How to build a Firefox privacy arsenal

Discussion in 'privacy technology' started by CloneRanger, Aug 14, 2013.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Found one called Biscuit :D.
     
  2. younameit

    younameit Registered Member

    Joined:
    Aug 19, 2013
    Posts:
    33
    Location:
    UK
    What is the purpose of building your own privacy arsenal?

    If you read the information on -https://anonymous-proxy-servers.net/ you will come to realize that it is hardly possible to build an effective Firefox privacy arsenal against anything more then low level threats.
     
  3. HopelesslyFaithful

    HopelesslyFaithful Registered Member

    Joined:
    Nov 14, 2012
    Posts:
    65
    Location:
    IL
    i am fairly paranoid but whats the point of being a complete ghost on the web? I am more concerned about important aspects of things i want to remain hidden. I figure it is too much work to be completely invisible and too much of an inconvenience....hell i even use Opera (yea yea troll of way i love it) because i think FF is worthless as a primary browser :/

    I have never heard of a real solid reason to keep all your activity hidden. I get important stuff but daily browsing hidden seems like a large waste of time. I may be naive so please enlighten me.
     
  4. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    ^ I agree with you, for what it's worth ^. I only go to such lengths as using VPN's+proxy for sensitive issues. If I'm just doing something like this right here... it's not worth the hassle/slowdown to me.

    Though I strongly disagree with you about Firefox. Out of the box Chrome & IE are both more secure. Even tweaked, IE is probably more secure. But I have other means to cover that weakness, and what I care for from a browser is privacy & anonymity. And I believe FF can be made to be the best in those regards with the right poking & prodding. Not to mention the fastest, largely due to the EHH4ABP.
     
  5. HopelesslyFaithful

    HopelesslyFaithful Registered Member

    Joined:
    Nov 14, 2012
    Posts:
    65
    Location:
    IL
    i just like Opera due to tab stacking and the ability to regain anything lost...if i close a tab...control z and its back...opera crashes always 100% recovers. If i close it...it recovers. Plus sessions and other great features. Supposedly chrome has those but you got to find them in some myraid cluster **** of widgets or whatever they are called. Plus other things i like about opera too. My only complaint is some sites are unstable and opera is single threaded so it eats crap when i use it for 24 hours. I have to restart fairly often but doesn't take long. I know it isn't private in the least but the ease of not loosing information and browsing work is awesome. I also hate chromes layout. Finding advance settings is a total pain. They made it like MS made win7/win8 *facepalm*

    Also the bookmark system is opera is bomb. So yea the "switching costs" to me are huge -_- I use chrome or FF for banking and other stuff because that is largely what opera eats crap on so i am covered there. I do need to work on the privacy part but i am totally Fed on that area already :/

    for an example...using opera and i can't use the quick reply :/

    OOOO one other thing. Once i get a 4k screen i will be able to use Opera tile feature mmmmmmmmmmmmm

    Plus i am already in a ton of guberment systems as is from work stuff so meh :/
     
  6. Gitmo East

    Gitmo East Registered Member

    Joined:
    Jul 28, 2013
    Posts:
    106
    Theres a pretty good guide to hardening FF tweaking about:config here-http://crunchbang.org/forums/viewtopic.php?id=24722
     
  7. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    @ Gitmo East

    Very good info & list :thumb: Even though it's targetted @ mainly for Linux, there is lots of useful info for others, including FF users. I was able to make about another dozen changes via about:config ;)

    Re Linux - I was surprised to see this

    I didn't expect that ? :eek:
     
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Someone probably has mentioned this before: an extension like Ghostery is nice for showing a list of domains that you may not want to whitelist in NoScript and/or RequestPolicy. For NoScript users, see this tip from tlu about a NoScript feature which I'd forgotten about.
     
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    My response is at this thread.

    In addition to privacy gains, some of these extensions can also boost performance (fewer scripts running and fewer files downloaded by browser) and improve security.
     
  11. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    My security and privacy extensions:

    a) "Higher fuss" computer:
    Adblock Plus (EasyList, EasyPrivacy)
    BetterPrivacy
    Biscuit
    Clear Recent History
    Ghostery
    LastPass
    NoScript
    RefControl
    RequestPolicy
    Web of Trust

    May add HTTPS Everywhere

    b) "Low fuss" computer:
    Adblock Plus (EasyList, EasyPrivacy)
    BetterPrivacy
    NoScript (scripts allowed globally)
    Web of Trust

    Some other settings:
    Third-party cookies off
    Third-party Flash cookies off (set via http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html)
     
  12. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    175
    Location:
    io
    I use all that you mentioned more or less but biscuit which sounds neat but for me I do not trust any cookie period :) you can set last pass to auto login on ebay anyhow. Clear recent history and biscuit I just use this one:

    http://www.hotcleaner.com/clickclean_firefox.html

    click&clean, removes all browsing data and flash LSO cookies, has a nice cacheviewer to check.

    Either way I have followed the guide gitmo posted above and all cache and settings are disabled to the point no cache or cookies or anything gets saved at all.

    Never tried refcontrol, WOT again not really tried it any point when everyone and the entire internet's a criminal paradise :p
     
  13. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,362
    Location:
    Oz
    Really? I didn't know This. Thanks for the heads up. I will uninstall Better Privacy.

    I have geolocation disabled. And I think I have no referrer done correctly. Are there other ones that are really important?
     
  14. I don't need all that, for those who think that arguably the best browsers (privacy wise) is arguably the worst browser (security wise) can use IE or Chromium with some simple tweaks.

    ON IE11 just
    http://www.iegallery.com/en-us/trackingprotectionlists and
    https://www.wilderssecurity.com/showthread.php?t=356987

    On Chromium (add --no-referrers switch, select do-not-track), add Avast and ABP (or simular like Adguard) extensions

    play with the cookie settings yourself, keep local data until I quit my browser,block third party cookies and add exceptions (besides * for wildcard, http, https, file there is also an VPN/// option in the cookie exceptions manager of Chrome, settings are allow, block and session only)

    Motto: just use what is there, you won't need a plethora of add-ons (which increases attack surface for MITB).
     

    Attached Files:

    Last edited by a moderator: Dec 23, 2013
  15. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    With a heavy heart, I have removed RequestPolicy. Too much babysitting.
     
  16. guest

    guest Guest

  17. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,359
  18. guest

    guest Guest

  19. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Yeah. You can go into your Flash settings and block the cookies in the first place, but most people didn't know where to look to do it for the longest time, until they put the icon in the Control Panel. Better Privacy can still be useful if you want to manage LSO's though. You might want to keep one, as they can be used to store settings. I used to keep one for my Flash settings, and you can use BP to store & manage them. But since I've moved on to HTML5 I have no use for that either. And on their own site they admit that since Firefox's change in how it now handles Flash cookies (like any other cookie), using BP to block them has become an obsolete agenda.

    As for the second part of your post... I wish I wasn't such a lazy bum and would write up a list of all the tweaks I make to my about:config to post on here, or even create my own site with tips like that. But unfortunately I am (lazy). I've often thought of making one for XP too. It would probably be as thick as a novel because I make a ton of them. Out of the box XP is shite, but after tweaking and trimming dead wood, not so bad at all. But again, I'm lazy, and the OS is dying now anyway so no one would wanna read it anyhow.

    And soon my obsession will shift to how to make Win7 32-bit (either Pro or Ultimate) bare bones & secure as possible. The good thing is I have a ton of material from posts in here already, favorited, by minds greater than my own. Guys like Sully, Windows Security, HungryMan, Mr. Brian, wat, mirmir (my anonymity guru), and tons more I've left out. I've got a great base to start with already, whereas with XP I started out self taught.
     
    Last edited: Jan 2, 2014
  20. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Oh and as for the list in the OP... I use the first 4 on that list (NoScript, ABP, RequestPolicy, CS Lite Mod). But not the last 2 (Ghostery & BetterPrivacy). I explained why BP became redundant. Ghostery is mostly overlap with me blocking cookies globally by default + my ABP lists/NS. Plus I flat out don't completely trust it now that it's owned by an advertising company. And after removing it I found it what was causing an occasional CPU spike issue while using Firefox... as it subsided after uninstalling it.

    I find DNT+ to be pretty redundant with what I have too. The simple tick box/circle to tell sites not to track you in the FF options does basically the same thing, without the "medals" thing it has going on that I don't really like. While WOT should not be used as a straight arrow indicator, I still think it's valuable as an opinion (often a widely shared one at that, which makes it more credible). The Element Hiding Helper for ABP... is a god-send IMO. I block a ton of useless elements on my most frequently used sites with it, and it improves the page load times substantially. Calomel SSL Validation & Private Tabs are 2 I recently fell in love with too and added to the arsenal. I don't close my entire browser/sandbox as often now, but just the tabs every time I go to a new site or search.
     
  21. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I'll probably try RequestPolicy 1.0 Beta. I think its "default allow" setting will provide much better usability.
     
  22. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,240
  23. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
  24. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Question, if Firefox is using the Google Safe Browsing blacklist, would this mean that it allows Google to track users of Firefox?
     
  25. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    Been using it for months. Not all the time though, just when i feel like confusing certain www's :D Safe ? = Yes

    Yes :eek: That's why i've disabled both items ;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.