Privacy related Firefox/Weasel settings/addons

Post your tutorials and howtos here.
User avatar
ilu
Posts: 2737
Joined: 09 Oct 2013 12:45

Privacy related Firefox/Weasel settings/addons

Postby ilu » 19 Aug 2015 02:10

Inspired by this http://forums.solydxk.com/viewtopic.php ... 6&start=20 thread I thought we could share our Firefox/Iceweasel settings and addons we use.
Edit: Instead of posting my own user.js (which has changed several times since posting it) I decided to post the sources I relied upon:
https://github.com/CHEF-KOCH/user.js based upon https://github.com/pyllyukko/user.js
http://websetnet.com/a-comprehensive-li ... -settings/
http://12bytes.org/articles/tech/firefo ... ance-buffs
They put a lot of work into their compilations and there's a lot of food for thought.

Most settings cripple FF in favor of privacy - surfing is still possible but you will probably not be able to login somewhere or fill a form. Also multimedia stuff and all the bells and whistles that transform a browser into a whole OS are gone. I use another browser for these tasks. I'm looking into using several FF profiles instead.
I did not enable all restrictions, because some parts are handled by addons, notably cookies (Cookie Controller) and referrer (RefControl). Additionally I use NoScript, RequestPolicy and CanvasBlocker. Flash is disabled. I would really like to totally eliminate Flash from Firefox but it seems that's not possible if I want to keep Flash in another browser. Whereever I try to hide the Flash file, FF finds it :-(
Edit: I deinstalled flash anyway. I also deinstalled H.264. My browsers are totally plugin-free now - a big step forward towards a pure FOSS system.

Btw, I don't use Addblock Plus anymore. People recommend uBlock Origin now (AdblockEdge stopped development in favor of uBO), it's said to be quicker. I can just testify that it works without flaws. And I will start testing uMatrix.

User avatar
Snap
Posts: 1244
Joined: 25 Aug 2013 20:01
Location: Spain

Re: Privacy related Firefox/Weasel settings/addons

Postby Snap » 19 Aug 2015 06:13

Thanks for sharing this config, ilu. I'll go through it for sure.

I still have flash around in my main system just in case, but permanently deactivated. Most of my other systems doesn't even have it on board. I was happy for a couple of days but...

http://money.cnn.com/2015/07/16/technol ... h-firefox/

I don't use the old adblockers in my browser. I use a global systemwide script for that, plus ublock origin (a must have) to block much more than addons (even the annoying shoutbox in the antiX forums), No script, self-destroy cookies, https-everywhere, Monkeysphere, certificate patrol...
This likely means that your installation is broken. -Mr Pixbuf.

Image

User avatar
cx405
Posts: 25
Joined: 20 Sep 2015 14:57

Re: Privacy related Firefox/Weasel settings/addons

Postby cx405 » 20 Sep 2015 16:05

Nice thread.

I use ublock origin (+privacy lists+reek/anti-adblock-killer list inside), betterprivacy against flash lso + FlashDisable with "ask" default behavior - this enables Flash only after I explicitly enable it, and even then its run in areas I approve. And google redirects fixer & tracking remover because I don't want google to serve stuff to me that I never used and ability to copy links right from google searches.

: edit
corrected ublock origin name; updated anti-adblock, as its now available natively within ublock - greasemonkey/standalone is not required anymore.
disclaimer: solydxk user and fan, I am *not* affilated with solydxk project. experienced in - ubuntu, debian, gentoo, calculate, archlinux, linux mint, rhel. my posts are mine. no guarantee for fitness to particular use case.

User avatar
Snap
Posts: 1244
Joined: 25 Aug 2013 20:01
Location: Spain

Re: Privacy related Firefox/Weasel settings/addons

Postby Snap » 21 Sep 2015 15:57

I don't have flash onboard anymore. html5 is finally spreading and the browsers can handle it. A real relief. If I need flash, i used it recently, I use a virtual machine for it with barely nothing but a browser with all but the essential services disabled (no ssh, no java, no samba, no personal data, etc...). Maybe it's not an ideal solution, but I run VMs all the time. So it feels... natural(?) to me.

I considered to install a secondary browser into a sandbox, but it's not a light weight solution either. So I'm fine with VMs for now (I only need flash occasionally to watch Formula 1 races live). Another (more annoying) but safe solution is running a flash loaded browser from a live iso.
This likely means that your installation is broken. -Mr Pixbuf.

Image

User avatar
cx405
Posts: 25
Joined: 20 Sep 2015 14:57

Re: Privacy related Firefox/Weasel settings/addons

Postby cx405 » 21 Sep 2015 16:07

I have few free Flash games, and HTML5 problem is that its games are not "containerized"; unlike flash ones.
I find this to be a huge problem. Once a website is gone, the game hosting it - too. Apart from that, some sites still want Flash, even Useragent won't fool them. They simply claim my device to not support flash. :|
disclaimer: solydxk user and fan, I am *not* affilated with solydxk project. experienced in - ubuntu, debian, gentoo, calculate, archlinux, linux mint, rhel. my posts are mine. no guarantee for fitness to particular use case.

User avatar
ilu
Posts: 2737
Joined: 09 Oct 2013 12:45

Re: Privacy related Firefox/Weasel settings/addons

Postby ilu » 09 Oct 2015 20:49

Edited my first post to reflect changes I made.
cx405 wrote:I have few free Flash games, and HTML5 problem is that its games are not "containerized"; unlike flash ones.
I find this to be a huge problem. Once a website is gone, the game hosting it - too. Apart from that, some sites still want Flash, even Useragent won't fool them. They simply claim my device to not support flash. :|
Some sites (among them youtube) will not offer html5 to you as long as you have flash installed on your system - no matter whether it's turned on or off.

As I'm now flash-free I will hopefully see more of html5.

User avatar
cx405
Posts: 25
Joined: 20 Sep 2015 14:57

Re: Privacy related Firefox/Weasel settings/addons

Postby cx405 » 11 Oct 2015 12:53

ilu wrote: Some sites (among them youtube) will not offer html5 to you as long as you have flash installed on your system - no matter whether it's turned on or off.

As I'm now flash-free I will hopefully see more of html5.
This is not entirely correct and is actually a defect of Firefox.

Firefox should advertise Flash plugin as not present, detect scans for it offering to activate it in this case, but parse the page further.

Instead, Firefox advertises Adobe Flash "as installed" to websites, even if set to "ask" mode.

When websites detect browsers that respond with installed Flash, they prefer Flash version and try to activate it. The reason behind that is presence of LSO (Flash Cookies), which can be used to track the user in similar way to regular Cookies, but they are were initially permanent. Later Adobe released a mechanism to delete and control them, which is however not flexible enough.
So, when webpages then stop rendering and ask Firefox to activate Flash, Firefox displays the dialog.
That together leads to the problem.
This is very clearly a problem of Firefox.

The solution is to install "flashdisable" and "better privacy" plugins.
The former disables flash initially and offers a dedicated button. That button either "enables" it right away or "allows" it (ask) - where user must then selectively press in the area to enable just that area. By default, flash plugin stays disabled and thus undetectable.
The later offers full control over Flash LSO.

The only issue left is Flash own security issues and problems.
Speaking of HTML5, Linux kernel is still vulnerable to HTML5 image bomb. As well as the unfixable issue I reported above - HTML5 content is not isolated or containerized.
disclaimer: solydxk user and fan, I am *not* affilated with solydxk project. experienced in - ubuntu, debian, gentoo, calculate, archlinux, linux mint, rhel. my posts are mine. no guarantee for fitness to particular use case.


Return to “Tutorials”

Who is online

Users browsing this forum: No registered users and 3 guests