From fbfc4d451031e8f88ca2ff454d8e648d9112e118 Mon Sep 17 00:00:00 2001 From: Daniel Gray Date: Wed, 7 Oct 2020 05:43:52 +0000 Subject: [PATCH 01/16] Remove Decentraleyes, use FPI instead. --- _includes/sections/browser-addons.html | 13 ------------- assets/img/svg/3rd-party/decentraleyes.svg | 2 -- 2 files changed, 15 deletions(-) delete mode 100644 assets/img/svg/3rd-party/decentraleyes.svg diff --git a/_includes/sections/browser-addons.html b/_includes/sections/browser-addons.html index 0c37fb7c..ecf93d58 100644 --- a/_includes/sections/browser-addons.html +++ b/_includes/sections/browser-addons.html @@ -31,19 +31,6 @@ opera="https://addons.opera.com/en/extensions/details/https-everywhere" %} -{% include cardv2.html - title="Decentraleyes: Block Content Delivery Networks" - image="/assets/img/svg/3rd-party/decentraleyes.svg" - description="Decentraleyes emulates Content Delivery Networks locally by intercepting requests, finding the required resource, and injecting it into the environment. This all happens instantaneously, automatically, and no prior configuration is required." - website="https://decentraleyes.org/" - privacy-policy="https://decentraleyes.org/privacy-policy/" - forum="https://forum.privacytools.io/t/discussion-decentraleyes/269" - gitlab="https://git.synz.io/Synzvato/decentraleyes" - firefox="https://addons.mozilla.org/firefox/addon/decentraleyes" - chrome="https://chrome.google.com/webstore/detail/decentraleyes/ldpochfccmkkmhdbclfhpagapcfdljkj" - opera="https://addons.opera.com/extensions/details/decentraleyes" -%} - {% include cardv2.html title="ClearURLs" image="/assets/img/svg/3rd-party/clearurls.svg" diff --git a/assets/img/svg/3rd-party/decentraleyes.svg b/assets/img/svg/3rd-party/decentraleyes.svg deleted file mode 100644 index 59473061..00000000 --- a/assets/img/svg/3rd-party/decentraleyes.svg +++ /dev/null @@ -1,2 +0,0 @@ - - -- 2.40.1 From f1edbef196a28ddb2365d22124ffc8c2565217c6 Mon Sep 17 00:00:00 2001 From: Daniel Gray Date: Wed, 7 Oct 2020 06:15:32 +0000 Subject: [PATCH 02/16] Remove CAD/Etag Stoppa neither work post Fenix --- _includes/sections/browser-addons.html | 27 -------------------------- 1 file changed, 27 deletions(-) diff --git a/_includes/sections/browser-addons.html b/_includes/sections/browser-addons.html index ecf93d58..d04dd809 100644 --- a/_includes/sections/browser-addons.html +++ b/_includes/sections/browser-addons.html @@ -122,33 +122,6 @@ firefox="https://addons.mozilla.org/firefox/addon/multi-account-containers/" %} -

Android

- - - -{% include cardv2.html - title="ETag Stoppa" - image="/assets/img/svg/3rd-party/etag_stoppa.svg" - description="ETag Stoppa Prevents Firefox from storing entity tags by removing ETag response headers unconditionally and without exceptions." - website="https://addons.mozilla.org/firefox/addon/etag-stoppa/" - forum="" - github="https://github.com/claustromaniac/etag-stoppa" - firefox="https://addons.mozilla.org/firefox/addon/etag-stoppa/" -%} - -{% include cardv2.html - title="Cookie AutoDelete: Automatically Delete Cookies" - image="/assets/img/png/3rd-party/cookie_autodelete.png" - description="Cookie AutoDelete automatically removes cookies, lingering sessions, and other information that can be used to spy on you when they are no longer used by open browser tabs." - website="https://addons.mozilla.org/firefox/addon/cookie-autodelete/" - forum="https://forum.privacytools.io/t/discussion-cookie-autodelete/267" - github="https://github.com/Cookie-AutoDelete/Cookie-AutoDelete" - firefox="https://addons.mozilla.org/firefox/addon/cookie-autodelete" - chrome="https://chrome.google.com/webstore/detail/cookie-autodelete/fhcgjolkccmbidfldomjliifgaodjagh" -%} -

For Advanced Users

{% include cardv2.html - title="Terms of Service; Didn’t Read: Be Informed" - image="/assets/img/svg/3rd-party/terms_of_service_didnt_read.svg" - description='Terms of Service; Didn’t Read is an addon that believes "I have read and agree to the Terms of Service" is the biggest lie on the web, and wants to fix it by grading websites based on their terms of service agreements and privacy policies. It also gives short summaries of those agreements. The analysis and ratings are published transparently by a community of reviewers.' - website="https://tosdr.org/" - privacy-policy="https://addons.mozilla.org/firefox/addon/terms-of-service-didnt-read/privacy/" - forum="https://forum.privacytools.io/t/discussion-terms-of-service-didn-t-read/270" - github="https://github.com/tosdr/" - firefox="https://addons.mozilla.org/firefox/addon/terms-of-service-didnt-read/" - chrome="https://chrome.google.com/webstore/detail/terms-of-service-didn%E2%80%99t-r/hjdoplcnndgiblooccencgcggcoihigg" - opera="https://addons.opera.com/extensions/details/terms-of-service-didnt-read" +title="PrivacySpy" + image="/assets/img/svg/3rd-party/privacyspy.svg" + description="PrivacySpy uses a consistent rubric to grade major services' privacy practices on a ten-point scale. It's a new open source project that is dedicated to making privacy policies more accessible." + website="https://privacyspy.org/" + privacy-policy="https://privacyspy.org/terms-and-privacy" + forum="https://forum.privacytools.io/t/discussion-privacyspy/4508" + github="https://github.com/politiwatch" + firefox="https://addons.mozilla.org/firefox/addon/privacyspy" + chrome="https://chrome.google.com/webstore/detail/ppembnadnhiknioggbglgiciihgmkmnd" %} {% include cardv2.html diff --git a/assets/img/svg/3rd-party/privacyspy.svg b/assets/img/svg/3rd-party/privacyspy.svg new file mode 100644 index 00000000..612cc9f0 --- /dev/null +++ b/assets/img/svg/3rd-party/privacyspy.svg @@ -0,0 +1,2 @@ + + -- 2.40.1 From f58750a4b9c22618ee0e6eb9abec4bf7c8d4ae8a Mon Sep 17 00:00:00 2001 From: Daniel Gray Date: Fri, 16 Oct 2020 05:06:28 +0000 Subject: [PATCH 06/16] Use sections and other suggestions --- _includes/sections/browser-tweaks.html | 63 ++++++++++++-------------- 1 file changed, 28 insertions(+), 35 deletions(-) diff --git a/_includes/sections/browser-tweaks.html b/_includes/sections/browser-tweaks.html index 90b0faf8..a4847ece 100644 --- a/_includes/sections/browser-tweaks.html +++ b/_includes/sections/browser-tweaks.html @@ -12,32 +12,35 @@

Firefox Desktop:

+
First Party Isolation
privacy.firstparty.isolate = true
A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains. (Don't do this if you are using the Firefox Addon "Cookie AutoDelete" with Firefox v58 or below.)
+
Resist Fingerprinting
privacy.resistFingerprinting = true
A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
-
privacy.trackingprotection.fingerprinting.enabled = true
-
[FF67+] Blocks Fingerprinting
- -
privacy.trackingprotection.cryptomining.enabled = true
-
[FF67+] Blocks CryptoMining
- -
privacy.trackingprotection.enabled = true
-
This is Mozilla's new built-in tracking protection. One of it's benefits is blocking tracking (i.e. Google Analytics) on privileged pages where add-ons that usually do that are disabled.
- +
Block outbound
browser.send_pings = false
The attribute would be useful for letting websites track visitors' clicks.
+
Disable Firefox prefetching pages it thinks you will visit next:
+
+ Prefetching causes cookies from the prefetched site to be loaded and other potentially unwanted behavior. Details here and here. +
    +
  • network.dns.disablePrefetch = true
    • +
  • network.dns.disablePrefetchFromHTTPS = true
    • +
  • network.predictor.enabled = false
    • +
  • network.predictor.enable-prefetch = false
    • +
  • network.prefetch-next = false
    • +
+ +
Location bar
browser.urlbar.speculativeConnect.enabled = false
Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect to. Source
- -
dom.event.clipboardevents.enabled = false
-
Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
- +
Plugins
media.eme.enabled = false

Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. Details

@@ -46,10 +49,10 @@
media.gmp-widevinecdm.enabled = false
Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content. Details
- +
Hardware Fingerprinting
media.navigator.enabled = false
Websites can track the microphone and camera status of your device.
- +
Persistent Storage
network.cookie.cookieBehavior = 1
Disable cookies. 2 is likely to break some sites. 4 is the default default. 1 is more strict than 4. @@ -60,6 +63,7 @@
+
Headers/Referers
network.http.referer.XOriginPolicy = 2
Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.) Source @@ -79,10 +83,11 @@
  • 2 = Only send scheme, host, and port in Referer
    • - +
    Media
    webgl.disabled = true
    WebGL is a potential security risk. Source
    +
    Sessions and session restoration
    browser.sessionstore.privacy_level = 2
    This preference controls when to store extra information about a session: contents of forms, scrollbar positions, cookies, and POST data. Details @@ -92,39 +97,27 @@
  • 2 = Never store extra session data.
    • - +
    Miscellaneous
    beacon.enabled = false
    Disables sending additional analytics to web servers. Details
    -
    browser.safebrowsing.downloads.remote.enabled = false
    -
    Prevents Firefox from sending information about downloaded executable files to Google Safe Browsing to determine whether it should be blocked for safety reasons. Details
    - -
    Disable Firefox prefetching pages it thinks you will visit next:
    -
    - Prefetching causes cookies from the prefetched site to be loaded and other potentially unwanted behavior. Details here and here. -
      -
    • network.dns.disablePrefetch = true
      • -
    • network.dns.disablePrefetchFromHTTPS = true
      • -
    • network.predictor.enabled = false
      • -
    • network.predictor.enable-prefetch = false
      • -
    • network.prefetch-next = false
      • -
    -
    network.IDN_show_punycode = true
    Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks that can be very difficult to notice. Source
    +
    Safe Browsing
    +
    browser.safebrowsing.downloads.remote.enabled = false
    +
    Prevents Firefox from sending information about downloaded executable files to Google Safe Browsing to determine whether it should be blocked for safety reasons. Details
    Looking for TRR, DoH or ESNI?
    They have moved to our DNS page.
    -

    Firefox Android (Fenix):

    - +
    First Party Isolation
    privacy.firstparty.isolate = true
    A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains. (Don't do this if you are using the Firefox Addon "Cookie AutoDelete" with Firefox v58 or below.)
    - +
    Resist Fingerprinting
    privacy.resistFingerprinting = true
    A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
    - +
    Media
    webgl.disabled = true
    WebGL is a potential security risk. Source
    -- 2.40.1 From 369203a9c03b6e3881cc7cb1b15894a834b1c06e Mon Sep 17 00:00:00 2001 From: Daniel Gray Date: Fri, 16 Oct 2020 05:24:51 +0000 Subject: [PATCH 07/16] Remove DNS thing, it's been there long enough --- _includes/sections/browser-tweaks.html | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/_includes/sections/browser-tweaks.html b/_includes/sections/browser-tweaks.html index a4847ece..3c860c36 100644 --- a/_includes/sections/browser-tweaks.html +++ b/_includes/sections/browser-tweaks.html @@ -13,11 +13,13 @@

    Firefox Desktop:

    First Party Isolation
    +

    These settings should be safe, however first party isolation may break some third party login systems.

    privacy.firstparty.isolate = true
    A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains. (Don't do this if you are using the Firefox Addon "Cookie AutoDelete" with Firefox v58 or below.)
    Resist Fingerprinting
    +

    One of the features of resist fingerprinting is to set the reported browser timezone to UTC. If you depend on having your real time zone reported to the websites you visit, this setting may break that.

    privacy.resistFingerprinting = true
    A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
    @@ -49,9 +51,11 @@
    media.gmp-widevinecdm.enabled = false
    Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content. Details
    +
    Hardware Fingerprinting
    media.navigator.enabled = false
    Websites can track the microphone and camera status of your device.
    +
    Persistent Storage
    network.cookie.cookieBehavior = 1
    @@ -83,7 +87,9 @@
  • 2 = Only send scheme, host, and port in Referer
    • +
    Media
    +

    This may break some websites which use VOIP based features.

    webgl.disabled = true
    WebGL is a potential security risk. Source
    @@ -97,27 +103,32 @@
  • 2 = Never store extra session data.
    • +
    Miscellaneous
    beacon.enabled = false
    Disables sending additional analytics to web servers. Details
    network.IDN_show_punycode = true
    Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks that can be very difficult to notice. Source
    +
    Safe Browsing
    browser.safebrowsing.downloads.remote.enabled = false
    Prevents Firefox from sending information about downloaded executable files to Google Safe Browsing to determine whether it should be blocked for safety reasons. Details
    -
    Looking for TRR, DoH or ESNI?
    -
    They have moved to our DNS page.
    -

    Firefox Android (Fenix):

    +
    First Party Isolation
    +

    These settings should be safe, however first party isolation may break some third party login systems.

    privacy.firstparty.isolate = true
    A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains. (Don't do this if you are using the Firefox Addon "Cookie AutoDelete" with Firefox v58 or below.)
    +
    Resist Fingerprinting
    +

    One of the features of resist fingerprinting is to set the reported browser timezone to UTC. If you depend on having your real time zone reported to the websites you visit, this setting may break that.

    privacy.resistFingerprinting = true
    A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
    +
    Media
    +

    This may break some websites which use VOIP based features.

    webgl.disabled = true
    WebGL is a potential security risk. Source
    -- 2.40.1 From b578af1af97dcbbe3ca6077a29b65f1f4627655c Mon Sep 17 00:00:00 2001 From: Daniel Gray Date: Fri, 16 Oct 2020 14:38:13 +0000 Subject: [PATCH 08/16] Add letterboxing support --- _includes/sections/browser-tweaks.html | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_includes/sections/browser-tweaks.html b/_includes/sections/browser-tweaks.html index 3c860c36..efa8981e 100644 --- a/_includes/sections/browser-tweaks.html +++ b/_includes/sections/browser-tweaks.html @@ -126,6 +126,8 @@

    One of the features of resist fingerprinting is to set the reported browser timezone to UTC. If you depend on having your real time zone reported to the websites you visit, this setting may break that.

    privacy.resistFingerprinting = true
    A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
    +
    privacy.resistFingerprinting.letterboxing = true
    +
    This sets the resolution of your Firefox window to a standard resolution. Only use this if you are using the above privacy.resistFingerprinting
    Media

    This may break some websites which use VOIP based features.

    -- 2.40.1 From 83ed28104a0e5337ada3c7f6d35a979bf2434471 Mon Sep 17 00:00:00 2001 From: Daniel Gray Date: Sun, 18 Oct 2020 12:51:52 +0000 Subject: [PATCH 09/16] ETP and Firefox sessions/saved data --- ...eaks.html => browser-advanced-tweaks.html} | 2 +- _includes/sections/browser-easy-tweaks.html | 44 +++++++++++++++++++ assets/css/style.scss | 5 +++ pages/browsers.html | 4 +- pages/old.html | 4 +- 5 files changed, 56 insertions(+), 3 deletions(-) rename _includes/sections/{browser-tweaks.html => browser-advanced-tweaks.html} (99%) create mode 100644 _includes/sections/browser-easy-tweaks.html diff --git a/_includes/sections/browser-tweaks.html b/_includes/sections/browser-advanced-tweaks.html similarity index 99% rename from _includes/sections/browser-tweaks.html rename to _includes/sections/browser-advanced-tweaks.html index efa8981e..23808845 100644 --- a/_includes/sections/browser-tweaks.html +++ b/_includes/sections/browser-advanced-tweaks.html @@ -1,4 +1,4 @@ -

    Firefox: Privacy Related "about:config" Tweaks

    +

    Firefox: Advanced Privacy Tweaks using "about:config"

    diff --git a/_includes/sections/browser-easy-tweaks.html b/_includes/sections/browser-easy-tweaks.html new file mode 100644 index 00000000..276e4e94 --- /dev/null +++ b/_includes/sections/browser-easy-tweaks.html @@ -0,0 +1,44 @@ +

    Firefox: Easy Privacy Enhancing Tweaks

    + + + +

    Enhanced Tracking Protection

    +

    ETP can be enabled by clicking on the main menu (or Edit) and then Preferences. From the side menu select 🔒 Privacy & Security.

    + +

    We recommend that All third-party cookies be blocked. The only pages likely to break under this configuration are social logins (i.e. authentication with services using your Google, Facebook account etc). Social logins are terrible for privacy and they link all services you use to a single identity, that is mostly used for advertising purposes, such as targeted advertising. + +

    When you use a social login you also run the risk of being locked out of services you use, if you lose access to the account. We recommend creating individual accounts with separate passwords. Passwords can be managed with a Password Manager.

    + +For more information about Enhanced Tracking Protection, see Mozilla's for Desktop and Android. + +The only suggestion we would make is to switch from standard to custom with the configuration listed below. + +
    Custom
    +
      +
    • Cookies: All third-party cookies (may cause websites to break)
      • +
    • Tracking content: In all windows
      • +
    • Cryptominers
      • +
    • Fingerprinters
      • +
    + +

    The strict setting will only block known cross-site and/or social media trackers. This may still let through third party cookies that can be used for tracking.

    + +

    Firefox sessions and saved data

    +

    We also suggest clearing history, and persistent data upon close of your browser. If you wish to remain logged in for some websites we suggest setting some exceptions.

    For desktop users we suggest using the Multi-Account Containers Add-on from Mozilla in combination with the Temporary Containers addon. + +
    History
    +Firefox will Use custom settings for history +
      +
    • Remember browsing and download history
      • +
    • Clear history when Firefox closes

      • + Next select Settings… the Settings for Clearing History will load. Make sure there is a checkmark next to each item: +
        +
      • Browsing & Download History
        • +
      • Active Logins
        • +
      • Form & Search History
        • +
      • Cookies
        • +
      • Cache
        • +
      • Data
        • +
      • Offline Website Data
        • +
      +
    diff --git a/assets/css/style.scss b/assets/css/style.scss index 1693f0af..e2a234b4 100644 --- a/assets/css/style.scss +++ b/assets/css/style.scss @@ -28,6 +28,11 @@ a, } } +ul.checkmark { + list-style-type: '\2714'; + display:block; +} + .card-ol { padding-left: 1.25rem; } diff --git a/pages/browsers.html b/pages/browsers.html index 17f98cec..efd87a98 100644 --- a/pages/browsers.html +++ b/pages/browsers.html @@ -13,4 +13,6 @@ description: "These are our current web browser recommendations and some tweaks {% include sections/browser-addons.html %} -{% include sections/browser-tweaks.html %} +{% include sections/browser-easy-tweaks.html %} + +{% include sections/browser-advanced-tweaks.html %} diff --git a/pages/old.html b/pages/old.html index 646299fe..91334f16 100644 --- a/pages/old.html +++ b/pages/old.html @@ -27,7 +27,9 @@ permalink: /classic/ {% include sections/browser-addons.html %} -{% include sections/browser-tweaks.html %} +{% include sections/browser-easy-tweaks.html %} + +{% include sections/browser-advanced-tweaks.html %} {% include sections/email-providers.html %} -- 2.40.1 From edbc075ce247cf48f5166433b4ff50e6f15d2790 Mon Sep 17 00:00:00 2001 From: Daniel Gray Date: Sun, 18 Oct 2020 14:06:06 +0000 Subject: [PATCH 10/16] Persistant storage addons --- _includes/sections/browser-addons.html | 4 +--- _includes/sections/browser-easy-tweaks.html | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/_includes/sections/browser-addons.html b/_includes/sections/browser-addons.html index d3bb0284..44c3664a 100644 --- a/_includes/sections/browser-addons.html +++ b/_includes/sections/browser-addons.html @@ -91,9 +91,7 @@ title="PrivacySpy" chrome="https://chrome.google.com/webstore/detail/snowflake/mafpmfcccpbjnhfhjnllmmalhifmlcie" %} -

    Persistent storage management

    - -

    Desktop

    +

    Persistent storage management (Desktop only)