How to build a Firefox privacy arsenal

What do people think of the Firefox Masking Agent Addon?

 

https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work

Scroll down to following questions: How does Phishing and Malware Protection work in Firefox?

What information is sent to Mozilla or its partners when Phishing and Malware Protection
are enabled?

 

Do you recall what, specifically, you were concerned about and why? Google being able to uniquely identify you when Firefox contacts its servers? The wrkey? Cookies? Google receiving revealing information about the URLs being checked? Insufficient hashing/fuzzing of those? A case where actual URL info was sent? Something else?

 

Yes

Not so much, as 99% of the time they are ALL disabled.

As for the info in Compu KTed's link re privacy etc, i prefer not to auto trust. Also things can change Without notice !

 

For users of Adblock Plus with EasyPrivacy filter subscription: EasyPrivacy filter subscription doesn't block social media-type trackers. To block those too, you'll need a filter subscription like Fanboy's Social Blocking List, or another extension such as Ghostery.

 

I'm not a FireFox user, preferring SeaMonkey instead. That said, most of the extensions and settings that work for one will work for the other. The package I'm using includes several of the extensions listed here. I was using Ghostery for quite a while but eventually concluded that it has the same shortcomings as most default-permit based apps. Incomplete coverage that's never completely up to date and blocklists that never stop growing. The bigger the blocklists get, the more they slowed the browser. I've since replaced it with Request Policy which is more inline with my default-deny policy. I deselected all of the lists during the initial setup, preferring to build my own whitelist as I go. I wasn't aware of the 1.0 version of Request Policy. I wouldn't have much use for the default-allow setting but the ability to use wildcards in the rules looks interesting.

I still have FlashBlock and Better Privacy but they are largely redundant. FlashBlock is useful on those occasions where I want to see a video but not the rest of the flash content on the page.

Proxomitron takes the place of NoScript on my system. I'm using the sidki_2011-12-22rc1 and ProxBlox filtersets. More info on those here. It's not as user friendly as NoScript but it is IMO more flexible and works with a browsers. Proxomitron also allows the user to create block/allow lists for multiple purposes. These lists also accept wildcards, making them very useful for content blocking and limiting javascript permissions on a per-site basis.

 

RequestPolicy is not a 100% functionality replacement for blacklist blockers like Ghostery, because blacklist blockers might block a) objectionable elements in domains that must be allowed for a given website to work b) objectionable elements in the domain for the website itself.

 

Excellent thread!

Best regards,

Mohamed

 

No, it's not. Request Policy primarily controls connections to domains other than the one the user chose to connect to. Filtering unwanted content from the originating domain falls more to Proxomitron and extensions like NoScript.

 

Is there a Firefox Addon that masks Im using Firefox and makes it look like Im using another Browser such as Chrome or Opera?

 

Speaking of which, it appears there are some changes coming WRT safebrowsing and cookies.

Implement a separate cookie jar for safebrowsing
Resolved Fixed, Target milestone mozilla27
https://bugzilla.mozilla.org/show_bug.cgi?id=897516

Shouldn't send Google's cookie with SafeBrowsing API requests (sandbox it...
Resolved Fixed, Target milestone mozilla27
https://bugzilla.mozilla.org/show_bug.cgi?id=368255

I haven't dug into this yet. So I don't know if users will be able to block Google SafeBrowsing cookies to/from the separate jar, whether they'll be able to delete them via "Clear history when Firefox closes" settings, etc.

 

Yeah, Secret Agent is one, which you already asked about !

Here's another i have installed.

Try them & test them, here for eg ShieldsUP/Browser Headers https://www.grc.com

**********

@ TheWindBringeth

Thanx for the extra info I won't be using safebrowsing though

 

Tried User Agent Switcher, but for some reason wasn't able to get it to work.
Tried Secret Agent and that seemed to work.

You can also check your UserAgent Information here: http://browserspy.dk/useragent.php

 

Prefbar makes a lot of options easy to access and change, including the user agent. Very customizable. Additional buttons and options available. Mine is set up similar to this.

 

Thanks so much for your input. And yeah there are some great minds here. And I put Mirmir right at the top.

 

I also had problems with User Agent Switcher. When I set it, it works fine, but the minute I close my browser it loses the settings.

 

A Solution For Protecting Your Privacy Online

NoTrace is a Firefox extension that implements a supportive, comprehensive and improved
approach for privacy protection to allow users to be aware of the risks of their navigation
and to give them full control on effective actions to address online privacy threats.


http://www.isislab.it/projects/NoTrace/

(click on Download button)
Notrace Development version with awareness and full control functionalities
(Last Update on January 2th, 2014). Result: 404 Not Found


Latest version at addons.mozilla.org is 2.3 Released January 11, 2013

guest mentions it in post # 43. Is this extension abandoned?

 

Good advice. A good combination IMO (which I use) is:

EasyList
EasyPrivacy
Fanboy's Annoyance List
Malware Domains

The annoyance list includes the social blocking list, and more, and isn't overlap with EasyPrivacy/List.

And I also disable Google Safebrowsing in about:config, as I saw someone else mention. And delete the URL's too for good measure. And also block/uncheck it in the Sandboxie settings.

 

I've been testing ABP with Easy List, Easy Privacy and Malware Domains, plus Disconnect (to replace Fanboy's Enhanced Trackers list and Social Blocking list on my older laptop to keep the total Adblock filter size smaller). So far, Firefox seems a little snappier with EL/EP/MW and Disconnect while blocking most of the same sludge.

 

Websites Privacy Policy Last Updated: August 2, 2013

We have separate privacy policies for our products and services
(e.g., the Mozilla Firefox Privacy Policy).

Scroll down to: Opt-out Procedures

Scroll down to: Social Networking Services

http://www.mozilla.org/en-US/privacy/policies/websites/



Third-Party Service Providers for Firefox Last updated March, 2010

http://www.mozilla.org/en-US/legal/privacy/firefox-third-party.html



Mozilla Firefox Privacy Policy

Last Updated: May 15, 2013
http://www.mozilla.org/en-US/legal/privacy/firefox.html

I would recommend reading entire policy to see how Firefox handles info especially on
Third-Party Service Providers. Do a run-through of Firefox about:config settings to reduce
your browser fingerprint and increase privacy.

 

I'm trying to make Firefox browsing private but without slowing it down too much and having to whitelist sites that I visit. So far I've installed Adblock Plus (EasyList, EasyPrivacy, Malware Domains, Social blocking), Ghostery (all blocked) and RefControl. What would be a benefit of adding NoScript with scripts globally allowed? Would it improve my privacy or would it's protection overlap with other extensions? Can you suggest any other extension that would improve my privacy and wouldn't slow down my browsing?
P.S.: all data downloaded during browsing session is deleted once I close the browser (SBIE). So no worries about that.

Regards, hqsec

 

NoScript should be run in full block mode. It's only a click or two to get websites you want, working. The Freedom Hosting attack on Tormail, relied on JavaScript to send out Host Name, MAC, and IP Address, to the FBI.

 

Yes, I know what is most secure setting, but I'm not going to whitelist whole internet. It's just too much trouble. If I allow scripts globally and enable XSS and other protections, will it give me any additional protection? Or does it become useless?

Regards, hqsec

 

From NoScript FAQ:

You might also want to use HTTPS Everywhere.

 

Thank you MrBrian for your answer. I've also found the answer to my questions on NoScript features site:

I will check out HTTPS Everywhere also.

Regards, hqsec