Important: community effort to harden Ubuntu

[Stonecold1995]

That's a lot of extensions... You should know that more extensions just means more surface area for attackers to find exploits, even if you are using a lot of "security enhancing" extensions. Plus many extensions send information back to the authors/advertising companies and/or insert ads into your browser (which you may not notice if you have AdBlock/ABP). In addition to that, they can take up a lot of memory and slow down your browser.

I suggest you try using UserScripts. They are usually very small and open source (you can view the source on the very page you install it from), and also take far less memory, and yet can be extremely useful.

You should also try removing redundant extensions, like "Force TLS" and "HTTPS Everywhere", because they do the same thing, but using both together increases surface area for attack and may slow down browsing. Just use one or the other (I recommend HTTPS Everywhere).

And never say you're "safe and secure". A determined hacker will get past those security measures, and a malicious site will be blocked simply with NoScript alone. You can only enhance security, not make yourself invincible.

[Welly Wu]

I know that I'm not invincible! Where did you ever see me post that I am invincible?

All of these extensions and plug-ins do increase my attack surface, but I have researched each one of them carefully and they are safe to use with one another and they do provide significant privacy and security features that I believe are well worth it. I have a moderately powerful System76 Lemur Ultra Thin (lemu4) notebook PC so it can handle a full featured Mozilla Firefox web browser with these extensions and plug-ins without any problems. I have not had one single instance of Mozilla Firefox crashing so far.

I like these extensions and plug-ins and I will keep them. Thank you.

[Welly Wu]

Force TLS is different from HTTPS Everywhere. They are two different IETF RFC 5246 standards and protocols. HTTP and HTTPS are much more common and frequently used standards and protocols than TLS, but TLS is important for business commerce especially regarding cryptography, message authentication, instant messaging, VOIP, etc. Yoono requires TLS for Yahoo! Instant Messenger, Google Chat, and AOL Instant Messenger. I also use VOIP in Mozilla Firefox with specific colleagues and friends.

There's a reason why I installed these specific extensions and plug-ins in Mozilla Firefox. I may not let on any further.

[haqking]

Force TLS is different from HTTPS Everywhere. They are two different IETF RFC 5246 standards and protocols. HTTP and HTTPS are much more common and frequently used standards and protocols than TLS, but TLS is important for business commerce especially regarding cryptography, message authentication, instant messaging, VOIP, etc. Yoono requires TLS for Yahoo! Instant Messenger, Google Chat, and AOL Instant Messenger. I also use VOIP in Mozilla Firefox with specific colleagues and friends.

There's a reason why I installed these specific extensions and plug-ins in Mozilla Firefox. I may not let on any further.

They use the same thing (TLS) which superseded SSL, it is just there is a difference between the add-ons in terms of configurability, the protocols used are the same HTTPS

[Welly Wu]

Force TLS does indeed have different configuration options than HTTPS Everywhere. This is true. TLS does replace SSL in terms of functions in many regards and this is also true. However, TLS is not the same as HTTPS. There are overlapping similarities in terms of the specifications and the functions, but they are two distinctly separate network standards and protocols.

Right now, I am using all of these extensions and plug-ins for Mozilla Firefox and I don't have any problems on my Verizon FiOS fiber optic home Internet network. The performance is about the same, but Mozilla Firefox does consume more RAM. The most important security feature is the Novell AppArmor profile for Mozilla Firefox. I am not done configuring it. I may wind up importing Rookcifer's custom Novell AppArmor profiles for Mozilla Firefox and testing them to see if any functions break compatibility, but I will work on that in the near future. Novell AppArmor is my last layer of defense if my Mozilla Firefox web browser is under attack.

[haqking]

Force TLS does indeed have different configuration options than HTTPS Everywhere. This is true. TLS does replace SSL in terms of functions in many regards and this is also true. However, TLS is not the same as HTTPS. There are overlapping similarities in terms of the specifications and the functions, but they are two distinctly separate network standards and protocols.

.

ForceTLS is an add on which forces connections over HTTPS (the s meaning secure and uses TLS) which is the same function as HTTPS everywhere.

HTTPS uses TLS

Both add-ons use the same protocol (HTTPS) they just provide different configurations. The difference being the use of STS

From the Author of ForceTLS:

Force-TLS allows web sites to tell Firefox that they should be served via HTTPS in the future

[Welly Wu]

Alright. I stand corrected. Forgive me. I'll remove Force TLS now.

[haqking]

Alright. I stand corrected. Forgive me. I'll remove Force TLS now.

I wasnt telling you to remove it, you do what you like, I was just letting you know that the "protocols" used are the same.

If both are working fine alongside each other then by all means use them, but just remember that both add-ons use HTTPS

[Welly Wu]

I already removed Force TLS extension and I restarted Mozilla Firefox. I just synced my Mozilla account. At midnight tonight, FEBE will do another backup of my complete Mozilla Firefox profile and it will upload it to my Box.com account. Then, Ubuntu One will synchronize the folder where I store my FEBE backup instantly. CrashPlan+ will detect the changes in the folder and files and it will upload the new files to my account soon after midnight. Tomorrow, I will do administrative work on that folder and I will upload it to my Google Drive and Microsoft Sky Drive.

It's a lot of backups, but my data is safe and secure.

Web of Trust is very helpful. WOT tells me which websites are shady and which ones are safe and reputable based on its users feedback that is compiled into their database. If I can get some intelligence about which websites that I want to visit before clicking on urls, then it will help me to avoid websites filled with malware or attack vectors. You should try WOT extension. It's really good and beneficial.

[Stonecold1995]

I know that I'm not invincible! Where did you ever see me post that I am invincible?

All of these extensions and plug-ins do increase my attack surface, but I have researched each one of them carefully and they are safe to use with one another and they do provide significant privacy and security features that I believe are well worth it. I have a moderately powerful System76 Lemur Ultra Thin (lemu4) notebook PC so it can handle a full featured Mozilla Firefox web browser with these extensions and plug-ins without any problems. I have not had one single instance of Mozilla Firefox crashing so far.

I like these extensions and plug-ins and I will keep them. Thank you.

I never said you claimed you were invincible, you just said "I am safe and secure" and I replied saying that you are not secure from a determined hacker, but only from some passive threats. Then I mentioned that you can only enhance, not perfect, your security.

I didn't say they weren't safe to use with each other (although I didn't research their interactions either). And redundant things like Ghostery and BetterPrivacy add no additional security at all (I use DNT+ for Chrome personally). Also, if I remember correctly, NoScript can take the place of BetterPrivacy, DoNotTrackMe, and maybe Force TLS/HTTPS Everwhere (I think). Maybe also others but I don't what your other extensions do. NoScript is extremely good and really versatile, it can replace many other security extensions.

Force TLS is different from HTTPS Everywhere. They are two different IETF RFC 5246 standards and protocols. HTTP and HTTPS are much more common and frequently used standards and protocols than TLS, but TLS is important for business commerce especially regarding cryptography, message authentication, instant messaging, VOIP, etc. Yoono requires TLS for Yahoo! Instant Messenger, Google Chat, and AOL Instant Messenger. I also use VOIP in Mozilla Firefox with specific colleagues and friends.

There's a reason why I installed these specific extensions and plug-ins in Mozilla Firefox. I may not let on any further.

HTTPS is just a secure HTTP connection. During connection, a client may request a secure connection (simply by going to the HTTPS URL), in which case the client tells the server the highest TLS version it supports in a ClientHello message. The server then sends a ServerHello message with the highest TLS version it also supports. Then an encrypted connection is made using the highest protocol versions both parties support.

TLS is just an improvement on SSL, they aren't different in terms of purpose (only strength). So HTTPS Everywhere and Force TLS do the exact same thing, they redirect you to https://example.com from http://example.com if that site supports a secure connection.

HTTPS just means secure connection, SSL and TLS are just protocols that can be used for HTTPS. So it's TLS vs SSL, not TLS vs HTTPS.

Just a note on secure: You have to be careful with HTTPS because, even if it says it's secure, if it uses the RC4 or DES encryption algorithm with MD5 message authentication, it is really not very secure. RC4 is the same as what's used in Microsoft Office document encryption, WEP security for routers, and encrypted peer connections in the BitTorrent protocol (which are known to be insecure). DES was cracked years ago by the EFF due to very short key length, and RC4 is easy to crack both because of short key length (I think) and numerous attacks it is vulnerable to. Sites that use AES, Triple DES, Camellia, etc are much more secure, and brute forcing would be very infeasible in that case.