Hey, I'm not an expert in privacy and browser security but I thought I'd get the ball rolling. If anyone could write some more detailed insights into cookies, scripts, etc that would be appreciated. Once/if more plugins are added we can begin to make sub catergories, eg: "Cookie Management", "Script/Plugin Management".
Flash, Java, user-agent uggestions
Check this site: https://panopticlick.eff.org Flash may track you using system fonts, to disable it:
- echo DisableDeviceFontEnumeration = 1 >> /etc/adobe/mms.cfg
The same problem should occur with Java another thing is to change the user agent to a more common one about:config -> general.useragent.override -> windows smth Are these suggestion worth in this page? Flu (talk) 19:22, 7 December 2012 (UTC)
- Horray. Flash is disabled in Firefox. No work needed. Case closed :D Archaid (talk) 01:05, 2 September 2020 (UTC)
Rehashing of select prefs.js/user.js?
What we have here under #Configuration is for the most part a set of cherry-picked preferences which I feel only touch upon what is possible. Perhaps a revamp of the page is in order. Arguably the two most important preferences in terms of providing privacy are:
For example, starting from FF 73,
firefox.settings.services.mozilla.com cannot be blocked by any extension or by setting all pref URLs to
"");. The solution is either a DNS sinkhole (hardware or software) or firewalling the resolved IP block.
~ $ dig @184.108.40.206 firefox.settings.services.mozilla.com ;; ANSWER SECTION: firefox.settings.services.mozilla.com. 77 IN CNAME d2k03kvdk5cku0.cloudfront.net. d2k03kvdk5cku0.cloudfront.net. 60 IN A 220.127.116.11 d2k03kvdk5cku0.cloudfront.net. 60 IN A 18.104.22.168 d2k03kvdk5cku0.cloudfront.net. 60 IN A 22.214.171.124 d2k03kvdk5cku0.cloudfront.net. 60 IN A 126.96.36.199
One might consider Coverage should also be given to useful extensions such as Dark Reader which (unfortunately) submits frequent metadata streams to
# ufw deny out to 188.8.131.52/16 port 443 since the domain resolved to 13.226.219.xxx for me only last week (load balancing moving target). But that essentially negates the use of a significant block of addresses leveraging the same subnet on Amazon AWS (locally for me, YMMV).
darkreader.github.io. An alternative is to curate a
userContent.css to provide similar results, thereby negating the need for an extension with heartbeat callbacks. What do you guys think? Adamlau (talk) 10:54, 18 March 2020 (UTC)
- Dark Reader has an option to not send the data stream mentioned above: https://github.com/darkreader/darkreader/issues/7574 Flepix (talk) 03:00, 25 April 2022 (UTC)
- Source modification is really the very best way to go about all of this as opposed to a series of bandaged solutions after everything is built Adamlau (talk) 13:18, 26 April 2020 (UTC)
privacy.firstparty.isolate option seems interesting and pertinent; it may cause problems on some sites, but maybe somebody finds a good way to mention it in the article before I find some time to play with it myself. -- Kynikos (talk) 10:54, 31 May 2020 (UTC)
- That option should definitely be pushed forward over many of the others already listed :) Adamlau (talk) 04:56, 11 July 2020 (UTC)
- Good one, is it privacy though or security? Keeping on that topic of limiting third-party shenanigans, the setting for "no third-party cookies" might be helpful for privacy. It's
1. When you change this setting in the Privacy tab, Firefox warns that it "may cause websites to break". I see above that people rejected the idea to disable cookies completely?
- What about deleting the cookies on closing FF? Or do we believe that's what Private Browsing is for? I've come to the point where privacy concerned people (those visiting this page) would expect cookies to always be deleted on close (ie.
2. This can be set from the Preferences > Privacy Tab also). If there are no objections I will add the two points I've mentioned to the page in the days ahead. Archaid (talk) 00:38, 2 September 2020 (UTC)
A) I've just added a section about firefox/Privacy#Proxying_your_web_searches. My opinion is its best practice for maintaining privacy but if there is a better process, or a FLOSS Firefox extension exists that makes the process described even easier, please adapt it.
B) there is a case for adding a sub-section on invidious, despite invidious giving the user a direct link to google servers for the mp4 file, and the user is revealed to google,
- a) no js needs to be executed and given that we are now clearly instructing people to switch off js we need to offer a pathway to access video content without js,
- b) invidious makes downloading media easy so the user might only be tracked as consuming the media once and not every time they watch/rewatch it
- c) invidious has an audio only option, helpful in reducing bandwidth consumption for people with poor internet connections. Reducing bandwidth is helpful over Tor and I2P, with the latter known to be used with hardened Firefox installations, and
- d) THIS ONE IS IMPORTANT invidious makes setting up an independent video hosting service easier (example/s can be provided) (anything that reduces the centralization of video delivery also increases privacy;
- i) it reduces the size of the profile that the central power in this case, Google, can build on a person, and
- ii) a person can host/publish their own videos on a user-friendly interface privately, not possible on Youtube.
For the above reasons, it's worthwhile that we include invidious in a Proxying section.
Searx / Invidious
Firefox/Privacy#Web search over Searx and Firefox/Privacy#Watch videos over Invidious are not Firefox specific. Shouldn't they be moved to some other place like List of applications or a generic Browser/Privacy page ?