Firefox Security Extensions, Mobile payments, CGN

  • Lots of talk about different mobile payment applications. First of all, contactless cards are really nice and fast. Generally much better than any app. Secondly some of the apps add only extra fees compared to cards. Thirdly, I don't need any extra apps for P2P money transfers, because banks work just fine. All you need to give is your account number and that's it, it's global and works trivially. Also bank transfer latencies are currently quite small, ie. next day, which is more than enough for small transfers. Many of the P2P transfer apps aren't used by many and are incredible bloat junk apps. - Would I like to use P2P transfers? Yeah, why not. As example siirto is pretty perfect. It's basically just adds option to request money, instead of only sending, and on top of that, it allows linking your bank-account to phone number. Big deal? Just as well you can save the banking details (IBAN) / contact if you regularly / repeatedly transfer money.
  • It seems that many 4G and 5G mobile operators are now pushing users behind CGNAT / CGN which basically blocks all inbound connections, makes multiple users to share single IP address as well as naturally blocks all possibilities of port forwarding. This is exactly why IPv4 must die and IPv6 should be already usable, because with IPv6 this is not a problem at all. Each device gets it's own public IP (v6) and that's it. Does it make any sense to say broadband or data anymore? No, that's why I left those words out. It also seems that DNA is the only operator which got properly working Reverse DNS (rDNS) working with IPv6. Elisa and Telia both simply fail.

Some Firefox browser security extensions (add-ons) worth of mentioning

  • NoHTTP - Blocks HTTP requests. Much better and more generic solution than the HTTPS Everywhere. Yet HTTPS Everywhere now supports EASE mode, where everything is encrypted and whitelist is required for sites, which aren't using HTTPS. So it reverses how the HTTPS Everywhere worked earlier. This is really good stuff.
  • uMatrix - Block / allow requests by class / domain. Awesome.
  • Temporary Containers - This is actually just the feature I've been asking for years. You can isolate tabs and sites from each other. Why site X should know that I'm logged to site Y. Of course it shouldn't. First of all site X sucks, because they're asking for this. But my browser would suck even more if it would tell about that fact. This fixes the issue with browser. Classic examples are cancer and spy sites like Google, Facebook and Twitter. Only site which needs to know about that, is the site itself. If someone is silly enough to use those services. There's still no need to tell about that to any other sites, or report usage of any other sites to those privacy invading clandestine sites.
  • Multi-Account Containers - Similar feature set, bit different implementation. Requires FF 67 and wasn't as good (bit too simple for my use cases) as the Temporary Containers.
  • ClearURLs - Removes tracking elements from URLs. I always laugh when I see t.co tracking redirect crap or clandestine fbclid spyware junk URLs somewhere.
  • CanvasBlocker - Blocks some APIs used for Browser Fingerprinting. - I think TorBrowser warned separately about Canvas Fingerprinting at some time. But haven't seen that warning lately.
  • uBlock Origin - The classic AdBlocker, great pregenerated lists, requires very little tuning.
  • Privacy Badger - Blocks lots of mass tracking the web, good default config.
  • Some people also recommend tools to clear cookies and stuff. But I don't know what's the point. It's just much better to discard all session data from browser. So every start is totally clean. There's no point of just deleting cookies or so. Because as example cache can be efficiently used to track sessions using etags etc. To see if object is cached and so on.

2020-06-21