notkshitij/Betterfox
1
0
Fork 0
mirror of https://github.com/yokoffing/Betterfox.git synced 2026-06-12 15:40:48 +05:30
Code Issues Releases Wiki Activity

Updated Optional Hardening (markdown)

HJ
2023-08-19 14:42:25 -04:00
parent 0d3e7c839c
commit 99d6163360
1 changed files with 49 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Optional-Hardening.md
+46 -11
@@ -1,21 +1,56 @@
### Optional Hardening ## Manual options
1) Change your **default search engine**. ### Change your **default search engine**.
* Alternatively, [select](https://support.mozilla.org/en-US/kb/change-your-default-search-settings-firefox#w_default-search-engine) a different search engine just for [Private Browsing](https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history) windows. * Alternatively, [select](https://support.mozilla.org/en-US/kb/change-your-default-search-settings-firefox#w_default-search-engine) a different search engine just for [Private Browsing](https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history) windows.
1) Go to *`☰` → Settings → Search → Default Search Engine* 1) Go to *`☰` → Settings → Search → Default Search Engine*
2) Change your default search engine to DuckDuckGo, or [add](https://github.com/yokoffing/Betterfox/blob/04c3184359c83d7b58411c3b68f40f3e9d95c373/Securefox.js#L600-L604) a premium search engine like [Kagi](https://kagi.com/). 2) Change your default search engine to DuckDuckGo, or [add](https://github.com/yokoffing/Betterfox/blob/04c3184359c83d7b58411c3b68f40f3e9d95c373/Securefox.js#L600-L604) a premium search engine like [Kagi](https://kagi.com/).
2) **Clear browsing data** on shutdown ([sanitize on close](https://github.com/yokoffing/Betterfox/blob/99f2e860633f307781ddb73d792358ad1bec6af5/Securefox.js#L409-L434)).
* You can **allow exceptions** if you want to stay logged in to some sites: ### **Clear browsing data** on shutdown ([sanitize on close](https://github.com/yokoffing/Betterfox/blob/99f2e860633f307781ddb73d792358ad1bec6af5/Securefox.js#L409-L434)).
* You can **allow exceptions** if you want to stay logged in to some sites:
1) Go to *`☰` → Settings → Privacy & Security → Cookies and Site Data → Manage Exceptions* 1) Go to *`☰` → Settings → Privacy & Security → Cookies and Site Data → Manage Exceptions*
2) Check *Delete cookies and site data when Firefox is closed*. 2) Check *Delete cookies and site data when Firefox is closed*.
* For cross-domain logins, add exceptions for both sites * For cross-domain logins, add exceptions for both sites
* e.g. `https://www.youtube.com` (site) + `https://accounts.google.com` (single sign on) * e.g. `https://www.youtube.com` (site) + `https://accounts.google.com` (single sign on)
3) Apply preferences from the [common overrides](https://github.com/yokoffing/Betterfox/issues/87) sticky to enforce the following behavior: ***
* Enable **HTTPS-Only Mode** outside of [Private Browsing](https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history) windows.
* Block embedded **tweets, tiktoks, Instagram and Reddit posts** from loading on third-party sites. ## Overrides
* **Hide the referrer** from different domains. See [Common Overrides](https://github.com/yokoffing/Betterfox/wiki/Overrides) for instructions.
### HTTPS-Only Mode
We already [block](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L810-L827) HTTP subresources from loading on HTTPS pages and [attempt](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L545-L550) to upgrade HTTP site navigation to HTTPS.
```
// PREF: enable HTTPS-Only Mode
// Strict HTTPS site navigation in Normal and Private Browsing.
user_pref("dom.security.https_only_mode", true);
```
***
### Block embedded social posts on webpages
This matches the default behavior of Strict [Enhanced Tracking Protection](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection).
```
// PREF: do not allow embedded tweets, Instagram, Reddit, and Tiktok posts
user_pref("urlclassifier.trackingSkipURLs", "");
user_pref("urlclassifier.features.socialtracking.skipURLs", "");
```
***
### Hide cross-site referrer
```
// PREF: do not to send a referrer when navigating to a different site
// For subresources, the referrer is only sent to subdomains:
// e.g., from a.example.com to b.example.com.
// [WARNING] This breaks Instagram embeds, Bing login, MangaPill, and some third-party streaming sites.
user_pref("network.http.referer.XOriginPolicy", 1);
```
***
## Fingerprinting
:warning: Fingerprinting is a high [threat model](https://thenewoil.org/en/guides/prologue/threatmodel/) issue that is only [addressed](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) reasonably by Tor.<sup>[1](https://youtu.be/5NrbdO4yWek?t=4334)</sup> Please use the [Tor Browser](https://www.torproject.org) if your context calls for **anonymity** and not just reasonable **privacy**.<sup>^[*what's the difference?*](https://thenewoil.org/en/guides/prologue/secprivanon/)</sup>
We do not use `privacy.resistFingerprinting`. [This is why.](https://old.reddit.com/r/firefox/comments/wuqpgi/are_there_any_aboutconfig_tweaks_to_get_smooth/ile3whx/?context=3) We do not use `privacy.resistFingerprinting`. [This is why.](https://old.reddit.com/r/firefox/comments/wuqpgi/are_there_any_aboutconfig_tweaks_to_get_smooth/ile3whx/?context=3)
:warning: Fingerprinting is a high [threat model](https://thenewoil.org/en/guides/prologue/threatmodel/) issue that is only [addressed](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) reasonably by Tor.<sup>[1](https://youtu.be/5NrbdO4yWek?t=4334)</sup> Please use the [Tor Browser](https://www.torproject.org) if your context calls for **anonymity** and not just reasonable **privacy**.<sup>^[*what's the difference?*](https://thenewoil.org/en/guides/prologue/secprivanon/)</sup>