Interestingly, the article mentions twice how Proton doesn't do flashy marketing campaigns when that is precisely the aspect people have criticized Proton for years, usually around Black Friday when they portray the discount as much better than what it is.
This is also not their only controversy. When someone proposed in their forums that Kagi should add a widget that would help people get help if they are searching for suicide material, Kagi refused because that isn't the result that the person was searching for.
Since the vault is end-to-end encrypted, it shouldn’t matter where it is hosted, even if it is in the cloud. Here is what a security researcher and a password cracker Jeremy M. Gosney has said about this after the LastPass incident.
”Is the cloud the problem? No. The vast majority of issues LastPass has had have nothing to do with the fact that it is a cloud-based solution. Further, consider the fact that the threat model for a cloud-based password management solution should *start* with the vault being compromised. In fact, if password management is done correctly, I should be able to host my vault anywhere, even openly downloadable (open S3 bucket, unauthenticated HTTPS, etc.) without concern. I wouldn't do that, of course, but the point is the vault should be just that -- a vault, not a lockbox.”
I would also remove DuckDuckGo Privacy Essentials. It is redundant if you are using uBlock Origin.
ClearURLs is not really needed anymore since you can enable AdGuard URL Tracking Protection and import Actually Legitimate URL Shortener Tool to uBlock Origin.
Skip Redirect is still fine if you want to continue using it but Smart Referer could be replaced by changing network.http.referer.XOriginPolicy in about:config to 2 like the Arkenfox project recommends. However, note that there could be some issues regarding this setting, so keep that in mind.
Read the article. Google already requires a warrant before handing out this data.
I don't think that it captures everything, but according to the Arkenfox project, any additional benefit ClearURLs could have compared to this setup is minimal, and thus, it probably isn't worth to install another extension.
This is wrong. By enabling privacy.resistFingerprinting you cannot make yourself more unique in Firefox because you’re already unique. I would read this guide by the Arkenfox project about fingerprinting. The guy has worked for the Tor browser, so he knows his stuff. The summary is that the privacy.resistFingerprinting is the best tool that Firefox has against fingerprinting, but it can only ”fool naive scripts.” If you’re really worried about fingerprinting and want to defeat advancing fingerprinting, the only option is to use either Tor or Mullvad Browser depending on your threat model.
Ublock Origin has annoyance filters that you can enable.
Tidal brought FLAC this year, so this MQA critique doesn't really apply anymore.
This has already been recently discussed here.
The Firefox hardening project Arkenfox only recommends uBlock Origin. Everything else is redundant.