CloudFlare is so amazing... Thanks for all your hard work. I have over a million blocked malicious attempts on my site which gets a huge amount of traffic (not shellshock, I mean in general).
It's really a hell. Average website over there is using at least 3 - 4 external domains for css, js, fonts and so. Getting a working website without nearly whitelisting many of them is highly improbable right now.
Sure. I used script blockers for a while. But after having to whitelist a huge number of them and loosing very long and precious time, I gave in. I do not put sensitive and important data on my computer. (Actually I was not doing that for a very long time even before giving in.) I always work on remote hosts.
Therefore I treat my desktop as a security research one. Of course I would not do that on my desktop I were really working with crackme binaries ;)
Regarding "I do not put sensitive and important data on my computer" and "I always work on remote hosts", I must respectfully disagree. Never mind the fact that you set a bad example for newbies, being so caviler with your own safety harms the security of the rest of us. Downloading and executing random software off the Internet---the raison d'être of modern web browsers---is a good way to get owned. Just because you don't use your computer for anything important doesn't mean that it cannot be compromised and used to attack me. Plus, if you use your computer to log into other computers to do real work, then your computer is extremely important! A successful compromise would give attackers all the same remote access you have. Admittedly, that's not what your everyday, ordinary malware is after, but it's the principal of the thing that bothers me.
I'm not telling my setup is bullet proof. I'm just saying I gave in on some threats. I do not try to protect against all threats via all possible ways. I try to make my sensitive data to be unattractive and harder to get.
Latest part that you edited out was a question I would raise but it seems like you also think that would not hold.
Even though this setup is not secure. It's more secure than many everyday usage patterns. In a way at least..
Additionally to then there's also the various things that track identity and behaviour. Tell me what you search and click, and I'll tell you what you think? (That's not fixed with a simple add-on of course.)
There is also google. But we use them in a way or not.
There are some nut-jobs or bad-ass people out there not using google, going with security enhanced phones and ddg. This does not make average or the 95percentile bad behaved.
This makes us only low security sensitive and targets.
For most people Ghostery and AdBlock Edge are good enough. I'm a pretty conservative, default-deny kind of hacker, so the results of my cost-benefit analysis are a little... different... than most. :)
That's not going viral... going viral is 8 million visitors in one day. What you have is about the amount of traffic we get in ~10 minutes. You need to chill out.
