features used by Firefox. I would prefer that dangerous stuff, such as the "safe browsing" by default would be removed, but it might be such a Google feature other users expect to get by default. Firefox anyway isn't my preferred browser. IMO Arch packages should provide the defaults from upstream. An AUR package could provide a version of Firefox with alternative defaults, assumed somebody is willing to maintain it.
I think everyone is missing the point: the firefox-adblock-plus package[1] is broken since it does not work with the latest version of Firefox. It should probably be dropped from the repositories. I've opened a bug report.[1] [1] https://bugs.archlinux.org/task/47970
On 01/31/2016 01:32 PM, Sebastiaan Lokhorst wrote:
I think everyone is missing the point: the firefox-adblock-plus package[1] is broken since it does not work with the latest version of Firefox. It should probably be dropped from the repositories. I've opened a bug report.[1]
See: https://bugs.archlinux.org/task/47395#comment143383 The current package is downloading the extension from the wrong location. -- Eli Schwartz
On Sun, 31 Jan 2016 19:25:56 +0100 Ralf Mardorf wrote:
For me duckduckgo is completely useless.
You never use '!archpkg firefox' or '!archwiki firefox'? The nice thing about duckduckgo is the use of bangs (and for me that i don't need to remember the original url :) ).
However, I'm not talking about the Google search engine, but about "safe browsing" and other Google features used by Firefox.
If you want to spend some time with reading: http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and... See you, Attila
participants (9)
-
Attila
-
Doug Newgard
-
Eli Schwartz
-
Elmar Stellnberger
-
Francis Gerund
-
Jens Adam
-
Jonathan Roemer
-
Ralf Mardorf
-
Sebastiaan Lokhorst