Ian Zimmerman <i...@very.loosely.org> wrote:
> On 2018-03-31 08:18, Martin Vaeth wrote:
>
>> As usual, there is the balance
>> "convenience" (old plugins) <-> "security".
>> In the beginning (say, until firefox-52 is no longer supported
>> upstream), there is a certain choice. But after that staying on the
>> "convenience" side is not sane anymore.
>
> There are probably few people more familiar with this tradeoff than
> myself :P. But the browser case is a bit different, because the
> "convenience" features (in my case, at least) themselves have to do with
> security. Using the latest official Mozilla browser means trusting
> their built-in defenses are as good as my current plugin based ones.
> And I have doubts about that.
If you speak about defenses like noscript, there are safer variants
available. I guess the usage of the already mentioned user.js
(of course adapted to your needs) together with current Webextensions
noscript, ublock-origin, and https-everywhere (maybe for privacy
also coupled with decentraleyes, duckduckgo{-privacy-esesntials},
canvasblocker, skip-redirect) does protect you more than using
old versions of these packages.
Not to speak about freshly found security holes.
> This is a tangent from the thread topic, but there is another
> inconvenience of modern FF that keeps me from re-adopting it: font
> rendering.
I do not have experience with this, but there is also a lot
customizable in user.js (i.e. about:config). I guess you have
to switch off (or on) some hardware acceleration. There is also
a rich "themes" API which might contain relevant options.
However, as mentioned, I have no experience with all this.
