Month: May 2016

  • The Google browser

    Looks like I’ve failed to mention that alongside the disposable Firefox I’m now using a regular Chrome window for all things Google. That means my Gmail, Google Calendar, Google+, some of my Hangouts use and age-verification requiring YouTube-viewing now happens within that profile.

    This has freed me from having to sign in to Google in the disposable Firefox. It was a bit of hassle because of 2FV, but to be honest, I’m sure I could have lived with it; what I think this was more about was the satisfaction from dividing the uses between the two browsers: Google’s browser for the Googly stuff, disposable Firefox for everything else.

    I’m still using Android on the mobile side, and prefer to use Chrome there because pretending to gain any privacy from alternatives would be just that, pretense. So the divide on the desktop follows this reasoning, to maintain the strong mental association of Google’s services to Google’s browser. I also picked Chrome proper instead of Chromium for this reason: I don’t see any point in pretending to be safe from Google’s prying eyes when using their services, signed in.

    There’s one (perhaps notable) exception among those services: if I use Google to search things, I use Firefox. For me, search benefits from my being signed in mostly only on the mobile (where I do often want to repeat earlier searches to save typing), on the desktop not so much. And on the desktop, searching on Google proper is the exception for me, I usually just use Startpage.

    On Chrome’s side (on the desktop), my use is pretty strictly limited to the Google services I listed. That means that any external links within those services I will copy and paste into a Firefox instance. Thankfully, of those services, Hangouts is currently the only one using redirect URLs causing some extra hassle. The same issue is much more severe on Twitter, which goes to irritating lengths to obscure the original addresses behind their stupid shortening service. It’s one of those issues I previously would have fixed simply by installing an add-on, but now have to contemplate whether those links are worth manually decrypting, or even the site worth browsing at all because of the irritation that it causes.

    I should also mention that I’ve extended the disposable profile idea to Chrome, so that I can launch a disposable Chrome window (alongside the main profile) from Unity’s launcher. (Unlike Ubuntu’s Chromium package, the Google-provided .desktop for Chrome did not provide this function out of the box.) This is mainly to have a browser with Adobe Flash for the few remaining sites I still occasionally deem worth having it on (I can only think of one off the top of my head).

  • HTTPS, HTTPS Everywhere

    During this past week (IIRC, could have also been last week) I installed the first two add-ons to my disposable Firefox profile: the first was HTTPS Everywhere (from the EFF), the second was HTTPS By Default. Both installations started out as experiments, but there have been no issues and so I’m going to continue with them for the time being.

    HTTPS Everywhere goes slightly against my starting premise of “take sites in as they come, or stop using them if they’re unbearable as such”. But in theory, it shouldn’t influence the end-user experience very much, so I should still feel equally at home in other casual setups I might be using the web on. The add-on should just help to give me slightly better privacy when at home without me having to think about it.

    HTTPS By Default, by contrast, does not go against the premise. Although I will be using HTTPS on some sites I’d be using over plain HTTP outside home (due to failing to remember to explicitly request for https://), the purpose here for me is just the opposite: to become aware of sites that fail to present themselves over https, by forcing me to explicitly request them over http://. (The add-on causes such sites to fail hard when requested without a protocol.)

    Installing these two add-ons was prompted by my successful deployment of Let’s Encrypt on my own sites, which means I no longer have to make exceptions for them. Those exceptions would have been pretty big as my sites make up a big portion of my web use.

    (Sidebar: I didn’t realize it had been such a long while since the last post, but the fact that I had trouble remembering the blog’s name should have been a hint. But for this blog, “no news is good news” basically holds true; it means my setup continues to Just Work.)