How can I get rid of all Firefox plugins for safety reasons?

[Jim Benson]

What can I do to get rid of all my firefox browser plugins?

1. At www.panopticlick.eff.org I find I'm unique!
But I do NOT wish to be anywhere near unique.

2. Part of the problem is my set of browser plugins.
http://i58.tinypic.com/6ht1z7.jpg

3. Yet, I've NEVER even installed a single plugin!
http://i60.tinypic.com/5lz3wl.jpg

4. I'm running Firefox 33.0, which is standard for Ubuntu.
http://i58.tinypic.com/2l8j47q.jpg

What can I do to ELIMINATE all these plugins that I never
installed nor did I ask to install so that I can be more
anonymous when using Firefox 33 on Ubuntu 14.04?

[WaltS48]

I think the easiest way would be to uninstall the Mozilla Firefox for Ubuntu., then download and install Firefox for Linux from Mozilla.

Once installed you should only see the OpenH264 Video Codec plugin because it comes with Firefox.

My Firefox for Fedora points to the plugins, but I had to create links to the plugins for my manually installed versions.

The plugins are installed by Ubuntu and should still be on your system in case you need to create a link to one you may need.

[Caver1]

On 11/08/2014 12:56 AM, Jim Benson wrote:

You don't stand out anymore then anyother FF33 user.
If you want to remove the plugins that come with Firefox they are in
/usr/lib/mozilla/plugins in Ubuntu. In windows I don't know. You type
_about:plugins_
in your URL box and it will tell you where they all are and what they
are named.
If you delete some of them then you may be more unique.
If you notice the information that your plugins give,
http://i58.tinypic.com/6ht1z7.jpg,
Is only about the plugins nothing else. It is your header that gives the
information about your system that give out the information that
fingerprints you more then your plugins.
The best way is to give false information in your headers. The easiest
way to do that is with the Secret Agent extension,
https://www.dephormation.org.uk/?page=81.
Then your headers will be spoofed.
If the site you go to uses the right php script then Secret Agent wont
work as only parts of your useragent can be spoofed and you can still
use the internet. Most sites don't use the correct script.
I have found that if you don't use Javascript your plugins don't show up
at panopticlick. But again it's not your plugins that you have to worry
about.

--
Caver1

[J. P. Gilliver (John)]

In message
<mailman.2747.141542625...@lists.mozilla.org>, Jim

Benson <james....@nospam.gmail.com> writes:
>What can I do to get rid of all my firefox browser plugins?

Well, under Help (at least in the Windows version) you'll find "Restart
with Add-ons Disabled...", which most people still call safe mode.

>
>1. At www.panopticlick.eff.org I find I'm unique!
> But I do NOT wish to be anywhere near unique.

(My system can't find that domain.)

>
>2. Part of the problem is my set of browser plugins.
> http://i58.tinypic.com/6ht1z7.jpg

Not sure how you generated that list; anyway, under Tools, Add-ons, then
under Extensions, I see all mine have a "Remove" button. Under Plugins,
each has a drop-down that includes "Never Activate".
[]

>4. I'm running Firefox 33.0, which is standard for Ubuntu.
> http://i58.tinypic.com/2l8j47q.jpg

I'm running 25 (-:

>
>What can I do to ELIMINATE all these plugins that I never
>installed nor did I ask to install so that I can be more
>anonymous when using Firefox 33 on Ubuntu 14.04?

Restart in safe mode to try out your uniqueness if that site works for
you; some people would say try a new profile (I think Help >
Troubleshooting > Reset); or totally remove and reinstall. (Each of
these will lose more than the previous.)
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

God, to me, it seems, is a verb, not a noun, proper or improper.
-R. Buckminster Fuller, engineer, designer, and architect (1895-1983)

[Jim Benson]

On Sat, 08 Nov 2014 08:00:48 -0500, WaltS48 wrote:

> My Firefox for Fedora points to the plugins, but I had to create links
> to the plugins for my manually installed versions.

Can you explain this discrepancy (see original screen shots):
1. Tons show up in Panopticlick that don't show up in Firefox.
2. In Firefox, you can't delete the few that do show up!

[Jim Benson]

On Sat, 08 Nov 2014 08:00:48 -0500, WaltS48 wrote:

> Once installed you should only see the OpenH264 Video Codec plugin
> because it comes with Firefox.

Can you explain why MORE plugins show up in Panopticlick than show
up in Firefox?

I can't delete these plugins from the Firefox user interface!

a. First, look at how many plugins show up in Panopticlick
http://i58.tinypic.com/6ht1z7.jpg

b. Then, notice how many show up in Firefox about:plugins
http://i60.tinypic.com/5lz3wl.jpg

Notice two huge discrepancies:
1. Many more show up in Panopticlick than show up in Firefox, and,
2. You can't delete ANYTHING from Firefox anyway

c. Worse: a DIFFERENT number show up in /usr/lib/mozilla/plugins
$ ls /usr/lib/mozilla/plugins
flashplugin-alternative.so
libnpgoogletalk.so
libnpgtpo3dautoplugin.so
libnpo1d.so
librhythmbox-itms-detection-plugin.so
libtotem-cone-plugin.so
libtotem-gmp-plugin.so
libtotem-mully-plugin.so
libtotem-narrowspace-plugin.so

Why don't these three lookup mechanism report the same number of
Firefox plugins?

[Caver1]

On 11/08/2014 08:00 AM, WaltS48 wrote:
> On 11/08/2014 12:56 AM, Jim Benson wrote:
>> What can I do to get rid of all my firefox browser plugins?
>>
>> 1. At www.panopticlick.eff.org I find I'm unique!
>> But I do NOT wish to be anywhere near unique.
>>
>> 2. Part of the problem is my set of browser plugins.
>> http://i58.tinypic.com/6ht1z7.jpg
>>
>> 3. Yet, I've NEVER even installed a single plugin!
>> http://i60.tinypic.com/5lz3wl.jpg
>>
>> 4. I'm running Firefox 33.0, which is standard for Ubuntu.
>> http://i58.tinypic.com/2l8j47q.jpg
>>
>> What can I do to ELIMINATE all these plugins that I never
>> installed nor did I ask to install so that I can be more
>> anonymous when using Firefox 33 on Ubuntu 14.04?
>
> I think the easiest way would be to uninstall the Mozilla Firefox for
> Ubuntu., then download and install Firefox for Linux from Mozilla

> <https://www.mozilla.org/en-US/firefox/all/>.

>
> Once installed you should only see the OpenH264 Video Codec plugin
> because it comes with Firefox.
>
> My Firefox for Fedora points to the plugins, but I had to create links
> to the plugins for my manually installed versions.
>
> The plugins are installed by Ubuntu and should still be on your system
> in case you need to create a link to one you may need.
>

He will have to purge Firefox or the Linux version of Firefox will still
load the plugins that he now has installed.

--
Caver1

[Caver1]

On 11/08/2014 07:50 AM, J. P. Gilliver (John) wrote:
> In message
> <mailman.2747.141542625...@lists.mozilla.org>, Jim
> Benson <james....@nospam.gmail.com> writes:
>> What can I do to get rid of all my firefox browser plugins?
>
> Well, under Help (at least in the Windows version) you'll find "Restart
> with Add-ons Disabled...", which most people still call safe mode.
>>
>> 1. At www.panopticlick.eff.org I find I'm unique!
>> But I do NOT wish to be anywhere near unique.
>
> (My system can't find that domain.)

Try removing the www. off of the link or do a search for
panopticlik.eff.org and click on the link that the search gives you.

>> 2. Part of the problem is my set of browser plugins.
>> http://i58.tinypic.com/6ht1z7.jpg
>
> Not sure how you generated that list; anyway, under Tools, Add-ons, then
> under Extensions, I see all mine have a "Remove" button. Under Plugins,
> each has a drop-down that includes "Never Activate".
> []

Extensions have the remove option plugins don't.

>> 4. I'm running Firefox 33.0, which is standard for Ubuntu.
>> http://i58.tinypic.com/2l8j47q.jpg
>
> I'm running 25 (-:
>>
>> What can I do to ELIMINATE all these plugins that I never
>> installed nor did I ask to install so that I can be more
>> anonymous when using Firefox 33 on Ubuntu 14.04?
>
> Restart in safe mode to try out your uniqueness if that site works for
> you; some people would say try a new profile (I think Help >
> Troubleshooting > Reset); or totally remove and reinstall. (Each of
> these will lose more than the previous.)
>


--

Caver1

[Caver1]

There is no discrepancy. Both places show the same plugins. The only
difference is that Panopticlick doesn't show the H264 plugin because you
have it disabled.
To delete them if you want to go to /usr/lib/mozilla/plugins and delete
them, as root.
If you don't want to do that just go to Tools>Addons>Plugins and choose
to either Ask to Activate or Never Activate. That way you don't have to
reinstall them if you find you want one of them.

--
Caver1

[WaltS48]

On 11/08/2014 07:50 AM, J. P. Gilliver (John) wrote:

In message <mailman.2747.141542625...@lists.mozilla.org>, Jim Benson <james....@nospam.gmail.com> writes:

What can I do to get rid of all my firefox browser plugins?

Well, under Help (at least in the Windows version) you'll find "Restart with Add-ons Disabled...", which most people still call safe mode.

Safe mode doesn't disable plugins only extensions, themes and hardware acceleration, and Jim wants to get rid of the plugins..

"A plugin is a piece of software that manages Internet content that Firefox is not designed to process"

[Use plugins to play audio, video, games and more | Firefox Help](https://support.mozilla.org/en-US/kb/use-plugins-play-audio-video-games#w_what-are-plugins)

All fall under the Add-ons umbrella. [Frequently Asked Questions :: Add-ons for Firefox](https://addons.mozilla.org/en-US/faq)

[Caver1]

On 11/08/2014 08:37 AM, Jim Benson wrote:
> On Sat, 08 Nov 2014 08:00:48 -0500, WaltS48 wrote:
>
>> Once installed you should only see the OpenH264 Video Codec plugin
>> because it comes with Firefox.
>
> Can you explain why MORE plugins show up in Panopticlick than show
> up in Firefox?
>
> I can't delete these plugins from the Firefox user interface!
>
> a. First, look at how many plugins show up in Panopticlick
> http://i58.tinypic.com/6ht1z7.jpg

In this image count the plugins that are shown.

> b. Then, notice how many show up in Firefox about:plugins
> http://i60.tinypic.com/5lz3wl.jpg

Then count the plugins here.

> Notice two huge discrepancies:
> 1. Many more show up in Panopticlick than show up in Firefox, and,
> 2. You can't delete ANYTHING from Firefox anyway

The count is one more as you have one disabled so Panopticlick can't see it.

> c. Worse: a DIFFERENT number show up in /usr/lib/mozilla/plugins
> $ ls /usr/lib/mozilla/plugins
> flashplugin-alternative.so
> libnpgoogletalk.so
> libnpgtpo3dautoplugin.so
> libnpo1d.so
> librhythmbox-itms-detection-plugin.so
> libtotem-cone-plugin.so
> libtotem-gmp-plugin.so
> libtotem-mully-plugin.so
> libtotem-narrowspace-plugin.so
>
> Why don't these three lookup mechanism report the same number of
> Firefox plugins?
>

Go to about:plugins and see where the Google Talk plugin is stored. It
is obviously stored somewhere else. Programs don't always install their
plugins in /usr/lib/mozilla/plugins.

--
Caver1

[WaltS48]

On 11/08/2014 08:37 AM, Jim Benson wrote:

On Sat, 08 Nov 2014 08:00:48 -0500, WaltS48 wrote:

Once installed you should only see the OpenH264 Video Codec plugin
because it comes with Firefox.

Can you explain why MORE plugins show up in Panopticlick than show
up in Firefox?

No idea. I never have been to the site except to see what everyone is complaining about. Honestly I  could care less what it shows.

I can't delete these plugins from the Firefox user interface!

I already explained how you can do that.

a. First, look at how many plugins show up in Panopticlick
    http://i58.tinypic.com/6ht1z7.jpg

b. Then, notice how many show up in Firefox about:plugins
     http://i60.tinypic.com/5lz3wl.jpg 

Hmmm, yes very interesting.

Notice two huge discrepancies:
1. Many more show up in Panopticlick than show up in Firefox, and, 
2. You can't delete ANYTHING from Firefox anyway.

Well, if you don't want to do what I already suggested to remove the plugins, you could try to rename the .so files. Firefox shouldn't see them if you do that.

For example rename /usr/lib/mozilla/plugins/flashplugin-alternative.so to something like noflashplugin-alternative.so and see if the Flash plugin still appears in your Firefox. If it doesn't then you can rename the rest.

You could also go to your System Management application and try uninstalling the plugins from your system.

I don't know Ubuntu so can't be any help there.

 

c. Worse: a DIFFERENT number show up in /usr/lib/mozilla/plugins
   $ ls /usr/lib/mozilla/plugins
     flashplugin-alternative.so
     libnpgoogletalk.so
     libnpgtpo3dautoplugin.so
     libnpo1d.so
     librhythmbox-itms-detection-plugin.so
     libtotem-cone-plugin.so
     libtotem-gmp-plugin.so
     libtotem-mully-plugin.so
     libtotem-narrowspace-plugin.so

Why don't these three lookup mechanism report the same number of
Firefox plugins?

When did I become an expert? I dunno.

[WaltS48]

Then he should switch to openSUSE or Fedora which don't load the plugins in versions downloaded and installed from Mozilla. I had to create a symbolic link to the plugin folder on my new Fedora 21 Beta system which is located at /usr/lib64/mozilla/plugins/.

[Caver1]

On 11/08/2014 09:36 AM, WaltS48 wrote:
> On 11/08/2014 08:37 AM, Jim Benson wrote:
>> On Sat, 08 Nov 2014 08:00:48 -0500, WaltS48 wrote:
>>
>>> Once installed you should only see the OpenH264 Video Codec plugin
>>> because it comes with Firefox.
>> Can you explain why MORE plugins show up in Panopticlick than show
>> up in Firefox?
>
> No idea. I never have been to the site except to see what everyone is
> complaining about. Honestly I could care less what it shows.
>
>> I can't delete these plugins from the Firefox user interface!
>
> I already explained how you can do that.
>
>> a. First, look at how many plugins show up in Panopticlick
>> http://i58.tinypic.com/6ht1z7.jpg
>>

>> b. Then, notice how many show up in Firefoxabout:plugins

>> http://i60.tinypic.com/5lz3wl.jpg
>
> Hmmm, yes very interesting.
>
>> Notice two huge discrepancies:
>> 1. Many more show up in Panopticlick than show up in Firefox, and,
>> 2. You can't delete ANYTHING from Firefox anyway.

> Well, if you don't want to do what I already suggested to remove the
> plugins, you could try to rename the .so files. Firefox shouldn't see
> them if you do that.
>
> For example rename /usr/lib/mozilla/plugins/flashplugin-alternative.so
> to something like noflashplugin-alternative.so and see if the Flash
> plugin still appears in your Firefox. If it doesn't then you can rename
> the rest.

This is a better option. It would be easier to just disable them in
Firefox's Addon Manager

> You could also go to your System Management application and try
> uninstalling the plugins from your system.

Not all of Firefox's stock plugins show up in the package manager.

> I don't know Ubuntu so can't be any help there.
>
>> c. Worse: a DIFFERENT number show up in /usr/lib/mozilla/plugins
>> $ ls /usr/lib/mozilla/plugins
>> flashplugin-alternative.so
>> libnpgoogletalk.so
>> libnpgtpo3dautoplugin.so
>> libnpo1d.so
>> librhythmbox-itms-detection-plugin.so
>> libtotem-cone-plugin.so
>> libtotem-gmp-plugin.so
>> libtotem-mully-plugin.so
>> libtotem-narrowspace-plugin.so
>>
>> Why don't these three lookup mechanism report the same number of
>> Firefox plugins?
>>
>
> When did I become an expert? I dunno.
>

--
Caver1

[WaltS48]

This is probably true but wouldn't the symbolic link to it be in the /mozilla/plugins folder? How would Firefox know where to look unless the Ubuntu build adds code to Firefox to point to other locations.

My Fedora 21 Beta KDE desktop spin has a /usr/lib64/mozilla/plugins folder and a /usr/lib64/flash-plugin folder with a symbolic link in the mozilla/plugins folder, pointing to the flashplayer-plugin.so file in the flash-plugin folder.

[Caver1]

In Ubuntu that is automatically taken care of.
He doesn't have the problem he thinks he has. He just looked at the
verbose output that Panopticlick showed and thinks that it shows more
plugins than he has. He didn't take time to look at it to see what it
actually shows.
He also said he didn't install any plugins but he doesn't realize that
when he installed Google Talk it installed a plugin.
He needs to learn what his system does and what the consequences of his
actions are and to take time to actually look at something to see what
it actually is.

--
Caver1

[Caver1]

On 11/08/2014 09:59 AM, WaltS48 wrote:
> On 11/08/2014 09:27 AM, Caver1 wrote:
>> On 11/08/2014 08:37 AM, Jim Benson wrote:
>>> On Sat, 08 Nov 2014 08:00:48 -0500, WaltS48 wrote:
>>>
>>>> Once installed you should only see the OpenH264 Video Codec plugin
>>>> because it comes with Firefox.
>>> Can you explain why MORE plugins show up in Panopticlick than show
>>> up in Firefox?
>>>
>>> I can't delete these plugins from the Firefox user interface!
>>>
>>> a. First, look at how many plugins show up in Panopticlick
>>> http://i58.tinypic.com/6ht1z7.jpg
>> In this image count the plugins that are shown.
>>

>>> b. Then, notice how many show up in Firefoxabout:plugins

>>> http://i60.tinypic.com/5lz3wl.jpg
>> Then count the plugins here.
>>
>>> Notice two huge discrepancies:
>>> 1. Many more show up in Panopticlick than show up in Firefox, and,
>>> 2. You can't delete ANYTHING from Firefox anyway
>> The count is one more as you have one disabled so Panopticlick can't see it.
>>
>>> c. Worse: a DIFFERENT number show up in /usr/lib/mozilla/plugins
>>> $ ls /usr/lib/mozilla/plugins
>>> flashplugin-alternative.so
>>> libnpgoogletalk.so
>>> libnpgtpo3dautoplugin.so
>>> libnpo1d.so
>>> librhythmbox-itms-detection-plugin.so
>>> libtotem-cone-plugin.so
>>> libtotem-gmp-plugin.so
>>> libtotem-mully-plugin.so
>>> libtotem-narrowspace-plugin.so
>>>
>>> Why don't these three lookup mechanism report the same number of
>>> Firefox plugins?
>>>

>> Go toabout:plugins and see where the Google Talk plugin is stored. It

>> is obviously stored somewhere else. Programs don't always install their
>> plugins in /usr/lib/mozilla/plugins.
>>
>
> This is probably true but wouldn't the symbolic link to it be in the
> /mozilla/plugins folder? How would Firefox know where to look unless the
> Ubuntu build adds code to Firefox to point to other locations.

You're right I forgot about the link. He would have to delete the link
for the plugin. Only would have to rename the link to temporarily
disable the plugin. I don't know if added plugins always have a link in
/mozilla/plugins or not.
Firefox's H264 plugin is stored in
/home/<user>/mozilla/firefox/<profile> with no link in
/usr/lib/mozilla/plugins. Evidently plugins don't have to have a link
there.

> My Fedora 21 Beta KDE desktop spin has a /usr/lib64/mozilla/plugins
> folder and a /usr/lib64/flash-plugin folder with a symbolic link in the
> mozilla/plugins folder, pointing to the flashplayer-plugin.so file in
> the flash-plugin folder.
>

I'm using Ubuntu 14.04x64 Unity. I have no /usr/lib64 directory.

--
Caver1

[Jim Benson]

On Sat, 08 Nov 2014 09:27:04 -0500, Caver1 wrote:

> The count is one more as you have one disabled so Panopticlick can't see
> it.

You are correct that I was totally misreading the *number* of plugins
reported by Panopticlick!

It appears each plugin has many entries, but they are preceeded by the
word "Plugin" and a number, starting from zero.

So, Panopticlick is reporting only 8 plugins:
1. DivX
2. Google Talk
3. QuickTime
4. Flash
6. VLC
7. WMP
8. iTunes

Here are the details on those 8 plugins that Panopticlick sees.
---------
Plugin 0: DivX® Web Player; DivX Web Player version 1.4.0.233; libtotem-
mully-plugin.so; (AVI video; video/divx; divx). Plugin 1: Google Talk
Plugin Video Renderer; Version: 5.4.2.0; libnpo1d.so; (Google Talk Plugin
Video Renderer; application/o1d; o1d).
---------
Plugin 2: Google Talk Plugin; Version: 5.4.2.0; libnpgoogletalk.so;
(Google Talk Plugin; application/googletalk; googletalk).
---------
Plugin 3: QuickTime Plug-in 7.6.6; The <a href="http://
www.gnome.org/">Videos</a> 3.10.1 plugin handles video and audio
streams.; libtotem-narrowspace-plugin.so; (QuickTime video; video/
quicktime; mov) (MPEG-4 video; video/mp4; mp4) (MacPaint Bitmap image;
image/x-macpaint; pntg) (Macintosh Quickdraw/PICT drawing; image/x-
quicktime; pict, pict1, pict2) (MPEG-4 video; video/x-m4v; m4v) (HTTP
Live Streaming playlist; application/vnd.apple.mpegurl; m3u8).
---------
Plugin 4: Shockwave Flash; Shockwave Flash 11.2 r202; libflashplayer.so;
(Shockwave Flash; application/x-shockwave-flash; swf) (FutureSplash
Player; application/futuresplash; spl).
---------
Plugin 5: VLC Multimedia Plugin (compatible Videos 3.10.1); The <a
href="http://www.gnome.org/">Videos</a> 3.10.1 plugin handles video and
audio streams.; libtotem-cone-plugin.so; (VLC Multimedia Plugin;
application/x-vlc-plugin; ) (VLC Multimedia Plugin; application/vlc; )
(VLC Multimedia Plugin; video/x-google-vlc-plugin; ) (Ogg multimedia
file; application/x-ogg; ogg) (Ogg multimedia file; application/ogg; ogg)
(Ogg Audio; audio/ogg; oga) (Ogg Audio; audio/x-ogg; ogg) (Ogg Vorbis
audio; audio/x-vorbis+ogg; ogg) (Ogg Video; video/ogg; ogv) (Ogg Video;
video/x-ogg; ogg) (Ogg Theora video; video/x-theora+ogg; ogg) (Annodex
exchange format; application/annodex; anx) (Annodex Audio; audio/annodex;
axa) (Annodex Video; video/annodex; axv) (MPEG video; video/mpeg; mpg,
mpeg, mpe) (WAV audio; audio/wav; wav) (WAV audio; audio/x-wav; wav) (MP3
audio; audio/mpeg; mp3) (NullSoft video; application/x-nsv-vp3-mp3; nsv)
(Flash video; video/flv; flv) (WebM video; video/webm; webm) (Videos
multimedia plugin; application/x-totem-plugin; ) (MIDI audio; audio/midi;
mid, midi).
---------
Plugin 6: Windows Media Player Plug-in 10 (compatible; Videos); The <a
href="http://www.gnome.org/">Videos</a> 3.10.1 plugin handles video and
audio streams.; libtotem-gmp-plugin.so; (AVI video; application/x-
mplayer2; avi, wma, wmv) (ASF video; video/x-ms-asf-plugin; asf, wmv) (AVI
video; video/x-msvideo; asf, wmv) (ASF video; video/x-ms-asf; asf)
(Windows Media video; video/x-ms-wmv; wmv) (Windows Media video; video/x-
wmv; wmv) (Windows Media video; video/x-ms-wvx; wmv) (Windows Media
video; video/x-ms-wm; wmv) (Windows Media video; video/x-ms-wmp; wmv)
(Windows Media video; application/x-ms-wms; wms) (Windows Media video;
application/x-ms-wmp; wmp) (Microsoft ASX playlist; application/asx; asx)
(Windows Media audio; audio/x-ms-wma; wma).
---------
Plugin 7: iTunes Application Detector; This plug-in detects the presence
of iTunes when opening iTunes Store URLs in a web page with Firefox.;
librhythmbox-itms-detection-plugin.so; (; application/itunes-plugin; ).
---------

[Jim Benson]

On Sat, 08 Nov 2014 09:27:04 -0500, Caver1 wrote:

> Go to about:plugins and see where the Google Talk plugin is stored. It
> is obviously stored somewhere else. Programs don't always install their
> plugins in /usr/lib/mozilla/plugins.

You helped a lot with my slowly accreting understanding of plugins!

I see now, from your explanation, that the Firefox plugin situation is
far more confusing than I had thought.

a. Panopticlick lists 8 plugins:
Plugin 0. DivX
Plugin 1. Google Talk Video
Plugin 2. Google Talk
Plugin 3. QuickTime
Plugin 4. Flash
Plugin 5. VLC
Plugin 6. WMP
Plugin 7. iTunes

b. Firefox about:plugins lists 9 plugins:
Plugin 0. DivX (libtotem-mully-plugin.so)
Plugin 1. Google Talk Video (libnpo1d.so)
Plugin 2. Google Talk (libnpgoogletalk.so)
Plugin 3. QuickTime (libtotem-narrowspace-plugin.so)
Plugin 4. Flash (libflashplayer.so)
Plugin 5. VLC (libtotem-cone-plugin.so)
Plugin 6. WMP (libtotem-gmp-plugin.so)
Plugin 7. iTunes (librhythmbox-itms-detection-plugin.so)
Plugin 8. H264 codec (https://github.com/cisco/openh264)

c. The operating system (apparently) puts plugins in 10 places:
Plugin 0: /usr/lib/mozilla/plugins/libtotem-mully-plugin.so
Plugin 1: /usr/lib/mozilla/plugins/libnpo1d.so
Plugin 2: /usr/lib/mozilla/plugins/libnpgoogletalk.so
Plugin 3: /usr/lib/mozilla/plugins/libtotem-narrowspace-plugin.so
Plugin 4: /usr/lib/flashplugin-installer/libflashplayer.so
Plugin 5: /usr/lib/mozilla/plugins/libtotem-cone-plugin.so
Plugin 6: /usr/lib/mozilla/plugins/libtotem-gmp-plugin.so
Plugin 7: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-
plugin.so
Plugin 8: /home/user1/.mozilla/firefox/HASH.default/gmp-
gmpopenh264/1.1/libgmpopenh264.so
Plugin 9: /usr/lib/mozilla/plugins/libnpgtpo3dautoplugin.so

[Jim Benson]

On Sat, 08 Nov 2014 10:02:59 -0500, Caver1 wrote:

> He just looked at the verbose output that Panopticlick showed and thinks
> that it shows more plugins than he has. He didn't take time to look at
> it to see what it actually shows.

Caver is 100% right.
I had NOT understood what Panopticlick was showing me!
Now I do understand.

It showed 8 plugins (even though I have 10 AFAICT).

Here are the details on those 8 plugins that Panopticlick sees.
---------
Plugin 0: DivX® Web Player; DivX Web Player version 1.4.0.233; libtotem-
mully-plugin.so; (AVI video; video/divx; divx).

---------

[Jim Benson]

On Sat, 08 Nov 2014 09:06:28 -0500, Caver1 wrote:

> He will have to purge Firefox or the Linux version of Firefox will still
> load the plugins that he now has installed.

Is this "purging" as simple as deleting the following 10 files?

0. DivX (/usr/lib/mozilla/plugins/libtotem-mully-plugin.so)
1. Google Talk Video (/usr/lib/mozilla/plugins/libnpo1d.so)
2. Google Talk (/usr/lib/mozilla/plugins/libnpgoogletalk.so)
3. QuickTime (/usr/lib/mozilla/plugins/libtotem-narrowspace-plugin.so)
4. Flash (/usr/lib/flashplugin-installer/libflashplayer.so)
5. VLC (/usr/lib/mozilla/plugins/libtotem-cone-plugin.so)
6. WMP (/usr/lib/mozilla/plugins/libtotem-gmp-plugin.so)
7. iTunes (/usr/lib/mozilla/plugins/librhythmbox-itms-detection-
plugin.so)
------
Plus, apparently there are two more *hidden* plugins:
8. H264 (/home/user1/.mozilla/firefox/HASH.default/gmp-
gmpopenh264/1.1/libgmpopenh264.so)
9. ????? (/usr/lib/mozilla/plugins/libnpgtpo3dautoplugin.so)

[Jim Benson]

On Sat, 08 Nov 2014 09:12:03 -0500, Caver1 wrote:

> Extensions have the remove option, plugins don't.

So *that* explains why I can't remove the plugins using
the firefox user interface!

[Jim Benson]

On Sat, 08 Nov 2014 09:19:33 -0500, WaltS48 wrote:

> "A plugin is a piece of software that manages Internet content that
> Firefox is not designed to process"

Apparently, these are my plugins ...

[Jim Benson]

On Sat, 08 Nov 2014 09:19:12 -0500, Caver1 wrote:

> There is no discrepancy. Both places show the same plugins.

You were right. I was wrong.
I agree with you now that I was incorrectly interpreting the results.

But, there *is* still one descrepancy left.
Any idea what plugin #9 below is all about?

[Jim Benson]

On Sat, 08 Nov 2014 09:59:19 -0500, WaltS48 wrote:

> This is probably true but wouldn't the symbolic link to it be in the
> /mozilla/plugins folder? How would Firefox know where to look unless the
> Ubuntu build adds code to Firefox to point to other locations.

The plugins seem to be in three locations:
LOCATION 1: /usr/lib/mozilla/plugins/
LOCATION 2: /usr/lib/flashplugin-installer/
LOCATION 3: ~/.mozilla/firefox/HASH.default/gmp-gmpopenh264/1.1/

How Firefrox knows where to find them is a mystery to me.

[EE]

J. P. Gilliver (John) wrote:

> In message
> <mailman.2747.141542625...@lists.mozilla.org>, Jim
> Benson <james....@nospam.gmail.com> writes:
>> What can I do to get rid of all my firefox browser plugins?
>
> Well, under Help (at least in the Windows version) you'll find "Restart
> with Add-ons Disabled...", which most people still call safe mode.

That is safe mode, which does not disable plugins, just extensions and
themes. If you set plugins in the plugins list in the add-ons window as
"Never activate", that will cause them to disappear from the list of
plugins that panopticlick shows.

[Jim Benson]

On Sat, 08 Nov 2014 13:49:49 -0700, EE wrote:

> That is safe mode, which does not disable plugins, just extensions and
> themes. If you set plugins in the plugins list in the add-ons window as
> "Never activate", that will cause them to disappear from the list of
> plugins that panopticlick shows.

What's the difference between "Never Activate" and "Ask to Activate"?

Mine were set to "Ask to Activate", AFAIK, and they showed up in
Panopticlick anyway. http://i60.tinypic.com/5lz3wl.jpg

When I set them all to "Never Activate", my browser came up as UNIQUE.

So, whats the setting that will make my browser very much NOT unique?

[Jim Benson]

On Sat, 08 Nov 2014 07:51:20 -0500, Caver1 wrote:

> You don't stand out anymore then anyother FF33 user.

I'm unique.

So, which of these should I have kept to be just like everyone else?

0. DivX (/usr/lib/mozilla/plugins/libtotem-mully-plugin.so)
1. Google Talk Video (/usr/lib/mozilla/plugins/libnpo1d.so)
2. Google Talk (/usr/lib/mozilla/plugins/libnpgoogletalk.so)
3. QuickTime (/usr/lib/mozilla/plugins/libtotem-narrowspace-plugin.so)
4. Flash (/usr/lib/flashplugin-installer/libflashplayer.so)
5. VLC (/usr/lib/mozilla/plugins/libtotem-cone-plugin.so)
6. WMP (/usr/lib/mozilla/plugins/libtotem-gmp-plugin.so)
7. iTunes (/usr/lib/mozilla/plugins/librhythmbox-itms-detection-
plugin.so)
------
Plus, apparently there are two more *hidden* plugins:

8. H264 (~/.mozilla/firefox/HASH.default/gmp-gmpopenh264/1.1/
libgmpopenh264.so)
9. ????? (/usr/lib/mozilla/plugins/libnpgtpo3dautoplugin.so)

And, which of these extensions will *improve* privacy?
1. NoScript
2. Random Agent Spoofer
3. Secret Agent

[Good Guy]

On 08/11/2014 22:26, Jim Benson wrote:

So, which of these should I have kept to be just like everyone else?

To tell you frankly, get rid of every plugins and only install those that you might use in the future.

The more plugins you have, the better chance you have to be hacked.  Take my word for it.

[»Q«]

In
<news:mailman.2781.141548566...@lists.mozilla.org>,

Jim Benson <james....@nospam.gmail.com> wrote:

> On Sat, 08 Nov 2014 07:51:20 -0500, Caver1 wrote:
>
> > You don't stand out anymore then anyother FF33 user.
>
> I'm unique.
>
> So, which of these should I have kept to be just like everyone else?
>
> 0. DivX (/usr/lib/mozilla/plugins/libtotem-mully-plugin.so)
> 1. Google Talk Video (/usr/lib/mozilla/plugins/libnpo1d.so)
> 2. Google Talk (/usr/lib/mozilla/plugins/libnpgoogletalk.so)
> 3. QuickTime (/usr/lib/mozilla/plugins/libtotem-narrowspace-plugin.so)
> 4. Flash (/usr/lib/flashplugin-installer/libflashplayer.so)
> 5. VLC (/usr/lib/mozilla/plugins/libtotem-cone-plugin.so)
> 6. WMP (/usr/lib/mozilla/plugins/libtotem-gmp-plugin.so)
> 7. iTunes (/usr/lib/mozilla/plugins/librhythmbox-itms-detection-
> plugin.so)

Probably everyone using your distro has these. Probably most GNOME
users have most of them. There should be some way to use your package
manager to find out which package provides each so file.

> ------
> Plus, apparently there are two more *hidden* plugins:
> 8. H264 (~/.mozilla/firefox/HASH.default/gmp-gmpopenh264/1.1/
> libgmpopenh264.so)
> 9. ????? (/usr/lib/mozilla/plugins/libnpgtpo3dautoplugin.so)

Hidden?

(8) is a codec which Firefox itself downloads and installs. It's
possible to stop that from happening, but most Firefox users have it.

(9) provides video acceleration for Google Talk.

> And, which of these extensions will *improve* privacy?
> 1. NoScript
> 2. Random Agent Spoofer
> 3. Secret Agent

I don't know.

[g]

On 11/08/2014 01:15 PM, Jim Benson wrote:
<<>>

> c. The operating system (apparently) puts plugins in 10 places:
> Plugin 0: /usr/lib/mozilla/plugins/libtotem-mully-plugin.so
> Plugin 1: /usr/lib/mozilla/plugins/libnpo1d.so
> Plugin 2: /usr/lib/mozilla/plugins/libnpgoogletalk.so
> Plugin 3: /usr/lib/mozilla/plugins/libtotem-narrowspace-plugin.so
> Plugin 4: /usr/lib/flashplugin-installer/libflashplayer.so
> Plugin 5: /usr/lib/mozilla/plugins/libtotem-cone-plugin.so
> Plugin 6: /usr/lib/mozilla/plugins/libtotem-gmp-plugin.so
> Plugin 7: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-
> plugin.so
> Plugin 8: /home/user1/.mozilla/firefox/HASH.default/gmp-
> gmpopenh264/1.1/libgmpopenh264.so
> Plugin 9: /usr/lib/mozilla/plugins/libnpgtpo3dautoplugin.so

that is not plugins in 10 places.

it is 8 plugins in 1 place;
/usr/lib/mozilla/plugins/

2 plugins in different places;
/usr/lib/flashplugin-installer/
/home/user1/.mozilla/firefox/

;-)


--

peace out.

in a world with out fences, who needs gates.

tc,hago.

g
.

[WaltS48]

On 11/08/2014 05:26 PM, Jim Benson wrote:

And, which of these extensions will *improve* privacy?
1. NoScript
2. Random Agent Spoofer
3. Secret Agent

See these articles.

[Who on the Internet can see your IP address, and what can they do with it? - gHacks Tech News](http://www.ghacks.net/2014/11/05/who-on-the-internet-can-see-your-ip-address-and-what-can-they-do-with-it/)

[What websites know about you and how to protect yourself - gHacks Tech News](http://www.ghacks.net/2014/11/06/what-websites-know-about-you-and-how-to-protect-yourself/)

[Hide plugins, visited links and WebRTC from websites in Firefox - gHacks Tech News](http://www.ghacks.net/2014/07/11/hide-plugins-visited-links-webrtc-websites-firefox/)

[Ron Hunter]

On 11/7/2014 11:56 PM, Jim Benson wrote:
> What can I do to get rid of all my firefox browser plugins?
>

> 1. At www.panopticlick.eff.org I find I'm unique!
> But I do NOT wish to be anywhere near unique.
>
> 2. Part of the problem is my set of browser plugins.
> http://i58.tinypic.com/6ht1z7.jpg
>
> 3. Yet, I've NEVER even installed a single plugin!
> http://i60.tinypic.com/5lz3wl.jpg
>
> 4. I'm running Firefox 33.0, which is standard for Ubuntu.
> http://i58.tinypic.com/2l8j47q.jpg
>
> What can I do to ELIMINATE all these plugins that I never
> installed nor did I ask to install so that I can be more
> anonymous when using Firefox 33 on Ubuntu 14.04?
>

Plugins are external programs that are installed external to Firefox.
You can locate them, and uninstall them via Programs and Features on
Win7, or the equivalent utility on other versions of Windows. However,
you should know that some of them are part of larger programs that will
then become missing as you uninstalled them. I am no Linux person, but
I am sure you can uninstall programs on Ubuntu also. You may find that
doing so severely limits the functionality of your computer.

[Jim Benson]

On Sat, 08 Nov 2014 22:46:45 +0000, Good Guy wrote:

> To tell you frankly, get rid of every plugins and only install those
> that you might use in the future.
>
> The more plugins you have, the better chance you have to be hacked. Take
> my word for it.

But, when I removed all plugins, I became UNIQUE!

What I wanted was for my plugins to not give me away.

I guess, the *real* question was, which of these are the ones
that *everyone* else has (or which of these are rare)?

0. DivX (/usr/lib/mozilla/plugins/libtotem-mully-plugin.so)
1. Google Talk Video (/usr/lib/mozilla/plugins/libnpo1d.so)
2. Google Talk (/usr/lib/mozilla/plugins/libnpgoogletalk.so)
3. QuickTime (/usr/lib/mozilla/plugins/libtotem-narrowspace-plugin.so)
4. Flash (/usr/lib/flashplugin-installer/libflashplayer.so)
5. VLC (/usr/lib/mozilla/plugins/libtotem-cone-plugin.so)
6. WMP (/usr/lib/mozilla/plugins/libtotem-gmp-plugin.so)
7. iTunes (/usr/lib/mozilla/plugins/librhythmbox-itms-detection-
plugin.so)

8. H264 (~/.mozilla/firefox/HASH.default/gmp-gmpopenh264/1.1/libgmpopenh264.so)
9. Google Talk (/usr/lib/mozilla/plugins/libnpgtpo3dautoplugin.so)

When you type "about:plugins" into firefox, which of
these do you *not* see?

[Jim Benson]

On Sat, 08 Nov 2014 17:02:23 -0600, »Q« wrote:

>> And, which of these extensions will *improve* privacy?
>> 1. NoScript
>> 2. Random Agent Spoofer
>> 3. Secret Agent
>
> I don't know.

1. Noscript

2. Random Agent Spoofer
3. Secret Agent

Is there a good reason that Secret Agent is *not* available
from Mozilla?

https://www.dephormation.org.uk/?page=81

[Jim Benson]

On Sat, 08 Nov 2014 19:41:26 -0600, Ron Hunter wrote:

> I am no Linux person, but
> I am sure you can uninstall programs on Ubuntu also.

I deleted most of the oddball ones, or, at least the
ones I assumed were oddball. For example:

sudo apt-get purge google-talkplugin

[Jim Benson]

On Sat, 08 Nov 2014 21:18:42 -0500, WaltS48 wrote:

> See these articles.

I see various recommendations for these three extensions:

1. Noscript Security Suite
https://addons.mozilla.org/en-US/firefox/addon/noscript/
2. Random Agent Spoofer
https://addons.mozilla.org/en-US/firefox/addon/random-agent-spoofer/
3. Secret Agent
https://www.dephormation.org.uk/?page=81

Two questions:

Q1: Why would SecretAgent *not* be sanctioned by Mozilla?

Q2: Is it ok to install all three extensions at the same time?

[Jim Benson]

On Sat, 08 Nov 2014 09:36:58 -0500, WaltS48 wrote:

> Well, if you don't want to do what I already suggested to remove the
> plugins, you could try to rename the .so files. Firefox shouldn't see
> them if you do that.

Looking at my logs, it seems I had installed the H264 due to this error:

totem-plugin-viewer requires to install plugins to play files of the following types:
• MPEG-4 AAC decoder
• H.264 decoder
$ sudo apt-get install ubuntu-restricted-extras
$ sudo /usr/share/doc/libdvdread4/install-css.sh
$ sudo apt-get -y install w64codecs ubuntu-restricted-extras

So, I'm gonna purge them all, for privacy reasons:
sudo apt-get purge w64codecs ubuntu-restricted-extras

I had never known *these* codec things, which appear to be totally
*unrelated* to Mozilla Firefox, actually hurt Firefox anonymity!

[J. P. Gilliver (John)]

In message
<mailman.2870.141549958...@lists.mozilla.org>,

Thanks for those; interesting.

[Pity "Hide Plugin & Mimetype Identifiers" isn't available for Firefox
25.0.

Is there an archive of older versions (assuming that's the reason) of
plugins, same as there is for versions of Firefox itself?]
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

so long, and thanks for all the fish. (Last message of dolphinkind to mankind
before the demolition of earth - from first series, fit the third.)

[J. P. Gilliver (John)]

In message
<mailman.2781.141548566...@lists.mozilla.org>, Jim
Benson <james....@nospam.gmail.com> writes:
[]

>And, which of these extensions will *improve* privacy?
>1. NoScript

That will stop sites running scripts, as will the less-well-known
YesScript (look at both as they work in different ways).

>2. Random Agent Spoofer
>3. Secret Agent

Those will stop sites seeing which browser you're using.

How much either - stopping scripts and hiding the browser - improve
privacy is for you to decide. As for scripts, quoting from
http://www.ghacks.net/2014/11/06/what-websites-know-about-you-and-how-to-protect-yourself/
: "Scripts can reveal a lot, from the language and system time to screen
resolution, supported plugins, additional persistent storage options for
cookie-like snippets, and everything that is introduced in HTML5." "If
you use NoScript or another script blocker you disable JavaScript as
well. Many sites will work without JavaScript while some won't. You can
whitelist trusted sites on the other hand so that scripts can be
executed on those sites. JavaScript can be disabled completely in the
browser as well. Some HTML5 features, such as Canvas, can be disabled in
some browsers either directly or by using add-ons." (If you go to the
page, "NoScript" and "by using add-ons" are links.)

[PietB]

Caver1 wrote:
> He needs to learn what his system does and what the consequences
> of his actions are and to take time to actually look at something
> to see what it actually is.

Apart from that, there seems to be a lot of confusion about the
"uniqueness" as reported by Panopticlick. At the top of the page
not only says "*appears* to be unique", but it also clearly adds:
"*among the .... tested sofar*". That's just over 4.5 million now.
But even such a big number is a *fraction* of web browser users
worldwide.
And then, what can you do to reduce your perceived "uniqueness"?
According to Panopticlick I'm "unique". Because of my plugins and
because of my systems fonts. Throwing away some fonts might help,
but it would lead to loss of fuctionality of my computer, making
it a non-option. I use a plugin for my bank, and even if I would
uninstall all other plugins, that bank plugin would still make
me "unique". So should I care? No.

-p

[WaltS48]

I highly doubt it since it is installed with Firefox.

[OpenH264 Now in Firefox | Andreas Gal](http://andreasgal.com/2014/10/14/openh264-now-in-firefox/)

"Note: Firefox currently uses OpenH264 only for WebRTC and not for the <video> tag, because OpenH264 does not yet support the high profile format frequently used for streaming video. We will reconsider this once support has been added."

I never cared.

[WaltS48]

They didn't submit it to addons.mozilla.org for review is my guess.

[WaltS48]

On 11/09/2014 02:03 AM, Jim Benson wrote:

On Sat, 08 Nov 2014 21:18:42 -0500, WaltS48 wrote:

See these articles.

I see various recommendations for these three extensions:

1. Noscript Security Suite
   https://addons.mozilla.org/en-US/firefox/addon/noscript/
2. Random Agent Spoofer 
   https://addons.mozilla.org/en-US/firefox/addon/random-agent-spoofer/
3. Secret Agent 
   https://www.dephormation.org.uk/?page=81

Two questions:

Q1: Why would SecretAgent *not* be sanctioned by Mozilla?

It wasn't submitted to addons.mozilla.org for review is my guess.

Q2: Is it ok to install all three extensions at the same time?

Experiment and let us know. I wouldn't use any of them.

[WaltS48]

On 11/09/2014 04:06 AM, J. P. Gilliver (John) wrote:

In message <mailman.2870.141549958...@lists.mozilla.org>, WaltS48 <thali...@EVOMERaim.com> writes:

On 11/08/2014 05:26 PM, Jim Benson wrote:
 And, which of these extensions will *improve* privacy?
 1. NoScript
 2. Random Agent Spoofer
 3. Secret Agent


See these articles.

[Who on the Internet can see your IP address, and what can they do with
it? - gHacks Tech News](
http://www.ghacks.net/2014/11/05/who-on-the-internet-can-see-your-ip-address-and-what-can-they-do-with-it/
)

[What websites know about you and how to protect yourself - gHacks Tech
News](
http://www.ghacks.net/2014/11/06/what-websites-know-about-you-and-how-to-protect-yourself/
)

[Hide plugins, visited links and WebRTC from websites in Firefox -
gHacks Tech News](
http://www.ghacks.net/2014/07/11/hide-plugins-visited-links-webrtc-websites-firefox/
)

Thanks for those; interesting.

[Pity "Hide Plugin & Mimetype Identifiers" isn't available for Firefox 25.0.

Is there an archive of older versions (assuming that's the reason) of plugins, same as there is for versions of Firefox itself?]

Of plugins? Not that I'm aware of.

Of that extension sure. Version 1.1.1

[Caver1]

On 11/08/2014 04:23 PM, Jim Benson wrote:
> On Sat, 08 Nov 2014 13:49:49 -0700, EE wrote:
>
>> That is safe mode, which does not disable plugins, just extensions and
>> themes. If you set plugins in the plugins list in the add-ons window as
>> "Never activate", that will cause them to disappear from the list of
>> plugins that panopticlick shows.
>
> What's the difference between "Never Activate" and "Ask to Activate"?

Never activate disables them. Ask to activate leaves them enabled but
they ask to be used when called upon.

> Mine were set to "Ask to Activate", AFAIK, and they showed up in
> Panopticlick anyway. http://i60.tinypic.com/5lz3wl.jpg
>
> When I set them all to "Never Activate", my browser came up as UNIQUE.
>
> So, whats the setting that will make my browser very much NOT unique?
>

--
Caver1

[Caver1]

On 11/09/2014 02:03 AM, Jim Benson wrote:

> On Sat, 08 Nov 2014 21:18:42 -0500, WaltS48 wrote:
>
>> See these articles.
>
> I see various recommendations for these three extensions:
>
> 1. Noscript Security Suite
> https://addons.mozilla.org/en-US/firefox/addon/noscript/
> 2. Random Agent Spoofer
> https://addons.mozilla.org/en-US/firefox/addon/random-agent-spoofer/
> 3. Secret Agent
> https://www.dephormation.org.uk/?page=81
>
> Two questions:
>
> Q1: Why would SecretAgent *not* be sanctioned by Mozilla?

Secret Agent 's dev never put his creation before Mozilla to have it
sanctioned. You need to read his explanation as to why and what it
does/doesn't do.
I have had no problem with Secret Agent.

> Q2: Is it ok to install all three extensions at the same time?
>

NoScript blocks scripts and can block other things depending on what you
set in NoScript preferences.
Random Agent Spoofer randomizes your useragent
Secret Agent gives you many choices as to what it spoofs,blocks and what
sites, whitelist, when it spoofs, stealth/default/whitelist modes.
It's fine to use Secret Agent and Noscipt at the same time as they serve
different functions.
Random Agent Spoofer does the same thing that just one of Secret Agent
functions.

--
Caver1

[Caver1]

On 11/09/2014 03:36 AM, Jim Benson wrote:

> On Sat, 08 Nov 2014 09:36:58 -0500, WaltS48 wrote:
>
>> Well, if you don't want to do what I already suggested to remove the
>> plugins, you could try to rename the .so files. Firefox shouldn't see
>> them if you do that.
>
> Looking at my logs, it seems I had installed the H264 due to this error:

You didn't install H264 it comes with Firefox33.

> totem-plugin-viewer requires to install plugins to play files of the following types:
> • MPEG-4 AAC decoder
> • H.264 decoder
> $ sudo apt-get install ubuntu-restricted-extras
> $ sudo /usr/share/doc/libdvdread4/install-css.sh
> $ sudo apt-get -y install w64codecs ubuntu-restricted-extras
>
> So, I'm gonna purge them all, for privacy reasons:
> sudo apt-get purge w64codecs ubuntu-restricted-extras
>
> I had never known *these* codec things, which appear to be totally
> *unrelated* to Mozilla Firefox, actually hurt Firefox anonymity!
>

The codecs that H264 uses is for WEBRTC. In Firefox it is for the chat
function (Hello).

--
Caver1

[Caver1]

I agree. I have pointed out to him that total anonymity is not possible.
I also told him to be very careful with deleting system fonts. There are
some that come default with his OS that can be deleted but does he even
know which ones.

--
Caver1

[Jim Benson]

On Sun, 09 Nov 2014 09:09:28 -0500, Caver1 wrote:

> Random Agent Spoofer does the same thing that just one of Secret Agent
> functions.

At the moment, I'm taking all the privacy suggestions (except the one
that suggested I buy a dozen different monitors).

Here are my current extensions, based on the suggestions here:
http://i58.tinypic.com/2czbo05.jpg

[Jim Benson]

On Sun, 09 Nov 2014 09:18:53 -0500, Caver1 wrote:

> I agree. I have pointed out to him that total anonymity is not possible.
> I also told him to be very careful with deleting system fonts. There are
> some that come default with his OS that can be deleted but does he even
> know which ones.

I followed your suggestions and deleted all the fonts that were LOCAL:
a. $HOME/.fonts
b. $HOME/.local/share/fonts

But, I left the fonts that were system:
c. /user/share/fonts

I also installed the suggested Mozilla privacy extensions:
http://i58.tinypic.com/2czbo05.jpg

[EE]

Google Talk is not very common. If you want to ditch one, make it that one.

[Morganna]

If you ditch Google Talk then no more free phone calls with Google.

[EE]

Secret Agent sounds interesting, although it might cause the odd problem
randomizing the user-agent. Disconnect blocks tracking, so that one is
a good idea. Ghostery is an alternative to Disconnect. Also, Adblock
Plus with a subscription to EasyPrivacy as well as EasyList also stops
sites that use web bugs, statistics gathering sites, as well as ads.
Privacy Badger is another extension that stops tracking. RefControl can
be used to stop third-party referers, so that following a link from one
website to another will not tell the destination site where you came from.

[Jim Benson]

On Sun, 09 Nov 2014 16:38:19 -0500, Morganna wrote:

> If you ditch Google Talk then no more free phone calls with Google.

I used Google Talk + Hangouts to turn my iPad into a free phone
(even the SIM card data service is free) but on Linux, it's not
worth the hassle.

$ sudo apt-get purge google-talkplugin

[Jim Benson]

On Sun, 09 Nov 2014 14:45:25 -0700, EE wrote:

> Secret Agent sounds interesting, although it might cause the odd problem
> randomizing the user-agent. Disconnect blocks tracking, so that one is
> a good idea. Ghostery is an alternative to Disconnect. Also, Adblock
> Plus with a subscription to EasyPrivacy as well as EasyList also stops
> sites that use web bugs, statistics gathering sites, as well as ads.
> Privacy Badger is another extension that stops tracking. RefControl can
> be used to stop third-party referers, so that following a link from one
> website to another will not tell the destination site where you came from.

As long as those things are extensions and not plugins, they're probably
ok to install.

Here's what I have, fo suggested Mozilla privacy extensions, to date:
http://i58.tinypic.com/2czbo05.jpg

[WaltS48]

You may be able to use Firefox Hello (aka WebRTC) in Firefox 34 if it doesn't get disabled for the release version. As long as your contacts are using Firefox 34, or a browser that supports WebRTC such as Chrome or Opera.

[»Q«]

In
<news:mailman.2810.141551533...@lists.mozilla.org>,

Jim Benson <james....@nospam.gmail.com> wrote:

> Is there a good reason that Secret Agent is *not* available
> from Mozilla?
>
> https://www.dephormation.org.uk/?page=81

Click the link labelled "FAQ". It's near the top of the page.

[WaltS48]

He asked for a good reason. :-)

So if/when Mozilla implements the signed add-ons proposal that extension should be disabled automatically.

Followup set to m.general

[Desiree]

On 11/9/2014 3:28 AM, WaltS48 wrote:
> On 11/09/2014 04:06 AM, J. P. Gilliver (John) wrote:
>> In message
>> <mailman.2870.141549958...@lists.mozilla.org>,
>> WaltS48 <thali...@EVOMERaim.com> writes:
>>> On 11/08/2014 05:26 PM, Jim Benson wrote:

>>> Â And, which of these extensions will *improve* privacy?
>>> Â 1. NoScript
>>> Â 2. Random Agent Spoofer
>>> Â 3. Secret Agent

>>>
>>>
>>> See these articles.
>>>
>>> [Who on the Internet can see your IP address, and what can they do with
>>> it? - gHacks Tech News](
>>> http://www.ghacks.net/2014/11/05/who-on-the-internet-can-see-your-ip-address-and-what-can-they-do-with-it/
>>>
>>> )
>>>
>>> [What websites know about you and how to protect yourself - gHacks Tech
>>> News](
>>> http://www.ghacks.net/2014/11/06/what-websites-know-about-you-and-how-to-protect-yourself/
>>>
>>> )
>>>
>>> [Hide plugins, visited links and WebRTC from websites in Firefox -
>>> gHacks Tech News](
>>> http://www.ghacks.net/2014/07/11/hide-plugins-visited-links-webrtc-websites-firefox/
>>>
>>> )
>> Thanks for those; interesting.
>>
>> [Pity "Hide Plugin & Mimetype Identifiers" isn't available for Firefox
>> 25.0.
>>
>> Is there an archive of older versions (assuming that's the reason) of
>> plugins, same as there is for versions of Firefox itself?]
>
> Of plugins? Not that I'm aware of.
>
> Of that extension sure. Version 1.1.1

> <https://addons.mozilla.org/en-US/firefox/addon/happy-bonobo-plugins-mimety/versions/?page=1#version-1.1.1>

1.1.1 does not work on Fx24.8 ESR or on PaleMoon 25.0.2. The current
version works on Fx 31.2 ESR. Panopticlick is irrelevant junk now that
they force https. I use a local proxy for all NON https and I hate
https for websites except for banking which I do almost none anymore on
the web. I don't do my taxes on line or really anything that requires
https outside of some logins, sales checkouts, and very little else. I'm
unique at Panopticlick (local proxy headers) but I only know that from
when I used to be able, for many years, to test non-encrypted there. I
don't know when Panopticlick started with the https nonsense. They used
to not do that.

[Jim Benson]

On Sun, 09 Nov 2014 19:59:00 -1000, Desiree wrote:

> I'm unique at Panopticlick (local proxy headers) but I only
> know that from when I used to be able, for many years, to
> test non-encrypted there

I'm not sure how encryption matters, but, is there an easier
way to test that my header rotation is working than panopticlick
(which requires flash, which I've now turned off)?

[Caver1]

Google What is my IP.

--
Caver1

[Jim Benson]

On Mon, 10 Nov 2014 10:06:52 -0500, Caver1 wrote:

> Google What is my IP.

Maybe I misunderstand.
When I go to whatismyipaddress.com, it doesn't tell me header information.

[Caver1]

I thought you wanted to see if your IP was changed. I don't know of any
that will show you your whole header. Google it and see.

--
Caver1

[WaltS48]

He wants safety and you send him to Google?

[Caver1]

Don't know if he knows about any other search engines suck as Start
Page, DuckDuckGo, IXQuick or what ever. Maybe he'll read this and check
into them. :)

--
Caver1

[WaltS48]

DuckDuckGo is now a search option in Firefox 33.1.

[Firefox — Notes (33.1) — Mozilla](https://www.mozilla.org/en-US/firefox/33.1/releasenotes/)

[PietB]

WaltS48 wrote:

> Caver1 wrote:
>> I thought you wanted to see if your IP was changed. I don't know
>> of any that will show you your whole header. Google it and see.
>
> He wants safety and you send him to Google?

;-)

Well, there are people who go at great lengths to protect,
anonymize, encrypt and waddayahave their connection to, of
all things, gmail.

-p

[NFN Smith]

Jim Benson wrote:
> On Sat, 08 Nov 2014 09:06:28 -0500, Caver1 wrote:
>
>> He will have to purge Firefox or the Linux version of Firefox will still
>> load the plugins that he now has installed.

As far as I'm aware, plugins are programs that are installed from the
O/S, that make themselves available to Firefox (and depending on your
system setup, other browsers, as well).

The idea is to allow access to those applications, from inside your browser.

As a general thing for system safety, it's a good thing to use the
click-to-play defaults to set individual plugins to "ask to activate (if
not completely disabling with "never activate", as is common for systems
that have Java installed). That inhibits (or prevents) plugins from
running your permission. However, click-to-play may not help a lot with
managing browser fingerprinting by sites you visit.

As for site fingerprinting, one thing that can help is use of the
NoScript extension. Although a site can extract some information from
your browser without scripting, a lot of the detailed stuff can't done
without a script to support. On my own setup, if I run the panopticlick
check with NoScript blocking scripts at eff.org, all it's reporting is
my settings for User Agent, handling of HTTP_ACCEPT Headers, and whether
or not I'm allowing eff.org to set cookies (which I don't). For all the
other settings (e.g., browser plugin details, timezone, etc.), the only
response I have is "no javascript"). If I allow eff's JavaScript
scripts to run, then I get the detailed information that I believe that
you're seeing, including plugins capacity and fonts usage.

For what it's worth, it's legitimate for a web site to know that
information -- it's not just activity tracking, but it affects how the
server you're connecting to presents content, and knows what capacities
your browser has.

For me, if I go to a site that runs Flash, and I don't allow that site
to run scripts, then either I don't get Flash-based content (which is
sometimes acceptable, depending on the site, or I have to enable
scripting to allow Flash to run. Sometimes a site will notify me that I
need Flash (what's kind of amusing is the number of sites that assume
that if they can't detect Flash, it must not be installed, and where
they offer me a link for download, rather than that I might have
deliberately disabled scripting that calls Flash). But when I allow the
necessary scripting (and sometimes, it takes several tries to identify
the necessary scripting host(s)), then Flash normally works fine.


>
> Is this "purging" as simple as deleting the following 10 files?

>
> 0. DivX (/usr/lib/mozilla/plugins/libtotem-mully-plugin.so)
> 1. Google Talk Video (/usr/lib/mozilla/plugins/libnpo1d.so)
> 2. Google Talk (/usr/lib/mozilla/plugins/libnpgoogletalk.so)
> 3. QuickTime (/usr/lib/mozilla/plugins/libtotem-narrowspace-plugin.so)
> 4. Flash (/usr/lib/flashplugin-installer/libflashplayer.so)
> 5. VLC (/usr/lib/mozilla/plugins/libtotem-cone-plugin.so)
> 6. WMP (/usr/lib/mozilla/plugins/libtotem-gmp-plugin.so)
> 7. iTunes (/usr/lib/mozilla/plugins/librhythmbox-itms-detection-
> plugin.so)

> ------
> Plus, apparently there are two more *hidden* plugins:

> 8. H264 (/home/user1/.mozilla/firefox/HASH.default/gmp-
> gmpopenh264/1.1/libgmpopenh264.so)
> 9. ????? (/usr/lib/mozilla/plugins/libnpgtpo3dautoplugin.so)

You probably can, but you do run the risk of creating instabilities, and
odd error messages.

One question: of the packages listed in points 0-7, are they all ones
that you actually use (outside of your browser), or are there any that
are there Just Because? I know that Flash and VLC are commonly used. I
believe that DivX and WMP are also media players, but do you _know_ that
you use them? If not, consider uninstalling them with your package manager.

In the same way, do you use Google Talk or iTunes. If you don't use
Google Talk, consider uninstalling that one. In the same way if you
don't use iTunes, consider removing that. In fact, even if you do use
iTunes, for many, it's safe to remove QuickTime -- there really isn't
that much stuff out there that demands QuickTime, and even for stuff
that does, my understanding is that a lot of it can be handled by VLC.

As for the "hidden" plugins, I believe that those are both Codecs that
are used by one or more of your media players. A quick search of the
web indicates that H264 is a codec distributed by Cisco, and that
libnpgtpo3dautoplugin is one used by Google Talk.


In the meantime, I think you may be overreacting to the output that
you're getting from panopticlick. Their statistics are based on what
they've actually observed, from individual browsers that have run their
scanner. Given that very few people even know about panopticlick, then
it's likely that their sample set is small enough that they're not
really in a place to give you an authoritative indicator of just how
unique your browser is, or not.

If you're running a Linux distro, you're going to be more unique than if
you're running Windows, but the list of stuff that you have isn't
necessarily unusual, even if it does seem that you have quite a few
media players installed.


That said, I would remove any of the media players that you don't use
(via package removal) to narrow your profile. From there, you'll get a
lot more from script blocking with NoScript, than you will by trying to
play with deleting individual files, to try to prevent the packages from
interacting with your browser.

The one caution on NoScript is that you are likely to have to do a
little playing with permissions, of which scripting hosts you allow to
run, or not. However, there's a lot of sites that use an impressive
number of third-party scripting hosts, and if you're concerned about the
kind of tracking that can be done, based on uniqueness of browser
profile, then blocking scripting hosts such as google-analytics,
googletagservices, optimizely.com, facebook, and lots of other tracking
networks is something you probably want to be doing, anyway.

Use the output you have from panopticlick as an indicator, but don't get
excited about what it reports about your plugins.

Smith

[EE]

The add-ons I suggested are all extensions. Plugins do not do things
like that. They are used only when needed.

[Jim Benson]

On Mon, 10 Nov 2014 10:09:25 -0700, NFN Smith wrote:

> One question: of the packages listed in points 0-7, are they all ones
> that you actually use (outside of your browser), or are there any that
> are there Just Because? I know that Flash and VLC are commonly used. I
> believe that DivX and WMP are also media players, but do you _know_ that
> you use them? If not, consider uninstalling them with your package manager.

I don't think I use *any* of those, at least not on purpose.
I'm sure flash is pretty common, but the rest, I don't use.

[Jim Benson]

On Mon, 10 Nov 2014 10:09:25 -0700, NFN Smith wrote:

> Given that very few people even know about panopticlick, then
> it's likely that their sample set is small enough that they're not
> really in a place to give you an authoritative indicator of just how
> unique your browser is, or not.

That sounds reasonable.
It seems as if they've got about 4 million entries, since I'm one
in 4 million.

[Jim Benson]

On Mon, 10 Nov 2014 10:09:25 -0700, NFN Smith wrote:

> If you're running a Linux distro, you're going to be more unique than if
> you're running Windows, but the list of stuff that you have isn't
> necessarily unusual, even if it does seem that you have quite a few
> media players installed.

What I wouldn't mind is setting up the linux to *look* like windows.
That would mean the same fonts, the same browser, etc.
Is that possible?

(I know secret agent does some of that stuff.)

[Jim Benson]

On Mon, 10 Nov 2014 11:19:18 -0500, Caver1 wrote:

> I thought you wanted to see if your IP was changed.

The IP address is circumvented, according to this paper:
https://panopticlick.eff.org/browser-uniqueness.pdf

That paper says almost every machine BEHIND the IP address can
be uniquely tracked, by the browser fingerprint:
"A use for fingerprints is as a means of distinguishing
machines behind a single IP address, even if those machines
block cookies entirely."

Worse yet, they can RE-ESTABLISH a deleted cookie, no matter what
IP address you came from:
"Some websites use Adobe's Flash LSO supercookies as a way
to `regenerate' normal cookies that the user has deleted"

And, of course, this is in addition to the fact that your
fingerprint identifies you no matter WHAT IP address you come from.

[»Q«]

In
<news:mailman.2969.141563152...@lists.mozilla.org>,

Jim Benson <james....@nospam.gmail.com> wrote:

> is there an easier way to test that my header rotation is working
> than panopticlick (which requires flash, which I've now turned off)?

<https://addons.mozilla.org/firefox/addon/live-http-headers/> shows
both the request and response headers.

And there are web pages that will show your request headers, e.g.
<http://www.reliply.org/tools/requestheaders.php>. There are others,
and you might like their formats better. Searching something like
"show my http headers" should turn up a few.

I were really paranoid, I wouldn't test on the internet because they
might see me before I got my tinfoil hat design perfected. I guess in
that case I'd install a local web server and connect to it, catching
the headers with the Live HTTP Headers extension.

[Good Guy]

On 11/11/2014 03:23, »Q« wrote:

<snipped>


Q ,

I hope you know that the OP posted the same question on about 20 different newsgroups just for a laugh.    He has spammed us to make us look fools dancing to his tunes.

<follow up to m.general>

[Ron Hunter]

Since most people have a basic set of plug-ins because most people have
certain common types of software, which include Firefox compatible
plug-ins, eliminating all plugins will only make you more identifiable,
and less 'camouflaged'. If it is anonymity you see, then having the
most common plug-ins will render your less conspicuous.

[Caver1]

As I said before you can't totally hide your real IP or you couldn't use
the internet.
Most sites don't "unhide" your real IP but some do.
LSO(flash) cookies don't regenerate cookies they are a permanent cookie
which lasts from sesion to sesion as you can't delete or block them
using normal cookie blocking/deleting means. You can delete the LSO
cookies by > History>Clear Recent History>Everything. Anything less than
everything will not delete them. The LSO cookies can be block by
disabling your DOM storage> about:config dom.storage.enabled>toggle to
false. If you don't use flash that setting works fine. If you use flash
you are better off using the Better Privacy extension which will delete
the LSO cookies, on a time interval Which you can set as low as 1 min.
or just on exit\, while preserving your flash settings. LSO cookies are
stored in DOM storage regular cookies are stored in cookies.sqlite.
You can block all cookies but that will work against you. You should
have Firefox set up so that it deletes all cookies on exit. You could
use the extension Self Destructing Cookies that will delete cookies for
a site when you close the tab that you opened the site with.
If you constantly change your header as Secret Agent does the
fingerprint at any given time is no good upon the next HTTP request.
Changing your header changes more then tour IP. It changes your
operating system etc.

--
Caver1

[Caver1]

On 11/10/2014 10:23 PM, »Q« wrote:
> In
> <news:mailman.2969.141563152...@lists.mozilla.org>,
> Jim Benson <james....@nospam.gmail.com> wrote:
>
>> is there an easier way to test that my header rotation is working
>> than panopticlick (which requires flash, which I've now turned off)?
>
> <https://addons.mozilla.org/firefox/addon/live-http-headers/> shows
> both the request and response headers.

Skhows the headers of the page you are viewing. not yours.

> And there are web pages that will show your request headers, e.g.
> <http://www.reliply.org/tools/requestheaders.php>. There are others,
> and you might like their formats better. Searching something like
> "show my http headers" should turn up a few.

Thanks didn't know about that one.

> I were really paranoid, I wouldn't test on the internet because they
> might see me before I got my tinfoil hat design perfected. I guess in
> that case I'd install a local web server and connect to it, catching
> the headers with the Live HTTP Headers extension.
>
>
>

--
Caver1

[NFN Smith]

Jim Benson wrote:
> What I wouldn't mind is setting up the linux to*look* like windows.

> That would mean the same fonts, the same browser, etc.
> Is that possible?
>
> (I know secret agent does some of that stuff.)

I would say it's doubtful, beyond anything you might be able to do with
Secret Agent.

It's easy enough to spoof your browser ID with either User Agent
Switcher or PrefsBar. I will occasionally spoof my browser, as a way of
allowing myself to download Mac stuff, that I keep in my collection of
offline installers. Some sites that do both Windows and Mac are
aggressive enough in doing browser sniffing (and in assuming that you
want to install immediately) that they'll only offer a download for the
platform that they detect from the browser ID. Thus, if set the browser
ID to show MacOS, then I can get the Mac download. But that's something
different than you're trying to do.

Fonts are going to be far more difficult, because there's so many
proprietary fonts that are used in a normal Windows installation, and
more so for a machine that has Office installed. For a Linux
installation, you're not going to have any of the proprietary Microsoft
fonts, and you'll be showing only fonts that are from open source
origination. Thus, if you're spoofing your browser to show that you're
running from a Windows platform, but you don't have any of the fonts
normally seen in a standard Windows installation, then you're going to
be showing a *very* unique profile.

I think the better route is in using NoScript, so that sites can't
collect that information.

Smith

[NFN Smith]

Ron Hunter wrote:
> Since most people have a basic set of plug-ins because most people have
> certain common types of software, which include Firefox compatible
> plug-ins, eliminating all plugins will only make you more identifiable,
> and less 'camouflaged'. If it is anonymity you see, then having the
> most common plug-ins will render your less conspicuous.

And regardless of whether Panopticlick reports that profile as unique,
or not.

Smith

[EE]

They can use DOM storage the same way, and you have no control over who
can use it, unlike with browser cookies.

[EE]

The Flash cookies are actually cleared when you clear browser cookies.
You can set things up to clear them separately if you install
BetterPrivacy, an extension. Why clearing such disparate things would
be tied together makes no sense to me.

[»Q«]

In
<news:mailman.3015.141571167...@lists.mozilla.org>,

Caver1 <cav...@inthemud.org> wrote:

> On 11/10/2014 10:23 PM, »Q« wrote:

> > <https://addons.mozilla.org/firefox/addon/live-http-headers/> shows
> > both the request and response headers.
>
> Skhows the headers of the page you are viewing. not yours.

Shows both. <http://remarqs.net/misc/livehttpheaders.png>

[Chris Ilias]

On 2014-11-08 12:56 AM, Jim Benson wrote:
> What can I do to get rid of all my firefox browser plugins?
>
> 1. At www.panopticlick.eff.org I find I'm unique!
> But I do NOT wish to be anywhere near unique.
>
> 2. Part of the problem is my set of browser plugins.
> http://i58.tinypic.com/6ht1z7.jpg
>
> 3. Yet, I've NEVER even installed a single plugin!
> http://i60.tinypic.com/5lz3wl.jpg
>
> 4. I'm running Firefox 33.0, which is standard for Ubuntu.
> http://i58.tinypic.com/2l8j47q.jpg
>
> What can I do to ELIMINATE all these plugins that I never
> installed nor did I ask to install so that I can be more
> anonymous when using Firefox 33 on Ubuntu 14.04?

Jim, please email me with a valid return email address explaining why
you've been posting here with 2 different identities.

--
Chris Ilias <http://ilias.ca>
Mailing list/Newsgroup moderator

[Caver1]

All you have to do is disable DOM storage.

--
Caver1

[Caver1]

Cookies in DOM storage are not cleared when you clear regular cookies.
I just tested. opened webappsstore.sqlite there were several entries.
Cleared cookies
those entries were still there. Then cleared History.Everything. Now
webappsstore.sqlite
is empty.

--
Caver1

[Caver1]

This is what About this Add-on says on the extensions page.
Quote> "View HTTP headers of a page and while browsing."
I guess I miss understood what was implied.
I'll check it out.
Thanks.
I did find this site;
http://www.stayinvisible.com/
Shows some of the info your browser is showing.
--
Caver1

[Jim Benson (mozilla)]

On Tue, 11 Nov 2014 03:28:36 +0000, Good Guy wrote:

> I hope you know that the OP posted the same question on about 20
> different newsgroups just for a laugh.

Where did you get 20 from?
Two is within crossposting limits.
The only problem is that this news server can't crosspost.