Ian Zimmerman <i...@very.loosely.org> wrote: > On 2018-03-31 08:18, Martin Vaeth wrote: > >> As usual, there is the balance >> "convenience" (old plugins) <-> "security". >> In the beginning (say, until firefox-52 is no longer supported >> upstream), there is a certain choice. But after that staying on the >> "convenience" side is not sane anymore. > > There are probably few people more familiar with this tradeoff than > myself :P. But the browser case is a bit different, because the > "convenience" features (in my case, at least) themselves have to do with > security. Using the latest official Mozilla browser means trusting > their built-in defenses are as good as my current plugin based ones. > And I have doubts about that.
If you speak about defenses like noscript, there are safer variants available. I guess the usage of the already mentioned user.js (of course adapted to your needs) together with current Webextensions noscript, ublock-origin, and https-everywhere (maybe for privacy also coupled with decentraleyes, duckduckgo{-privacy-esesntials}, canvasblocker, skip-redirect) does protect you more than using old versions of these packages. Not to speak about freshly found security holes. > This is a tangent from the thread topic, but there is another > inconvenience of modern FF that keeps me from re-adopting it: font > rendering. I do not have experience with this, but there is also a lot customizable in user.js (i.e. about:config). I guess you have to switch off (or on) some hardware acceleration. There is also a rich "themes" API which might contain relevant options. However, as mentioned, I have no experience with all this.