Ungoogled-chromium: [User discussion] What's Your Best Chrome Extensions

@intika You may want to check the Session Buddy extensions, it does have a Google Analytics tracker inside it. I removed it because of that

For me:

• Ublock origin and its sibling extension Ublock origin extra
• Umatrix (to control near everything a webpage loads, from web requests and scripts to images)
• ScriptSafe (disable or control fingerprinting of Canvas/Audio/Plugins/ClientRect access features of each website)
• Decentraleyes (avoid re-fetching common javascript libraries, kinda useless as ublock origin begins to do it on its own)
• WebScrobbler (scrobbles to lastfm from common streaming platfrom, lets you disable its google analytics tracker, and is available on github)

Some additions which might be interesting:

• Nano Defender - Unbreaks sites which lock out users of ad-blockers
• Skip Redirect - Skips requests to intermediary pages
• Neat URL - Removes common unwanted parameters from URLs

@intika You may want to check the Session Buddy extensions, it does have a Google Analytics tracker inside it. I removed it because of that

Thanks for the info i did reviewed-and-edited all my firefox extensions but did not have the time to do it for chrome yet...

I'll patch that extension to remove privacy related stuff (i dont know any other session extension as good as this one) i'll upload patched version here when i do ;) as you may be interested ;)

That's a cool topic, to report what extensions is not clean... i'll do that when i will tackle this todo :)

@xsmile Didn't know about these ones, and I always thought about doing one myself, so thank you for these additions !

@intika This is something I would gladly re-download if it were cleaned :) But I don't know if it would be possible as it seems to not be open source, and copyrighted without any trace of legal agreements or privacy policy :/

This is something I would gladly re-download if it were cleaned :) But I don't know if it would be possible as it seems to not be open source, and copyrighted without any trace of legal agreements or privacy policy :/

Can extensions be closed source ? i saw some that used some js masking but js is always reversible am not aware that we could use binary in extensions... now when it come to copyright, they did not ask to copy my private information lool... but i guess they are just analyzing who use the extension...

FYI, the User Resources page on the Wiki has a section for useful extensions. Feel free to submit a PR (according to the guidelines outlined in that section).

Hopefully some of the following might help:-

• HTTPS Everywhere - By eff.org, leading internet privacy body, but @intika made very interesting points and he offered an excellent alternative. Thanks @intika! (Anyway, some valued webpage (directory.shoutcast.com :persevere:!) didn't work for me, unfortunately, if I remember correctly, with "#enable-potentially-annoying-security-features" flag enabled.)
• Privacy Badger - By eff.org.
• uBlock Origin
• Translation Comparison - select text; then click on toolbar icon for 3 translations (including google translate... or customize number) or right-click.
• Selection Context Search - small.
• Dark Night Mode - small, doesn't seem to 'phone home' and may not invert colours on videos.
• Disable HTML5 Autoplay - by @Eloston.

• directory.shoutcast.com

Nice i use to play shoutcast all the time before spotify came in... indeed it does not work with https because the stream is coming from an unencrypted location (proof that HTTPs Everywhere is still not working as expected) it is what it is some services just don't use encryption
Note that i did not yet reviewed the code of the extensions that i am listing...

• Dark new tab clean dark new tab

• Adjust-screen-brightness

• Notifier-for-github

• Simpleextmanager easily disable/enable/remove extensions

Disable HTML5 Autoplay - by @Eloston.

I'm flattered that you'd suggest this, but there are caveats. It works fine for the most part, but there are a number of sites where it just doesn't work well or at all. In fact, there are several cases where it can cause the website to severly misbehave, such as unbounded memory growth or a busy loop. However, you can workaround this with a whitelist/blacklist.

• uBlock origin
• uMatrix
• HTTPS Everywhere

Disable HTML5 Autoplay

Doesn't chrome://flags/#autoplay-policy control this?

Doesn't chrome://flags/#autoplay-policy control this?

Yes but not if the site force autoplay with some script

Can people get extensions to install in ungoog chrome? I cant get the url on this page to work at all, https://ungoogled-software.github.io/ungoogled-chromium-wiki/faq#can-i-install-extensions-from-the-chrome-webstore.
I keep getting invalid appID, i tried including the [ ] and not including them, tried including the "id=" bit and not including it, tried multiple extensions and even tried pasting the modified url into chrome but always invalid appID.

Can people get extensions to install in ungoog chrome?

This is off-topic. Please file a new issue. There you should put which URL you're trying to use.

Hi @memeticks!
In case it can help you, a quick way IMHO to install extensions with ungoogled-chromium v70.0 (and v69 too, if I remember correctly, in my experience) is to let the browser install it for you by setting up a custom search engine for extension installation. Looking through the link you posted, to _"set up the custom search engine"_, you should modify the 'template CRX URL', as described in the FAQ, with the browser (basic) version number; and replace [EXTENSION ID] with %s (the term you use to create engines in typical chromium browsers). Therefore...

https://clients2.google.com/service/update2/crx?response=redirect&acceptformat=crx2,crx3&prodversion=[VERSION]&x=id%3D[EXTENSION_ID]%26installsource%3Dondemand%26uc

...should look as follows for ungoogled-chromium v70.0:

https://clients2.google.com/service/update2/crx?response=redirect&acceptformat=crx2,crx3&prodversion=70.0&x=id%3D%s%26installsource%3Dondemand%26uc
Next, you could set the flag to download the extension as suggested in the next sentence ("Then, set chrome://flags/#extension-mime-request-handling to Download as regular file"), and then install it as described there.

The next paragraph in the FAQ, entitled "Installing the CRX file", offers a very helpful and quicker solution in my experience: "Change the flag chrome://flags/#extension-mime-request-handling to Always prompt for install". Relaunch the browser. Add the search engine under chrome://settings/. For example, call it 'Installextension', and set a _search key_ - 'i', say. Then, in the location bar, type an 'i' and press tab. _Installextension_ should then appear as the 'search mode'. Paste the extension ID for the extension that you found earlier in the Chrome Store (as described in the FAQ); and press 'enter'. It should prompt you to accept the extension.

It is good practice the turn the flag back to Default for security.

Apologies for the off topic, and thanks a mill jlj2 for your help. Not sure what I was doing wrong yesterday but I got it to work today thanks to your examples and I now have my ublock and common hangouts installed and working perfectly.
Thanks all!

hmm, after I read this discussion, I think I should reconsider my extension. But my must have extension is The Great Suspender.

The extension I used before is:

• The Great Suspender - saves memory when opening stupid amount of tabs
• Adguard Adblocker **)
• Poper Blocker (probably should change, but not sure what to change to) **)
• No Script
• xdman helper for my download manager

EDIT: @anchev
Do you check the source code?
No I didn't even understand the source even though we can see it.
if no: Do you simply follow recommendations?
Sometimes, most of the times I just search random extension by the function I want.
Do you trust an extension based on what many people trust?
No I don't trust somethings because many people do. But I still install it because I think I need those extensions **) and I can't find more legit choice.

Considering that so many extensions request significant access rights a relevant question when talking about "best" seems to be: How do you decide whether you can grant those rights to an extension or not?

Do you check the source code?

• If yes: How exactly? Are you doing it line by line for all files or are you looking for a particular pattern in specific files?
• If no: Do you simply follow recommendations?

Do you trust an extension based on what many people trust?

And the dangers of that. (considering so many people use all kind of spyware without even knowing)

@anchev I think there is some good ways to avoid most nefarious or dangerous extensions:

• Never install from the chrome web store, install directly from source (github/gitlab etc..), this will avoid auto-updates with unforseen code added (this could happen even with a good willed developper, if his chrome web store account has been accessed by someone else, to push a nefarious update)
• Try to avoid team based developped extensions, this seems to be counter-productive (as in security, the more person is behind a product, the more it might gain legitimity).
  But extensions are only monkey-patchs on existing webpages, so there is no stability on the working state of the code base.
  This incitate team based extensions to build metrics on its working state, and indirectly its user-base.
• And unfortunaly, the already developpers are more armed to go through the code base to watch for suspect urls, suspect unicode characters, or suspect mimified code ..

@pegasusearl - when the answer is before the question it looks weird :)

Never install from the chrome web store, install directly from source (github/gitlab etc..), this will avoid auto-updates with unforseen code added

But UC is "immune" to that, so it is not a real issue.

My recent findings:

The command line option:

disables mixed content.

The following flag does the same + it enforces a non-HTTPS warning in address bar:

chrome://flags/#enable-potentially-annoying-security-features

As you may know uMatrix can also block mixed requests.

So these practically make HTTPS Everywhere not necessary. The only thing which these 2 options don't do is to enforce secure requests but that may break loading (just like with HTTP-E) and is generally a thing which the website itself should fix, not the client.