mirror of
https://github.com/yokoffing/Betterfox.git
synced 2026-06-12 15:40:48 +05:30
Updated Optional Hardening (markdown)
HJ
+49
-14
@@ -1,21 +1,56 @@
|
||||
### Optional Hardening
|
||||
## Manual options
|
||||
|
||||
1) Change your **default search engine**.
|
||||
### Change your **default search engine**.
|
||||
* Alternatively, [select](https://support.mozilla.org/en-US/kb/change-your-default-search-settings-firefox#w_default-search-engine) a different search engine just for [Private Browsing](https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history) windows.
|
||||
1) Go to *`☰` → Settings → Search → Default Search Engine*
|
||||
2) Change your default search engine to DuckDuckGo, or [add](https://github.com/yokoffing/Betterfox/blob/04c3184359c83d7b58411c3b68f40f3e9d95c373/Securefox.js#L600-L604) a premium search engine like [Kagi](https://kagi.com/).
|
||||
2) **Clear browsing data** on shutdown ([sanitize on close](https://github.com/yokoffing/Betterfox/blob/99f2e860633f307781ddb73d792358ad1bec6af5/Securefox.js#L409-L434)).
|
||||
* You can **allow exceptions** if you want to stay logged in to some sites:
|
||||
1) Go to *`☰` → Settings → Privacy & Security → Cookies and Site Data → Manage Exceptions*
|
||||
2) Check *Delete cookies and site data when Firefox is closed*.
|
||||
* For cross-domain logins, add exceptions for both sites
|
||||
* e.g. `https://www.youtube.com` (site) + `https://accounts.google.com` (single sign on)
|
||||
|
||||
3) Apply preferences from the [common overrides](https://github.com/yokoffing/Betterfox/issues/87) sticky to enforce the following behavior:
|
||||
* Enable **HTTPS-Only Mode** outside of [Private Browsing](https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history) windows.
|
||||
* Block embedded **tweets, tiktoks, Instagram and Reddit posts** from loading on third-party sites.
|
||||
* **Hide the referrer** from different domains.
|
||||
### **Clear browsing data** on shutdown ([sanitize on close](https://github.com/yokoffing/Betterfox/blob/99f2e860633f307781ddb73d792358ad1bec6af5/Securefox.js#L409-L434)).
|
||||
|
||||
* You can **allow exceptions** if you want to stay logged in to some sites:
|
||||
1) Go to *`☰` → Settings → Privacy & Security → Cookies and Site Data → Manage Exceptions*
|
||||
2) Check *Delete cookies and site data when Firefox is closed*.
|
||||
* For cross-domain logins, add exceptions for both sites
|
||||
* e.g. `https://www.youtube.com` (site) + `https://accounts.google.com` (single sign on)
|
||||
|
||||
***
|
||||
|
||||
## Overrides
|
||||
See [Common Overrides](https://github.com/yokoffing/Betterfox/wiki/Overrides) for instructions.
|
||||
|
||||
### HTTPS-Only Mode
|
||||
We already [block](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L810-L827) HTTP subresources from loading on HTTPS pages and [attempt](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L545-L550) to upgrade HTTP site navigation to HTTPS.
|
||||
```
|
||||
// PREF: enable HTTPS-Only Mode
|
||||
// Strict HTTPS site navigation in Normal and Private Browsing.
|
||||
user_pref("dom.security.https_only_mode", true);
|
||||
```
|
||||
|
||||
***
|
||||
|
||||
### Block embedded social posts on webpages
|
||||
This matches the default behavior of Strict [Enhanced Tracking Protection](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection).
|
||||
```
|
||||
// PREF: do not allow embedded tweets, Instagram, Reddit, and Tiktok posts
|
||||
user_pref("urlclassifier.trackingSkipURLs", "");
|
||||
user_pref("urlclassifier.features.socialtracking.skipURLs", "");
|
||||
```
|
||||
|
||||
***
|
||||
|
||||
### Hide cross-site referrer
|
||||
```
|
||||
// PREF: do not to send a referrer when navigating to a different site
|
||||
// For subresources, the referrer is only sent to subdomains:
|
||||
// e.g., from a.example.com to b.example.com.
|
||||
// [WARNING] This breaks Instagram embeds, Bing login, MangaPill, and some third-party streaming sites.
|
||||
user_pref("network.http.referer.XOriginPolicy", 1);
|
||||
```
|
||||
|
||||
***
|
||||
|
||||
## Fingerprinting
|
||||
:warning: Fingerprinting is a high [threat model](https://thenewoil.org/en/guides/prologue/threatmodel/) issue that is only [addressed](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) reasonably by Tor.<sup>[1](https://youtu.be/5NrbdO4yWek?t=4334)</sup> Please use the [Tor Browser](https://www.torproject.org) if your context calls for **anonymity** and not just reasonable **privacy**.<sup>^[*what's the difference?*](https://thenewoil.org/en/guides/prologue/secprivanon/)</sup>
|
||||
|
||||
|
||||
We do not use `privacy.resistFingerprinting`. [This is why.](https://old.reddit.com/r/firefox/comments/wuqpgi/are_there_any_aboutconfig_tweaks_to_get_smooth/ile3whx/?context=3)
|
||||
|
||||
:warning: Fingerprinting is a high [threat model](https://thenewoil.org/en/guides/prologue/threatmodel/) issue that is only [addressed](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) reasonably by Tor.<sup>[1](https://youtu.be/5NrbdO4yWek?t=4334)</sup> Please use the [Tor Browser](https://www.torproject.org) if your context calls for **anonymity** and not just reasonable **privacy**.<sup>^[*what's the difference?*](https://thenewoil.org/en/guides/prologue/secprivanon/)</sup>
|
||||
Reference in New Issue
Block a user