1 |
Ian Zimmerman <itz@××××××××××××.org> wrote: |
2 |
> On 2018-03-31 08:18, Martin Vaeth wrote: |
3 |
> |
4 |
>> As usual, there is the balance |
5 |
>> "convenience" (old plugins) <-> "security". |
6 |
>> In the beginning (say, until firefox-52 is no longer supported |
7 |
>> upstream), there is a certain choice. But after that staying on the |
8 |
>> "convenience" side is not sane anymore. |
9 |
> |
10 |
> There are probably few people more familiar with this tradeoff than |
11 |
> myself :P. But the browser case is a bit different, because the |
12 |
> "convenience" features (in my case, at least) themselves have to do with |
13 |
> security. Using the latest official Mozilla browser means trusting |
14 |
> their built-in defenses are as good as my current plugin based ones. |
15 |
> And I have doubts about that. |
16 |
|
17 |
If you speak about defenses like noscript, there are safer variants |
18 |
available. I guess the usage of the already mentioned user.js |
19 |
(of course adapted to your needs) together with current Webextensions |
20 |
noscript, ublock-origin, and https-everywhere (maybe for privacy |
21 |
also coupled with decentraleyes, duckduckgo{-privacy-esesntials}, |
22 |
canvasblocker, skip-redirect) does protect you more than using |
23 |
old versions of these packages. |
24 |
Not to speak about freshly found security holes. |
25 |
|
26 |
> This is a tangent from the thread topic, but there is another |
27 |
> inconvenience of modern FF that keeps me from re-adopting it: font |
28 |
> rendering. |
29 |
|
30 |
I do not have experience with this, but there is also a lot |
31 |
customizable in user.js (i.e. about:config). I guess you have |
32 |
to switch off (or on) some hardware acceleration. There is also |
33 |
a rich "themes" API which might contain relevant options. |
34 |
However, as mentioned, I have no experience with all this. |