Security and Privacy settings for Firefox Power Users

Transcript

1. Security and Privacy Settings
   for Firefox Power Users
   François Marier
   

   View Slide

2. View Slide

3. View Slide

4. View Slide

5. enable
   disable
   restrict
   

   View Slide

6. enable
   disable
   restrict
   

   View Slide

7. View Slide

8. eliminating all fingerprinting
   

   View Slide

9. eliminating all fingerprinting
   

   View Slide

10. features to enable
    

    View Slide

11. View Slide

12. View Slide

13. privacy.trackingprotection.enabled
    

    View Slide

14. View Slide

15. feeding.cloud.geek.nz/posts/how-tracking-protection-works-in-firefox
    

    View Slide

16. Do Not Track
    

    View Slide

17. privacy.donottrackheader.enabled
    

    View Slide

18. privacy.donottrackheader.enabled
    

    View Slide

19. features to disable
    

    View Slide

20. View Slide

21. media.eme.enabled
    

    View Slide

22. View Slide

23. View Slide

24. View Slide

25. View Slide

26. View Slide

27. View Slide

28. device.sensors.enabled
    

    View Slide

29. dom.webaudio.enabled
    

    View Slide

30. IDN spoofing
    

    View Slide

31. network.IDN_show_punycode
    

    View Slide

32. www.fsf.org
    www.eff.org
    

    View Slide

33. layout.css.visited_links_enabled
    

    View Slide

34. View Slide

35. dom.allow_cut_copy
    

    View Slide

36. View Slide

37. Simple Service
    Discovery Protocol
    

    View Slide

38. browser.casting.enabled
    

    View Slide

39. dom.vr.enabled
    dom.gamepad.enabled
    

    View Slide

40. View Slide

41. pdfjs.disabled
    

    View Slide

42. network information
    

    View Slide

43. navigator.connection.type;
    

    View Slide

44. navigator.connection.type;
    bluetooth, cellular, ethernet, none,
    wifi, wimax, other, mixed, unknown
    

    View Slide

45. navigator.connection.type;
    bluetooth, cellular, ethernet, none,
    wifi, wimax, other, mixed, unknown
    navigator.connection.downlinkMax;
    

    View Slide

46. dom.netinfo.enabled
    

    View Slide

47. media.video_stats.enabled
    

    View Slide

48. webgl.enable-debug-renderer-info
    

    View Slide

49. dom.enable_performance
    

    View Slide

50. features to restrict
    

    View Slide

51. View Slide

52. network.cookie.cookieBehavior = 0
    network.cookie.thirdparty.sessionOnly = true
    privacy.clearOnShutdown.cookies = false
    network.cookie.lifetimePolicy = 3
    network.cookie.lifetime.days = 5
    feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox
    

    View Slide

53. View Slide

54. network.http.referer.XoriginPolicy = 1
    

    View Slide

55. network.http.referer.XoriginPolicy = 1
    network.http.referer.XOriginTrimmingPolicy = 2
    feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox
    

    View Slide

56. View Slide

57. View Slide

58. View Slide

59. View Slide

60. pre-downloaded lists
    of URL hash prefixes
    

    View Slide

61. feeding.cloud.geek.nz/
    

    View Slide

62. 5b31c2702efc7c81e4d197cd80113396
    54da10d3315636cccbb536e868ff82a6
    

    View Slide

63. 5b31c2702efc7c81e4d197cd80113396
    54da10d3315636cccbb536e868ff82a6
    

    View Slide

64. 5b31c2702efc7c81e4d197cd80113396
    54da10d3315636cccbb536e868ff82a6
    feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox
    

    View Slide

65. View Slide

66. .exe
    .com
    .bat
    .apk
    .dmg
    .pl
    .py
    .sh
    .deb
    .rpm
    

    View Slide

67. .exe
    .com
    .bat
    .apk
    .dmg
    .pl
    .py
    .sh
    .deb
    .rpm
    toolkit/components/downloads/ApplicationReputation.cpp
    

    View Slide

68. filename and size
    URLs
    hash of contents
    locale
    toolkit/components/downloads/ApplicationReputation.cpp
    

    View Slide

69. View Slide

70. browser.safebrowsing.downloads.remote.enabled
    feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox
    

    View Slide

71. View Slide

72. View Slide

73. View Slide

74. revealing non-VPN IP address
    leaking internal IP address
    

    View Slide

75. revealing non-VPN IP address
    leaking internal IP address
    fixed
    in 51
    

    View Slide

76. media.peerconnection.ice.no_host = true
    

    View Slide

77. View Slide

78. wiki.mozilla.org/Security/Tor_Uplift
    

    View Slide

79. privacy.resistFingerprinting
    

    View Slide

80. other things to
    keep in mind
    

    View Slide

81. [email protected]
    

    View Slide

82. View Slide

83. View Slide

84. View Slide

85. View Slide

86. View Slide

87. View Slide

88. View Slide

89. View Slide

90. View Slide

91. user_pref("privacy.trackingprotection.enabled",true);
    user_pref("privacy.donottrackheader.enabled", true);
    user_pref("device.sensors.enabled", false);
    user_pref("media.eme.enabled", false);
    user_pref("browser.casting.enabled", false);
    user_pref("pdfjs.disabled", true);
    user_pref("dom.vr.enabled", false);
    user_pref("dom.gamepad.enabled", false);
    user_pref("dom.webaudio.enabled", false);
    user_pref("dom.allow_cut_copy", false);
    user_pref("dom.netinfo.enabled", false);
    user_pref("media.video_stats.enabled", false);
    user_pref("dom.enable_performance", false);
    user_pref("webgl.enable-debug-renderer-info", false);
    user_pref("media.peerconnection.ice.no_host", true);
    user_pref("privacy.resistFingerprinting", true);
    user_pref("network.http.referer.XOriginPolicy", 1);
    user_pref("privacy.clearOnShutdown.cookies", false);
    user_pref("network.cookie.cookieBehavior", 0);
    user_pref("network.cookie.lifetimePolicy", 3);
    user_pref("network.cookie.lifetime.days", 5);
    user_pref("network.cookie.thirdparty.sessionOnly", true);
    user_pref("layout.css.visited_links_enabled", false);
    user_pref("network.IDN_show_punycode", true);
    user_pref("browser.urlbar.trimURLs", false);
    user_pref("browser.xul.error_pages.expert_bad_cert", true);
    ?
    @fmarier
    

    View Slide

92. Photo Credits:
    shooting star: https://www.flickr.com/photos/funcrush/9496927983/
    yellow triangle: https://www.flickr.com/photos/tillwe/2974932670/
    jail cell: https://www.flickr.com/photos/mikecogh/5997920696
    speedbump: https://www.flickr.com/photos/jputnam/9078451876/
    cookie: https://www.flickr.com/photos/amagill/34754258/
    chromecast: https://www.flickr.com/photos/medithit/10165535814/
    lamp: https://www.flickr.com/photos/[email protected]/3806005225
    

    View Slide