Improve on-line privacy of users

Here is the place were the team and the community projects meet together. Help us to develop SolydXK projects or contribute your ideas for future releases.
User avatar
Schoelje
Site Admin
Posts: 8552
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Improve on-line privacy of users

Postby Schoelje » 30 Jan 2018 07:54

The discussion about alternative browsers gradually split into two different discussions: the original question about what is the best browser to protect your privacy and the other is about improving privacy in Firefox. This topic continues only with the latter: how to improve privacy settings for Firefox.

There are several add-ons to improve privacy for Firefox:
uBlock Origin is already included in firefox-solydxk-adjustments but what do you think of the other add-ons? Do you think these should be included as well?

We can also change some settings in Firefox's about:config. The Ghacks user.js file is going full on privacy and left me with an unworkable browser. That is, unworkable for me. It's important that the browsing experience shouldn't be influenced negatively. It's a fuzzy line between what honors ones privacy and what provides the smoothest browsing experience.

So, I'm experimenting with these settings to come up with something that has a bit of both worlds: more privacy but not too inconvenient.
These are my settings now (I'll update the list as we go):

Code: Select all

// Privacy settings
user_pref("privacy.donottrackheader.enabled", true);
user_pref("privacy.donottrackheader.value", 1);
user_pref("privacy.trackingprotection.enabled", true);
user_pref("privacy.trackingprotection.ui.enabled", true);
// Keep third party cookies only for the current session
user_pref("network.cookie.thirdparty.sessionOnly", true);
user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true);
// Disable telemetry
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.rejected", true);
user_pref("toolkit.telemetry.server", "");
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.unifiedIsOptIn", false);
user_pref("toolkit.telemetry.prompted", 2);
user_pref("toolkit.telemetry.cachedClientID", "");
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
// Disable offline cache
user_pref("browser.cache.offline.enable", false);
// Do not save tabs when closed
user_pref("browser.sessionstore.max_tabs_undo", 0);
// Disable preloading of autocomplete URLs
user_pref("browser.urlbar.speculativeConnect.enabled", false);
// Disable safe browsing - reports to Google
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.url", "");
user_pref("browser.safebrowsing.provider.google.reportURL", "");
user_pref("browser.safebrowsing.reportPhishURL", "");
user_pref("browser.safebrowsing.provider.google4.reportURL", "");
user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "");
user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "");
user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "");
user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "");
user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
// Disable Google Safe Browsing checks. Set to false: security risk, but privacy improvement.
user_pref("browser.safebrowsing.malware.enabled", true);
user_pref("browser.safebrowsing.phishing.enabled", true);
// Send limited Referer header
user_pref("network.http.referer.trimmingPolicy", 2);
user_pref("network.http.referer.XOriginPolicy", 2);
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
// Do not upload health report to Mozilla
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.healthreport.about.reportUrl", "data:text/plain,");
user_pref("datareporting.policy.dataSubmissionEnabled", false);
// Prevent sites from tracking your copy-paste behavior
user_pref("dom.event.clipboardevents.enabled", false);
// Prevent sites from knowing your battery status
user_pref("dom.battery.enabled", false);
// Do not use geo location or else just use mozilla's geo location instead of Google's
user_pref("geo.enabled", false);
user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
// Disable DNS prefetching
user_pref("network.dns.disablePrefetch", true);
user_pref("network.dns.disablePrefetchFromHTTPS", true);
// Do not pre-download linked web pages
user_pref("network.prefetch-next", false);
// Disable Necko/Captive Portal
user_pref("network.predictor.enabled", false);
user_pref("network.predictor.enable-prefetch", false);
user_pref("captivedetect.canonicalURL", "");
user_pref("network.captive-portal-service.enabled", false);
// Disable link-mouseover opening connection to linked server
user_pref("network.http.speculative-parallel-limit", 0);
// Disable pings (but enforce same host in case)
user_pref("browser.send_pings", false);
user_pref("browser.send_pings.require_same_host", true);
// Disable crash reports ***/
user_pref("breakpad.reportURL", "");
user_pref("browser.tabs.crashReporting.sendReport", false);
user_pref("browser.crashReports.unsubmittedCheck.enabled", false);
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false);
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
// Disable new tab tile ads & preload & marketing junk ***/
user_pref("browser.newtab.preload", false);
user_pref("browser.newtabpage.directory.source", "data:text/plain,");
//user_pref("browser.newtabpage.enabled", false);
user_pref("browser.newtabpage.enhanced", false);
user_pref("browser.newtabpage.introShown", true);
// Disable "Snippets" (Mozilla content shown on about:home screen)
user_pref("browser.aboutHomeSnippets.updateUrl", "https://127.0.0.1");
// Enable Firefox blocklist, but sanitize blocklist url
user_pref("extensions.blocklist.enabled", true);
user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/");
user_pref("services.blocklist.update_enabled", true);
user_pref("services.blocklist.signing.enforced", true);
// Disable experiments
user_pref("experiments.enabled", false);
user_pref("experiments.manifest.uri", "");
user_pref("experiments.supported", false);
user_pref("experiments.activeExperiment", false);
user_pref("network.allow-experiments", false);
// Disable some extensions
user_pref("browser.ping-centre.telemetry", false); // Disable PingCentre telemetry
user_pref("extensions.pocket.enabled", false); // Disable Pocket
user_pref("dom.flyweb.enabled", false); // Disable Flyweb
user_pref("extensions.shield-recipe-client.enabled", false); // Disable Shield Telemetry system
user_pref("extensions.shield-recipe-client.api_url", ""); // Disable Shield Telemetry system
// Disable Follow On Search
user_pref("browser.newtabpage.activity-stream.enabled", false);
user_pref("browser.library.activity-stream.enabled", false);
// Disable Onboarding
user_pref("browser.onboarding.enabled", false);
// Prevent sites to track your microphone and camera status
user_pref("media.navigator.enabled", false);


// Disable WebRTC
// user_pref("media.peerconnection.enabled", false);
// user_pref("media.peerconnection.use_document_iceservers", false);
// user_pref("media.peerconnection.video.enabled", false);
// user_pref("media.peerconnection.identity.enabled", false);
// user_pref("media.peerconnection.identity.timeout", 1);
// user_pref("media.peerconnection.turn.disable", true);
// user_pref("media.peerconnection.ice.tcp", false);
// user_pref("media.navigator.video.enabled", false);
// user_pref("media.peerconnection.ice.default_address_only", true);
// user_pref("media.peerconnection.ice.no_host", true);

// resistFingerprinting forces new window size: 1000x1000
// https://bugzilla.mozilla.org/show_bug.cgi?id=1330882
// user_pref("privacy.resistFingerprinting", true);

// Isolates all browser identifier sources (e.g. cookies) to the first party domain
// Sites who do use third party id sources might not function correctly
// user_pref("privacy.firstparty.isolate", true);

// Do not allow third party cookies - some sites won't even work
// user_pref("network.cookie.cookieBehavior", 1);



SolydXK needs you!
Development | Testing | Translations

kurotsugi
Posts: 1992
Joined: 09 Jan 2014 00:17

Re: Improve on-line privacy of users

Postby kurotsugi » 31 Jan 2018 01:56

webrtc relies on the media connection mode. I believe the peer connection mode is actually made for privacy concern because the media would be streamed between two computers and not relied on servers. as for the IP leaks, it should be fixed. I did the test and there's no leaks detected.
Screenshot_2018-01-31_08-55-04.png
Screenshot_2018-01-31_08-55-04.png (72.89 KiB) Viewed 537 times

User avatar
Schoelje
Site Admin
Posts: 8552
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: Improve on-line privacy of users

Postby Schoelje » 31 Jan 2018 14:30

I've moved this discussion to a separate thread. I was hijacking Ilu's topic with this :oops:

I see that even on FF ESR the global IP is not detected. I've commented the WebRTC entries in the list (see the OP).


SolydXK needs you!
Development | Testing | Translations

User avatar
Schoelje
Site Admin
Posts: 8552
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: Improve on-line privacy of users

Postby Schoelje » 31 Jan 2018 17:07

I see that resistFingerprinting forces new window size to: 1000x1000
https://bugzilla.mozilla.org/show_bug.cgi?id=1330882

[Edit]
privacy.firstparty.isolate Isolates all browser identifier sources (e.g. cookies) to the first party domain.
Sites who do use third party id sources might not function correctly.
E.g.: NOS (Dutch news site) keeps showing cookies confirmation.

browser.safebrowsing.malware.enabled and browser.safebrowsing.phishing.enabled disable Google Safe Browsing checks.
Set to false: security risk, but privacy improvement.
For our users I prefer security over privacy.

The Cookie Autodelete add-on seems a more user-friendly solution than setting the network.cookie settings: sites like the NOS won't complain even when the cookies were removed by the add-on after 3 seconds.


SolydXK needs you!
Development | Testing | Translations

User avatar
xendistar
Posts: 365
Joined: 08 Jun 2014 08:17
Location: Bournemouth, UK

Re: Improve on-line privacy of users

Postby xendistar » 31 Jan 2018 21:27

Although I am not currently using Solyd XK at the moment I would not want to find my browser loaded with add ons that I did not request. I am all for privacy but my view of personal privacy will be different to other peoples. I have no issue with the add ons (or links to) being made available along with some explanation as to why it is a good idea to have these add ons.

Linux is about choice and freedom to choose what you want, as a distro you don't want to be seen to be pushing "our" thoughts on how it should be done on to them, we should be advising and offering them the choice.

I realise that the above statement will fit better with those with some knowledge of computers and Linux as opposed to a complete newbie to both, but that just my view.

User avatar
palimmo
Posts: 747
Joined: 19 Nov 2013 19:44
Contact:

Re: Improve on-line privacy of users

Postby palimmo » 31 Jan 2018 22:12

I use on Firefox the add-ons
Privacy Badger
and
Https Everywhere
and other add-ons such as Quick context Search and Bamboo Feed reader.

Does it make sense to use uBlock Origin together with the two above?
Proud user of SolydK!

Dai diamanti non nasce niente, dal letame nascono i fior. http://aquilone.wordpress.com/

User avatar
ilu
Posts: 1776
Joined: 09 Oct 2013 12:45

Re: Improve on-line privacy of users

Postby ilu » 31 Jan 2018 23:38

@palimmo: Definitely yes.

@xendistar: with todays internet (think online banking, egovernment, online-everything ...) security is too important for a safe life and Firefox alone just doesn't cut it.

uBlock Origin is mainly about security, not privacy. I don't think the fishing and malware protection of Firefox is needed as long as you use uBO. uBO uses filter lists maintained by different communities and if you want to go over-the-top with safety, activate all the filter lists available in the settings (duplicates will be eliminated by uBO). Definitely activate the one for your region. No connection to Google required. uBO is the minimum you must have for safety.

NoScript is necessary because having JS disabled by default improves security and because it also implements other protection, f.e. against cross-site-scripting. My kid has no problems handling NoScript correctly. Also its new FF57 interface became easier.
I'm also using uMatrix because I'm paranoid :mrgreen: but config is more complicated than the average user will like and using both is probably overkill.

I would recommend uBO and NoScript for security reasons.

Isn't https-everywhere nowadays redundant because the browser will only allow https if you ever opened the website with https before? Chances that important websites are configured wrong are small these days. Maybe if your visit to a spoofed website is your first visit to that URL ...

The other addons schoelje listed are mostly about privacy. I think they are necessary but I'm open to debate on this.
I'm using, Decentraleyes, Selfdestructing Cookies (it won't be updated for FF57) and CanvasBlocker. I prefer CanvasBlocker over Canvas Defender because it has an expert mode and no problems with google sites - and it has a better rating. But these are details, https://github.com/ghacksuserjs/ghacks-user.js/issues/174 has a long discussion about the different ways of handling canvas tracking if you are interested.

User avatar
tek10
Posts: 23
Joined: 30 Jul 2013 01:22
Location: Cascadia

Re: Improve on-line privacy of users

Postby tek10 » 01 Feb 2018 04:36

I install Privacy Badger, uBlock Origin, and HTTPS Everywhere on both Firefox and Vivaldi on all my systems. Lately I've been trying out CanvasBlocker.

That said I also prefer minimal add-ons installed by default. The above four make a lot of sense though...

Maybe the best way to go is a page on the SolyXK Welcome recommending security ad-ons and adjustments to the default about:config settings in Firefox? Or perhaps refer people to a sticky post in the forums for recommendations?

kurotsugi
Posts: 1992
Joined: 09 Jan 2014 00:17

Re: Improve on-line privacy of users

Postby kurotsugi » 01 Feb 2018 05:12

we marketed ourself as "easy to use, better OOTB linux experience". IMO we should keep the addon minimum and focus on things which doesn't affect system functionality. ublock, https everywhere seems OK but something like NoScript will affect system functionality and potentially made the user mad.

perhaps we should divide the topic into : addons which should be included into default system - and - addons which recommended to be installed for those concerned about privacy.

btw, since we already have candidates...shall we make a poll?

User avatar
Schoelje
Site Admin
Posts: 8552
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: Improve on-line privacy of users

Postby Schoelje » 01 Feb 2018 07:53

kurotsugi wrote:...since we already have candidates...shall we make a poll?


Here you go: viewtopic.php?f=72&t=7168

:D


SolydXK needs you!
Development | Testing | Translations

kurotsugi
Posts: 1992
Joined: 09 Jan 2014 00:17

Re: Improve on-line privacy of users

Postby kurotsugi » 01 Feb 2018 15:42

btw, regarding blockers. some blockers did block ads and trackers but at the same time they collect some data from the user. they later sold the data to 3rd parties (ad makers). they claimed that the data isn't unique and no one could trace it to the user. to be fair, user could disable the data collection. that being said, it might still raised some privacy concern for some user.

I'll mention one of these kind of blockers : ghostery.

my concern is that these practices (i.e : block ads but sold data to ad makers) is getting more popular lately. please correct me if I'm wrong, opera also did it with their own built in ad blocker. other browser also starting do similar things. you can't see it much on desktop browser but on android, there are lot of them.

it might be a lil bit out of topic but I think it should be interesting to discus this issue here :3

User avatar
ilu
Posts: 1776
Joined: 09 Oct 2013 12:45

Re: Improve on-line privacy of users

Postby ilu » 02 Feb 2018 14:40

This is a known issue with ghostery but I haven't heard anything like that about any of the mentioned addons. The developer of uBlock has all his code on github, you can look at the code, and he doesn't operate a server where he could even store anything.

But Mozilla is experimenting with this business modell for some time now and that's why I started the other thread.

Not connected to this but for everybody's information about privacy here are some tutorials: https://ssd.eff.org/

User avatar
Schoelje
Site Admin
Posts: 8552
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: Improve on-line privacy of users

Postby Schoelje » 13 Feb 2018 13:21

It's been a while and I've been working on some of the SolydXK packages. Among those are the Firefox and Thunderbird adjustments packages. I could conclude from the poll that uBlock, HTTPS Everywhere and Privacy Badger are the most popular of the add-ons. So, I've built them into the Firefox adjustments package. I've also used the configuration from the OP to set the default (new user) settings for Firefox and part of those settings I've also introduced in the Thunderbird adjustments package.

I've uploaded the packages to the testing repository (both solydxk-9 and solydxk-10). So, if you want to try them out you need to adjust your sources.list file:

Code: Select all

deb http://repository.solydxk.com solydxk-9 main upstream import testing


You can also browse them here: http://repository.solydxk.com/pool/testing/

Let me know what you think.


SolydXK needs you!
Development | Testing | Translations


Return to “Suggestions & ideas / Open Projects”

Who is online

Users browsing this forum: No registered users and 1 guest