Prevent data leaks in your Firefox

World's news about us.
Post Reply
flux
Administrator
Posts: 74
Joined: Mon Jul 16, 2018 6:07 am
Been thanked: 19 times

Prevent data leaks in your Firefox

Post by flux » Tue Sep 18, 2018 4:08 pm

Although Firefox is considered safe and reliable browser, it has separate modules that track users behavior and send statistics to remote servers. Bad news is that year by year there are more modules like that appearing and they are activated by default. Good news is they can be turned off in about:config.

This repo https://github.com/amq/firefox-debloat maintains an up-to-date list of options that should be disabled in about:config to prevent data leakage:

Google "Safe" Browsing

Sends every URL you visit to Google, this means if you hacked a site and use an unprotected web-shell to manage it, Google will know the web-shell's URL and what IP you visited it from.

browser.safebrowsing.enabled
browser.safebrowsing.downloads.enabled
browser.safebrowsing.malware.enabled


Firefox Statistics

Sends data reports to Firefox about your browser performance and stability

datareporting.healthreport.service.enabled
datareporting.healthreport.uploadEnabled
toolkit.telemetry.enabled


WebRTC

Leaks a real IP of your internet connection even when you use Tor/VPN

media.peerconnection.enabled


Encrypted Media Extensions (DRM)

A binary plugin with unknown source code that comes with Firefox since version 38. Allows you to play encrypted media content and use Netflix and others without Microsoft Silverlight. It uses Intel chipset and CPU hardware instructions to invoke communications, thus can affect your hardware maliciously without your consent.
To completely uninstall the plugin, you need to use the version of the EME-free Firefox browser: download.cdn.mozilla.net/pub/firefox/releases/latest/win32-EME-free/ or use Firefox ESR builds provided by Debian/Ubuntu and other Linux distributions.

media.eme.enabled
media.gmp-eme-adobe.enabled


Firefox Hello

Firefox connects to third-party services ("Telefonica") without user consent

loop.enabled


Pocket

A third-party service for manipulating "read later" articles/publications.


browser.pocket.enabled


Geolocation


geo.enabled


Search suggestions

Everything you write in a browser search or URL box is instantly sent to remote servers

browser.search.suggest.enabled

User avatar
sigint
Full member
Full member
Posts: 36
Joined: Mon Jul 16, 2018 8:50 pm
Been thanked: 10 times

Post by sigint » Tue Sep 18, 2018 6:38 pm

Nice info for general learning, Google Safebrowsing is indeed a pain in the ass, this is how NSA usually discover your stuff when you think you are a secure guy.

pepsisoda
Full member
Full member
Posts: 16
Joined: Fri Dec 14, 2018 1:20 am
Been thanked: 4 times

Post by pepsisoda » Sat Dec 15, 2018 3:46 pm

Thanks for this. Most of this is turned off in TOR; although telemetry is turned on in some instances I notice in about:config. Don't forget about canvas blocker and 1st party isolate for your regular browser.

FF is still although they sold out in many ways but their original focus on user control is still there.

User avatar
dradnanco
New user
New user
Posts: 112
Joined: Mon Oct 19, 2020 12:08 am

Post by dradnanco » Fri Oct 30, 2020 2:00 pm

i bought usa used laptop instead of mine
and change mac address and connect to vpn
and use private browser
iam so happy in this forum !!

Post Reply