Hacker News new | past | comments | ask | show | jobs | submit login

I have the same feeling on everything except security, but electrolysis should help with that. http://m.slashdot.org/story/199459



Firefox needs a better security model for add-ons. The thing that bothers me in Firefox is the Private Mode (Incognito in Chrome), as it doesn't disable add-ons. And I use private mode quite often.

Mozilla has been relying on a more strict review process for whatever gets published on addons.mozilla.org (when compared to Google), with Firefox users experiencing less instances of add-ons turning to mallware/spyware, but I'd like both this review process and a better security model for these add-ons.


You could set up a separate profile for that¹. You can also use the Profilist² extension in your main profile for easy switching and creation.

1: https://support.mozilla.org/kb/profile-manager-create-and-re...

2: https://addons.mozilla.org/firefox/addon/profilist/


Hey, thanks for the tip on Profilist. Neat stuff, wonder why it isn't included by default.


Profile manager UI is still around and used to be easier to get to (there's a command-line option for it now), but it was too easy to accidentally remove profiles and also confusing for people who got into it accidentally.

Profilist is relatively new and doesn't allow profile deletion, but to me still seems like the kind of feature that's great as an add-on but not used by so many people and confusing to less power-users.


> The thing that bothers me in Firefox is the Private Mode (Incognito in Chrome), as it doesn't disable add-ons. And I use private mode quite often.

I understand why this is important, but at the same time, I would be upset if NoScript or Adblock Plus didn't work in Private Mode.


I'm not sure about FF but the beauty of Chrome's Private Browsing mode is that all extensions are disabled by default with the option to allow on Private Browsing mode.


True, hence my slight annoyance with Firefox.

Somebody pointed out that you could setup/use different profiles in Firefox and there's a plugin "Profilist" that makes creating / switching profiles easy, just tried it out and works well.

The mentality with add-ons in Firefox is that when you install an add-on, you trust that it does the right thing (e.g. it gets a notification that you're in Private Mode such that it has a chance to stop logging or whatever) and then you trust Mozilla's review process to catch perpetrators.

The problem is of course that some add-ons are more trustworthy than others. I trust Mozilla and I may choose to trust Ghostery, but do I trust the Readability add-on in Private Mode? I can't do that. And you can take security measures, like connecting through a VPN and connecting through HTTPS, but if your browser is compromised, then tough luck.

I use Private Mode when searching / watching porn, or when logging to my Banking account. And I take security very seriously. Therefore I have to abstain from installing add-ons that I don't find to be trustworthy. Of course, at this point I trust extensions in Chrome's Store even less, but I'd also prefer its security model for extensions. Hopefully once Electrolysis is in, they'll also work on this.


NoScript + ABP you are free of 99% of web hacks out there.


I have started using NoScript by itself recently, it should remove all the annoying ads and let the good ones trough.


I have been using NoScript alone for years, and was initially surprised that it killed that many ads alone. I don't think I've ever used ABP.


true ... but your web experience suffers for it. ying and yang.


I wonder if there's any demand for a maintained noscript whitelist, for folks who want a kind of middle ground. Allow functional stuff from google.com, microsoft.com, etc. but continue to block google-analytics and all the ad crap.


The unpredictability of execution in Firefox makes exploits harder to reproduce.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: