This article lists the web browser extensions I use and why. I will keep it updated from time to time.
I use Firefox as my main web browser, because despite its shortcomings I think it's still the best available option for me, for reasons that would be worthy of a full article. Most of these extensions are also available in other web browsers anyway. I will link to the main project's website whenever that is the case.
I try to be very careful with the browser extensions I install, as they have very deep access to all data, so a compromised add-on can quickly become a nightmare if it manages for example to steal the credentials for my email account (although 2FA should mitigate that risk). For this reason I don't use many add-ons that are potentially useful but that I think I could live without. The ones I use are usually very popular, with thousands of users and often editor-picked.
Without further delay, these are the add-ons I'm currently using on Firefox, in alphabetical order:
- ClearURLs: removes unnecessary
tracking parameters from URLs, such as the ubiquitous
utm_*or the long URLs that Amazon generates and that can be shortened aggressively.
- Decentraleyes: many websites use assets from public CDNs (e.g. Google has many hosted libraries) to save on network bandwidth and/or to serve those assets faster. The downside is that the CDN provider gets a peek on who is accessing which website, and that undermines our privacy. Decentraleyes hosts a local copy of those assets and prevents the request to the CDN being made, thus improving privacy.
- HTTPS Everywhere: An EFF project which transparently upgrades (and optionally enforces) connections to use HTTPS, and therefore secure against eavesdropping or middleman attacks. It's transparent and shouldn't break any page, so it's a strong recommendation for every user.
- KeepassXC-Browser: I use KeepassXC to hold my passwords and secrets, this is its official browser extension which enables form autocomplete. It works pretty well although not as well as competitors such as Lastpass or 1Password, but I wouldn't trust them with my data.
- Metamask: a fully-featured Ethereum wallet, gateway to the Web 3.0, Dapps, NFTs, ICOs, ERC20 tokens...
- Firefox Multi-Account Container: while Firefox has built-in support for containers, this extensions is needed to manage them. It's an official add-on from the Firefox team itself, so I fully trust it. What are containers? They are a way of categorizing tabs, in order to isolate the information that is accessible. For example I set up my bank's website to open in a Banking container, so a potential attacker that makes my browser run code with a security exploit in a different tab wouldn't have access to it unless it was opened in the same Banking container. I also use it to isolate logged-in tracking, for example I have a Google container where I'm signed-in to Google, but in other containers I'm logged-out. I use a bunch of other containers: Gov for government websites, Personal for my self-hosted web apps, Shopping whenever I'm buying something...
- NoScript: A very powerful add-on that blocks the execution of scripts on any page, and allow to selectively enable them as necessary. By default all scripts get blocked, and finding out which ones are required for some sites to work can be painful, but still I think it's worth it for the protection it grants. It also has checks against some web attacks such as XSS, Clickjacking or internet-to-intranet.
- Privacy Badger: another EFF extension that automatically learns to block invisible trackers. It's pretty unobstrusive, which is why I also have it in addition to NoScript and uBlock Origin, even if it overlaps with them for the most part. Like HTTPS Everywhere it shouldn't break any page, so it's recommended for everyone.
- uBlock Origin: the best ad blocker there is (that I know of, if you know of a better one by all means let me know!). It uses little CPU and RAM, it usually saves more than it consumes, i.e. web pages load faster without all the crap they usually have (banners, tracking scripts, etc.). Especially on mobile it can be very noticiable.