notkshitij/Betterfox
1
0
Fork 0
mirror of https://github.com/yokoffing/Betterfox.git synced 2026-06-12 15:40:48 +05:30
Code Issues Releases Wiki Activity

Updated Optional Hardening (markdown)

HJ
2023-08-22 18:51:30 -04:00
parent 3cb2800eb6
commit 4002ee1e22
1 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Optional-Hardening.md
+13 -5
@@ -20,8 +20,18 @@ user_pref("urlclassifier.features.socialtracking.skipURLs", "");
### HTTPS-Only Mode ### HTTPS-Only Mode
We already: We already:
* [attempt](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L545-L550) to upgrade HTTP site navigation to HTTPS
* [block](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L810-L827) HTTP subresources from loading on HTTPS pages * [block](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L810-L827) HTTP subresources from loading on HTTPS pages
* [attempt](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L545-L550) to upgrade HTTP site navigation to HTTPS
#### Option 1: Enable in [private windows](https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history) only
```
// PREF: enable HTTPS-Only Mode
// Strict HTTPS site navigation in Private Browsing.
user_pref("dom.security.https_only_mode_pbm", true);
user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
```
#### Option 2: Enable in all windows
``` ```
// PREF: enable HTTPS-Only Mode // PREF: enable HTTPS-Only Mode
// Strict HTTPS site navigation in Normal and Private Browsing. // Strict HTTPS site navigation in Normal and Private Browsing.
@@ -106,8 +116,6 @@ user_pref("network.http.referer.XOriginPolicy", 1);
*** ***
### Fingerprinting ### Fingerprinting
Fingerprinting is a high [threat model](https://thenewoil.org/en/guides/prologue/threatmodel/) issue that is only [addressed](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) reasonably by Tor.<sup>[1](https://youtu.be/5NrbdO4yWek?t=4334)</sup> Fingerprinting is a high [threat model](https://thenewoil.org/en/guides/prologue/threatmodel/) issue that is only [addressed](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) reasonably by Tor.<sup>[1](https://youtu.be/5NrbdO4yWek?t=4334)</sup> Please use the [Tor Browser](https://www.torproject.org) if your context calls for **anonymity** and not just reasonable **privacy**.<sup>^[*what's the difference?*](https://thenewoil.org/en/guides/prologue/secprivanon/)</sup>
Please use the [Tor Browser](https://www.torproject.org) if your context calls for **anonymity** and not just reasonable **privacy**.<sup>^[*what's the difference?*](https://thenewoil.org/en/guides/prologue/secprivanon/)</sup> While Firefox blocks [known third-party fingerprinting](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/) by default, Betterfox does not enable `privacy.resistFingerprinting`. [This is why.](https://old.reddit.com/r/firefox/comments/wuqpgi/are_there_any_aboutconfig_tweaks_to_get_smooth/ile3whx/?context=3)
Betterfox does not use `privacy.resistFingerprinting`. [This is why.](https://old.reddit.com/r/firefox/comments/wuqpgi/are_there_any_aboutconfig_tweaks_to_get_smooth/ile3whx/?context=3)