Hey all! I've compiled a list of privacy tips and techniques which I'm going to be rolling out in the near future but I wanted to share what I have so far to get input from the community. The first installment will address my browser of choice, Firefox. Here I assume basic familiarity with standard settings for the sake of brevity. Most of what I've been able to find posted elsewhere tends to be outdated and most articles/tutorials are insufficiently detailed to provide appreciable guidance. What I'd like to create is a blueprint that a reasonably competent layperson can mimic to enhance their privacy while avoiding bloat where possible. Install, tweak as shown, go about your business in comfort. I'll be editing and updating this initial post as it evolves; this is not yet a mature or comprehensive reference; critiques wholeheartedly encouraged and sought! I plan to consolidate everything but I'd like to get the kinks worked out as I go along. To quickly gauge the effectiveness of any pre/post changes on tracking and fingerprinting, feel free to test your browser at Panopticlick, Browserspy, and Browserleaks. Recommended changes and additions to FF defaults: Misc Disable prefetching, search suggestions, search history, clear history on close, etc. Search Startpage (by Ixquick) Privacy-centered search which offers the power of Google without the invasive tracking DuckDuckGo Their result ranking leaves something to be desired but I rely on it to escape Google's bubble when necessary Add-ons: Better Privacy Manage and delete LSOs/Cookies Canvas Blocker Mitigate HTML5 canvas fingerprinting Decentraleyes Local CDN emulation; mitigates tracking Complements and plays nicely with the other blockers/privacy add-ons Google Search Link Fix Prevents Google/Yandex from altering result links HTTPS Everywhere Force HTTPS No Resource URI Leak Additional fingerprinting/tracking mitigation; seems especially useful for a setup with multiple plugins (such as this one) which otherwise increases the ease with which the browser may be fingerprinted Privacy Settings Pretty neat; no more digging around in about:config to configure the default prefs individually Disables DOM witchcraft, becons, geo, webgl, and plenty of other hoodoo Random Agent Spoofer Fingerprinting protection; robust profiles which spoof not only useragent strings but a host of other characteristics to afford increased protection from browser fingerprinting attempts. Self Destructing Cookies Purges respective cookies and LocalStorage as soon as you close its tabs; expunges lingering sessions. Closest I've come to cookie-free browsing without breaking every site in the process. uBlock Origin Better than AdBlock Plus; more powerful, easier on CPU/Memory, better interface (IMO) uMatrix Point-and-click matrix-based firewall, w/ privacy-enhancing tools As for how to configure these add-ons, here's what I recommend for the best privacy with the least impact on your browsing experience - YMMV. N.B. - These are tweaks to the default settings, which should be left in their default state unless shown here. All of the above addons listed even if no tweaking req./possible. The sections for uBlock, uMatrix and Privacy Settings are incomplete. Better Privacy Confirm the proper Flash directory is shown (default should be fine for Win/OSX, Linux users may need to check) Canvas Blocker Remove any whitelisted sites (developer's site kkapsner.de is only site whitelisted by default) Set "Block Mode" to your preferred mode; I recommend either "Block Readout API", "Fake Readout API", or "Block Everything". See FAQ on developer site for details. If "Fake Readout API" is chosen, be sure to adjust the "Maximal Fake Size" setting. Leave the default for "Random Number Generator" set to non-persistent Check "Ask only once" box Decentraleyes Google Search Link Fix HTTPS Everywhere Disable observatory No Resource URI Leak Check the following: Block access to resource:// URIs from Web Block Web-exposed subset of chrome:// URIs Uniformly filter disallowed redirects Click the "Update the policy" button to apply changes Privacy Settings (may break certain sites depending on settings chosen - WORK IN PROGRESS) Navigate to the toolbar icon and select "Advanced Settings" (lower-left button in dropdown) network.http.sendRefererHeader Set to "0" network.predictor.enabled "False" loop.facebook.shareUrl Ensure this is an empty string security.OCSP.require True Random Agent Spoofer My intention is to vary the agents presented while making the UA as unremarkable as possible, so I've purposefully excluded all but the most common UAs. "Profile" section "Change Periodically" option Set to "every request" Do yourself a favor and disable notifications from the Extensions panel if you're opting to change UAs this frequently. Exclude the following profiles to ensure usability is least impacted (i.e. mobile browsers). YMMV. Tip: Spacebar+Tab to cycle through and enable/disable browser profiles Windows Browsers Edge Seamonkey Firefox ESR Mac Browsers Seamonkey Linux Browsers Chromium Epiphany Konqueror Qupzilla Rekonq Seamonkey Console Browsers (all) Windows Phone Browsers (all) iOS Browsers (all) Android Browsers (all) Firefox OS Browsers (all) Unix Browsers (all) "Headers" Section Disable Authorization Spoof If-None-Match (ETags) Spoof Via using Random IP Spoof X-Forwarded-For using Random IP Spoof Source Referer "Options" section (Numerous options; as above, only listing recommended changes to defaults) § Script Injection Screen Size Spoofing Profile Block Plugins Limit Tab History to 2 Protect window.name Disable canvas support § Standard Options Limit Detectable Fonts Disable Context Menu Events Disable gamepad API § Reporting Options Disable Safe Browsing (Google) Disable Safe Browsing Downloads Check Disable Safe Browsing Malware Check Self Destructing Cookies Clear Browser Cache when Idle 15 Strict Cookie Access Policy uBlock Origin uMatrix Note: I recommend not enabling uMatrix's UA spoofing option since we have User Agent Spoofer installed, which is much more robust.
Hi, There is some discussion about CanvasBlocker's Random Number Generator re Persistent vs Non-Persistent in this thread and my post here.
Could you elaborate on that thought? And I excluded NoScript on purpose; in situations where I want to ensure an even greater degree of security I simply disable JS manually. Most of the other NoScript functions are addressed by uMatrix and uBlock as well. See here for rationale: http://arstechnica.com/security/201...-firefox-add-ons-open-millions-to-new-attack/
Giorgio Maone "collaborates" with Gorhill: https://github.com/gorhill/uMatrix/issues/554#issuecomment-221986819 https://forums.informaction.com/viewtopic.php?f=10&t=21926&p=83096&hilit=gorhill#p83096 https://forums.informaction.com/viewtopic.php?f=18&t=20815&hilit=gorhill&start=60 ................................................ Noscript is used, and for the longest time tested.
I'm not sure I understand; those links seem to me to be more reason to avoid NoScript than to use it. And which add-ons were you referring to when you said that many of them are unnecessary? I'd like to reduce the number of extensions where possible so if you see any fat I can trim I'd appreciate the tip. EDIT: I certainly appreciate the value of NoScript's tenure but I think gorhill has clearly built upon and improved on it. No?
Great post. I would like to add somethings. 1. Search Engines: You should include SearX. Choose any of the multiple instances available here. Or if you are knowledgeable, you can run your own instance. 2. Among FF add-ons; Configuration Mania, Config Descriptions, Privacy Badger should be added. You can "Disable canvas support" via script injections in Random Agent Spoofer, so Canvas Blocker is not needed. I also use Calomel SSL Validation. 3. Greasemonkey scripts are good. Following are the ones I use (and also recommend to others) a) AdsBypasser b) AntiAdware c) Adblock Protector
I don't see any benefit if you already use uBlock Origin (and uMatrix). Besides, there are other concerns. I doubt if this is still necessary. uB0 supports injectable scriplets which can probably replace those Greasemonkey scripts. If anything is not blocked it should be reported to gorhill who will usually add a new filter in order to solve the problem. I generally hesitate to add new addons particularly if they overlap with other ones: The more addons, the more unique and, hence, identifiable is your browser (-> fingerprinting!).
@summerheat can you elaborate a bit please? I understand uB0 in medium mode to block 3rd party scripts by default, but would Privacy Badger not provide some additional protection from unwanted behaviour of 1st party scripts and 3rd party tracking cookies? I understand. Interesting discussion nonetheless.
Well, Privacy Badger doesn't use static filterlists but some kind of heuristics. So, theoretically, it is able to catch trackers that are not included in any filterlist or hosts file. But how probable is that? The lists available in uBlock Origin are already very comprehensive, and you can easily add some more if you want. I think it's very unlikely that Privacy Badger blocks something that isn't already blocked by uB0. So its benefit is negligible at best, IMO. And it's probably zero if you're using Dynamic Filtering.
the decentraleyes extension is ineffectual & breeds a false sense of security https://github.com/Synzvato/decentraleyes I had explored the prospect (seriously) of creating a local archive of the entire "togetherjs" CDN and creating custom mappings (er rules governing path mapping) within decentraleyes but realized that its mechanism is dead-in-the-water when it comes up against "SRI" declarations (declared as html attribute) and hashsum checks performed by in-page scripts. IOW, your carefully curated and locally-injected script(s) will be rejected edit: fixed typo (SRI) and removed the confusingly "related" (looking forward) ramblings
My post laments multiple factors which render decentraleyes ineffective (essentially 'useless', IMO) One of these (oops, above I typed SPI ~~ should have been "SRI") you can understand by reading, or even just skimming, these references: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity https://developer.mozilla.org/en-US/docs/Web/Security/CSP https://github.com/Synzvato/decentraleyes/issues/16 https://github.com/Synzvato/decentraleyes/issues/26
the TLR takeaway is that the decentraleyes dev insists that tampering/ignoring SRI declarations is beyond the scope of the project. Until it does tamper/ignore, or until another extension, e.g. NoScript or uBlock, can enforce "surrogate resources shall trump any SRI declaration"... surrogate injection is rendered ineffective when loading any page containing SRI declarations for its scripts.
TomeiNingen, look beyond fretting over cookies. Nowadays, tracking data is often passed via request/response headers or via websocket payload. Also, investigate the mechanism behind google's "AMP project" ~~ unless you "Just Say No" by crippling functionality so that your browser will not load AMP pages, it's basically a privacy GameOver scenario IMO.
What should 'Maximal Fake Size' be set to if 'Fake Readout API' (developer's favourite) is chosen? I don't see a recommendation?
I think at least it should be changed to a size different than the default size of "0". But setting it too high can lead to some problems:
Author of Decentraleyes here. I do not agree with you statements and would like to explain why. Essentially, what you needed is unsupported as it's beyond the current scope of the project. For security reasons, it does not facilitate tampering with bundled content. Bundled resources are handpicked based on estimated effectiveness using statistics by W3Techs. Thanks to this, Mozilla signs all bundled libraries along with the add-on to ensure resource integrity. If you need custom bundles, this is add-on is (currently) not for you. It would be perfectly possible for Decentraleyes to ignore security measures like Content Security Policies, but that would be highly irresponsible. I have engaged in quite a few security discussions with people at Mozilla, to ensure that this add-on actually improves your privacy without expanding other attack vectors. The add-on will always play it safe and will therefore not be blindly overriding other types of security measures. Absolutely, and rightfully so. Let me give you a basic example. Most of the following versions of jQuery and AngularJS are still widely used, but can no longer be considered safe. If Decentraleyes would bypass Content Security Policies and would ignore SRI declarations, an attacker could use an XSS exploit to load vulnerable, bundled, libraries. This would all happen despite a website's own security measures, "thanks" to the add-on. Lastly, I'd like to get back to your conclusions. Firstly, I fail to see how any of these properties could be rendering the add-on "ineffectual". Every additional request this add-on prevents means less data leakage, and it's generally known for being quite effective. Anyone who's unsure can simply use the add-on for a while, and then check the local injections counter. The counter value only increments when a resource has been successfully injected. Secondly, I'm not sure why this add-on would be giving anyone a "false sense of security". I'm sure it does improve overall security by playing things safe, and by preventing CDN requests.
@Synzvato - Just echoing @Krusty's sentiment; welcome! Thanks again for taking the time to weigh in. @inka - Thanks for your insights as well! I'm looking into the AMP protocols in earnest and certainly realize that cookies and the like are just one piece of the puzzle. Thanks for keeping me pointed in the right direction though . Any other burgeoning tech worth paying mind to? I was surprised to see that AMP was in development for as long as it has been - I've only become aware of it in recent months, personally. No fun playing catch-up!
Use of SRI declarations is becoming increasingly prevalent. If the extension does not "tamper", forcing the browser to ignore/disregard such, browser will reject the locally-injected assets. That, along with the fact that the extension only intervenes to provide a woefully small cherry-picked "presumably most-popular" list of scripts/assets... clearly renders it ineffectual. What is "irresponsible" is to lull users into a false sense of security, coaching them to install an extension which provides approximately 0.002% coverage, AND includes an "download if missing" option, and represent to those users "now you are safer than xyz". There is no xyz -- it's black and white. Either disallow connections to enumerated CDN hostnames/domains, period, or connect once (or weekly, or monthly) and thereafter be recognized based on fingerprint established during the initial connection.
Privacy Settings is a must have add on. I use it on my home Debian OS and it stops the user from fiddling through agent:config.
