[HN Gopher] Show HN: A Firefox extension to add latency to distr...
___________________________________________________________________
Show HN: A Firefox extension to add latency to distracting webpages
Author : oldtapwater
Score : 164 points
Date : 2020-02-14 15:00 UTC (7 hours ago)
(HTM) web link (addons.mozilla.org)
(TXT) w3m dump (addons.mozilla.org)
| michalf6 wrote:
| There is also Leechblock which contains the same functionality
| along with blocking and some in-depth config. But this may be a
| cool solution for someone who only cares about the latency part.
| citizenkeen wrote:
| I tried Leechblock, and found it unusable (on my Android
| phone). It broke my back bar, and often wouldn't follow through
| links (instead taking me to where I already was).
| azhenley wrote:
| The relevant post from a day ago: I Add 3-25 Seconds of Latency
| to Every Site I Visit.
|
| https://news.ycombinator.com/item?id=22319383
| Ottolay wrote:
| I read that post and wished that there was a Firefox extension
| but could not find out. Glad someone made one.
| waterbadger wrote:
| Something I started messing around with: add a global stylesheet
| with the rule
|
| body { filter: grayscale(100%); }
|
| (only gotcha is position: fixed; elements breaking in Firefox?)
|
| It feels a lot easier to focus on what I'm reading and to not be
| sucked in or distracted by websites. I bet psychologically color
| activates reward systems that may not be as healthy for digital
| content.
|
| I actually liked it so much that I used accessibility options to
| make my entire computer and phone grayscale. So far it's great!
| Also has better performance than a CSS filter for stuff like
| video.
| waterbadger wrote:
| Hammerspoon shortcut to toggle grayscale & color (applescript
| not mine, borrowed from https://github.com/shavidzet/osa-
| grayscale) hs.hotkey.bind({"cmd", "ctrl",
| "alt"}, "c", function() hs.osascript.applescript([[
| tell application "System Preferences" reveal anchor
| "Seeing_Display" of pane id
| "com.apple.preference.universalaccess" end tell
| tell application "System Events" to tell process "System
| Preferences" repeat while not (exists of checkbox "Use
| grayscale" of group 1 of window "Accessibility")
| delay 0.1 end repeat set theCheckbox to
| checkbox "Use grayscale" of group 1 of window "Accessibility"
| tell theCheckbox # If the checkbox is not checked,
| check it to turn grayscale on if not (its value as
| boolean) then set checked to true click
| theCheckbox else # else turn grayscale off
| set checked to false click theCheckbox
| end if end tell end tell tell application
| "System Preferences" quit end tell ]])
| end)
| CJefferson wrote:
| This is really nice!
|
| It would be nice (from my experience) to make the delay variable
| - - this stops people "Learning" ways of avoiding the always
| fixed length delay.
| superkuh wrote:
| The best extension to do this is to run NoScript in temp
| whitelist only mode. Every time you visit a crappy website with
| lots of JS domains that load JS domains that load JS domains
| you'll have to spend 20 seconds load and reloading the page till
| you get it to work. If at all. It thoroughly discourages visiting
| these bad websites.
|
| But good websites (ie, not web apps) will load instantly and
| unimpeaded. And as a side effect you're protected from most
| browser exploits since the vast majority require executing JS.
| smnplk wrote:
| When I want to get stuff done, I just "block" sites in my hosts
| file, by pointing them to localhost. I even wrote a small bash
| utility [1] for that, so it's easy to undo changes in /etc/hosts
|
| https://github.com/smnplk/hosta [1]
| kwhitefoot wrote:
| It works. Not sure if I'll keep it though. It might be better to
| just exert a bit more self control.
| isodude wrote:
| Added, shared. Love from first sight.
| iSoron wrote:
| Looks like an interesting extension, but unfortunately I would
| never install it given that "this add-on can access data for all
| your websites". As far as I am aware, this means it can read and
| record all data in all websites I visit (including emails, banks,
| etc) and record everything I type anywhere (including usernames
| and passwords).
|
| Even if the extension's source code is available on GitHub, there
| is no guarantee that the code hosted at addons.mozilla.org
| corresponds to the same one found on GitHub; and even if I (or
| someone else) could verify that the code is indeed the same, and
| that there is nothing malicious in it right now, there is no
| guarantee this will still be the case in future (silent) updates.
|
| To be clear, this is more of a criticism to Mozilla Firefox's
| security model, not to this particular extension.
| snthd wrote:
| .xpis are just zip files.
|
| You can literally just save them from addons.mozilla.org and
| look inside - it's js so it's not compiled, and obfuscated code
| is against Mozilla policy.
|
| Automatic updates are optional too.
|
| Microsoft Application Inspector might be handy for some
| superficial profiling -
| https://github.com/microsoft/ApplicationInspector
| ReverseCold wrote:
| > obfuscated code is against Mozilla policy
|
| You can submit obfuscated code as long as you also upload
| non-obfuscated code to Mozilla. Not sure if that separate
| code upload is public or not...
| Anon1096 wrote:
| You are incorrect. You can inspect extensions that you download
| to compare the source code to the github release, or even audit
| the specific source you have have downloaded. Please don't
| spread FUD.
| LinuxBender wrote:
| Would it be feasible for browsers to have a console window
| that enumerates add-on's to display things like URL's
| contained in the code, what is stored in local storage,
| session storage, etc? Asking because this topic comes up a
| lot and might not if the browser had a way to show explicit
| detailed permissions and capabilities vs. high level abstract
| permissions. This would be for less than technical people
| that probably won't be viewing source code, but could click a
| shiny button in the add-on page and get some idea if the
| addon shows URL, http(s), number of times the addon has used
| GET or POST or other methods: URL:
| http://some.site.tld/ [ INSECURE GET:1 POST:2] URL:
| https://some.other.tld/ [ SECURE GET:3 POST:2 ]
|
| Maybe in about:networking have a tab for logging / debugging
| all addons?
| amenod wrote:
| FTFY: To be clear, this is more a criticism of _every
| browser's_ security model,...
|
| I do agree with you though. What is surprising is that
| technically, this should be fairly easy to solve:
|
| - own the CI system (to make sure the sources match the built
| versions)
|
| - make sources (the ones that went into build) clearly visible
|
| - disable silent updates
| seanwilson wrote:
| The solution should surely involve more granular permissions?
|
| I'm assuming this permission has no need to read the body of
| network responses, inject anything into the responses, read
| cookies etc.
|
| However, it probably has no option than to request the "read
| and change all network data" permission because there is
| nothing weaker that will let it do what it needs to do.
|
| Making sources available isn't a scalable option to help with
| this in my opinion. Who is going to be doing thorough
| security audits of every extension + every update?
| iSoron wrote:
| This is exactly the approach taken by F-Droid (for Android
| apps). All apps available on F-Droid have been automatically
| built from a publicly available repository, and you can
| either download the binary (APK) or the source tarball that
| they used to produce it. Updates are manual.
| krilly wrote:
| An alternative would be to throttle your network speed to like
| 2g with your dev tools, although this will obviously effect,
| say, YouTube more than HN
| saber1 wrote:
| This message is not accurate IMO.
|
| Basically, if the addon wants to interact with any kind of
| urls, this message is unavoidable. Which means that even if the
| addon doesn't require to access any data of the websites, as
| long as it wants to be triggered for any websites, this message
| is not going to be avoidable.
|
| https://extensionworkshop.com/documentation/develop/request-...
| has more information.
| jfkebwjsbx wrote:
| +1000 times this
|
| Extensions should be built in Mozilla's servers.
| greenie_beans wrote:
| I used to have this exact same fear and never downloaded any
| extensions bc of that, until I started making browser
| extensions. Pretty much any useful extension needs the access
| that prompts that generic message about accessing all the data.
|
| Any extension that's listed on the web stores have to be
| reviewed for malicious code, and they must do what the listing
| say they do. So if your browser extension has your passwords,
| then that extension would be considered a password manager.
|
| The extension probably listens to the IPs of well-known time
| wasting websites like HN or reddit, then adds a latency to the
| browsing. Same with an ad blocker -- they know every site you
| visit but only to compare them with their blacklist of
| advertising IP addresses.
|
| Of course, you have to trust they aren't doing anything else
| with that info, which you can probably assume you're mostly
| safe if you don't need an account to use the extension.
| skipants wrote:
| I believe only "recommended extensions" for Firefox are tech
| reviewed, which this one is not.
|
| https://support.mozilla.org/en-US/kb/recommended-
| extensions-...
| pzmarzly wrote:
| According to [0], Mozilla requires all extensions to have a
| source in human-readable format and runs a test suite on
| them. They mention "code review" there, but don't say
| whether it's manual or automatic. I'd love to hear about it
| from someone who has some experience with the process.
|
| [0] https://extensionworkshop.com/documentation/publish/sub
| mitti...
| Anon1096 wrote:
| For my extension the review was automatic, and flags
| things like direct html editing. I only have a few
| hundred users though, so I'm not sure at what point they
| decide to do manual reviews.
| chadlavi wrote:
| There's a link to his github in the extension page. You can
| read his source code:
| https://github.com/OskarDamkjaer/FirefoxDelayWebpage
|
| most of the relevant code is in https://github.com/OskarDamkj
| aer/FirefoxDelayWebpage/blob/ma...
| derefr wrote:
| See also:
|
| * Chrome's "throttling" feature:
| https://helpdeskgeek.com/networking/simulate-slow-internet-c...
|
| * Whole-computer "make my network stack worse" utilities:
|
| * * macOS's Network Link Conditioner:
| https://nshipster.com/network-link-conditioner/
|
| * * clumsy (for Windows): http://jagt.github.io/clumsy/index.html
|
| * * dummynet (for Linux):
| http://info.iet.unipi.it/~luigi/dummynet/
|
| * A naughty SOCKS5 proxy (multiplatform):
| https://github.com/Shopify/toxiproxy
| andai wrote:
| Chrome's throttling is great, I didn't know about that. But it
| doesn't look like it persists (across tabs, or sessions)?
| psychometry wrote:
| https://selfcontrolapp.com/ on Mac just blocks sites outright.
| Supports black- and white-listing.
| mcstafford wrote:
| Should have called it self-punishment, or something.
|
| https://en.wikipedia.org/wiki/Flagellation
| welly wrote:
| Easily disabled if you find it annoying. And if you're self
| disciplined enough to not turn it off, surely you're self
| disciplined enough to curb your browsing habits?
| AceJohnny2 wrote:
| StayFocusd had the nice feature that you couldn't change its
| settings for the current day. The only way to get around it was
| disabling/uninstalling the extension.
|
| The behavior curve is interesting. It is for me now practically
| an autonomous unconscious behavior to open Reddit or HN.
| StayFocusd would figuratively provide the "slap" to make me
| consciously realize what I was doing, so going through the
| steps of disabling it was a conscious, deliberate decision,
| which was enough to prevent that from happening.
| isodude wrote:
| Not really. This sort of thing is really helpful. It's not that
| I am not disciplined, but rather that I need a reminder to keep
| myself disciplined when I surf on the web.
|
| A small reminder.. it's easy to end up in scrolling mode.
| gbear605 wrote:
| In my /etc/hosts file, I redirect distracting websites to
| 0.0.0.0 to block them. There's nothing stopping me from
| enabling a website beyond the effort to type in sudo vim
| /etc/hosts, but yet I now spend a lot less time on those
| websites. Human psychology is funny that way.
| mavsman wrote:
| Love this idea. It would be interesting to see what different
| ways (AI) you could predict that a site is distracting based on
| personal and wide-spread usage habits. Some advanced method that
| doesn't require a user generated whitelist would be the next
| level for this.
| phantarch wrote:
| This and the post yesterday about adding latency to websites
| reaffirms an idea I've been thinking about lately - adding
| friction back into digital processes helps break some of the
| addictive power they have.
|
| Imagine if you had to use a printer to print out your facebook
| feed when you wanted to see it. Then, in order to interact, you
| had to write on that paper the comments, likes, etc. that you
| wanted to transmit and scan it back into the system. That mode of
| interaction seems "primitive" compared to the way we use things
| on our phones, but I think carries with it a lot of nice
| advantages like introducing time buffers for your mind to catch
| up to your impulses.
| Nightshaxx wrote:
| This is a great idea. I read the post on HN about the theory
| behind this and it's so good.
___________________________________________________________________
(page generated 2020-02-14 23:00 UTC)