diff --git a/how-to-configure-firefox-for-privacy-and-security/README.md b/how-to-configure-firefox-for-privacy-and-security/README.md new file mode 100644 index 0000000..147e125 --- /dev/null +++ b/how-to-configure-firefox-for-privacy-and-security/README.md @@ -0,0 +1,55 @@ + + +# How to configure Firefox for privacy and security + +## Caveats + +- When copy/pasting commands that start with `$`, strip out `$` as this character is not part of the command + +## Guide + +### Step 1: install [Firefox](https://www.mozilla.org/en-US/firefox/new/) + +Go to [https://www.mozilla.org/en-US/firefox/new/](https://www.mozilla.org/en-US/firefox/new/), download and install Firefox. + +### Step 2: add [user.js](./user.js) to profile + +> Heads-up: see [arkenfox/user.js](https://github.com/arkenfox/user.js/) to explore more settings. + +#### Start Firefox, paste “about:profiles” in address bar and press enter. + +#### Find default profile root directory and copy to clipboard. + +#### Download user.js to default profile root directory. + +> Heads-up: replace `/Users/sunknudsen/Library/Application Support/Firefox/Profiles/rzrw17yo.default-release` with default profile root directory copied to clipboard. + +```console +$ cd "/Users/sunknudsen/Library/Application Support/Firefox/Profiles/rzrw17yo.default-release" + +$ curl --fail --remote-name https://sunknudsen.com/static/media/privacy-guides/how-to-configure-firefox-for-privacy-and-security/user.js +``` + +### Step 3: restart Firefox + +### Step 4: install [Firefox Multi-Account Containers](https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/) and [Privacy Badger](https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/) extensions + +#### Go to [https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/](https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/) and click “Add to Firefox”. + +#### Go to [https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/](https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/) and click “Add to Firefox”. + +> Heads-up: when asked to allow extension to run in private windows, check box and click “Okay”. + +### Step 5: set default search engine to DuckDuckGo + +### Step 6: configure containers (see episode) + +👍 diff --git a/how-to-configure-firefox-for-privacy-and-security/user.js b/how-to-configure-firefox-for-privacy-and-security/user.js new file mode 100755 index 0000000..01767a8 --- /dev/null +++ b/how-to-configure-firefox-for-privacy-and-security/user.js @@ -0,0 +1,88 @@ +// Firefox hardening using preferences (automated) +user_pref("app.normandy.first_run", false); +user_pref("app.shield.optoutstudies.enabled", false); +user_pref("app.update.auto", false); +user_pref("browser.contentblocking.category", "custom"); +user_pref("browser.download.useDownloadDir", false); +user_pref("browser.formfill.enable", false); +user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); +user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); +user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); +user_pref("browser.newtabpage.activity-stream.feeds.topsites", false); +user_pref("browser.search.suggest.enabled", false); +user_pref("browser.urlbar.placeholderName", "DuckDuckGo"); +user_pref("datareporting.healthreport.uploadEnabled", false); +user_pref("doh-rollout.disable-heuristics", true); +user_pref("dom.forms.autocomplete.formautofill", true); +user_pref("dom.security.https_only_mode_ever_enabled", true); +user_pref("dom.security.https_only_mode", true); +user_pref("extensions.formautofill.addresses.enabled", false); +user_pref("extensions.formautofill.creditCards.enabled", false); +user_pref("extensions.pocket.enabled", false); +user_pref("identity.fxaccounts.enabled", false); +user_pref("layout.spellcheckDefault", 1); // Used to disable spellchecker… set to `0` for increased privacy +user_pref("network.cookie.cookieBehavior", 1); +user_pref("network.cookie.lifetimePolicy", 2); +user_pref("network.proxy.socks_remote_dns", true); +user_pref("network.trr.mode", 5); +user_pref("places.history.enabled", false); +user_pref("privacy.donottrackheader.enabled", true); +user_pref("privacy.history.custom", true); +user_pref("privacy.sanitize.sanitizeOnShutdown", true); +user_pref("privacy.trackingprotection.enabled", true); +user_pref("privacy.trackingprotection.socialtracking.enabled", true); +user_pref("signon.management.page.breach-alerts.enabled", false); +user_pref("signon.rememberSignons", false); +// Firefox hardening using about:config (arkenfox/user.js recommendations, automated) +user_pref("accessibility.force_disabled", 1); +user_pref("app.normandy.api_url", ""); +user_pref("app.normandy.enabled", false); +user_pref("app.shield.optoutstudies.enabled", false); +user_pref("beacon.enabled", false); +user_pref("browser.pagethumbnails.capturing_disabled", true); +user_pref("browser.ping-centre.telemetry", false); +user_pref("browser.places.speculativeConnect.enabled", false); +user_pref("browser.sessionstore.privacy_level", 2); +user_pref("browser.ssl_override_behavior", 1); +user_pref("browser.tabs.crashReporting.sendReport", false); +user_pref("browser.uitour.enabled", false); +user_pref("browser.uitour.url", ""); +user_pref("browser.urlbar.speculativeConnect.enabled", false); +user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); +user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); +user_pref("browser.urlbar.trimURLs", false); +user_pref("browser.xul.error_pages.expert_bad_cert", true); +user_pref("captivedetect.canonicalURL", ""); +user_pref("datareporting.policy.dataSubmissionEnabled", false); +user_pref("dom.security.https_only_mode_send_http_background_request", false); +user_pref("extensions.getAddons.showPane", false); +user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); +user_pref("geo.provider.use_corelocation", false); +user_pref("network.auth.subresource-http-auth-allow", 1); +user_pref("network.captive-portal-service.enabled", false); +user_pref("network.connectivity-service.enabled", false); +user_pref("network.dns.disableIPv6", true); +user_pref("network.dns.disablePrefetch", true); +user_pref("network.http.speculative-parallel-limit", 0); +user_pref("network.predictor.enabled", false); +user_pref("network.prefetch-next", false); +user_pref("pdfjs.enableScripting", false); +user_pref("privacy.userContext.enabled", true); +user_pref("privacy.userContext.ui.enabled", true); +user_pref("security.cert_pinning.enforcement_level", 2); +user_pref("security.mixed_content.block_display_content", true); +user_pref("security.OCSP.require", true); +user_pref("security.pki.crlite_mode", 2); +user_pref("security.pki.sha1_enforcement_level", 1); +user_pref("security.remote_settings.crlite_filters.enabled", true); +user_pref("security.ssl.require_safe_negotiation", true); +user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); +user_pref("security.tls.enable_0rtt_data", false); +user_pref("toolkit.coverage.endpoint.base", ""); +user_pref("toolkit.coverage.opt-out", true); +user_pref("toolkit.telemetry.coverage.opt-out", true); +// Firefox fingerprinting hardening using about:config (automated) +user_pref("privacy.resistFingerprinting", false); // Used to mitigate browser fingerprint but breaks dark mode and screenshots (among other features)… set to `true` for increased privacy +user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); +user_pref("privacy.resistFingerprinting.letterboxing", true); +user_pref("webgl.disabled", true); diff --git a/how-to-mitigate-fingerprinting-and-ip-leaks-using-firefox-advanced-preferences/README.md b/how-to-mitigate-fingerprinting-and-ip-leaks-using-firefox-advanced-preferences/README.md deleted file mode 100644 index 3323e2c..0000000 --- a/how-to-mitigate-fingerprinting-and-ip-leaks-using-firefox-advanced-preferences/README.md +++ /dev/null @@ -1,47 +0,0 @@ - - -# How to mitigate fingerprinting and IP leaks using Firefox advanced preferences - -[![How to mitigate fingerprinting and IP leaks using Firefox advanced preferences](how-to-mitigate-fingerprinting-and-ip-leaks-using-firefox-advanced-preferences.jpeg)](https://www.youtube.com/watch?v=uYoJ7U0OMCY "How to mitigate fingerprinting and IP leaks using Firefox advanced preferences") - -## Guide - -### Step 1: make sure you are running the latest version of Firefox - -### Step 2: make sure you configured Firefox for privacy using https://www.youtube.com/watch?v=NH4DdXC0RFw - -### Step 3: in `Privacy & Security`, disable `Deceptive Content and Dangerous Software Protection` - -### Step 4: open `about:config` and set the following - -> Heads-up: if `true` value does not exist, select “Boolean” and click “+”. - -``` -beacon.enabled = false -dom.battery.enabled = false -dom.event.clipboardevents.enabled = false -dom.webaudio.enabled => false -geo.enabled = false -media.eme.enabled = false -media.navigator.enabled = false -media.peerconnection.enabled = false -network.captive-portal-service.enabled = false -network.dns.disablePrefetch = true -network.http.sendRefererHeader = 0 -network.prefetch-next = false -privacy.firstparty.isolate = true -privacy.resistFingerprinting = true -privacy.resistFingerprinting.letterboxing = true -privacy.trackingprotection.enabled = true -webgl.disabled = true -``` - -👍 diff --git a/how-to-mitigate-fingerprinting-and-ip-leaks-using-firefox-advanced-preferences/how-to-mitigate-fingerprinting-and-ip-leaks-using-firefox-advanced-preferences.jpeg b/how-to-mitigate-fingerprinting-and-ip-leaks-using-firefox-advanced-preferences/how-to-mitigate-fingerprinting-and-ip-leaks-using-firefox-advanced-preferences.jpeg deleted file mode 100644 index eb218b9..0000000 Binary files a/how-to-mitigate-fingerprinting-and-ip-leaks-using-firefox-advanced-preferences/how-to-mitigate-fingerprinting-and-ip-leaks-using-firefox-advanced-preferences.jpeg and /dev/null differ