I would be interested in some kind of feature chart that showed which extensions handled which threats, so you could see overlaps/duplication or blank spots. I don't have time to read up on all the different extensions and privacy leak vectors.
Far, FAR less than the page- and cpu- weight of the crap they block. As in, it's a hugely transformative experience for web browsing, even for many "normal" sites that aren't merely social media click-farms.
I'll add to the list: Uninstall Flash completely. For much of the crowd here, that's probably a no-brainer after the recent spate of Flash zero-days, but still.
I suspect that depends entirely on the site you are visiting. This one for example loads almost nothing so running additional plugins will indeed add overhead.
Many of the sites that I use the most load very little unneeded resources and I tend to leave lots of tabs open while working.
Granted, I am not a "normal" web user, but so far all of the responses to my question have brushed it off as unimportant. My suspicion is then that they don't know the answer, which makes the brush off unconvincing.
> I suspect that depends entirely on the site you are visiting.
Yes, that's obviously true. But for my part, whatever overhead these tools do add is low enough that, even for no-crap sites like HN, if I can notice it at all it's within the page-load-latency noise threshold. Moveover, the increased browser stability, laptop battery life, etc. is an overwhelming win.
FWIW, I just fired up Chrome on HN and messed around with the dev tools a bit to see if there was any obvious overhead. Without taking the time for anything like rigorous analysis, loading HN with all extensions disabled vs. uBlock Origin and Privacy Badger had no immediately obvious effect on page load+render times. The superficial results agreed with my intuition: I'd have to collect data and run an analysis to uncover any added page load latency.
I use Privacy Badger with Ghostery and have been really happy so far.
I rarely run into situations where I need to fiddle with both to unblock a script or embedded video, but for the most part the combination is pretty reliable.
I also like seeing the long lists of adware Ghostery is blocking as the page is loading. You'd never know some pages have 50-60 scripts getting loaded to track what you do. It was an eye opener the first month I was using it.
I got a new computer and was browsing around, and it seemed that the entire web suddenly got much slower and ad-ridden. It was horrible, until I remembered I forgot to install Ghostery.
Why do you use both, though? Aren't they pretty much perfectly overlapping?
They do, albeit in different ways. I use them both since there's stuff that Ghostery misses that Privacy Badger picks up and vice versa.
Plus with Privacy Badger, it gets better the longer you use it:
The salient difference between Privacy Badger and the other extensions is that Privacy Badger’s blacklist is generated through heuristic blocking, which means it gets better the longer it is used. Out of the box, Privacy Badger won’t block nearly as many third-party requests as the commercial options, but as you use it more, it will learn more and more hosts to block
There might exist some other fingerprints that can lead to the knowledge of what browser you're using (the existence or non-existence of some feature, etc). If your User-Agent contradicts those others fingerprints, you become very easy to identify. It's really difficult to consistently pretend having a given configuration unless you are, well, actually running this configuration.
More generally, the more you use technologies to protect your privacy, the more you increase your fingerprint entropy, that is, the more it's easy to identify you.[1]
I wouldn't advice those "spoofing" tools, but rather to use the browsers' settings at the maximum of their capabilities (disable third-part cookies, delete cookies when closing the session, set Flash to 'Ask to activate', etc) and just the minimum extensions set to block third-part requests in a first-place (Disconnect, etc).
An offline analogy might be "I didn't want to stand out in a crowd, so I had a friend carefully embroider a custom mask that was thoroughly different in every respect from my normal appearance, and I started wearing randomly-chosen items of clothing bought at thrift shops every day".
Tor Browser Bundle is working on this: "Design Goal: All Tor Browser users MUST provide websites with an identical user agent and HTTP header set for a given request type. We omit the Firefox minor revision, and report a popular Windows platform"
I understand that spoofing one's user-agent can be very effective at fooling malware designed to for specific browsers. However, in practice I have ran into strange problems when doing this. Is there a generic user agent string I could use that would hide my browser vendor and make all sites display content designed for evergreen browsers?
