Talk:Firefox/Privacy

From ArchWiki
Jump to navigation Jump to search

Hey, I'm not an expert in privacy and browser security but I thought I'd get the ball rolling. If anyone could write some more detailed insights into cookies, scripts, etc that would be appreciated. Once/if more plugins are added we can begin to make sub catergories, eg: "Cookie Management", "Script/Plugin Management".

Cheers,

--MagickFox (talk) 13:52, 24 June 2012 (UTC)

Check this site: https://panopticlick.eff.org Flash may track you using system fonts, to disable it:

  1. echo DisableDeviceFontEnumeration = 1 >> /etc/adobe/mms.cfg

The same problem should occur with Java another thing is to change the user agent to a more common one about:config -> general.useragent.override -> windows smth Are these suggestion worth in this page? Flu (talk) 19:22, 7 December 2012 (UTC)

Disable Geolocation

Set geo.enabled to false. Pickfire (talk) 15:21, 25 November 2017 (UTC)

Merging with Bubblewrap#Firefox.

I had considered expanding Bubblewrap#Firefox with this example, but thought to add some weight to this article. The idea was to showcase a (more or less) vanilla wrap under Bubblewrap and a more privacy-enhanced version here. Under Bubblewrap or Firefox/Privacy is fine by me. Will look to add additional wrap commentary once we come to a decision. Adamlau (talk) 09:56, 18 March 2020 (UTC)

Understanding bubblewrap takes more than just installing the package and using a command example given on this page, so everything should be on the bubblewrap page. Giving two examples which do not reference each other at all is more confusing than useful. -- Lahwaacz (talk) 10:47, 18 March 2020 (UTC)
That works. I refer to bubblewrap in Firefox/Privacy#extensions.json and can use that as a segue towards Bubblewrap proper Adamlau (talk) 12:54, 18 March 2020 (UTC)
Migrated. Adamlau (talk) 00:38, 19 March 2020 (UTC)
Cool, thanks. -- Lahwaacz (talk) 08:03, 19 March 2020 (UTC)

Rehashing of select prefs.js/user.js?

What we have here under #Configuration is for the most part a set of cherry-picked preferences which I feel only touch upon what is possible. Perhaps a revamp of the page is in order. Arguably the two most important preferences in terms of providing privacy are:

user_pref("javascript.enabled", false);
user_pref("network.cookie.cookieBehavior", 2);

Which effectively disable JavaScript and cookies altogether. Privacy (to me) with respect to FF is containing metadata leaks to third-parties (or even first-parties). For example, starting from FF 73, firefox.settings.services.mozilla.com cannot be blocked by any extension or by setting all pref URLs to "");. The solution is either a DNS sinkhole (hardware or software) or firewalling the resolved IP block.

~ $ dig @1.1.1.1 firefox.settings.services.mozilla.com
;; ANSWER SECTION:
firefox.settings.services.mozilla.com. 77 IN CNAME d2k03kvdk5cku0.cloudfront.net.
d2k03kvdk5cku0.cloudfront.net. 60 IN	A	13.226.251.19
d2k03kvdk5cku0.cloudfront.net. 60 IN	A	13.226.251.43
d2k03kvdk5cku0.cloudfront.net. 60 IN	A	13.226.251.27
d2k03kvdk5cku0.cloudfront.net. 60 IN	A	13.226.251.120

One might consider # ufw deny out to 13.226.0.0/16 port 443 since the domain resolved to 13.226.219.xxx for me only last week (load balancing moving target). But that essentially negates the use of a significant block of addresses leveraging the same subnet on Amazon AWS (locally for me, YMMV). Coverage should also be given to useful extensions such as Dark Reader which (unfortunately) submits frequent metadata streams to darkreader.github.io. An alternative is to curate a userContent.css to provide similar results, thereby negating the need for an extension with heartbeat callbacks. What do you guys think? Adamlau (talk) 10:54, 18 March 2020 (UTC)

Note: : Currently blocking 13.226.219.0/24 port 443 and 13.226.251.0/24 port 443 and will review local ufw logs over time.

The more I review #Configuration, the more I feel it should be reworked to reflect a more universal approach towards privacy versus a handful of settings Adamlau (talk) 12:47, 18 March 2020 (UTC)

  • Source modification is really the very best way to go about all of this as opposed to a series of bandaged solutions after everything is built Adamlau (talk) 13:18, 26 April 2020 (UTC)