From 7caf7f06fbdbb78acca16bbccef911d6bbd3f044 Mon Sep 17 00:00:00 2001 From: Michael Orlitzky Date: Sat, 16 Mar 2019 10:02:53 -0400 Subject: [PATCH 1/1] Initial commit: add the individual sections. --- certificates | 17 ++++++++++++ cookies | 33 ++++++++++++++++++++++ referer | 32 +++++++++++++++++++++ speculation | 29 +++++++++++++++++++ tracking | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++ ui | 32 +++++++++++++++++++++ 6 files changed, 221 insertions(+) create mode 100644 certificates create mode 100644 cookies create mode 100644 referer create mode 100644 speculation create mode 100644 tracking create mode 100644 ui diff --git a/certificates b/certificates new file mode 100644 index 0000000..a741925 --- /dev/null +++ b/certificates @@ -0,0 +1,17 @@ +/* Certificates and trust */ + +/* Disable OCSP, which checks for certificate revocation by sending + * your browser history to a third-party. I think this leaves stapling + * enabled, which is what we should be using anyway. Not that I believe + * in the CA infrastructure to begin with! + * + * WARNING: of all the preferences set in this file, this one is likely + * the most controversial. + * + * References: + * + * 1. https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol + * 2. https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ + * + */ +user_pref("security.OCSP.enabled", 0); diff --git a/cookies b/cookies new file mode 100644 index 0000000..cdbe417 --- /dev/null +++ b/cookies @@ -0,0 +1,33 @@ +/* Cookie policy */ + + +/* Isolate cookies (and a bunch of other stuff) to their own domain. + * + * References: + * + * 1. https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks + * 2. https://www.ctrl.blog/entry/firefox-fpi + */ +user_pref("privacy.firstparty.isolate", true); + + +/* Accept cookies only from the originating site. + * + * References: + * + * 1. http://kb.mozillazine.org/Network.cookie.cookieBehavior + * + */ +user_pref("network.cookie.cookieBehavior", 1); + + +/* Delete all cookies after my session has expired. + * + * References: + * + * 1. http://kb.mozillazine.org/Network.cookie.lifetimePolicy + * + */ +user_pref("network.cookie.lifetimePolicy", 2); + + diff --git a/referer b/referer new file mode 100644 index 0000000..69bdc59 --- /dev/null +++ b/referer @@ -0,0 +1,32 @@ +/* Referer obfuscation */ + + +/* Only send the "referer" header when I _do_ something. + * + * References: + * + * 1. https://wiki.mozilla.org/Security/Referrer + * + */ +user_pref("network.http.sendRefererHeader", 1); + + +/* Don't send the "referer" header for cross-domain requests. + * + * References: + * + * 1. https://wiki.mozilla.org/Security/Referrer + * + */ +user_pref("network.http.referer.XOriginPolicy", 1); + + +/* Don't send the querystring across origins (that is, to subdomains, + * since XOriginPolicy is set to "1" above). + * + * References: + * + * 1. https://wiki.mozilla.org/Security/Referrer + * + */ +user_pref("network.http.referer.XOriginTrimmingPolicy", 1); diff --git a/speculation b/speculation new file mode 100644 index 0000000..25ee935 --- /dev/null +++ b/speculation @@ -0,0 +1,29 @@ +/* Disabling speculative fetching */ + + +/* Disable speculative DNS queries. + * + * References: + * + * 1. http://kb.mozillazine.org/Network.dns.disablePrefetch + */ +user_pref("network.dns.disablePrefetch", true); + + +/* Disable speculative HTTP requests. + * + * References: + * + * 1. http://kb.mozillazine.org/Network.prefetch-next + * + */ +user_pref("network.prefetch-next", false); + + +/* Disable speculation while I'm typing a URL. + * + * References: + * + * 1. https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks + */ +user_pref("browser.urlbar.speculativeConnect.enabled", false); diff --git a/tracking b/tracking new file mode 100644 index 0000000..2518a7c --- /dev/null +++ b/tracking @@ -0,0 +1,78 @@ +/* Tracking protection */ + + +/* Don't notify servers when I leave a webpage. + * + * References: + * + * 1. https://bugzilla.mozilla.org/show_bug.cgi?id=1387745 + * + */ +user_pref("beacon.enabled", false); + + +/* Don't let websites query the battery status of my PC. + * This should now be disabled... but let's turn it off + * again, just in case. + * + * References: + * + * 1. https://bugzilla.mozilla.org/show_bug.cgi?id=1387745 + * 2. https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 + * 3. https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks + */ +user_pref("dom.battery.enabled", false); + + +/* Don't allow websites to spy on my copy/paste actions. + * + * References: + * + * 1. https://bugzilla.mozilla.org/show_bug.cgi?id=1387745 + * 2. https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled + * 3. https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks + */ +user_pref("dom.event.clipboardevents.enabled", false); + + +/* Disable WebRTC. I don't need a web browser to chat, thanks. + * + * References: + * + * 1. https://restoreprivacy.com/webrtc-leaks/ + * 2. https://wiki.mozilla.org/Media/WebRTC/Privacy + */ +user_pref("media.peerconnection.enabled", false); + + +/* Don't allow websites to snoop on my webcam or microphone. + * + * References: + * + * 1. https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks + * 2. https://wiki.mozilla.org/Media/getUserMedia + */ +user_pref("media.navigator.enabled", false); + + +/* Disable geolocation. Websites shouldn't know where I am, + * and neither should Google (whose API is used to track me). + * + * References: + * + * 1. http://www.mozilla.com/en-US/firefox/geolocation/ + * 2. https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks + * + */ +user_pref("geo.enabled", false); + + +/* Disable WebGL. I actually don't need websites to be able to + * directly access my video hardware. + * + * References: + * + * 1. https://www.contextis.com/en/blog/webgl-a-new-dimension-for-browser-exploitation + * + */ +user_pref("webgl.disabled", true); \ No newline at end of file diff --git a/ui b/ui new file mode 100644 index 0000000..d5dd753 --- /dev/null +++ b/ui @@ -0,0 +1,32 @@ +/* User-interface tweaks */ + + +/* Don't do anything when I start the browser unless I say so. + * + * References: + * + * 1. http://kb.mozillazine.org/Browser.startup.homepage + */ +user_pref("browser.startup.homepage", "about:blank"); + + +/* Don't hide important information in the URL bar + * + * References: + * + * 1. https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.urlbar.trimURLs + * + */ +user_pref("browser.urlbar.trimURLs", false); + + +/* Don't allow unicode trickery in the URL bar. + * + * References: + * + * 1. http://kb.mozillazine.org/Network.IDN_show_punycode + * 2. https://ma.ttias.be/show-idn-punycode-firefox-avoid-phishing-urls/ + * + */ +user_pref("network.IDN_show_punycode", true); + -- 2.44.2