What's new

Firefox Enhanced Privacy

V

victimizing

Newbie
Messages
19
Reaction score
3
I couldn't really find a category for this post so I felt that this was the most fitting but here it goes my first thread! :wink:

Enhancing Firefox
for privacy, of course!



Hey guys I wanted to make a thread that would benefit anyone looking to make their web activity a bit more private. So without further ado I will try to stretch these long enough to not make me look like a retard!

There is many reasons why users would want privacy so I won't go in depth due to lots of personal reasons why people choose to be more private, but if you are looking to enhance your web browsing experience than look no further!

Firefox itself is a pretty secure browser, and the fact that it is open source allows the user to tweak pretty much everything about it. This thread will focus on a few configuration tweaks as well as some add-on's. This thread will feature the following add-ons: WebRTC, User-Agent Spoofer, HTTPS EVERYWHERE, and Cookie Manager. If you are already familiar with all of those add-ons, then there is no point of scrolling down any further. For the people not familiar, keep on scrolling down!

So first things first we are going to talk about "User-Agents". User-Agents are things that identify the type of computer you are using, the browser you are using, and the version of your software. When visiting websites these user-agents are stored on the websites server logs and depending on what you are doing can identify your computer. Lucky for you changing your user-agent is very easy with the Firefox Add-Ons. For this method we will be using the add-on "User Agent Overrider". Add it to your Browser here: https://addons.mozilla.org/firefox/addon/user-agent-overrider/https://addons.mozilla.org/firefox/addon/user-agent-overrider/
https://addons.mozilla.org/firefox/addon/user-agent-overrider/
Once you have added the Overrider to your browser you will notice it at the top right bar. Clicking on it will reveal several different types of devices such as: Linux, Mac OS, and so fourth. Clicking any of those will change your user-agent to that which will override the default one that identifies your system. You can pick whatever one you want, but beware any phone device will usually turn normal websites into "mobile versions" which isn't very convenient so I would avoid that. Click the add on, go to preferences and you will see that you can enter custom user-agents on each line. I usually use devices that I do not own in my household and get all of my custom ones from http://www.user-agents.org/
Once you have selected the best user-agent for you go ahead and check your browser details here: http://mybrowserinfo.com/detail.asp?bhcp=1 that website will display your IP address, user-agent and other things about your system. By the end of this thread you will notice a huge difference to that list. Without spoofing your user-agent that site will display your computer/laptop screen dimensions which can be used to identify your computer, and will display if you have Java or Flash enabled which a site in return could use that to decide which computer they try to execute code on. (Flash and Java is very vulnerable). Ok got the user-agent down? Let's move on!

The next add-on I will be focusing on is "Self-Destructing Cookies" (https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/?src=api) If you are not familiar with what Cookies are (not grandmas) they are is a small piece of data that get saved to your computer from sites you visit. Most sites uses cookies to have your account logged in whenever you visit the site, but some cookies are used to identify your browsing habits, but for the even more concerned it can be a digital breadcrumb of what websites you have been visiting. What this add-on does is every time you close a tab it will also delete the cookies from your computer leaving no trace of that website behind (at least on your computer). If you want this add-on click the link above.

The next big thing I want to talk about is "Web Real Time Communication" WebRTC for short. WebRTC is a web protocol used primarily for peer-to-peer things such as video, and voice chats. The issue with WebRTC is that since IT IS peer-to-peer there is a lot of IP leaks that happen, and if you are doing your best to protect yourself online with other add-ons, and security measures then you do not want this happening. There really isn't much more to say on this protocol, but if you are not really relying on peer-to-peer stuff through your browser (most people don't with all their phones, and actual programs that do it) then install this add-on to prevent your IP from leaking here: https://addons.mozilla.org/en-US/firefox/addon/happy-bonobo-disable-webrtc/

The next add-on is probably the best one out of all of these and it is called "HTTPS EVERYWHERE". A lot of you Tor (The onion router) users should know about this add-on due to the fact that the browser comes pre-installed with it. So let's go a bit into detail of this because Http and Https have a lot of details. So basically when you are browsing websites you will notice the address bar as either http://www.example.com, or it has https://www.example.com usually with a green lock before it. HTTP stands for hypertext transfer protocol. This is the thing that distributes all site content, and is the base of the internet. HTTPS is basically the same thing but this protocol encrypts the data sent over the website so that other sites can not pick it up. Please note: if other pages, images, iframes and so fourth on the encrypted HTTPS page are not HTTPS there is a chance some data will not be encrypted. The good thing with this add-on is that it forces every website to use HTTPS therefore protected your privacy a bit more than not using it. If you would like to get it the link is here: https://addons.mozilla.org/nn-NO/firefox/addon/https-everywhere/

With the major add-ons out of the way I would like to list a couple multi-purpose add-ons that disable trackers, clean up messy code, prevent certain scripts from running + more! Since the end user can really look into these adds on the page I am going to just link them below and move onto a few more points. Check out the add-ons here:

https://addons.mozilla.org/en-US/firefox/addon/ghostery/ (Ghostery)
https://addons.mozilla.org/nn-NO/firefox/addon/privacy-badger17/ (Privacy Badger by EFF)
https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ (uBlock)

Ok the next section we will not be focusing on add-ons at all. For this section we will be focused on editing the actual config settings in the browser. Please be careful when changing things up in this section. The tweaks I will show will be fine but don't flame me if you edit something I didn't say to edit :what:

First things first let's open up the config settings by typing "about:config" in your address bar and pressing enter. Once you hit the "I accept the risk!" button on the warranty page you will be presented with a whole lot of stuff that might look confusing. This is the browser framework for the most part so we will not be messing with much and I do not advise you to do so unless you know what you are doing. So first thing we are going to do is turn off Geolocation which of course has to do with your location and if the browser will use it when browsing. Go ahead and type "geo" at the top bar and hit enter. You will see lots of stuff pop up but look for the following things:


geo.wifi.uri
geo.enabled
geo.provider.ms-windows-location
browser.search.geoSpecificDefaults

-- For the first one geo.wifi.uri we want to make the "value" blank.
-- For geo.enabled, browser.search.geoSpecificDefaults, and geo.provider.ms-windows-location change the "value" to false. That is about it with the "about:config" I might do some research and release another thread a bit better than this in the future. Anyway lets move on!

For the last part of this thread we will be editing your Firefox Preferences. Go ahead and open them up by going to the top right corner, clicking the 3 bars stacked on each other and clicking options. Or you can access it by clicking: about:tongue:references. Once inside we will want to focus on a few things. In the "Privacy" tab make sure to check the box that says "Use Tracking Protection in Private Windows", and set your history to "Never remember history". Next step is to click the "Advanced" tab, click "network", enable "Override automatic cache management", and limit cache to "0" MB of space. This will prevent stuff from saving to your computer.

Alright guys I think that is it for this thread. This is my first one and if there is anything I am missing, formatting wrongly, or anything else please let me know below. Thanks for reading this I hope I helped out some people :smile:
 
M

megabrownMUSCLES

Newbie
Messages
7
Reaction score
4
Good post, but I'm going to improve upon it a bit.
Additional pro tip at end of this post :thumbsup:

WebRTC functionality should be manually hard-set to disabled in the about:config
1. Navigate to about:config via address bar
2. Accept the risk of voiding your warranty
3. Search for "peerconnection"
Change the following:
media.peerconnection.enabled;false
media.peerconnection.ice.no_host;true
media.peerconnection.identity.enabled;false
media.peerconnection.ice.stun_client_maximum_transmits;0
The reason you should chose this over an extension to automate the process is to reduce possible attack surface and avoid a more unique browser fingerprint.

User Agent Spoofer to Random Agent Spoofer
Random Agent Spoofer extension offers a much broader range of functionality over UAS.
RAS offers a large set of User Agents to choose from across multiple systems i.e Consoles, Unix, Linux, Win, Android, iOS, and more. The addon also offers header modification (spoofing accepted language, source referrer, and more.), script injection, cookie options, and additional automated about:config modifications to increase security and privacy.
As mentioned with WebRTC, you should minimize your reliance on extensions to secure your browser if you can manually do it.

Decentraleyes extension
Denentraleyes is an extension to emulate CDN's locally. Instead of you requesting a CDN for a resource, the remote request will be blocked and said resource will be loaded from your own system. In short, it reduces tracking and increases privacy. The extension wont work for every CDN in existence, and not every resource will be called for locally. But it definitely belongs in the privacy-conscious user's list of go-to FF extensions.


Here's the additional pro tip/advice.
Firefox, to my knowledge, does not operate in a secure isolated environment (sandbox). When you use Firefox, you trade security for privacy. With chrome/chromium you trade privacy for security. Unlike FF, Chrome runs in a sandbox. This will prevent malicious code from being executed and effecting your entire system.
I seriously recommend you use Chrome/Chromium over FF if security is more important than privacy to you.
(Chromium binaries can be found here: https://chromium.woolyss.com/)
For Windows, using something like sandboxie will offer you a form of isolation. For GNU/Linux, using Firejail will offer application isolation. They both can be used for more than just Firefox as well.
Links - Firejail: https://firejail.wordpress.com/ | Sandboxie: https://www.sandboxie.com/ | Decentraleyes: https://addons.mozilla.org/firefox/addon/decentraleyes | RAS/Random Agent Spoofer: https://addons.mozilla.org/firefox/addon/random-agent-spoofer
 
Top Bottom