privacyguides/privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

Use sections and other suggestions

Browse Source
This commit is contained in:
Daniel Gray
2020-10-16 05:06:28 +00:00
parent bad3c24084
commit f58750a4b9
1 changed files with 28 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
_includes/sections/browser-tweaks.html
View File

@ -12,32 +12,35 @@
<h4>Firefox Desktop:</h4> <h4>Firefox Desktop:</h4>
<h5 id="fpid" class="anchord"><a href="#fpi"><i class="fas fa-link anchor-icon"></i></a> First Party Isolation</h5>
<dl class="long-string-list"> <dl class="long-string-list">
<dt>privacy.firstparty.isolate = true</dt> <dt>privacy.firstparty.isolate = true</dt>
<dd>A result of the <a href="https://wiki.mozilla.org/Security/Tor_Uplift">Tor Uplift</a> effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains. (Don't do this if you are using the Firefox Addon "Cookie AutoDelete" with Firefox v58 or below.)</dd> <dd>A result of the <a href="https://wiki.mozilla.org/Security/Tor_Uplift">Tor Uplift</a> effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains. (Don't do this if you are using the Firefox Addon "Cookie AutoDelete" with Firefox v58 or below.)</dd>
<h5 id="rfpd" class="anchor"><a href="#rfpd"><i class="fas fa-link anchor-icon"></i></a> Resist Fingerprinting</h5>
<dt>privacy.resistFingerprinting = true</dt> <dt>privacy.resistFingerprinting = true</dt>
<dd>A result of the <a href="https://wiki.mozilla.org/Security/Tor_Uplift">Tor Uplift</a> effort, this preference makes Firefox more resistant to browser fingerprinting.</dd> <dd>A result of the <a href="https://wiki.mozilla.org/Security/Tor_Uplift">Tor Uplift</a> effort, this preference makes Firefox more resistant to browser fingerprinting.</dd>
<dt>privacy.trackingprotection.fingerprinting.enabled = true</dt> <h5 id="blockOut" class="anchor"><a href="#blockOut"><i class="fas fa-link anchor-icon"></i></a> Block outbound</h5>
<dd>[FF67+] Blocks Fingerprinting</dd>
<dt>privacy.trackingprotection.cryptomining.enabled = true</dt>
<dd>[FF67+] Blocks CryptoMining</dd>
<dt>privacy.trackingprotection.enabled = true</dt>
<dd>This is Mozilla's new built-in tracking protection. One of it's benefits is blocking tracking (i.e. Google Analytics) on <a href="https://github.com/gorhill/uMatrix/wiki/Privileged-Pages">privileged pages</a> where add-ons that usually do that are disabled.</dd>
<dt>browser.send_pings = false</dt> <dt>browser.send_pings = false</dt>
<dd>The attribute would be useful for letting websites track visitors' clicks.</dd> <dd>The attribute would be useful for letting websites track visitors' clicks.</dd>
<dt>Disable Firefox prefetching pages it thinks you will visit next:</dt>
<dd>
Prefetching causes cookies from the prefetched site to be loaded and other potentially unwanted behavior. Details <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ">here</a> and <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">here</a>.
<ul>
<li>network.dns.disablePrefetch = true</li>
<li>network.dns.disablePrefetchFromHTTPS = true</li>
<li>network.predictor.enabled = false</li>
<li>network.predictor.enable-prefetch = false</li>
<li>network.prefetch-next = false</li>
</dd>
<h5 id="locbar" class="anchor"><a href="#locbar"><i class="fas fa-link anchor-icon"></i></a> Location bar</h5>
<dt>browser.urlbar.speculativeConnect.enabled = false</dt> <dt>browser.urlbar.speculativeConnect.enabled = false</dt>
<dd>Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect to. <a href="https://www.ghacks.net/2017/07/24/disable-preloading-firefox-autocomplete-urls/">Source</a></dd> <dd>Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect to. <a href="https://www.ghacks.net/2017/07/24/disable-preloading-firefox-autocomplete-urls/">Source</a></dd>
<h5 id="plugins" class="anchor"><a href="#plugins"><i class="fas fa-link anchor-icon"></i></a> Plugins</h5>
<dt>dom.event.clipboardevents.enabled = false</dt>
<dd>Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.</dd>
<dt>media.eme.enabled = false</dt> <dt>media.eme.enabled = false</dt>
<dd> <dd>
<p>Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. <a href="https://support.mozilla.org/kb/enable-drm#w_opt-out-of-cdm-playback-uninstall-cdms-and-stop-all-cdm-downloads">Details</a></p> <p>Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. <a href="https://support.mozilla.org/kb/enable-drm#w_opt-out-of-cdm-playback-uninstall-cdms-and-stop-all-cdm-downloads">Details</a></p>
@ -46,10 +49,10 @@
<dt>media.gmp-widevinecdm.enabled = false</dt> <dt>media.gmp-widevinecdm.enabled = false</dt>
<dd>Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content. <a href="https://support.mozilla.org/kb/enable-drm#w_disable-the-google-widevine-cdm-without-uninstalling">Details</a></dd> <dd>Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content. <a href="https://support.mozilla.org/kb/enable-drm#w_disable-the-google-widevine-cdm-without-uninstalling">Details</a></dd>
<h5 id="hwfping" class="anchor"><a href="#hwfping"><i class="fas fa-link anchor-icon"></i></a> Hardware Fingerprinting</h5>
<dt>media.navigator.enabled = false</dt> <dt>media.navigator.enabled = false</dt>
<dd>Websites can track the microphone and camera status of your device.</dd> <dd>Websites can track the microphone and camera status of your device.</dd>
<h5 id="pstorage" class="anchor"><a href="#pstorage"><i class="fas fa-link anchor-icon"></i></a> Persistent Storage</h5>
<dt>network.cookie.cookieBehavior = 1</dt> <dt>network.cookie.cookieBehavior = 1</dt>
<dd> <dd>
Disable cookies. 2 is likely to break some sites. 4 is the default default. 1 is more strict than 4. Disable cookies. 2 is likely to break some sites. 4 is the default default. 1 is more strict than 4.
@ -60,6 +63,7 @@
</ul> </ul>
</dd> </dd>
<h5 id="headref" class="anchor"><a href="#headref"><i class="fas fa-link anchor-icon"></i></a> Headers/Referers</h5>
<dt>network.http.referer.XOriginPolicy = 2</dt> <dt>network.http.referer.XOriginPolicy = 2</dt>
<dd> <dd>
Only send <code>Referer</code> header when the full hostnames match. (Note: if you notice significant breakage, you might try <code>1</code> combined with an <code>XOriginTrimmingPolicy</code> tweak below.) <a href="https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/">Source</a> Only send <code>Referer</code> header when the full hostnames match. (Note: if you notice significant breakage, you might try <code>1</code> combined with an <code>XOriginTrimmingPolicy</code> tweak below.) <a href="https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/">Source</a>
@ -79,10 +83,11 @@
<li>2 = Only send scheme, host, and port in <code>Referer</code></li> <li>2 = Only send scheme, host, and port in <code>Referer</code></li>
</ul> </ul>
</dd> </dd>
<h5 id="mediad" class="anchor"><a href="#mediad"><i class="fas fa-link anchor-icon"></i></a> Media</h5>
<dt>webgl.disabled = true</dt> <dt>webgl.disabled = true</dt>
<dd>WebGL is a potential security risk. <a href="https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern">Source</a></dd> <dd>WebGL is a potential security risk. <a href="https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern">Source</a></dd>
<h5 id="sessions" class="anchor"><a href="#sessions"><i class="fas fa-link anchor-icon"></i></a> Sessions and session restoration</h5>
<dt>browser.sessionstore.privacy_level = 2</dt> <dt>browser.sessionstore.privacy_level = 2</dt>
<dd> <dd>
This preference controls when to store extra information about a session: contents of forms, scrollbar positions, cookies, and POST data. <a href="http://kb.mozillazine.org/Browser.sessionstore.privacy_level">Details</a> This preference controls when to store extra information about a session: contents of forms, scrollbar positions, cookies, and POST data. <a href="http://kb.mozillazine.org/Browser.sessionstore.privacy_level">Details</a>
@ -92,39 +97,27 @@
<li>2 = Never store extra session data.</li> <li>2 = Never store extra session data.</li>
</ul> </ul>
</dd> </dd>
<h5 id="misc" class="anchor"><a href="#misc"><i class="fas fa-link anchor-icon"></i></a> Miscellaneous</h5>
<dt>beacon.enabled = false</dt> <dt>beacon.enabled = false</dt>
<dd>Disables sending additional analytics to web servers. <a href="https://developer.mozilla.org/en-US/docs/Web/API/Navigator/sendBeacon">Details</a></dd> <dd>Disables sending additional analytics to web servers. <a href="https://developer.mozilla.org/en-US/docs/Web/API/Navigator/sendBeacon">Details</a></dd>
<dt>browser.safebrowsing.downloads.remote.enabled = false</dt>
<dd>Prevents Firefox from sending information about downloaded executable files to Google Safe Browsing to determine whether it should be blocked for safety reasons. <a href="https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work#w_what-information-is-sent-to-mozilla-or-its-partners-when-phishing-and-malware-protection-are-enabled">Details</a></dd>
<dt>Disable Firefox prefetching pages it thinks you will visit next:</dt>
<dd>
Prefetching causes cookies from the prefetched site to be loaded and other potentially unwanted behavior. Details <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ">here</a> and <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">here</a>.
<ul>
<li>network.dns.disablePrefetch = true</li>
<li>network.dns.disablePrefetchFromHTTPS = true</li>
<li>network.predictor.enabled = false</li>
<li>network.predictor.enable-prefetch = false</li>
<li>network.prefetch-next = false</li>
</dd>
<dt>network.IDN_show_punycode = true</dt> <dt>network.IDN_show_punycode = true</dt>
<dd>Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks that can be very difficult to notice. <a href="https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/#more-42636">Source</a></dd> <dd>Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks that can be very difficult to notice. <a href="https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/#more-42636">Source</a></dd>
<h5 id="sb" class="anchor"><a href="#sb"><i class="fas fa-link anchor-icon"></i></a> Safe Browsing</h5>
<dt>browser.safebrowsing.downloads.remote.enabled = false</dt>
<dd>Prevents Firefox from sending information about downloaded executable files to Google Safe Browsing to determine whether it should be blocked for safety reasons. <a href="https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work#w_what-information-is-sent-to-mozilla-or-its-partners-when-phishing-and-malware-protection-are-enabled">Details</a></dd>
<dt>Looking for TRR, DoH or ESNI?</dt> <dt>Looking for TRR, DoH or ESNI?</dt>
<dd>They have moved to <a href="/providers/dns/#dns">our DNS page</a>.</dd> <dd>They have moved to <a href="/providers/dns/#dns">our DNS page</a>.</dd>
<h4>Firefox Android (Fenix):</h4> <h4>Firefox Android (Fenix):</h4>
<h5 id="fpia" class="anchor"><a href="#fpia"><i class="fas fa-link anchor-icon"></i></a> First Party Isolation</h5>
<dt>privacy.firstparty.isolate = true</dt> <dt>privacy.firstparty.isolate = true</dt>
<dd>A result of the <a href="https://wiki.mozilla.org/Security/Tor_Uplift">Tor Uplift</a> effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains. (Don't do this if you are using the Firefox Addon "Cookie AutoDelete" with Firefox v58 or below.)</dd> <dd>A result of the <a href="https://wiki.mozilla.org/Security/Tor_Uplift">Tor Uplift</a> effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains. (Don't do this if you are using the Firefox Addon "Cookie AutoDelete" with Firefox v58 or below.)</dd>
<h5 id="rfpa" class="anchor"><a href="#rfpa"><i class="fas fa-link anchor-icon"></i></a> Resist Fingerprinting</h5>
<dt>privacy.resistFingerprinting = true</dt> <dt>privacy.resistFingerprinting = true</dt>
<dd>A result of the <a href="https://wiki.mozilla.org/Security/Tor_Uplift">Tor Uplift</a> effort, this preference makes Firefox more resistant to browser fingerprinting.</dd> <dd>A result of the <a href="https://wiki.mozilla.org/Security/Tor_Uplift">Tor Uplift</a> effort, this preference makes Firefox more resistant to browser fingerprinting.</dd>
<h5 id="mediaa" class="anchor"><a href="#mediaa"><i class="fas fa-link anchor-icon"></i></a> Media</h5>
<dt>webgl.disabled = true</dt> <dt>webgl.disabled = true</dt>
<dd>WebGL is a potential security risk. <a href="https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern">Source</a></dd> <dd>WebGL is a potential security risk. <a href="https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern">Source</a></dd>