Hardening Firefox for Security and Privacy
•
2 likes•1,825 views
The Web can be a hostile place, full of deceptive and malicious sites trying to install software on your computer or steal your personal information. However, you have a friend on your side: your user agent (also called your web browser). This talk will examine some of the hidden or advanced settings and extensions that Firefox offers to users who are concerned about their security and privacy. While we at Mozilla strive to bring these features to all of our users, the reality is that it's sometimes challenging to balance the need for maximum web compatibility and standards compliance with the desire to phase out harmful practices. With a little bit of context on the benefits and risks that some of these features provide, you should be able to make informed decisions and tweak your favorite user agent. https://osem.seagl.org/conference/seagl2016/program/proposal/188
Report
Share
Hardening Firefox for Security and Privacy
- 1. Hardening Firefox for Privacy & Security François Marier <francois@mozilla.com>
- 10. eliminating all traffic to Mozilla
- 11. eliminating all traffic to Mozilla support.mozilla.org/kb/how-stop-firefox-making-automatic-connections
- 12. eliminating all traffic to Mozilla ● auto-updates
- 13. eliminating all traffic to Mozilla ● auto-updates ● add-on blocklist
- 14. eliminating all traffic to Mozilla ● telemetry
- 15. eliminating all traffic to Mozilla ● telemetry wiki.mozilla.org/Firefox/Data_Collection
- 16. disabling features with big perf impact ● prefetching ● speculative connections
- 17. disabling useful features ● WebGL ● WebRTC ● DOM Storage
- 18. disabling features that: ● disabled by default ● prompt you first
- 24. Do Not Track
- 36. BatteryManagery { charging: false, chargingTime: Infinity, dischargingTime: 8940, level: 0.59, onchargingchange: null, onchargingtimechange: null, ondischargingtimechange: null, onlevelchange: null }
- 37. BatteryManagery { charging: false, chargingTime: Infinity, dischargingTime: 8940, level: 0.59, onchargingchange: null, onchargingtimechange: null, ondischargingtimechange: null, onlevelchange: null }
- 38. BatteryManagery { charging: false, chargingTime: Infinity, dischargingTime: 8940, level: 0.59, onchargingchange: null, onchargingtimechange: null, ondischargingtimechange: null, onlevelchange: null }
- 48. pdfjs.disabled
- 51. navigator.connection.type; bluetooth, cellular, ethernet, none, wifi, wimax, other, mixed, unknown
- 52. navigator.connection.type; bluetooth, cellular, ethernet, none, wifi, wimax, other, mixed, unknown navigator.connection.downlinkMax;
- 59. network.cookie.cookieBehavior = 0 network.cookie.thirdparty.sessionOnly = true privacy.clearOnShutdown.cookies = false network.cookie.lifetimePolicy = 3 network.cookie.lifetime.days = 5 feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox
- 62. network.http.referer.XoriginPolicy = 1 network.http.referer.XOriginTrimmingPolicy = 2 feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox new in 52
- 67. pre-downloaded lists of URL hash prefixes
- 75. filename and size URLs hash of contents locale toolkit/components/downloads/ApplicationReputation.cpp
- 81. revealing non-VPN IP address leaking internal IP address
- 82. revealing non-VPN IP address leaking internal IP address fixed in 51
- 83. media.peerconnection.ice.default_address_only = true 50 or earlier:
- 84. media.peerconnection.ice.no_host = true 51 or later: media.peerconnection.ice.default_address_only = true 50 or earlier:
- 85. other things to keep in mind
- 86. p@ssW0rd5
- 96. user_pref("privacy.trackingprotection.enabled",true); user_pref("privacy.donottrackheader.enabled", true); user_pref("device.sensors.enabled", false); user_pref("media.eme.enabled", false); user_pref("pdfjs.disabled", true); user_pref("browser.casting.enabled", false); user_pref("layout.css.visited_links_enabled", false); user_pref("dom.battery.enabled", false); // Fx < 52 user_pref("dom.netinfo.enabled", false); user_pref("media.video_stats.enabled", false); user_pref("dom.enable_performance", false); user_pref("webgl.enable-debug-renderer-info", false); user_pref("media.peerconnection.ice.default_address_only", true); // Fx < 51 user_pref("media.peerconnection.ice.no_host", true); // Fx >= 51 user_pref("security.pki.sha1_enforcement_level", 2); // Fx < 52 user_pref("network.http.referer.XOriginPolicy", 1); user_pref("privacy.clearOnShutdown.cookies", false); user_pref("network.cookie.cookieBehavior", 0); user_pref("network.cookie.lifetimePolicy", 3); user_pref("network.cookie.lifetime.days", 5); user_pref("network.cookie.thirdparty.sessionOnly", true); user_pref("browser.urlbar.trimURLs", false); ? @fmarier
- 97. Photo Credits: shooting star: https://www.flickr.com/photos/funcrush/9496927983/ yellow triangle: https://www.flickr.com/photos/tillwe/2974932670/ jail cell: https://www.flickr.com/photos/mikecogh/5997920696 speedbump: https://www.flickr.com/photos/jputnam/9078451876/ cookie: https://www.flickr.com/photos/amagill/34754258/ chromecast: https://www.flickr.com/photos/medithit/10165535814/