Firefox plug-ins I have known and loved.

It's been said that the killer app that made the Net as ubiquitous as it is today is the web browser, with e-mail running a close second. Just about everyone uses a browser in some capacity or another to access news, information, and e-mail, possibly moreso than dedicated applications (such as e-mail readers, RSS readers, or database searching applications). As great as they are, web browsers have their own unique sets of problems and vulnerabilities that have to be taken into account, especially if privacy is of concern to you.

Firefox, in my considered opinion, is an excellent web browser - its memory footprint is small, it's lightweight, it's easy to install, it's available on a number of platforms, and it's also extremely extensible, in the form of Add-ons that add or modify features of the web browser. Also, the Mozilla Project itself has been fairly diligent in fixing reported vulnerabilities in their work; Microsoft hasn't, unfortunately, though they are getting better at it. Microsoft also tends to have a too-little-too-late approach to their browser upgrades. While IE7 now includes tabs and IE8 will have some privacy features, Firefox and Opera had them several years ago, and more's the point they've had time to get them working properly. As you might expect of an open and extensible platform, coders from all over have implemented security and privacy related add-ons, of which I've spent a couple of years testing, destroying, and hammering on out of enlightened self-interest. These are the ones that I recommend to everyone because they're the first things I install in a new copy of Firefox. I highly recommend installing and configuring Adblock Plus for Firefox, for two reasons: Firstly, it'll speed up browsing greatly because Firefox will no longer download most of the ads that appear all over the Web these days. Secondly, if your browser doesn't download any of image or Flash animation advertisements, this will result in fewer entries left on the web servers the ads are served from, which results in leaving a small activity footprint on the Net. Adblock Plus is also nice in that it's pretty much a set-it-and-forget-it extension. After installing the add-on and restarting Firefox, click on the little drop-down arrow on the 'ABP' icon that will appear in the Firefox toolbar and then select 'preferences'. In the new window, click on the Options menu, and select 'Enable Adblock Plus' to turn it on. Then open the Filters menu and select 'Add filter subscription'. Select a filter developed for your country (in my case, the first on the list is US-centric) and click okay. From that point on, Adblock Plus will scan all of the web pages your look at for advertisements that match one of the patterns on the list and silently filter them out for you. Not only will you not have to deal with them but your web browser will download fewer files, resulting in a snappier browsing experience. Adblock Plus' filter lists are updated frequently, and if you let it it'll silently download thosse updates (though this could potentially compromise your privacy, depending on exactly how paranoid you are).

The second must-have for Firefox will let you control what everyone's Pre-singularity Lord and Master Google presents and can record about you - CustomizeGoogle. In my experience, it's kept up to date as Google's services evolve, so if you're not sure if you'd like to start using something they've newly rolled out because the impact upon your personal privacy is in question, wait a week or so and there will probably be a new release of this extension. Some of the most useful features of this plugin are the ability to refine search results, removing advertisement links, adding links for the same query to other search engines, and adding links for each result to the Internet Wayback Machine. Key features of this plugin are the ability to remove the click tracking JavaScript that Google uses to monitor what links you follow, anonymizing the Google cookie UID set in your browser which they use to build a profile of how you use their services (which they'll helpfully tell you about in their privacy policy (this doesn't interefere with GMail, Google News, or any of their other services)), and blocking the cookies used by Google Analytics, a service that many websites use to analyze content usage (full disclaimer: I use Google Analytics with my website and I advocate dropping these cookies for the sake of privacy). I highly recommend that everyone install this plugin and poke around in the preferences to see what it can do.

Gmail Manager is a Firefox plugin that does just what it says: it manages your GMail accounts for you. It puts a small icon in the bottom right corner of your browser window and keeps tabs on the number of messages waiting for you (it will monitor multiple GMail accounts and let you switch between them on the fly by right-clicking on the icon). If you set it up to remember your passwords it'll automatically log into all of your GMail accounts when Firefox starts (I suggest not turning on auto-login because this plugin can accidentally leak your credentials under certain circumstances, such as when you're using a hotel's wireless network but you haven't accepted the user agreement on their website yet). Gmail Manager will also let you toggle the use of SSL ("Use secured connections for this account") on a per-account basis. As always, I highly recommend that you check this tickybox for all of your accounts.

Digressing for a moment, it is also possible to configure your Gmail account to use SSL over unencrypted traffic without a plugin or browser extension. From a computer and network you trust, log into your Gmail account, click on the Settings link in the top-right corner, and scroll all the way to the bottom of the General tab; you'll find a configuration option called "Browser connection", where you can pick between "Always use https" and "Don't always use https". Check the "Always use https" radio button and then click the "Save Changes" button.

If you set up a Google Domain, however, the Gmail accounts associated with it do not have the above option at the time of this writing.

Not all websites are enlightened enough to take into account the fact that you might not be using the default web browser for your operating system and require you to use a less favored one that your OS might not support. For the rest of us, there is a plugin called User Agent Switcher, which rewrites the headers of outgoing HTTP requests from Firefox so that you appear to be using something else.. like Microsoft Internet Explorer 7 on Windows Vista. All the dancing around aside, if a particular website requires you to use IE, more often than not this plugin will get you in with nobody the wiser. You can also use this plugin to get around the access restrictions of certain websites by pretending to be something else entirely, like an Apple iPhone or Google's web crawler. This is one of my favorite toys that comes in handy when you least expect it, so you might wish to consider installing it just in case.

A fringe benefit of User Agent Switcher is that you can also configure your browser to be something thoroughly unremarkable in the server logs, such as the aforementioned Internet Explorer on Windows, rather than Firefox on OpenBSD installed on a Sharp Zaurus.

If you're willing to trade off functionality and possibly access in favor of security in your web browser, especially if you use an anonymizing service to conceal your activities, you might wish to consider installing the NoScript plugin which turns off all scripting support. That way, the operator of a website can't use JavaScript to gather additional information about you, in particular an educated guess of your actual location and IP address (due to the fact that JavaScript does not necessarily obey local proxy settings). On the downside this can also break a lot of websites in some very unintuitive ways so if you do install this plugin consider turning it on only when you want additional protection and leaving it off the rest of the time (it defaults to blocking everything and requiring you to re-enable as desired). Newer releases of this plugin are very user-friendly and enable only the bare minimum for Gmail to operate. It's also handy for blocking things like Java and Flash to save time and bandwidth (ideal if you're browsing while tethered to a cellphone) as well as preventing other browser plugins from functioning, such as Shockwave and Adobe Acrobat Reader. Of those plugins you can choose to view a particular piece of content by clicking on it should you need to.

Designed with anonymity in mind, Torbutton is an extension for Firefox which reduces many of the procedures required to use Tor to anonymize your web traffic. Once the plugin is installed you'll see a little window in the status bar of your web browser that says "Tor Disabled" when it's switched off and "Tor Enabled" whenever it's switched on. If you want it to be less obtrusive you can configure it to look like a tiny green or red onion icon. By default Torbutton will configure the proxy settings of Firefox to use Tor (and Privoxy if you installed it) so you don't have to fumble with editing your Firefox configuration. On the Security Settings tab there are a large number of configuration options to fine-tune secure browsing options when in Tor mode, such as disabling other plugins, intercepting potentially dangerous JavaScript calls, not recording your web browsing history, and not saving anything to the disk or memory caches. The options are fairly self-explanatory, so I highly recommend clicking around in them at least once; the defaults seem pretty sane to my tastes, however.

I'll explain Tor in another article, so if you're not familiar with it don't jump too quickly on installing Torbutton. It's considered good practice to not suddenly start using the Next Great Thing until you know at least the basics about what it is and what it does.

Not too long ago, a plugin called Ghostery was released which tells you if a particular web page carries one or more web bugs, or tiny (1x1) images, snippets of JavaScript or Flash that tell the owner of the website what pages you're browsing, when you're browsing them, what browser you're using, how long you're looking at it, where you came from, and what page you visit next. They're pretty common - all over the Web, in fact. They also leak information that you may or may not want other people to know because this information can be used to help compile a profile on the user (i.e., you). Ghostery maintains an internal directory of web beacon services and what their public interfaces look like and strips them out of the pages you view. Down in your status bar you'll see a tiny Pac-Man ghost that'll be grey if there aren't any and bright red with a message telling you how many it found and blocked if there are. While early versions of this plugin tended to bog down your browser and didn't actually do anything helpful, v2.0 and later do block web bugs and leave your browser sessions bright and snappy, thus, I can't recommend this plugin highly enough if you value your privacy.

The next question you're probably going to ask is, "If you run Linux, why are you recommending that I run them?" The answer is that I make use of them on both Linux and Windows. While I can't think of any particular reason that they won't work on MacOSX I haven't personally tried them yet (anybody have a Macbook that I can abuse for a week or two?), so the only thing I can tell you is give it a try and let me know so I can update this post.