[HN Gopher] Show HN: A Firefox extension to add latency to distr... ___________________________________________________________________ Show HN: A Firefox extension to add latency to distracting webpages Author : oldtapwater Score : 164 points Date : 2020-02-14 15:00 UTC (7 hours ago) (HTM) web link (addons.mozilla.org) (TXT) w3m dump (addons.mozilla.org) | michalf6 wrote: | There is also Leechblock which contains the same functionality | along with blocking and some in-depth config. But this may be a | cool solution for someone who only cares about the latency part. | citizenkeen wrote: | I tried Leechblock, and found it unusable (on my Android | phone). It broke my back bar, and often wouldn't follow through | links (instead taking me to where I already was). | azhenley wrote: | The relevant post from a day ago: I Add 3-25 Seconds of Latency | to Every Site I Visit. | | https://news.ycombinator.com/item?id=22319383 | Ottolay wrote: | I read that post and wished that there was a Firefox extension | but could not find out. Glad someone made one. | waterbadger wrote: | Something I started messing around with: add a global stylesheet | with the rule | | body { filter: grayscale(100%); } | | (only gotcha is position: fixed; elements breaking in Firefox?) | | It feels a lot easier to focus on what I'm reading and to not be | sucked in or distracted by websites. I bet psychologically color | activates reward systems that may not be as healthy for digital | content. | | I actually liked it so much that I used accessibility options to | make my entire computer and phone grayscale. So far it's great! | Also has better performance than a CSS filter for stuff like | video. | waterbadger wrote: | Hammerspoon shortcut to toggle grayscale & color (applescript | not mine, borrowed from https://github.com/shavidzet/osa- | grayscale) hs.hotkey.bind({"cmd", "ctrl", | "alt"}, "c", function() hs.osascript.applescript([[ | tell application "System Preferences" reveal anchor | "Seeing_Display" of pane id | "com.apple.preference.universalaccess" end tell | tell application "System Events" to tell process "System | Preferences" repeat while not (exists of checkbox "Use | grayscale" of group 1 of window "Accessibility") | delay 0.1 end repeat set theCheckbox to | checkbox "Use grayscale" of group 1 of window "Accessibility" | tell theCheckbox # If the checkbox is not checked, | check it to turn grayscale on if not (its value as | boolean) then set checked to true click | theCheckbox else # else turn grayscale off | set checked to false click theCheckbox | end if end tell end tell tell application | "System Preferences" quit end tell ]]) | end) | CJefferson wrote: | This is really nice! | | It would be nice (from my experience) to make the delay variable | - - this stops people "Learning" ways of avoiding the always | fixed length delay. | superkuh wrote: | The best extension to do this is to run NoScript in temp | whitelist only mode. Every time you visit a crappy website with | lots of JS domains that load JS domains that load JS domains | you'll have to spend 20 seconds load and reloading the page till | you get it to work. If at all. It thoroughly discourages visiting | these bad websites. | | But good websites (ie, not web apps) will load instantly and | unimpeaded. And as a side effect you're protected from most | browser exploits since the vast majority require executing JS. | smnplk wrote: | When I want to get stuff done, I just "block" sites in my hosts | file, by pointing them to localhost. I even wrote a small bash | utility [1] for that, so it's easy to undo changes in /etc/hosts | | https://github.com/smnplk/hosta [1] | kwhitefoot wrote: | It works. Not sure if I'll keep it though. It might be better to | just exert a bit more self control. | isodude wrote: | Added, shared. Love from first sight. | iSoron wrote: | Looks like an interesting extension, but unfortunately I would | never install it given that "this add-on can access data for all | your websites". As far as I am aware, this means it can read and | record all data in all websites I visit (including emails, banks, | etc) and record everything I type anywhere (including usernames | and passwords). | | Even if the extension's source code is available on GitHub, there | is no guarantee that the code hosted at addons.mozilla.org | corresponds to the same one found on GitHub; and even if I (or | someone else) could verify that the code is indeed the same, and | that there is nothing malicious in it right now, there is no | guarantee this will still be the case in future (silent) updates. | | To be clear, this is more of a criticism to Mozilla Firefox's | security model, not to this particular extension. | snthd wrote: | .xpis are just zip files. | | You can literally just save them from addons.mozilla.org and | look inside - it's js so it's not compiled, and obfuscated code | is against Mozilla policy. | | Automatic updates are optional too. | | Microsoft Application Inspector might be handy for some | superficial profiling - | https://github.com/microsoft/ApplicationInspector | ReverseCold wrote: | > obfuscated code is against Mozilla policy | | You can submit obfuscated code as long as you also upload | non-obfuscated code to Mozilla. Not sure if that separate | code upload is public or not... | Anon1096 wrote: | You are incorrect. You can inspect extensions that you download | to compare the source code to the github release, or even audit | the specific source you have have downloaded. Please don't | spread FUD. | LinuxBender wrote: | Would it be feasible for browsers to have a console window | that enumerates add-on's to display things like URL's | contained in the code, what is stored in local storage, | session storage, etc? Asking because this topic comes up a | lot and might not if the browser had a way to show explicit | detailed permissions and capabilities vs. high level abstract | permissions. This would be for less than technical people | that probably won't be viewing source code, but could click a | shiny button in the add-on page and get some idea if the | addon shows URL, http(s), number of times the addon has used | GET or POST or other methods: URL: | http://some.site.tld/ [ INSECURE GET:1 POST:2] URL: | https://some.other.tld/ [ SECURE GET:3 POST:2 ] | | Maybe in about:networking have a tab for logging / debugging | all addons? | amenod wrote: | FTFY: To be clear, this is more a criticism of _every | browser's_ security model,... | | I do agree with you though. What is surprising is that | technically, this should be fairly easy to solve: | | - own the CI system (to make sure the sources match the built | versions) | | - make sources (the ones that went into build) clearly visible | | - disable silent updates | seanwilson wrote: | The solution should surely involve more granular permissions? | | I'm assuming this permission has no need to read the body of | network responses, inject anything into the responses, read | cookies etc. | | However, it probably has no option than to request the "read | and change all network data" permission because there is | nothing weaker that will let it do what it needs to do. | | Making sources available isn't a scalable option to help with | this in my opinion. Who is going to be doing thorough | security audits of every extension + every update? | iSoron wrote: | This is exactly the approach taken by F-Droid (for Android | apps). All apps available on F-Droid have been automatically | built from a publicly available repository, and you can | either download the binary (APK) or the source tarball that | they used to produce it. Updates are manual. | krilly wrote: | An alternative would be to throttle your network speed to like | 2g with your dev tools, although this will obviously effect, | say, YouTube more than HN | saber1 wrote: | This message is not accurate IMO. | | Basically, if the addon wants to interact with any kind of | urls, this message is unavoidable. Which means that even if the | addon doesn't require to access any data of the websites, as | long as it wants to be triggered for any websites, this message | is not going to be avoidable. | | https://extensionworkshop.com/documentation/develop/request-... | has more information. | jfkebwjsbx wrote: | +1000 times this | | Extensions should be built in Mozilla's servers. | greenie_beans wrote: | I used to have this exact same fear and never downloaded any | extensions bc of that, until I started making browser | extensions. Pretty much any useful extension needs the access | that prompts that generic message about accessing all the data. | | Any extension that's listed on the web stores have to be | reviewed for malicious code, and they must do what the listing | say they do. So if your browser extension has your passwords, | then that extension would be considered a password manager. | | The extension probably listens to the IPs of well-known time | wasting websites like HN or reddit, then adds a latency to the | browsing. Same with an ad blocker -- they know every site you | visit but only to compare them with their blacklist of | advertising IP addresses. | | Of course, you have to trust they aren't doing anything else | with that info, which you can probably assume you're mostly | safe if you don't need an account to use the extension. | skipants wrote: | I believe only "recommended extensions" for Firefox are tech | reviewed, which this one is not. | | https://support.mozilla.org/en-US/kb/recommended- | extensions-... | pzmarzly wrote: | According to [0], Mozilla requires all extensions to have a | source in human-readable format and runs a test suite on | them. They mention "code review" there, but don't say | whether it's manual or automatic. I'd love to hear about it | from someone who has some experience with the process. | | [0] https://extensionworkshop.com/documentation/publish/sub | mitti... | Anon1096 wrote: | For my extension the review was automatic, and flags | things like direct html editing. I only have a few | hundred users though, so I'm not sure at what point they | decide to do manual reviews. | chadlavi wrote: | There's a link to his github in the extension page. You can | read his source code: | https://github.com/OskarDamkjaer/FirefoxDelayWebpage | | most of the relevant code is in https://github.com/OskarDamkj | aer/FirefoxDelayWebpage/blob/ma... | derefr wrote: | See also: | | * Chrome's "throttling" feature: | https://helpdeskgeek.com/networking/simulate-slow-internet-c... | | * Whole-computer "make my network stack worse" utilities: | | * * macOS's Network Link Conditioner: | https://nshipster.com/network-link-conditioner/ | | * * clumsy (for Windows): http://jagt.github.io/clumsy/index.html | | * * dummynet (for Linux): | http://info.iet.unipi.it/~luigi/dummynet/ | | * A naughty SOCKS5 proxy (multiplatform): | https://github.com/Shopify/toxiproxy | andai wrote: | Chrome's throttling is great, I didn't know about that. But it | doesn't look like it persists (across tabs, or sessions)? | psychometry wrote: | https://selfcontrolapp.com/ on Mac just blocks sites outright. | Supports black- and white-listing. | mcstafford wrote: | Should have called it self-punishment, or something. | | https://en.wikipedia.org/wiki/Flagellation | welly wrote: | Easily disabled if you find it annoying. And if you're self | disciplined enough to not turn it off, surely you're self | disciplined enough to curb your browsing habits? | AceJohnny2 wrote: | StayFocusd had the nice feature that you couldn't change its | settings for the current day. The only way to get around it was | disabling/uninstalling the extension. | | The behavior curve is interesting. It is for me now practically | an autonomous unconscious behavior to open Reddit or HN. | StayFocusd would figuratively provide the "slap" to make me | consciously realize what I was doing, so going through the | steps of disabling it was a conscious, deliberate decision, | which was enough to prevent that from happening. | isodude wrote: | Not really. This sort of thing is really helpful. It's not that | I am not disciplined, but rather that I need a reminder to keep | myself disciplined when I surf on the web. | | A small reminder.. it's easy to end up in scrolling mode. | gbear605 wrote: | In my /etc/hosts file, I redirect distracting websites to | 0.0.0.0 to block them. There's nothing stopping me from | enabling a website beyond the effort to type in sudo vim | /etc/hosts, but yet I now spend a lot less time on those | websites. Human psychology is funny that way. | mavsman wrote: | Love this idea. It would be interesting to see what different | ways (AI) you could predict that a site is distracting based on | personal and wide-spread usage habits. Some advanced method that | doesn't require a user generated whitelist would be the next | level for this. | phantarch wrote: | This and the post yesterday about adding latency to websites | reaffirms an idea I've been thinking about lately - adding | friction back into digital processes helps break some of the | addictive power they have. | | Imagine if you had to use a printer to print out your facebook | feed when you wanted to see it. Then, in order to interact, you | had to write on that paper the comments, likes, etc. that you | wanted to transmit and scan it back into the system. That mode of | interaction seems "primitive" compared to the way we use things | on our phones, but I think carries with it a lot of nice | advantages like introducing time buffers for your mind to catch | up to your impulses. | Nightshaxx wrote: | This is a great idea. I read the post on HN about the theory | behind this and it's so good. ___________________________________________________________________ (page generated 2020-02-14 23:00 UTC)