mirror of
https://github.com/yokoffing/Betterfox.git
synced 2026-06-12 15:40:48 +05:30
Updated Optional Hardening (markdown)
HJ
+38
-37
@@ -9,7 +9,7 @@ See [Common Overrides](https://github.com/yokoffing/Betterfox/wiki/Common-Overri
|
||||
***
|
||||
|
||||
### Block embedded social posts on webpages
|
||||
This matches the default behavior of Strict [Enhanced Tracking Protection](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection).
|
||||
This matches the default behavior of [Strict](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection) Enhanced Tracking Protection.
|
||||
```
|
||||
// PREF: do not allow embedded tweets, Instagram, Reddit, and Tiktok posts
|
||||
user_pref("urlclassifier.trackingSkipURLs", "");
|
||||
@@ -44,6 +44,7 @@ user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
|
||||
***
|
||||
|
||||
### SameSite Cookies
|
||||
[SameSite Cookies](https://github.com/yokoffing/Betterfox/blob/79b6694680e73c8cd4ebf781f87d978a06086284/Securefox.js#L141-L150) help prevent cross-site request forgery (CSRF) attacks. They are used to ensure that a website can only be accessed by the same origin that set the cookie, and not by any other website. This helps protect your browser from unauthorized access and data theft.
|
||||
```
|
||||
// PREF: enable SameSite Cookies
|
||||
user_pref("network.cookie.sameSite.laxByDefault", true);
|
||||
@@ -53,41 +54,6 @@ user_pref("network.cookie.sameSite.schemeful", true);
|
||||
|
||||
***
|
||||
|
||||
### `default-browser-agent` (Windows only)
|
||||
On Windows, Mozilla [collects information](https://techdows.com/2020/04/what-is-firefox-default-browser-agent-and-how-to-disable-it.html) on what you've set as your default browser. However, disabling `default-browser-agent.enabled` also breaks the `Make Default...` button to set Firefox as the default browser.
|
||||
|
||||
Add it to your overrides if you do not use this part of the UI (or already have Firefox set as the default browser).
|
||||
|
||||
```
|
||||
// PREF: disable telemetry of what default browser you use [WINDOWS]
|
||||
// [NOTE] Breaks "Make Default..." button in Settings.
|
||||
user_pref("default-browser-agent.enabled", false);
|
||||
```
|
||||
|
||||
***
|
||||
|
||||
### Sanitize on close
|
||||
**Clear browsing data** on shutdown:
|
||||
* Go to `☰` *→ Settings → Privacy & Security → Cookies and Site Data → Delete cookies and site data when Firefox is closed*
|
||||
|
||||
You can **allow exceptions** if you want to stay logged in to some sites:
|
||||
* Go to `☰` *→ Settings → Privacy & Security → Cookies and Site Data → Manage Exceptions*
|
||||
* For cross-domain logins, add exceptions for both sites
|
||||
* e.g. `https://www.youtube.com` (site) + `https://accounts.google.com` (single sign on)
|
||||
```
|
||||
// PREF: clear browsing data on shutdown, while respecting site exceptions
|
||||
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
|
||||
user_pref("privacy.clearOnShutdown.history", true);
|
||||
user_pref("privacy.clearOnShutdown.downloads", true);
|
||||
user_pref("privacy.clearOnShutdown.formdata", true);
|
||||
user_pref("privacy.clearOnShutdown.sessions", true);
|
||||
user_pref("privacy.clearOnShutdown.offlineApps", true);
|
||||
user_pref("privacy.clearOnShutdown.siteSettings", false);
|
||||
user_pref("browser.sessionstore.privacy_level", 2);
|
||||
```
|
||||
|
||||
***
|
||||
|
||||
### Secure DNS (DoH setup)
|
||||
1) `network.trr.uri`: Use the one provided, or customize how DoH protects you.
|
||||
* [Create a profile](https://nextdns.io/?from=xujj63g5) with NextDNS and follow our [configuration guide](https://github.com/yokoffing/NextDNS-Config).
|
||||
@@ -104,6 +70,41 @@ user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
|
||||
|
||||
***
|
||||
|
||||
### Sanitize on close
|
||||
Clear browsing data on shutdown:
|
||||
* Go to `☰` *→ Settings → Privacy & Security → Cookies and Site Data → Delete cookies and site data when Firefox is closed*
|
||||
|
||||
You can allow exceptions if you want to stay logged in to some sites:
|
||||
* Go to `☰` *→ Settings → Privacy & Security → Cookies and Site Data → Manage Exceptions*
|
||||
* For cross-domain logins, add exceptions for both sites
|
||||
* e.g. `https://www.youtube.com` (site) + `https://accounts.google.com` (single sign on)
|
||||
```
|
||||
// PREF: clear browsing data on shutdown, while respecting site exceptions
|
||||
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
|
||||
user_pref("privacy.clearOnShutdown.history", true);
|
||||
user_pref("privacy.clearOnShutdown.downloads", true);
|
||||
user_pref("privacy.clearOnShutdown.formdata", true);
|
||||
user_pref("privacy.clearOnShutdown.sessions", true);
|
||||
user_pref("privacy.clearOnShutdown.offlineApps", true);
|
||||
user_pref("privacy.clearOnShutdown.siteSettings", false);
|
||||
user_pref("browser.sessionstore.privacy_level", 2);
|
||||
```
|
||||
|
||||
***
|
||||
|
||||
### `default-browser-agent` (Windows only)
|
||||
On Windows, Mozilla [collects information](https://techdows.com/2020/04/what-is-firefox-default-browser-agent-and-how-to-disable-it.html) on what you've set as your default browser. However, disabling `default-browser-agent.enabled` also breaks the `Make Default...` button to set Firefox as the default browser.
|
||||
|
||||
Add it to your overrides if you do not use this part of the UI (or already have Firefox set as the default browser).
|
||||
|
||||
```
|
||||
// PREF: disable telemetry of what default browser you use [WINDOWS]
|
||||
// [NOTE] Breaks "Make Default..." button in Settings.
|
||||
user_pref("default-browser-agent.enabled", false);
|
||||
```
|
||||
|
||||
***
|
||||
|
||||
### Cross-origin referrer
|
||||
Do not send a [referer](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer) when navigating to a different site (e.g., `google.com` → `facebook.com`).
|
||||
|
||||
@@ -120,4 +121,4 @@ user_pref("network.http.referer.XOriginPolicy", 1);
|
||||
### Fingerprinting
|
||||
Fingerprinting is a high [threat model](https://thenewoil.org/en/guides/prologue/threatmodel/) issue that is only [addressed](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) reasonably by Tor.<sup>[1](https://youtu.be/5NrbdO4yWek?t=4334)</sup> Please use the [Tor Browser](https://www.torproject.org) if your context calls for **anonymity** and not just reasonable **privacy**.<sup>^[*what's the difference?*](https://thenewoil.org/en/guides/prologue/secprivanon/)</sup>
|
||||
|
||||
By default, Firefox blocks third-party [requests known for fingerprinting](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/). However, Betterfox does not use [additional protections](https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting) enabled by `privacy.resistFingerprinting`. [This is why.](https://old.reddit.com/r/firefox/comments/wuqpgi/are_there_any_aboutconfig_tweaks_to_get_smooth/ile3whx/?context=3)
|
||||
By default, Firefox blocks [known](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/) third-party fingerprinting requests. Betterfox does not enable [additional protection](https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting) known as `privacy.resistFingerprinting`. You can read why [here](https://old.reddit.com/r/firefox/comments/wuqpgi/are_there_any_aboutconfig_tweaks_to_get_smooth/ile3whx/?context=3).
|
||||
Reference in New Issue
Block a user