Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security and Privacy settings for Firefox Power Users

Security and Privacy settings for Firefox Power Users

Web browsers have a difficult job to do: they need to perform remote code execution from untrusted locations in the presence of user data. In other words, they need to display websites that people use to share their information.

There is a constant struggle between making the web more secure and breaking existing websites that rely on the historically lax defaults. We are working hard to raise the bar, but are also making powerful new features available to the Firefox power users.

This talk will examine some of the hidden or advanced settings and extensions that Firefox offers to users who are concerned about their security and privacy. With a little bit of context on the benefits and risks that some of these features provide, you should be able to make informed decisions and tweak your favorite "user agent".

https://www.linuxfestnorthwest.org/2017/sessions/security-and-privacy-settings-firefox-power-users

Francois Marier

May 06, 2017
Tweet

More Decks by Francois Marier

Other Decks in Technology

Transcript

  1. Security and Privacy Settings
    for Firefox Power Users
    François Marier

    View full-size slide

  2. enable
    disable
    restrict

    View full-size slide

  3. enable
    disable
    restrict

    View full-size slide

  4. eliminating all fingerprinting

    View full-size slide

  5. eliminating all fingerprinting

    View full-size slide

  6. features to enable

    View full-size slide

  7. privacy.trackingprotection.enabled

    View full-size slide

  8. feeding.cloud.geek.nz/posts/how-tracking-protection-works-in-firefox

    View full-size slide

  9. Do Not Track

    View full-size slide

  10. privacy.donottrackheader.enabled

    View full-size slide

  11. privacy.donottrackheader.enabled

    View full-size slide

  12. features to disable

    View full-size slide

  13. media.eme.enabled

    View full-size slide

  14. device.sensors.enabled

    View full-size slide

  15. dom.webaudio.enabled

    View full-size slide

  16. IDN spoofing

    View full-size slide

  17. network.IDN_show_punycode

    View full-size slide

  18. www.fsf.org
    www.eff.org

    View full-size slide

  19. layout.css.visited_links_enabled

    View full-size slide

  20. dom.allow_cut_copy

    View full-size slide

  21. Simple Service
    Discovery Protocol

    View full-size slide

  22. browser.casting.enabled

    View full-size slide

  23. dom.vr.enabled
    dom.gamepad.enabled

    View full-size slide

  24. pdfjs.disabled

    View full-size slide

  25. network information

    View full-size slide

  26. navigator.connection.type;

    View full-size slide

  27. navigator.connection.type;
    bluetooth, cellular, ethernet, none,
    wifi, wimax, other, mixed, unknown

    View full-size slide

  28. navigator.connection.type;
    bluetooth, cellular, ethernet, none,
    wifi, wimax, other, mixed, unknown
    navigator.connection.downlinkMax;

    View full-size slide

  29. dom.netinfo.enabled

    View full-size slide

  30. media.video_stats.enabled

    View full-size slide

  31. webgl.enable-debug-renderer-info

    View full-size slide

  32. dom.enable_performance

    View full-size slide

  33. features to restrict

    View full-size slide

  34. network.cookie.cookieBehavior = 0
    network.cookie.thirdparty.sessionOnly = true
    privacy.clearOnShutdown.cookies = false
    network.cookie.lifetimePolicy = 3
    network.cookie.lifetime.days = 5
    feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox

    View full-size slide

  35. network.http.referer.XoriginPolicy = 1

    View full-size slide

  36. network.http.referer.XoriginPolicy = 1
    network.http.referer.XOriginTrimmingPolicy = 2
    feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox

    View full-size slide

  37. pre-downloaded lists
    of URL hash prefixes

    View full-size slide

  38. feeding.cloud.geek.nz/

    View full-size slide

  39. 5b31c2702efc7c81e4d197cd80113396
    54da10d3315636cccbb536e868ff82a6

    View full-size slide

  40. 5b31c2702efc7c81e4d197cd80113396
    54da10d3315636cccbb536e868ff82a6

    View full-size slide

  41. 5b31c2702efc7c81e4d197cd80113396
    54da10d3315636cccbb536e868ff82a6
    feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox

    View full-size slide

  42. .exe
    .com
    .bat
    .apk
    .dmg
    .pl
    .py
    .sh
    .deb
    .rpm

    View full-size slide

  43. .exe
    .com
    .bat
    .apk
    .dmg
    .pl
    .py
    .sh
    .deb
    .rpm
    toolkit/components/downloads/ApplicationReputation.cpp

    View full-size slide

  44. filename and size
    URLs
    hash of contents
    locale
    toolkit/components/downloads/ApplicationReputation.cpp

    View full-size slide

  45. browser.safebrowsing.downloads.remote.enabled
    feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox

    View full-size slide

  46. revealing non-VPN IP address
    leaking internal IP address

    View full-size slide

  47. revealing non-VPN IP address
    leaking internal IP address
    fixed
    in 51

    View full-size slide

  48. media.peerconnection.ice.no_host = true

    View full-size slide

  49. wiki.mozilla.org/Security/Tor_Uplift

    View full-size slide

  50. privacy.resistFingerprinting

    View full-size slide

  51. other things to
    keep in mind

    View full-size slide

  52. user_pref("privacy.trackingprotection.enabled",true);
    user_pref("privacy.donottrackheader.enabled", true);
    user_pref("device.sensors.enabled", false);
    user_pref("media.eme.enabled", false);
    user_pref("browser.casting.enabled", false);
    user_pref("pdfjs.disabled", true);
    user_pref("dom.vr.enabled", false);
    user_pref("dom.gamepad.enabled", false);
    user_pref("dom.webaudio.enabled", false);
    user_pref("dom.allow_cut_copy", false);
    user_pref("dom.netinfo.enabled", false);
    user_pref("media.video_stats.enabled", false);
    user_pref("dom.enable_performance", false);
    user_pref("webgl.enable-debug-renderer-info", false);
    user_pref("media.peerconnection.ice.no_host", true);
    user_pref("privacy.resistFingerprinting", true);
    user_pref("network.http.referer.XOriginPolicy", 1);
    user_pref("privacy.clearOnShutdown.cookies", false);
    user_pref("network.cookie.cookieBehavior", 0);
    user_pref("network.cookie.lifetimePolicy", 3);
    user_pref("network.cookie.lifetime.days", 5);
    user_pref("network.cookie.thirdparty.sessionOnly", true);
    user_pref("layout.css.visited_links_enabled", false);
    user_pref("network.IDN_show_punycode", true);
    user_pref("browser.urlbar.trimURLs", false);
    user_pref("browser.xul.error_pages.expert_bad_cert", true);
    ?
    @fmarier

    View full-size slide

  53. Photo Credits:
    shooting star: https://www.flickr.com/photos/funcrush/9496927983/
    yellow triangle: https://www.flickr.com/photos/tillwe/2974932670/
    jail cell: https://www.flickr.com/photos/mikecogh/5997920696
    speedbump: https://www.flickr.com/photos/jputnam/9078451876/
    cookie: https://www.flickr.com/photos/amagill/34754258/
    chromecast: https://www.flickr.com/photos/medithit/10165535814/
    lamp: https://www.flickr.com/photos/60588258@N00/3806005225

    View full-size slide