The goal was originally to "lockdown Firefox" (and forks) prefs that pertain to privacy/security to harden the browser. If wrong the OP can correct me. My fault for getting off-track. Post is deleted. It might be best to post the pref and comment on what it does and to post new ones that are a result of updates or ones that were unsure of.
This has become an informative thread. If my last post came across as criticizing, I owe you an apology. I was questioning, trying to understand "what can we do with this info" and coming up short. Until or unless we bring CCK or similar into the picture (merging prefs we've set into the "default set" to guard against unwanted changes) I'm thinking it doesn't matter (to me) from which file a given default pref value is read from. I just want to preclude having the value(s) for sensitive prefs changed without my knowledge/consent. That's the goal I'm working toward, and I expect my customized "default set" should be portable between ff24esr and versions of TBB and PM which are based on 24esr. Posting newly-emerged prefkeys showing up in newly-released ff versions is probably a good use for this thread, but I think we're not getting too far off-track discussing other pref-related considerations. Really, considering how intertwined things are, within the scope of "firefox lockdown: privacy" we'll probably need to eventually consider/discuss available extensions like RequestPolicy and ContentSecurityPolicy -related extensions. If mods decide to split the thread at some point, no complaint here.
It's fine if it gets a little off-topic, as long as it's still contain valuable informations. Just saying.
If this was directed at me, then no apology is needed. If someone questions a post I've made I would rather have the feedback than for them to remain silent on the matter. Were here to discuss and learn from each other and hopefully find solutions to the issues we post.
This was a long time ago. But when I deleted the contents of the sandbox, dat files were in fact left. And they *did* contain the websites that I visited. Adding Eraser 8.36 eliminated this problem (maybe Ccleaner is better?). Thanks so much for your reply, Caspian
I haven't had time to take all the steps I wanted to (refactoring, setting up better distribution, etc), but... I just put Pref Diff Tool 0.1 on my profile page. It is an HTML page that can be used to compare two export files created by the new Pref Exporter 0.5. Space there is limited, so I removed Pref File Merger code.
https://addons.mozilla.org/en-us/firefox/addon/user-agent-switcher/ its a user agent switcher for ff... adds a menu in tools... http://techpatterns.com/forums/about304.html heres a user-agent database... lots of them... https://panopticlick.eff.org/index.php?action=log test your fingerprint using panopticlick...
There's also the Random Agent Spoofer addon (the privacy folks definitely know what I'm talking about) that automatically changes your user agent, either in random fashion or in certain predefined intervals. Only bad thing is when you connect by using a VPN with this addon enabled and then go to an anonymity test page, the page will state that you are connecting through a proxy.
Displays status with a toolbar button; allows about:config 0, 1 or 2 toggle at will. https://addons.mozilla.org/en-US/firefox/addon/change-referer-button/ A simple tool requiring Think Ahead mode, so not for everyone. Cheers.
Here're some more I've got in use. plugin...intervalIn 15 and 1 are my choices; one may want to ± according to needs. Code: plugin.sessionPermissionNow.intervalInMinutes;15 (default 60) plugin.persistentPermissionAlways.intervalInDays;1 (default 90) browser.sessionstore.resume_from_crash;false -Of interest to local storage- browser.taskbar.lists.enabled;false browser.taskbar.lists.frequent.enabled;false browser.taskbar.lists.tasks.enabled;false browser.newtab.url;about:blank browser.shell.shortcutFavicons;false
One thing I forgot to mention though, is it's kinda screwing around with your geolocation in a positive way. For example, if you connect through your VPN's Kyoto, Japan server and go to a test page, it'll show that you are from Berlin, Germany. Reload the same page and it'll show that you're from Istanbul, Turkey and if you reload it yet again, it'll show that you are from Moscow, Russia. In the past other users also reported this (I forgot which thread was it). I don't know if it will give the same effect if you're connecting directly with your ISP. But nonetheless, I found this to be very amusing.
Something interesting: https://www.wilderssecurity.com/thr...tc-to-determine-your-local-ip-address.372835/ I did a quick check to see if this has been posted here, and I couldn't find this mentioned yet. But of course, I may missed it and if that was being the case, I apologize to whoever had posted it here before.
Stumbled across this... Mozilla/addon-sdk/source/test/preferences/no-connections.json: https://mxr.mozilla.org/mozilla-central/source/addon-sdk/source/test/preferences/no-connections.json
Playing around with windows firewall outbound packet filtering I notice Firefox constantly trying to connect to 239.255.255.250 port 1900 to 1900. Anyone know why Firefox is trying to make that connection ?
And from there, this: https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections
I wonder though with disabling the preference (extensions.blocklist.enabled;false) is a good idea? Warning: Disabling the blocklist is not recommended, as it may result in you using untrustworthy add-ons, revoked certificates or unstable graphics drivers. Firefox may be updating its blocklist, which is used to block malicious extensions, vulnerable plugins, revoked certificates and graphics drivers known to cause crashes. (support.mozilla.org)
Scroll up 3 posts ("Firefox constantly trying to connect to 239.255.255.250"). It's yet another painful reminder regarding preconfigured defaults and Mozilla's poor discretion and, for me, is yet another reminder: don't blindly trust Mozilla. If you examine the content of the provided extensions blocklist (a tedious exercise, as most extensions are listed by GUID only -- good luck cross-referencing and hunting down a given extension "name") you'll probably agree that each of the entries in Mozilla's list merit blocking... but what if you disagree? "Enabling" the blocklikst introduces a scenario identical to allowing "extension compatibility (and or updates)" checks to occur ~~ you place yourself at the mercy of Mozilla's {cough} 'discretion'. Hella no, I don't want to enable someone else's prebaked blocklist (nor whitelist), ESPECIALLY not Mozilla's... but, hey, I'm not TypicalUser. Reminds me: mxr.mozilla.org/mozilla-central/source/addon-sdk/source/test/preferences/no-connections.json Note that those substituted config values contain url strings. The point: If set to a blank value, or a malformed URL... firefox will fallback to using default (locked away inside omni.ja) prefs. I'm many versions behind in the firefox version I'm using. Does your (current, release channel) browser still pop a notification "wants to install an addon. Allow?" If so, no one's able to achive a sneaky/silent install, right? And you're sensible enough to know what, and from whom, each time you perform an addon installation, right? IOW, is there any chance that you'll accidentally authorize installation of a "baddie" (and would need the nannylist to step in and cover your arse)? Hello? BenDover and accept Mozilla's latest greatest GOODNESS ~~ break/fix patches to ill-conceived new features? (that's a pun, by the way, in reference to Mozilla Hello)
Also a reminder why not to use those firewalls with auto rule makers which probably would have just let Firefox do whatever it wanted once the user clicks "allow". Far better to manually configure the rules no matter how painstaking it might be to do so. I have to say after playing around with it, I actually like Windows Firewall a lot, it has some good features. I blocked all outbound so I could white list it and I made a custom view in event viewer for firewall connections so it is my window on what it is doing. It works quite well. My Firefox rule was 80 and 443 only so the multicast thing on 1900 showed up right away as an audit failure multiple times.
