Security and Privacy settings for Firefox Power Users

Security and Privacy settings for Firefox Power Users

Web browsers have a difficult job to do: they need to perform remote code execution from untrusted locations in the presence of user data. In other words, they need to display websites that people use to share their information.

There is a constant struggle between making the web more secure and breaking existing websites that rely on the historically lax defaults. We are working hard to raise the bar, but are also making powerful new features available to the Firefox power users.

This talk will examine some of the hidden or advanced settings and extensions that Firefox offers to users who are concerned about their security and privacy. With a little bit of context on the benefits and risks that some of these features provide, you should be able to make informed decisions and tweak your favorite "user agent".

https://www.linuxfestnorthwest.org/2017/sessions/security-and-privacy-settings-firefox-power-users

0110e86fdb31486c22dd381326d99de9?s=128

Francois Marier

May 06, 2017
Tweet

Transcript

  1. Security and Privacy Settings for Firefox Power Users François Marier

    <francois@mozilla.com>
  2. None
  3. None
  4. None
  5. enable disable restrict

  6. enable disable restrict

  7. None
  8. eliminating all fingerprinting

  9. eliminating all fingerprinting

  10. features to enable

  11. None
  12. None
  13. privacy.trackingprotection.enabled

  14. None
  15. feeding.cloud.geek.nz/posts/how-tracking-protection-works-in-firefox

  16. Do Not Track

  17. privacy.donottrackheader.enabled

  18. privacy.donottrackheader.enabled

  19. features to disable

  20. None
  21. media.eme.enabled

  22. None
  23. None
  24. None
  25. None
  26. None
  27. None
  28. device.sensors.enabled

  29. dom.webaudio.enabled

  30. IDN spoofing

  31. network.IDN_show_punycode

  32. www.fsf.org www.eff.org

  33. layout.css.visited_links_enabled

  34. None
  35. dom.allow_cut_copy

  36. None
  37. Simple Service Discovery Protocol

  38. browser.casting.enabled

  39. dom.vr.enabled dom.gamepad.enabled

  40. None
  41. pdfjs.disabled

  42. network information

  43. navigator.connection.type;

  44. navigator.connection.type; bluetooth, cellular, ethernet, none, wifi, wimax, other, mixed, unknown

  45. navigator.connection.type; bluetooth, cellular, ethernet, none, wifi, wimax, other, mixed, unknown

    navigator.connection.downlinkMax;
  46. dom.netinfo.enabled

  47. media.video_stats.enabled

  48. webgl.enable-debug-renderer-info

  49. dom.enable_performance

  50. features to restrict

  51. None
  52. network.cookie.cookieBehavior = 0 network.cookie.thirdparty.sessionOnly = true privacy.clearOnShutdown.cookies = false network.cookie.lifetimePolicy

    = 3 network.cookie.lifetime.days = 5 feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox
  53. None
  54. network.http.referer.XoriginPolicy = 1

  55. network.http.referer.XoriginPolicy = 1 network.http.referer.XOriginTrimmingPolicy = 2 feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox

  56. None
  57. None
  58. None
  59. None
  60. pre-downloaded lists of URL hash prefixes

  61. feeding.cloud.geek.nz/

  62. 5b31c2702efc7c81e4d197cd80113396 54da10d3315636cccbb536e868ff82a6

  63. 5b31c2702efc7c81e4d197cd80113396 54da10d3315636cccbb536e868ff82a6

  64. 5b31c2702efc7c81e4d197cd80113396 54da10d3315636cccbb536e868ff82a6 feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox

  65. None
  66. .exe .com .bat .apk .dmg .pl .py .sh .deb .rpm

  67. .exe .com .bat .apk .dmg .pl .py .sh .deb .rpm

    toolkit/components/downloads/ApplicationReputation.cpp
  68. filename and size URLs hash of contents locale toolkit/components/downloads/ApplicationReputation.cpp

  69. None
  70. browser.safebrowsing.downloads.remote.enabled feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox

  71. None
  72. None
  73. None
  74. revealing non-VPN IP address leaking internal IP address

  75. revealing non-VPN IP address leaking internal IP address fixed in

    51
  76. media.peerconnection.ice.no_host = true

  77. None
  78. wiki.mozilla.org/Security/Tor_Uplift

  79. privacy.resistFingerprinting

  80. other things to keep in mind

  81. p@ssW0rd5

  82. None
  83. None
  84. None
  85. None
  86. None
  87. None
  88. None
  89. None
  90. None
  91. user_pref("privacy.trackingprotection.enabled",true); user_pref("privacy.donottrackheader.enabled", true); user_pref("device.sensors.enabled", false); user_pref("media.eme.enabled", false); user_pref("browser.casting.enabled", false); user_pref("pdfjs.disabled",

    true); user_pref("dom.vr.enabled", false); user_pref("dom.gamepad.enabled", false); user_pref("dom.webaudio.enabled", false); user_pref("dom.allow_cut_copy", false); user_pref("dom.netinfo.enabled", false); user_pref("media.video_stats.enabled", false); user_pref("dom.enable_performance", false); user_pref("webgl.enable-debug-renderer-info", false); user_pref("media.peerconnection.ice.no_host", true); user_pref("privacy.resistFingerprinting", true); user_pref("network.http.referer.XOriginPolicy", 1); user_pref("privacy.clearOnShutdown.cookies", false); user_pref("network.cookie.cookieBehavior", 0); user_pref("network.cookie.lifetimePolicy", 3); user_pref("network.cookie.lifetime.days", 5); user_pref("network.cookie.thirdparty.sessionOnly", true); user_pref("layout.css.visited_links_enabled", false); user_pref("network.IDN_show_punycode", true); user_pref("browser.urlbar.trimURLs", false); user_pref("browser.xul.error_pages.expert_bad_cert", true); ? @fmarier
  92. Photo Credits: shooting star: https://www.flickr.com/photos/funcrush/9496927983/ yellow triangle: https://www.flickr.com/photos/tillwe/2974932670/ jail cell:

    https://www.flickr.com/photos/mikecogh/5997920696 speedbump: https://www.flickr.com/photos/jputnam/9078451876/ cookie: https://www.flickr.com/photos/amagill/34754258/ chromecast: https://www.flickr.com/photos/medithit/10165535814/ lamp: https://www.flickr.com/photos/60588258@N00/3806005225