notkshitij/Betterfox
1
0
Fork 0
mirror of https://github.com/yokoffing/Betterfox.git synced 2026-06-12 07:30:47 +05:30
Code Issues Releases Wiki Activity

Updated Optional Hardening (markdown)

HJ
2023-08-22 22:36:17 -04:00
parent c32d1974a4
commit e40b0f96dc
1 changed files with 38 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Optional-Hardening.md
+38 -37
@@ -9,7 +9,7 @@ See [Common Overrides](https://github.com/yokoffing/Betterfox/wiki/Common-Overri
***
### Block embedded social posts on webpages
This matches the default behavior of Strict [Enhanced Tracking Protection](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection).
This matches the default behavior of [Strict](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection) Enhanced Tracking Protection.
```
// PREF: do not allow embedded tweets, Instagram, Reddit, and Tiktok posts
user_pref("urlclassifier.trackingSkipURLs", "");
@@ -44,6 +44,7 @@ user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
***
### SameSite Cookies
[SameSite Cookies](https://github.com/yokoffing/Betterfox/blob/79b6694680e73c8cd4ebf781f87d978a06086284/Securefox.js#L141-L150) help prevent cross-site request forgery (CSRF) attacks. They are used to ensure that a website can only be accessed by the same origin that set the cookie, and not by any other website. This helps protect your browser from unauthorized access and data theft.
```
// PREF: enable SameSite Cookies
user_pref("network.cookie.sameSite.laxByDefault", true);
@@ -53,41 +54,6 @@ user_pref("network.cookie.sameSite.schemeful", true);
***
### `default-browser-agent` (Windows only)
On Windows, Mozilla [collects information](https://techdows.com/2020/04/what-is-firefox-default-browser-agent-and-how-to-disable-it.html) on what you've set as your default browser. However, disabling `default-browser-agent.enabled` also breaks the `Make Default...` button to set Firefox as the default browser.
Add it to your overrides if you do not use this part of the UI (or already have Firefox set as the default browser).
```
// PREF: disable telemetry of what default browser you use [WINDOWS]
// [NOTE] Breaks "Make Default..." button in Settings.
user_pref("default-browser-agent.enabled", false);
```
***
### Sanitize on close
**Clear browsing data** on shutdown:
* Go to `☰` *→ Settings → Privacy & Security → Cookies and Site Data → Delete cookies and site data when Firefox is closed*
You can **allow exceptions** if you want to stay logged in to some sites:
* Go to `☰` *→ Settings → Privacy & Security → Cookies and Site Data → Manage Exceptions*
* For cross-domain logins, add exceptions for both sites
* e.g. `https://www.youtube.com` (site) + `https://accounts.google.com` (single sign on)
```
// PREF: clear browsing data on shutdown, while respecting site exceptions
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
user_pref("privacy.clearOnShutdown.history", true);
user_pref("privacy.clearOnShutdown.downloads", true);
user_pref("privacy.clearOnShutdown.formdata", true);
user_pref("privacy.clearOnShutdown.sessions", true);
user_pref("privacy.clearOnShutdown.offlineApps", true);
user_pref("privacy.clearOnShutdown.siteSettings", false);
user_pref("browser.sessionstore.privacy_level", 2);
```
***
### Secure DNS (DoH setup)
1) `network.trr.uri`: Use the one provided, or customize how DoH protects you.
* [Create a profile](https://nextdns.io/?from=xujj63g5) with NextDNS and follow our [configuration guide](https://github.com/yokoffing/NextDNS-Config).
@@ -104,6 +70,41 @@ user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
***
### Sanitize on close
Clear browsing data on shutdown:
* Go to `☰` *→ Settings → Privacy & Security → Cookies and Site Data → Delete cookies and site data when Firefox is closed*
You can allow exceptions if you want to stay logged in to some sites:
* Go to `☰` *→ Settings → Privacy & Security → Cookies and Site Data → Manage Exceptions*
* For cross-domain logins, add exceptions for both sites
* e.g. `https://www.youtube.com` (site) + `https://accounts.google.com` (single sign on)
```
// PREF: clear browsing data on shutdown, while respecting site exceptions
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
user_pref("privacy.clearOnShutdown.history", true);
user_pref("privacy.clearOnShutdown.downloads", true);
user_pref("privacy.clearOnShutdown.formdata", true);
user_pref("privacy.clearOnShutdown.sessions", true);
user_pref("privacy.clearOnShutdown.offlineApps", true);
user_pref("privacy.clearOnShutdown.siteSettings", false);
user_pref("browser.sessionstore.privacy_level", 2);
```
***
### `default-browser-agent` (Windows only)
On Windows, Mozilla [collects information](https://techdows.com/2020/04/what-is-firefox-default-browser-agent-and-how-to-disable-it.html) on what you've set as your default browser. However, disabling `default-browser-agent.enabled` also breaks the `Make Default...` button to set Firefox as the default browser.
Add it to your overrides if you do not use this part of the UI (or already have Firefox set as the default browser).
```
// PREF: disable telemetry of what default browser you use [WINDOWS]
// [NOTE] Breaks "Make Default..." button in Settings.
user_pref("default-browser-agent.enabled", false);
```
***
### Cross-origin referrer
Do not send a [referer](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer) when navigating to a different site (e.g., `google.com``facebook.com`).
@@ -120,4 +121,4 @@ user_pref("network.http.referer.XOriginPolicy", 1);
### Fingerprinting
Fingerprinting is a high [threat model](https://thenewoil.org/en/guides/prologue/threatmodel/) issue that is only [addressed](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) reasonably by Tor.<sup>[1](https://youtu.be/5NrbdO4yWek?t=4334)</sup> Please use the [Tor Browser](https://www.torproject.org) if your context calls for **anonymity** and not just reasonable **privacy**.<sup>^[*what's the difference?*](https://thenewoil.org/en/guides/prologue/secprivanon/)</sup>
By default, Firefox blocks third-party [requests known for fingerprinting](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/). However, Betterfox does not use [additional protections](https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting) enabled by `privacy.resistFingerprinting`. [This is why.](https://old.reddit.com/r/firefox/comments/wuqpgi/are_there_any_aboutconfig_tweaks_to_get_smooth/ile3whx/?context=3)
By default, Firefox blocks [known](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/) third-party fingerprinting requests. Betterfox does not enable [additional protection](https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting) known as `privacy.resistFingerprinting`. You can read why [here](https://old.reddit.com/r/firefox/comments/wuqpgi/are_there_any_aboutconfig_tweaks_to_get_smooth/ile3whx/?context=3).