Difference between revisions of "FIREFOX - Setup and Hardening"

From wiki.1001solutions.net
Line 14: Line 14:
 
: In Firefox, go to Bookmarks -> Show All Bookmarks
 
: In Firefox, go to Bookmarks -> Show All Bookmarks
 
: Then, backup your bookmarks as a text file. Enjoy.
 
: Then, backup your bookmarks as a text file. Enjoy.
 +
 +
; Verification
 +
: https://amiunique.org/
  
  

Revision as of 21:53, 27 March 2020


This is a checklist of the minimal settings of Firefox to get a basic privacy on internet.

Firefox Account
Synchronizing your account across multiple devices is a risk
Do not sign in to a Firefox account.
Password manager
use KeePass or a similar software.
Bookmarks
Use the Firefox native backup function
In Firefox, go to Bookmarks -> Show All Bookmarks
Then, backup your bookmarks as a text file. Enjoy.
Verification
https://amiunique.org/



Addons

HTTPS Everywhere

Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.

The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.

Indicate TLS

This Add-on uses the new SecurityInfo-API in Firefox to display information about the transport security used on the sites you visit.

The TLS protocol version is displayed by an icon in the address bar. More detailed information can be viewed by clicking on that icon, particularly to display the TLS protocol version of 3rd party servers that the website you are visiting fetches resources from.

KeePassHTTP-Connector

KeePassHttp-Connector is a WebExtension for browsers to send and receive credentials from KeePass(XC).

NoScript

NoScript gives you the best available protection on the web. It allows JavaScript, Flash, and other executable content to run only from trusted domains of your choice (e.g. your banking site), thus mitigating remotely exploitable vulnerabilities, such as Spectre and Meltdown.

It protects your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology.

Such a preemptive approach prevents exploitation of security vulnerabilities (known and unknown!) with no loss of functionality where you need it. Experts do agree: Firefox is really safer with NoScript ;-)

Privacy Badger

Privacy Badger automatically learns to block invisible trackers. Instead of keeping lists of what to block, Privacy Badger learns by watching which domains appear to be tracking you as you browse the Web.

Privacy Badger sends the Do Not Track signal with your browsing. If trackers ignore your wishes, your Badger will learn to block them. Privacy Badger starts blocking once it sees the same tracker on three different websites.

Besides automatic tracker blocking, Privacy Badger removes outgoing link click tracking on Facebook, Google and Twitter, with more privacy protections on the way.

Qwant Lite

Qwant Lite as default search engine.

Random User Agent

Automatically change the user agent after specified period of time to a randomly selected one, thus hiding your real user agent

uBlock Origin

An efficient blocker: easy on memory and CPU footprint, and yet can load and enforce thousands more filters than other popular blockers out there.


Settings

Automatic Formfill

Disable Automatic Formfill in preferences.
Formfilling requires that information be cached in the browser, this can include valuable information like usernames and passwords and the information can reference visited sites even with history disabled.

Battery API

The Mozilla API can allow a site to track the current battery life of a device, which can be used in conjunction with other methods to identify and track users.

Go in about:config and set the Battery API value dom.battery.enabled to false.

Content Blocking

In the preferences (about:preferences#privacy), choose "custom options" and set:

  • Trackers -> In all windows
  • Cookies -> Third-Parties
  • Cryptominers checked
  • Fingerprinters checked

Cookies

In the preferences, check the box "Delete cookies and site data when Firefox is closed".

Geolocalization

In the last Firefox versions:

  • Go to security and privaty section of preferences (about:preferences#privacy)
    • Set Location Permissions to block all

In the old versions:

  • Go in about:config
    • Put geo.enabled value to false.

Logins and Passwords

In the preferences, disable "ask logins and password".

Media Autoplay

In the last Firefox versions:

  • Set "Block websites from automatically playing sound" option

More options are present in about:config.

In the old versions:

  • Go in about:config
    • Put media.autoplay value to false

privacy.resistfingerprinting

This setting actually manages many behaviors in Firefox, it is a group of settings that are used by the Uplift project (a sub-project of Tor) to make the browser ignore most types of fingerprinting requests.

In about:config:

  • Put privacy.resistfingerprinting to true

Telemetry

In the preferences (about:preferences#privacy), disable all "Firefox data collection and use" options


Non-essential but Usefull Extras

ContextSearch web-ext

Select text and search from the context menu or a tiled popup using any of your installed search engines. Add new search engines with a right-click, edit favicons and query strings. POST compatible, simple UI, highly configurable. For FF 57+

Flash and Video Download

Download videos and flash games very easily, with one click.


Video Downloader Professional

Download videos from web sites or just collect them in your video list without downloading them.