← Back to context

Comment by firefax

10 hours ago

>This is a good use of Firefox resources. Unfortunately Firefox is at a natural disadvantage for fingerprinting by virtue of being used by such a small number of users.

I'd rather be trackable but secure -- the big draw for me is NoScript. Paired with uBlock, I'm safe from malvertising[1]

[1] https://en.wikipedia.org/wiki/Malvertising#Examples_of_malic...

4 comments

firefax

Reply
lone-cloud  7 hours ago

You're more trackable by using NoScipt and there's no good reason to use it if you know how to properly use uBlock: https://github.com/arkenfox/user.js/wiki/4.1-Extensions#-don... uBlock is a content blocker so it can do everything NoScript can if you learn its advanced UI usage. Using additional extensions makes you more trackable.

  • firefax  5 hours ago

    >You're more trackable by using NoScipt and there's no good reason to use it if you know how to properly use uBlock

    What data do you have to support this assertion? uBlock doesn't seem to have the ability to selectively enable only JS nessecary for functionality, and if it does, the UI makes it much more difficult to enable.

    I just ran a test -- merely uBlock use renders me unique, whereas one in 5742.77 had the same fingerprint as me when using NoScript. (I suspect that's the number of people also using Firefox with NoScript who own this particular monitor size)

    A big chunk of the fingerprinting techniques require JS -- it's pretty hard to ascertain what specific extensions are installed with it. I tested disabling it and it didn't seem to do much difference in terms of bits of entropy on EFF's tool.

    I encourage you to try for yourself and then think hard on your advice.

    • lone-cloud  2 hours ago

      I cannot judge the validity of your test and I have done any tests myself. I encourage you to read the link from post to the top firefox hardening resource (arkenfox) that labels NoScript redundant. This is further backed up by another top privacy resource: https://www.privacyguides.org/en/browser-extensions/ This also links to the uBlock docs which outline different modes. Medium/hard modes make NoScript redundant.

dorgo  7 hours ago

I was wondering why uBlock is not enough since you can block Javascript globally and re-enable per site. AI's answer:

Only things uBlock doesn’t replicate:

NoScript’s anti-XSS and anti-clickjacking heuristics (uBlock just blocks the sources, not sanitize payloads).

NoScript’s control over other active content types (e.g., WebGL, media codecs, etc).