Browser-hardening

Browser-Hardening

https://malwaretips.com/posts/697788
https://wiki.archlinux.org/title/Firefox/Privacy
https://www.reddit.com/r/firefox/comments/q3snpr/what_does_resistfingerprinting_do (has been removed)

Preparation:
1. Enter "about:config" in the firefox address bar and press enter.
2. Press the button "I'll be careful, I promise!"
3. Follow the instructions below...

01 privacy.firstparty.isolate true
- A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across dif

02 privacy.resistFingerprinting true
- A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
- Set privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts to false and allow the problematic sites to access your canvas when prompted.
If you set it to true, there is nothing to be prompted and canvas is still blocked?

03 privacy.trackingprotection.enabled true
- This is Mozilla’s new built in tracking protection. It uses Disconnect.me filter list, which is redundant if you are already using uBlock Origin 3rd party filters, therefore you s

04 browser.cache.offline.enable false
- Disables offline cache.

05 browser.safebrowsing.malware.enabled false
- Disable Google Safe Browsing malware checks. Security risk, but privacy improvement.

06 browser.safebrowsing.phishing.enabled false
- Disable Google Safe Browsing and phishing protection. Security risk, but privacy improvement.

07 browser.send_pings false
- The attribute would be useful for letting websites track visitors’ clicks.

Seite 1
 Browser-hardening
08 browser.sessionstore.max_tabs_undo 0
- Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -> History -> Recently Closed Tabs.

09 browser.urlbar.speculativeConnect.enabled false
- Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested th

10 dom.battery.enabled false
- Website owners can track the battery status of your device.

11 dom.event.clipboardevents.enabled false
- Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.

12 geo.enabled false
- Disables geolocation.

13 media.navigator.enabled false
- Websites can track the microphone and camera status of your device.

14 network.cookie.cookieBehavior 1
- Disable cookies
- 0 = Accept all cookies by default
- 1 = Only accept from the originating site (block third party cookies)
- 2 = Block all cookies by default

15 network.cookie.lifetimePolicy 2
- cookies are deleted at the end of the session
- 0 = Accept cookies normally
- 1 = Prompt for each cookie
- 2 = Accept for current session only
- 3 = Accept for N days

16 network.http.referer.trimmingPolicy 2
- Send only the scheme, host, and port in the Referer header
- 0 = Send the full URL in the Referer header
- 1 = Send the URL without its query string in the Referer header
- 2 = Send only the scheme, host, and port in the Referer header

Seite 2
 Browser-hardening

17 network.http.referer.XOriginPolicy 2
- Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below
- 0 = Send Referer in all cases
- 1 = Send Referer to same eTLD sites
- 2 = Send Referer only when the full hostnames match

18 network.http.referer.XOriginTrimmingPolicy 2
- When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests.
- 0 = Send full url in Referer
- 1 = Send url without query string in Referer
- 2 = Only send scheme, host, and port in Referer

19 webgl.disabled true
- WebGL is a potential security risk.

20 general.useragent.override Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/91.6

- Just an example

21 general.platform.override Win32
- Just an example

22 media.peerconnection.ice.default_address_only true

23 media.peerconnection.enabled false

24 network.captive-portal-service.enabled false

25 toolkit.telemetry.enabled false
(and/or disable it under Preferences > Privacy & Security > Firefox Data Collection and Use)

26 privacy.donottrackheader.enabled fasle
( or toggle it in Preferences > Privacy & Security > Tracking Protection)
- Warning: The "Do Not Track" header (DNT) may actually be used to fingerprint your browser, since most users leave the option disabled

27 browser.safebrowsing.downloads.enabled false

Seite 3
 Browser-hardening

28 javascript.options.wasm false

29 javascript.options.wasm_baselinejit false

30 javascript.options.wasm_ionjit false

31 delete [email protected]

32 delete [email protected]

33 network.dns.disableIPv6 true

34 network.notify.IPv6 false

Seite 4
 Browser-hardening

preventing tracking across different domains.

en prompted.

rd party filters, therefore you should set it to false if you are using the add-on functionalities.

Seite 5
 Browser-hardening

ncern if URLs are suggested that the user does not want to connect to. Source

ge had been selected.

Seite 6
 Browser-hardening

ginTrimmingPolicy tweak below.)

Seite 7
Browser-hardening

Seite 8