amq / firefox-debloat Goto Github PK

Battery API can be used to track users

Maybe it should be disabled by default?

about:config property is dom.battery.enabled.

Is there a Firefox extension that sets all those properties to false?

DNS-over-HTTPS leaks the DNS queries to Cloudflare.

To disable set network.trr.mode to 5

From https://lists.gnu.org/archive/html/bug-gnuzilla/2015-06/msg00005.html

Dear Rubin,

Congratulations! I wish you many happy years to come!

I have recently seen firefox adding more and more unnecessary and
dangerous things so I have decide to work on a version of firefox
which deletes them.

Then I discovered Icecat which shares a lot of my goals and I was able
to benefit from its source code. Thank you very much!

Here are the components I propose for deletion and why:

• EME/DRM - [freedom] - This is a sandbox intended to run some kind of
  nasty binary from adobe used to block users from having full control
  over videos they watch.
• NewTab - [freedom/privacy] - The "newtab" has been getting sponsored
  adverts being put into it. It is a danger to privacy because when the
  mouse hovers over them a connection is made to the advertisers page.
• HealthReport - [privacy] - Turned this off by default. I do not
  believe something like this that reports statistics about usage should
  be on by default.
• WebGL - [security] - Turned this off by default. The security
  dangers of having this on are too high.
• Pocket - [freedom] - Pocket seems to be some kind of 3rd party
  "cloud" service. This is a danger to freedom.
• Hello!/Loop - [superfluous] - I think you can technically run your
  own loop server and all the source code is available so this is not a
  freedom concern but in any case this is not required to browse the
  web.

To delete EME I did an rm -r on all the relevant directories, added
ac_add_options --disable-eme to the mozconf and cleaned up any
dangling references to the EME stuff. I think it is important that the
code itself not be compiled into the program even if it is not used.
"dead" code has been used in security vulnerabilities in the past.

For NewTab I blanked out the XML inside content/newtab/newTab.xul and
deleted the unneeded files.

The patch for HealthReport off-by-default is based on icecat, since
icecat already does this!

To set WebGL off by default I edited modules/libpref/init/all.js.

Pocket and Hello! were removed by rm -r'ing the modules and then
cleaning up dangling references:

rm -r ./browser/components/pocket/

rm -rf ./browser/components/loop/
rm ./browser/base/content/browser-loop.js

I am keen on learning about new candidates for removal. I have heard
that firefox will soon search users history and provide adverts based
on this - I intend to produce a patch/script to remove that too.

I have included some patches and scripts here which I hope may be of
use or interested to folks.

• https://github.com/orchid-hybrid/cozy-cub/tree/master

http://gnuzilla.gnu.org

I understand why people might want to disable SafeBrowsing, but it's worth noting that the service was designed with privacy in mind and does a fairly good job given the numerous constraints it works under. In addition, it provides a significant level of protection for most web users against phishing and malware, which can be much more harmful for security and privacy in the long run.

At the very least, you should explain why you recommend this, as well as the trade-offs. In my opinion it is a really bad idea for most users.

Here's a longer explanation (original on HN):

Please for the love of god do not disable the Google SafeBrowsing preferences. SafeBrowsing protects you from a lot of malicious websites, and does not leak much information to Google. For most people the security benefits of SafeBrowsing far outweigh the privacy concerns.

It is important to remember that malicious websites and malware in general may negatively impact your security and privacy in extremely harmful ways (malware compromises PII, website credentials, financial information, uses webcam and microphone to photograph/film/record you from blackmail/revenge porn purposes, ...)

For context, please see these relevant Mozilla bugs about SafeBrowsing privacy concerns: [0], [1]. tl;dr Firefox must set a cookie for SafeBrowsing, but it uses a separate cookie jar for SafeBrowsing so Google cannot tie the Safebrowsing activity to anything else you do related to Google or their services (which is the biggest concern here). They can learn a limited profile of your browsing activity, along the lines of "Random user x often uses their browser between 9am and 5pm on M-F".

The Safebrowsing implementation is specifically designed to be privacy-preserving. [2] It uses a Bloom filter to implement fast lookups in a minimally sized hash table of known malicious URL's. The only time a full URL (actually various hashes of multiple prefixes of the full URL, including the full URL) that you browse it sent to Google is when a prefix of it collides with a known malicious URL, in which case the URL must be sent to Google to resolve the question of whether the URL you are trying to visit is actually malicious or just a false positive from the Bloom Filter. Yes, the hashes are unsalted so it would be possible for Google to check if you were trying visit some pre-determined URL ("were they trying to visit www.thoughtcrime.org?") but only if it collided with a known malicious URL.

It would be helpful to know what the average rates of collisions and false positives are to get a sense of how much of an average user's browsing history is leaked to Google through Safe Browsing - can anybody from Google comment?

Thank you for tips. Here is my Firefox configuration:
https://bitbucket.org/snippets/cedricbonhomme/cbj6
if it can help you.

plugins.enumerable_names

By default (*), websites can get a list of plugins, their version & details via navigator.plugins.
You can set this option to an empty string, and websites will not see any Plugins:

PluginArray { length: 0 }

However, this does break some sites (e.g. Deezer) because they (wrongfully) use this API to test if a user has, for example, Flash installed. If you want to allow this, you can set the configuration to Shockwave Flash. That will only return details about the Flash plugin.

Details about a Plugin look like this:

Plugin { 0: MimeType, 1: MimeType, application/x-shockwave-flash: MimeType, application/futuresplash: MimeType, description: "Shockwave Flash 18.0 r0", filename: "Flash Player.plugin", version: "18.0.0.194", name: "Shockwave Flash", length: 2 }

See also: Panopticlick.

Don't overcomplicate, don't try to include everything, don't break web functionality.

It'd be nice to have an explanation of what each option is and why one would want to change off of the defaults. Right now it's geared towards locking Firefox down entirely, but not everyone has this use-case.

Personally, I want to disable sending information to Google but would allow Pocket integration, for example. And I'm unsure what the impact would be if disabling the DRM options.

Hi,

I don't know if you've seen it, but User.js is already doing a good job that is pretty much like this one. You might take a look at it :)

network.http.sendReferheader

 0 means never send, breaks many sites
 1 means send only for clicked links, works fine for most sites
 2 (default) means send always.

Recommendation can be to set to 0 or 1. More details here.

network.http.sendSecureXSiteReferrer

true (default) Send referer header when navigating from one https site to another.
false Don't send referer header when navigating from one https site to another

Recommendation can be false. More details here

To easily change parameters, I have write an user.js : https://github.com/Oros42/firefox_change_prefs
You can use it or make your own :-)

What about making an add-on instead of fiddling with about:config by hand? Perhaps something similar to TorBirdy for Thunderbird? Thoughts?

Hello. As we can notice it, manual interventions in order to apply your suggestions aimed to harden either privacy or security, are involved in this project which as a direct consequence diminish its potential of effectiveness. Others projects, at least arkenfox and pyllyukko here on that platform, were designed to partially automatize hardening operations. In this regard you might have planed a task of your own that is on-going, and even involves full automation of those operations by a script. If not, at least one of those projects might be worth a look at, so you could choose considering taking inspiration from in respect to the methodologies created to apply the customisations.

(This repo seems to have some sort of privacy tendency, so I'll rant a bit about Canvas Fingerprinting. If this is not a welcome forum, feel free to close this issue)

Canvas fingerprinting is a tricky problem. Websites can use the Canvas API to draw pixels and use system fonts as well as hardware specific rendering behavior to track a user and assign them a specific fingerprint, which has enough entropy to recognize them in the future (see wikipedia)

I don't think you want to disable canvas, completely though. It's heavily used in many useful apps.
The Tor Browser (Firefox + patches from the Tor project) tackles this by disabling reading from the canvas, which you can allow for each individual call (you get a "doorhanger UI", which is what most people know from Geolocation).

Newest Firefox versions doesn't have "browser.pocket.enabled", but "extensions.pocket.enabled"

... but the Browser regularly downloads a list of MD5-Hashes from Google and compares locally.

Nonetheless, Google will be contacted - there will be people who don't want that.