I’m often asked which security add-ons I’d recommend for new Firefox users. This post exists so I don’t have to say the same thins every time and can instead refer everyone to it. 🙂 Here are five that I consider essential for browsing the net this day and age.
EDIT 2018.11.28: This list is outdated. Please see the new list here!
- Adblock Plus: This add-on keeps most of the banners and other advertisement off the pages you browse, not just hiding them from view but actually preventing them from loading in the first place. In addition to keeping an updated global list of known ad providers, it gives you flexible tools to define custom rules to block ads that managed to slip past its own filters.
- BetterPrivacy: This is a comparatively small and simple add-on that blocks a particularly insidious form of online tracking that few others catch: specifically, the “super-cookies” used by Adobe Flash and thus by many, many sites on the net that still host Flash applications (thought why people would still do that, I have no idea).
EDIT 2017.11.30: This add-on no longer functions with Firefox 57+, but from what I gather, super-cookies are no longer a problem, anyway.
- Cookie Monster: Newer versions of Firefox provide pretty good native cookie controls, allowing you to white-list sites that may set cookies in your browser, but some kind of GUI is traditionally required to streamline the process. I am most used to the Cookie Monster, but feel free to pick anything else, as long as it does the job for you.
EDIT 2017.11.30: This one also doesn’t work in Firefox 57+, and there aren’t any suitable replacements, at least until they implement an API for add-ons to control cookie settings. Until then, Firefox ESR is the only solution…
- NoScript: This add-on prevents execution of most dynamic contents on the web, malicious or not, and allows you to selectively white-list domains whose scripts you trust. While it breaks some sites, it’s beyond me how people risk surfing online without it or an equivalent.
- RequestPolicy Continued: This is the successor to the original RequestPolicy, which stopped updating back in 2013, and basically prevents so-called “cross-site scripting” (XSS) requests, where sites pull potentially malicious or unwanted (e.g. advertisement) code from other domains. When installed alongside NoScript, most sites have to be white-listed in both tools before they can display properly.
EDIT 2017.11.30: This one is still being ported to FF57+.
This warning bears repeating: after installing all of these, many sites on the net will stop working in your Firefox, because many web developers, particularly commercial devs, are not writing their websites for security-aware users–but instead for dummies who leave their browsers wide open. As a security-aware Firefox user, you will have to constantly live with having to white-list every single website you frequent in every single add-on you’ve installed–and even after that, some sites still won’t display properly for you (so keep a backup browser like Opera or Chrome handy for this case).
Whether security is preferable to comfort or vice versa is major philosophical conundrum of the modern information age, and one that every one of us has to answer for oneself.