Changing the extensions.blocklist.url flag #565
No reviewers
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#565
Loading…
Reference in New Issue
No description provided.
Delete Branch "patch-1"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Limit the amount of identifiable information sent when requesting the Mozilla harmful extensions blocklist.
Description
From Reddit user /u/LocalFigurez at https://old.reddit.com/r/privacytoolsIO/comments/9uqeew/firefox_tip_sanitize_firefox_blocklist_url_so_it/
Firefox includes feature that connects in regular time intervals (every 24 hour) to the Mozilla's servers to download blocklist of harmful extensions, vulnerable plugins and crash-prone graphic drivers. This request includes following information:
By changing
extensions.blocklist.url
fromto
Firefox won't send identifiable information in the blocklist request and you will still get all the security features from it.
HTML Preview
https://htmlpreview.github.io/?https://github.com/HxxxxxS/privacytools.io/blob/patch-1/index.html
Thank you.
Can anyone confirm that it will download the same list even if you limit the arguments to
APP_ID
andAPP_VERSION
?Hi @Shifterovich, I can't confirm, but if you do
https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%20/%20/
you get the list.Changing random parameters from null
I suppose you could even set the
extensions.blocklist.url
flag to the nullbyte parameter url @zalox posted above.@Shifterovich let me know if you think I should edit the PR to include this.
Hi @HxxxxxS, your wget diff should use capital
-O
instead of-o
.I took the liberty to test with the version set to 63.0:
edit: remove $ in front of bash commands
Haha, my bad. But seems point still stands.
https://blocklists.settings.services.mozilla.com/v1/blocklist/3/privacy/tools/ works as well. Any pair of values works as long as it ends with
/
.The one concern with changing APP_ID/VERSION to something random is that it could break some things, but at this time, mozilla.com serves the same content regardless of these values.
I like the null byte approach the most. Even better than serving APP_ID. Can you update the PR to the null byte version?
Thanks.
@Shifterovich
Also there is
browser.safebrowsing.downloads.remote.enabled
preference which can be set tofalse
. This disables safebrowsing binaries which aren't on local lists being checked by Google (real-time metadata checking). Also this does NOT disable safebrowsing feature which would otherwise weaken security.https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/
This was pointed out in the same Reddit thread.
@GuyInTheShadows Take a look at #339
Thanks for the link. I will read it through.
@GuyInTheShadows you don't need safebrowsing if you use uBlock Origin.
Also using safebrowsing is a privacy problem