| 1 |
Ian Zimmerman <itz@××××××××××××.org> wrote: |
| 2 |
> On 2018-03-31 08:18, Martin Vaeth wrote: |
| 3 |
> |
| 4 |
>> As usual, there is the balance |
| 5 |
>> "convenience" (old plugins) <-> "security". |
| 6 |
>> In the beginning (say, until firefox-52 is no longer supported |
| 7 |
>> upstream), there is a certain choice. But after that staying on the |
| 8 |
>> "convenience" side is not sane anymore. |
| 9 |
> |
| 10 |
> There are probably few people more familiar with this tradeoff than |
| 11 |
> myself :P. But the browser case is a bit different, because the |
| 12 |
> "convenience" features (in my case, at least) themselves have to do with |
| 13 |
> security. Using the latest official Mozilla browser means trusting |
| 14 |
> their built-in defenses are as good as my current plugin based ones. |
| 15 |
> And I have doubts about that. |
| 16 |
|
| 17 |
If you speak about defenses like noscript, there are safer variants |
| 18 |
available. I guess the usage of the already mentioned user.js |
| 19 |
(of course adapted to your needs) together with current Webextensions |
| 20 |
noscript, ublock-origin, and https-everywhere (maybe for privacy |
| 21 |
also coupled with decentraleyes, duckduckgo{-privacy-esesntials}, |
| 22 |
canvasblocker, skip-redirect) does protect you more than using |
| 23 |
old versions of these packages. |
| 24 |
Not to speak about freshly found security holes. |
| 25 |
|
| 26 |
> This is a tangent from the thread topic, but there is another |
| 27 |
> inconvenience of modern FF that keeps me from re-adopting it: font |
| 28 |
> rendering. |
| 29 |
|
| 30 |
I do not have experience with this, but there is also a lot |
| 31 |
customizable in user.js (i.e. about:config). I guess you have |
| 32 |
to switch off (or on) some hardware acceleration. There is also |
| 33 |
a rich "themes" API which might contain relevant options. |
| 34 |
However, as mentioned, I have no experience with all this. |
Archives