The Browser Privacy Plugins You Need
There are so many privacy-enhancing extensions out there, it’s hard to keep track of which do what and where they overlap in functionality. Since an excess of extensions and plugins slows down your browser, I’ve decided to keep an updated list of what I recommend and use as well as the defaults that need to be changed. The following recommendations are as of October, 2019. I’m focusing on a relatively straightforward experience that doesn’t interfere with day-to-day surfing, break a lot of websites, or require extreme technical knowledge. (That is, no NoScript or GreaseMonkey.)
This article is primarily focused on desktop browsers. I might have more to say about mobile platforms in a future post.
tldr; Use Firefox 70 or later with these three extensions:
Goals
- Accessible websites that load quickly and let you read what you want.
- Zero user tracking. Completely anonymous browsing. No website should know who you are.
- No one should be able to track you across sites.
- No website should be able to track you across browsing sessions.
- No website should be able to track you within browsing sessions.
- No third party should see any part of the data stream between your browser and the web host.
This isn’t really achievable today, especially once logins and credit cards are considered, but you can get a lot closer. Here’s how.
Firefox
Firefox is my recommended browser. Use version 70 or later.
- In preferences set “Enhanced Tracking Protection” to strict.
- In Network Settings check “Enable DNS over HTTPS”
Install these extensions:
- uBlock Origin to block ads.
- Nothing is more important than this. There are other ad blockers out there, but no reason to consider them. uBlock Origin in its default configuration is what you want. This will dramatically improve the performance of your browser and enhance your browsing experience.
- Privacy Badger to block trackers.
- Privacy Badger learns what to block by watching what sites do as you surf.
It also starts with a list of known trackers, and it learns fairly fast.
Privacy Badger also removes outgoing link click tracking on Facebook, Google and Twitter.
Surprisingly, it also blocks a lot of ads. - Cookie Autodelete to remove cookies
- The defaults on this one are backwards so after installing it, enable Auto-clean and disable Notifications. Then you’re good to go. This extension prevent sites from tracking you across sessions as long as you don’t log in or explicitly give them other identifiable information. If there are sites you do login to, you can whitelist them so
you don’t have to keep logging in again and again. I whitelist Github, for example.
Given these add-ons I don’t think it’s necessary any longer to worry about third party cookie preferences or clearing cookies on Exit in Firefox. I might be wrong about that, though.
Is HTTPS Everywhere needed in 2019? It doesn’t seem to be. I’ve deleted it from my computers.
Do not install Ghostery. It merely duplicates functionality of the above list.
Do not install the Google Analytics Opt-out Browser Add-on. Privacy Badger handles this.
Do not install the Duck Duck Go Privacy Tools. The only features of this you need are duplicated by the above list.
The one additional extension I’m considering adding to this list is Facebook Container,
though personally I almost never lo9g into Facebook and do so in a private window when necessary. It might be redundant with the above.
Please comment if you know something about this.
Chrome
Same basic list of extensions: uBlock Origin, Privacy Badger, and Cookie Autodelete.
Configure these settings:
- Allow Chrome sign-in: Off
- Make searches and browsing better: Off
- Enhanced spell check: Off
- Help improve Chrome security: Off
- Safe Browsing: On (I’m considering changing this though. A few more experiments are needed.)
- Allow sites to check if you have payment methods saved: off
Safari
I tend not to install any extensions in Safari. I don’t use it for day-to-day browsing and often leave it as a backup for when I need to see what a web site looks like without any of these content blocking add-ons in place.
VPNs
This isn’t a browser issue, but it is important. The goal here is to keep your ISP (Comcast, Verizon, your employer, etc.) from spying on you. I recommend installing and routinely using a VPN. I currently use Private Internet Access, but I’ve also heard good things about NordVPN.
You might need to turn this off to watch Netflix, and some countries and employers block them.
Random Notes
Many of these extensions have the scary permission to “Access your data for all websites” or “Read and change your data on all websites.” This is because the extension permission model in the browser is insufficiently granular. For instance, it’s not usually possible to grant an extension permission to read and change cookies without granting it the permission to read the DOM of every page you see. Browser vendors need to improve this.
Things I Haven’t Figured Out
- How to login to GMail without logging into Google search and other services. I also want Google search to stop asking me to log in. For now, I just use Bing.
- how to browse and shop at sites like Amazon without tying my browsing history to my buying history.
- How to completely separate YouTube from GMail.
- How to keep Doubleclick cookies and content from ever reaching me.
- How to block supercookies. Better Privacy used to do this, but has been discontinued.
- How to keep the New York Times and others from detecting private browsing mode.
- How to avoid browser fingerprinting. (A plugin that randomly rotated some details on every page might work here.)
All of this needs to be done without carefully manually curating which sites I visit in which tabs and containers and incognito mode. It should be automatic and easy to use.
Updates
This changes almost by the month. I certainly would not have given the same recommendations a year ago, and probably won’t a year from now.
Comments, suggestions, and updates are much appreciated. I’d love to hear about other addons and tricks to protect browser privacy. If you’d like to explain why I might want to consider a different extension to fill the same need, that’s good too.
April 21st, 2020 at 9:29 am
About “How to completely seperate Youtube from Gmail”:
This cannot be done by an addon, but an alternative frontend to youtube exists, which can be a solution to this issue!
Since this frontend is not from google and does not use their video player, it effectively stops tying your watched videos to your account.
It is called “Invidious” and can be found under https://www.invidio.us/ . It can also be searched with directly via DuckDuckGo with the bang !in
((PS: An alternative frontend for Twitter also exists, called Nitter!))