Jump to content
Nytro

Firefix: Hardening Firefox for Privacy

By Nytro, in Securitate web

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=1]Firefix: Hardening Firefox for Privacy[/h]

While Tor officially recommends using their Tor-hardened version of Firefox, it doesn’t come without its share of problems, including forensic artifacts, as well as other potential vulnerabilities. As the Tor browser is not often updated as quickly as Firefox itself, one may find benefit in using tor with the latest version of firefox…

Running tor apart from the browser isn’t difficult, and the Tor command-line client can be easily installed on most operating systems either through package managers (such as Macports) or by compiling from sources. With Tor running in a terminal window, Firefox can be easily made to proxy through it. For example:

network.proxy.socks = “127.0.0.1”

network.proxy.socks_port = 9050

network.proxy.socks_remote_dns = true

network.proxy.type = 1

One of the benefits to running Tor yourself are the ability to use other applications (other than a browser) with it, by using a popular tool named torsocks, which can proxy many applications through Tor easily.

Back to Firefox, if you’re going to use the official version of the browser, there are a number of configuration fixes you’ll want to make to protect your privacy. In addition to hardening Firefox, it’s always a good idea to install a local firewall such as Little Snitch, and create a profile that blocks all outgoing traffic on your machine, except for Tor traffic. Alternatively, there is also a personal onion router project to create a dedicated router.

Of course, you don’t need to be running Tor to want to harden Firefox. There are a number of other benefits to hardening Firefox as well: to reduce the exposure of your personal information as you browse, to reduce the forensic artifacts left behind on your machine, and to reduce your attack surface, to name a few.

Here is a good list to start of features in Firefox that should be changed that will help improve privacy. NOTE: Use at your own risk. I make no warranties about any of this.

accessibility.typeaheadfind.flashBar = 0
app.update.auto = false
app.update.disable_button.showUpdateHistory = false
browser.privatebrowsing.autostart = true
browser.sessionstore.restore_on_demand = false
browser.shell.checkDefaultBrowser = false
browser.tabs.loadInBackground = false
datareporting.healthreport.uploadEnabled = false
datareport.healthreport.service.enabled = false
dom.ipc.plugins.flash.subprocess.crashreporter.enabled = false
dom.ipc.plugins.reportCrashURL = false
dom.w3c_touch_events.expose = false
media.peerconnection.enabled = false
media.peerconnection.video.enabled = false
network.cookie.cookieBehavior = 1
network.websocket.enabled = false
pdfjs.previousHandler.alwaysAskBeforeHandling = true
pdfjs.previousHandler.preferredAction = 4
places.history.enabled = false
plugins.notifyMissingFlash = false
pref.downloads.disable_button.edit_actions = false
security.ssl3.ecdhe_ecdsa_rc4_128_sha = false
security.ssl3_ecdhe_rsa_rc4_128_sha = false
security.ffl3.rsa_rc4_128_md5 = false
security.ssl3_rsa_rc4_128_sha = false
security.ssl3.rsa_des_ede3_sha = false
security.ssl.require_safe_negotiation = true
security.ssl.treat_unsafe_negotiation_as_broken = true
security.tls.version.min = 1
browser.formfill.enable = false
browser.cache.disk.enable = false
browser.cache.disk_cache_ssl = false
browser.cache.offline.enable = false
dom.event.clipboardevents.enabled = false
geo.enabled = false
network.cookie.lifetimePolicy = 2
network.dnsCacheExpiration = 0
network.dnsCacheEntries = 0
browser.urlBar.matchBehavior = 2
browser.sessionstore.restore_on_demand = false
browser.sessionstore.resume_from_crash = false
browser.sessionstore.enabled = false 
browser.sessionhistory.max_entries = 0
layout.spellcheckDefault = 0
browser.newtabpage.directory.ping = ""
browser.newtabpage.directory.source = ""
browser.newtabpage.enabled = false
browser.newtabpage.enhanced = false
browser.search.suggest.enabled = false
datareporting.policy.dataSubmissionEnabled = false
dom.storage.enabled = false
network.prefetch-next = false
plugin.state.flash = 0
plugin.state.quicktime = 0
plugin.state.silverlight = 0
plugins.click_to_play = true
browser.sesssionstore.privacy_level = 2
browser.sessionstore.privacy_level_deferred = 2
privacy.trackingprotection.enabled = true
toolkit.telemetry.enabled = false
extensions.getAddons.cache.enabled = false
extensions.blocklist.enabled = false

Sursa: Firefix: Hardening Firefox for Privacy | Zdziarski's Blog of Things

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...