Firefox/Privacy

From ArchWiki
Jump to navigation Jump to search

This article overviews how to configure Firefox to enhance security and privacy.

Configuration

The following are privacy-focused configuration tweaks to prevent browser fingerprinting and tracking.

Anti-fingerprinting

Mozilla has started an anti-fingerprinting project in Firefox, as part of a project to upstream features from Tor Browser. Many of these anti-fingerprinting features are enabled by setting about:config:

  • privacy.resistFingerprinting true

There is no user-facing documentation about this flag, and Mozilla does not recommend users enable it, since it will break a few websites (it exists mostly to make life easier for the Tor Browser developers). But it does automatically enable many of the features listed below (such as changing your reported timezone and user agent), as well as protection against other, lesser-known fingerprinting techniques. See the tracking bug that lists many of these features.

Tracking protection

Firefox gained an option for tracking protection. It can be enabled by setting about:config:

  • privacy.trackingprotection.enabled true

Apart from privacy benefits, enabling tracking protection may also reduce load time by 44%.

Note that this is not a replacement for ad blocking extensions such as uBlock Origin and it may or may not work with Firefox forks. If you are already running such an ad blocker with the correct lists, tracking protection might be redundant.

Change browser time zone

The time zone of your system can be used in browser fingerprinting. To set Firefox's time zone to UTC launch it as:

$ TZ=UTC firefox

Or, set a script to launch the above (for example, at /usr/local/bin/firefox).

Change user agent and platform

You can override Firefox's user agent with the general.useragent.override preference in about:config.

The value for the key is your browser's user agent. Select a known common one.

Tip:
  • The value Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0 is used as the user agent for the Tor browser, thus being very common.
  • The #Anti-fingerprinting option also enables the Tor browser user agent and changes your browser platform automatically.
Warning: Changing the user agent without changing to a corresponding platform will make your browser nearly unique.

To change the platform for firefox, add the following string key in about:config:

general.platform.override

Select a known common platform that corresponds with your user agent.

Tip: The value Win32 is used as the platform for the Tor browser, corresponding with the user agent provided above.

WebRTC exposes LAN IP address

To prevent websites from getting your local IP address via WebRTC's peer-to-peer (and JavaScript), open about:config and set:

  • media.peerconnection.ice.default_address_only to true
  • media.peerconnection.enabled to false. (only if you want to completely disable WebRTC)

You can use this WebRTC test page and WebRTC IP Leak VPN / Tor IP Test to confirm that your internal/external IP address is no longer leaked.

Disable HTTP referer

HTTP referer is an optional HTTP header field that identifies the address of the previous webpage from which a link to the currently requested page was followed.

Set network.http.sendRefererHeader to 0.

Disable telemetry

Set toolkit.telemetry.enabled to false and/or disable it under Preferences > Privacy & Security > Firefox Data Collection and Use.

Enable Do Not Track Header (DNT)

Note: The remote server may choose to not honour the Do Not Track request.
Warning: The Do Not Track header may be used to fingerprint your browser, since most users leave the option disabled.

Set privacy.donottrackheader.enabled to true or toggle it in Preferences > Privacy & Security > Tracking Protection

Disable/Enforce Trusted Recursive Resolver

Firefox 60 introduced a feature called Trusted Recursive Resolver (TRR). It circumvents DNS servers configured in your system, instead sending all DNS requests over HTTPS to Cloudflare servers. While this is significantly more secure (as "classic" DNS requests are sent in plain text over the network, and everyone along the way can snoop on these), this also makes all your DNS requests readable by Cloudflare, providing TRR servers.

  • If you trust DNS servers you have configured yourself more than Cloudflare's, you can disable TRR in about:config by setting network.trr.mode (integer, create it it it does not exist) to 5. (A value of 0 means disabled by default, and might be overridden by future updates - a value of 5 is disabled by choice and will not be overridden.)
  • If you trust Cloudflare DNS servers and would prefer extra privacy (thanks to encrypted DNS requests), you can enforce TRR by setting network.trr.mode to 3 (which completely disables classic DNS requests) or 2 (uses TRR by default, falls back to classic DNS requests if that fails). Keep in mind that if you are using any intranet websites or trying to access computers in your local networks by their hostnames, enabling TRR may break name resolving in such cases.
  • If you want to encrypt your DNS requests but not use Cloudflare servers, you can point to a new DNS over HTTPS server by setting network.trr.uri to your resolver URL. A list of currently available resolvers can be found in the curl wiki, along with other configuration options for TRR.

Disable geolocation

Set geo.enabled to false in about:config.

Disable Safe Browsing service

Safe Browsing offers phishing protection and malware checks, however it may send user information (e.g. URL, file hashes, etc.) to third parties like Google.

To disable the Safe Browsing service, in about:config set:

  • browser.safebrowsing.malware.enabled to false
  • browser.safebrowsing.phishing.enabled to false

In addition disable download checking, by setting browser.safebrowsing.downloads.enabled to false.

Disable WebGL

WebGL is a potential security risk.[1] Set webgl.disabled to true in about:config if you want to disable it.

Enterprise policies

Network and system-wide policies may be established through the use of enterprise policies which both supplements and overrides user configuration preferences. For example, there is no documented user preference to disable the checking of updates for beta channel releases. However, there exists an enterprise policy which can be effectively deployed as a workaround. Single and/or multiple policies may be administered through policies.json as follows:

  • Disable application updates
  • Force-enable hardware acceleration
{
 "policies": {
  "DisableAppUpdate": true,
  "HardwareAcceleration": true
 }
}

Verify that Enterprise Policies is set to Active under about:support and review release-specific policies under about:policies.

Extensions

See Browser extensions#Privacy.

Remove system-wide hidden extensions

Several extensions, hidden to the user, are installed by default in /usr/lib/firefox/browser/features. Many can be safely removed via rm extension-name.xpi in order to completely remove unwanted features. Many of these extensions are not enabled by default and have a menu option for enabling or disabling. about:support lists all combined user and system extensions. Note that any files removed will return upon update of the firefox package. To keep these extensions removed, consider adding the directories to NoExtract= in pacman.conf, see Pacman#Skip files from being installed to system. Below are a few examples of these extensions and their features.

  • activity-stream@mozilla.org.xpi - "Activity Stream" which replaces the new tab page. See [2]
  • firefox@getpocket.com.xpi - Pocket

Firefox installations to paths such as the default release installed to /opt have system extensions installed at /firefox/firefox/browser/features

See also [3] for a full list of system extensions including README files describing their functions.

Sanitized profiles

prefs.js

Files which constitute a Firefox profile can be be stripped of certain metadata. For example, a typical prefs.js contains strings which identify the client and/or the user.

user_pref("app.normandy.user_id", "6f469186-12b8-50fb-bdf2-209ebc482c263");
user_pref("security.sandbox.content.tempDirSuffix", "2a02902b-f25c-a9df-17bb-501350287f27");
user_pref("toolkit.telemetry.cachedClientID", "22e251b4-0791-44f5-91ec-a44d77255f4a");

There are multiple approaches by which these strings can be reset with the caveat that a master prefs.js must first be created without such identifiers and synced into a working profile. The simplest solution is close Firefox before copying its prefs.js to a separate location:

$ cp ~/.mozilla/firefox/example.default-release/prefs.js ~/prefs.sanitized.js

Strip out any and all identfier strings and date codes by either setting them to 0 or removing the entries outright from the copied prefs.js. Sync the now sanitized prefs.js to the working profile as required:

$ rsync -v ~/.prefs.sanitized.js ~/.mozilla/firefox/example.default-release/prefs.js
Note: Required identifier and date code entries and/or strings will automatically be repopulated and reset to new values during the next launch of Firefox

A secondary privacy effect is also incurred which can be witnessed by examining the string results between a sanitized prefs.js versus a working prefs.js at Fingerprint JS API Demo.

extensions.json

Assuming that extensions are installed, the extensions.json file lists all profile extensions and their settings. Of note is the location of the user home directory where the .mozilla and extensions folder exist by default. Unwanted background updates may be disabled by setting applyBackgroundUpdates to the appropriate 0 value. Of minor note are installDate and updateDate. Bubblewrap can effectively mask the username and location of the home directory at which time the extensions.json file may be sanitized and modified to point to the sandboxed HOME location.

{"schemaVersion":31,"addons":[{"id":"uBlock0@raymondhill.net","syncGUID":"{0}","version":"0","type":"extension","optionsURL":"dashboard.html","optionsType":3,"optionsBrowserStyle":true,"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":0,"updateDate":0,"applyBackgroundUpdates":0,"path":"/home/r/.mozilla/firefox/example.default-release/extensions/uBlock0@raymondhill.net.xpi","skinnable":false,"softDisabled":false,"foreignInstall":true,"strictCompatibility":true}}

Removal of similar metadata from addonStartup.json.lz4 and search.json.mozlz4 can also be accomplished. mozlz4 is a command-line tool which provides compression/decompression support for Mozilla (non-standard) LZ4 files.

Removal of subsystems

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: The deleted files will be back after upgrading the package, add them to NoExtract instead. (Discuss in Talk:Firefox/Privacy#)

Telemetry related to crash reporting may be disabled by removing the following:

/usr/lib/firefox/crashreporter
/usr/lib/firefox/minidump-analyzer
/usr/lib/firefox/pingsender

For those who have opted to install Firefox manually from official Mozilla sources, the updater system may be disabled by removing updater in the firefox directory.

Editing the contents of omni.ja

omni.ja is a Mozilla-optimized zip file which contains most of the default configuration settings used by Firefox. As an example, starting from Firefox 73, network calls to firefox.settings.services.mozilla.com and/or content-signature-2.cdn.mozilla.net cannot be blocked by extensions or by setting preference URLs to "");. Aside from a DNS sinkhole or firewalling resolved IP blocks, one resolution is to grep through the contents of omni.ja before removing all references to firefox.settings.services.mozilla.com and/or cdn.mozilla.net. Extraneous modules such as unused dictionaries and hyphenation files can also be removed in order to reduce the size of omni.ja for both security and performance reasons.

Note: Certain features may be inhibited or lost as a result of modifying the contents of omni.ja. It is up to the user to determine whether the gain in privacy is worth the loss of expected usability

Hardened user.js templates

Several active projects maintain comprehensive hardened Firefox configurations in the form of a user.js config that can be dropped to Firefox profile directory:

  • pyllyukko/user.js
  • ghacksuserjs/ghacks-user.js
  • ffprofile.com (github) - online user.js generator. You select which features you want to enable and disable and in the end you get a download link for a zip-file with your profile template. You can for example disable some functions, which send data to Mozilla and Google, or disable several annoying Firefox functions like Mozilla Hello or the Pocket integration.

See also