elias/harden-firefox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Security settings to harden Firefox
29 commits 1 branch 0 tags 4.4 MiB
Find a file
Exact
Elias Christopher Griffin 1478555c5a SearXNG Post Params, Ctrl-D DoH DNS
2024-11-05 02:09:42 -07:00
images Initialize 2023-10-07 21:26:30 -07:00
denyhosts Initialize 2023-10-07 21:26:30 -07:00
LICENSE.md LICENSE 2023-10-07 23:20:12 -07:00
README.md SearXNG Post Params, Ctrl-D DoH DNS 2024-11-05 02:09:42 -07:00

README.md

Harden Firefox

For privacy and security conscious individuals

Mozilla automatically geolocates your precise location constantly during operation. Sentiment analysis is continuously collected for almost everything you do. Websites are allowed to automatically push data updates to your browser without your clicking and without notice. Telemetry is enabled via 5 different settings, with toolkit.telemetry.enabled unable to be turned off.

uBlockOrigin may not collect data, but Firefox collects every category of data about addons/extensions and their use, deploying at least 3 servers specifically for addons/extensions. Many addons/extensions by default read all website data, intercept the network vastly slowing down performance, can be hijacked, and thus are also blocked by default.

Mozilla is a Billion-dollar company whose main revenue stream is selling everything they know about you to Google.

How long is Mozilla technically allowing itself to wait to geolocate you? 68.04965 years.

Security Advisory December 7th, 2023

LogoFail Vulnerability disclosed with web browser as primary attack vector

LogoFail Remediation

  1. Firefox about:config
    • javascript.options.wasm set to false until your UEFI is patched
    • javascript.options.shared_memory set to false
  2. Temporarily switch out to a browser that does not used shared memory and is a smaller target
    • Librewolf
    • Epiphany
    • Qutebrowser
    • Lynx

Block Google Login Popup

file: denyhosts add 0.0.0.0 accounts.google.com

Ad Blocking with no extensions

No affiliation, but it is recommended for the user to set up DNS Security to remove ads and malware, not only from your web browser, but your OS, email clients, IRC, Application Telemetry, everything.

  • Free Basic: NextDNS
    • WARNING: Firefox will still leak your DNS!
    • "Privacy & Security" > "Enable DNS over HTTPS using" > "Increased Protection" > "Choose Provider" > "NextDNS"
  • Advanced: Control-D
    • "Privacy & Security" > "Enable DNS over HTTPS using" > "Increased Protection" > "Choose Provider" > Custom > p2.freedns.controld.com which enables DNS-over-TLS/DoQ
  • Confirm with Mullvad Browser Check

Ad Blocking Hosts File Addendum

Black's List

Add Private Web Metasearch Search Engine

Search without being tracked, use Searx. Like Arxiv.org the "x" is pronounced "ch" as in Ancient Biblical Greek

Search New Generation is a free internet metasearch engine which aggregates results from more than 70 search services. Users are neither tracked nor profiled, can be used over Tor, and is available to install as a private server.

  1. Go to the server latency list and pick one.
  2. Right click address bar, left click "Add Searx"
  3. Firefox > Settings > Search > Default Search Engine

SearXNG Private Search POST parameters

  1. Search URL: https://seek.fyi/search
  2. POST: q=%S

Enable Redundant Protection

Basic

In the URL about:config

  • dom.push.connection.enabled false
  • dom.push.enabled false
  • media.peerconnection.enabled false
  • geo.enabled false
  • (Extra) intl.regional_prefs.use_os_locales true
  • (Extra) services.sync.prefs.sync.intl.regional._prefs.use_os_locates false

Advanced

arkenfox settings lockdown

Quadhelion Engineering Software