The paradox being that every thing you customize about your browser config becomes another thing that can potentially be fingerprinted and makes you stand out as one of the 1% who has ever looked in about:config.
No, this will not effectively help to reduce the fingerprint of your Browser.
A LOT more tracking services are integrated into the Firefox browser in various places (like New Tab page, Sync, Pocket, Shavar, Google Safebrowsing, OSCP, etc pp).
I wrote a more detailed article about this, and got an "as good as possible" as a result.
But yeah, please please start to use a Host Firewall where you can block on a per-domain and per-port and per-process basis (like LittleSnitch, OpenSnitch etc) to validate your assumptions. UIs will always lie to you, including the one from Firefox.
Set the browser.ml.chat.enabled and browser.ml.enabled to false as they intensively use the processor and drain the battery. All that to just find the best name for your tab groups. I prefer to have my laptop last one more hour instead.
I took a brief gander at its code [0] and saw it mainly focusses on k-means clustering algorithms (in JS, no less). To my ken this is likely for suggesting new tabs, something a user is even less likely to use than renaming them.
Its constant drain even when not 'in use' seems to imply it's classifying tabs as they change page (though it might be telemetry or uncommented testing). If so, it's an example of premature optimisation gone very wrong.
It's a shame, because it overshadows the fact that naming tab groups is a perfect use case for an LLM, alongside keyboard suggestions and reverse dictionaries [1]. I'm ardently distrustful of LLMs for many, many purposes, but for the tiny parameter and token usage needed it's hard to not like. Which is a shame it's (somehow) such a drain.
I recall an extension (I think by a Mozilla dev) which could do automatic grouping of tabs (back before tab groups was removed). I'm surprised this hasn't come back.
Does anyone here struggle so much with naming a group of tabs that you'd reach for an LLM? I mean... really? How often does a group of tabs need a more complex name than "Work", "Gaming", etc? Maybe a suffix for the work project?
Wasn't that a bug that was fixed weeks ago? Like early August? If you are not averse to this feature then it is better to simply make sure you are running the latest version.
I litterally gained one hour off my charged battery when I switched these two settings off, just a week ago, and I keep my browser up to date. So not for me.
You sound like 1.125 watts is insignificant to a laptop, but my laptop idles around 6 watts and it is currently using 8 watts since I've got some stuff running. Shaving off 1.125 watts is a 14-19% improvement.
Exactly. And honestly- the screen is way way more than 1watt. According to RAPL power, a USB-PD power analyzer- changing the brightness on my 15" 4k OLED laptop screen can reduce power usage by 15-20W. The nature of OLED makes it hard to get a clear picture.
I didn't know about this 2 settings but they were already disabled in my about:config. I wonder if Debian distributes a non-default about:config with Firefox.
They do, see /etc/firefox-esr/firefox-esr.js -- but the aforementioned settings are not in that file by default, and [0] seems to suggest Debian does not alter the compiled-in defaults either.
Some quick digging in the source suggests that it's simply not enabled by default in ESR 128. I don't know if that's because it's only enabled by default in a later release, or because it's disabled in all ESR releases; I suspect the former. Compare [1] and [2]:
-pref("browser.ml.enable", false); # in upstream/128.14.0esr
+pref("browser.ml.enable", true); # in upstream/142.0.1
The other pref, browser.ml.chat.enable[d] is not mentioned in that file at all.
(edit: according to [3a] and [3b], it's browser.ml.enable and browser.ml.chat.enabled... yay for consistency, I guess)
I've been a Firefox die-hard since it was called Phoenix a couple decades ago. That said, over the last two months I've been testing Orion Browser (from Kagi, to which I subscribe), and am smitten with it. It's Apple only at the moment, which is a drawback, but if you live in that ecosphere, it's worth a look.
Orion is Webkit-based, can install extensions from Chrome OR Firefox, privacy respecting, and a whole lotta niceties for per-website tweaks and other customizations.
Orion indeed is a decent option for the privacy conscious as it is one of the few browsers that doesn't make any automated connections on startup (with the right config). But, if I remember right, they are still trying to get Ublock Origin to work perfectly on it (i.e. WebExtension support is still not fully supported on Orion).
PaleMoon ( http://www.palemoon.org/ ) is a hard fork of Firefox, with a mix of old tech (XUL) and new tech (from current codebase of Gecko), that is another full-featured zero-telemetry browser that doesn't make any automated connections. But on this too, the full features of uBlock Origin isn't supported as it is based on the abandoned uBlock Origin (legacy) codebase (though the legacy codebase has been updated by some PaleMoon developers, the original developers of uBlock Origin do not wish to support PaleMoon as it doesn't support WebExtension.
Then there's the Tor Browser ( https://www.torproject.org/ ) - it is a soft fork of Firefox, that supports the Tor network and has been configured by default to be "privacy hardened" - it has none of the crap that Mozilla bundles into Firefox, like Pocket, AI, Ads etc. The Tor software bundled in it can be easily deleted, to use it as privacy hardened Firefox. However, there are two issues with it - it does make unauthorised and unwanted automated connections (to SecureDrop) and you can no longer remove the NoScript browser extension that is bundled in it (you could from previous versions). When a browser maker forcefully bundles something in it, (however useful it may be), and does not allow you to modify it, that's well-founded ground to be suspicious of it. (Note: I did finally figure out that one can stop automated phoning to SecureDrop, after disabling it in about:rulesets ).
As the tor browser laid a good foundation to create a privacy hardened Firefox, there are many other browsers that are Forks of the Tor browser - the Mullvad Browser ( https://mullvad.net/en/browser ) is a popular one, and Mullvad bundles its VPN service in it instead of the Tor network. Last I checked, it made some automated connections on startup, so I didn't bother to explore it further).
If the first item isn't "whitelist JS", you're doing it wrong. So many problems arise from letting any site run programs on your computer that it's best to reserve the privilege to the most trusted of sites.
Meanwhile if I see that I just move on. It just isn't practical to have a workable browser with JS whitelisting for the general case. I doubt people who do this actually do any kind of thoughtful review before hitting "accept". It just adds manual toil with limited benefit.
If they are doing meaningful review, I question how much they actually get done in life.
When it was developed, uMatrix was a brilliant method of being cautious about what runs, and it had a logger so you could easily see what domains you should enable the current domain to have access to.
I still use it honestly, but I'll need to move on at some point - not just because it's MV2-only, but also I've found a way in which uMatrix can be bypassed if a website were to specifically target it. (It doesn't affect uBlock Origin, although I haven't tested the Lite MV3 version.)
I very clearly remember, many years ago, a site (which was otherwise perfectly usable) nagging me to "enable JS for a better experience"; curious, I did and was immediately assaulted with all manner of hostile and irritating crap like popups, text selection hijacking, and even attempts to disable the right-click menu. Hurriedly disabled JS again to regain sanity. Nope. I'm never falling for that again... Of course the problem these days is with sites that don't work at all without JS even if they're just static content, and I suspect part of the reason is to force-feed you the crap along with the real content.
It's quite telling that even the mobile version of Chrome, well known for being the most user-hostile browser, has the option to whitelist or blacklist JS and various other features like location access.
Chrome didn't have anything other than a global JS on/off at first, so they clearly added this feature later.
Good work. There are some hardening options that you may be able to glean from ArkenFox [1] and Betterfox [2]. Another addon to consider listing is CSS Exfil protection [3a] CSS Exfil Test Site [3b].
Personally I leave the anonymous daily usage ping enabled in the (perhaps naive) hope that my use of Firefox being counted might help keep it afloat/popular. I guess that's not really in the spirit of a privacy-focused hardening guide but it is something that some may wish to consider.
Some may argue that the data that is included is a bit much for a "daily usage ping," an assertion that I won't dispute—but I will say that I appreciate the fact that Firefox even provides this level of transparency in the first place:
NoScript to automatically disable JS on first load, something to deal with Cookies (like cookie auto delete) and making use of MultiAccount containers. (defo privacy badger installed as well).
This is quite a rudimentary checklist, and it won't provide much in terms of privacy protections, but it will break a number of sites.
The current state of browser-fingerprinting is off-the-rails, where they deny service if they don't get those fingerprints, and the browser to a lesser degree has had its securities/privacy protections gradually degraded.
Stock Firefox will not be able to provide any sufficient guarantees. There are patches that need to be re-compiled in, because there have been about:config options removed.
I highly suggest you review Arkenfox's work, most of the hardening feature he recommends will provide a better defense than nothing. He regularly also contributes to the Mullvad browser which implements most of his hardening and then some but also has some differentiation from the Tor Browser, but many of the same protections.
The TL;DR of the problemscope is that there are artifacts that must be randomized within a certain range. There are also artifacts that must be non-distinct so as to not provide entropy for identification (system fonts and such that are shared among many people in a cohort).
JS, and several other components, if its active will negate a lot of the defenses that have been developed to-date.
Additionally, it seems that in some regional localities Eclipse attacks may be happening (multi-path transparent MITM), by terminating encryption early or through Raptor.
At a bare minimum, there seem to be some bad actors that have mixed themselves into the root pki pool. I've seen valid issued Google Trust certs floating around that were not authorized by the owner of the SAN being visited, and it was transparent and targeted to that blog, but its also happened with vendors (providing VOIP related telco services).
It seems Some ISPs may be doing this to collect sensitive data for surveillance capitalism or other unknown malign purposes. In either case TLS can't be trusted.
> Did you confirm with the owner that they were unauthorized.
I confirmed with their support. I provided the certificate chain and sha-256 fingerprint being served, and they said it didn't match, and that they use a different provider for their certificates; which I suppose is Godaddy, at least that's what shows up on the crt.sh logs.
I don't run nor have access to a CT log for auditing. I was told it was revoked though. If you want to look into it you can; I'm including the CRT chain below.
There have been a number of issues uncovered while investigating the silent failing calls. Ranging from silent fail denial of service, unauthorized password changes after-the-fact, and with login credentials it seems some form of MITM translation, and these are consistent across many devices when accessing the site, or services.
The issues seem to clear up every month or so for about 1-2 weeks starting on the 4th, a new set of certs shows up every couple months.
The translation thing is that voip.ms doesn't allow @ symbols in passwords. About 2-4 hours after a lost password recovery the password that is set stops working with no change logged server-side. Replacing the token I used instead of @ with @, logs in without error from the edge successfully after that period occurs, despite their password policy/validator silent failing, and being against the use of that token which they have confirmed is still in effect. Craziness.
I can only conclude that this is some form MITM. I've seen similar issues across other vendors as well, but they haven't noticed failures yet, or have been completely non-responsive (with no phone contact), so they haven't been looking into it too hard, if at all.
Support staff said they were investigating the issue, but its been almost 90 days now without next-steps, explanation, or anything actionable. I've been getting stonewalled for quite awhile now.
I've seen this enough times now recently that TLS doesn't seem trustworthy anymore. Its quite maddening too where at a fairly fundamental level in troubleshooting; what you see on one end isn't what is actually being hosted on the other.
> JS, and several other components, if its active will negate a lot of the defenses that have been developed to-date.
I thought if you disabled JS, then that would greatly narrow down which user on the internet you are, since very few people (in comparison to everyone else in the world) actually do this.
> not authorized by the owner of the SAN being visited
Source?
> TLS can't be trusted
Do you have more info on this? Why are more people not worried about it?
> I thought if you disabled JS, then that would greatly narrow down which user on the internet you are...
It is a fundamentally cursed problem that has a lot of nuance.
You have buckets of people, and the entropy or difference between your collected artifacts and others must be sufficient to uniquely identify a single person, that is the point of fingerprinting. Your natural defense is in not sticking out of that group/crowd uniquely so others in the group may carry the same range of fingerprints.
At the same time, if you homogenize the artifacts to limit it down to a single fingerprint the sites will simply deny access.
Disabling JS altogether doesn't identify you aside from the fact that you are part of the overall group that has it disabled, the trade-off is that all the entropy JS would normally collect cannot be collected. So while they cannot identify you uniquely they can identify the group by denying that group, and that is the fundamental weakness of binary switches. Its a constant cat and mouse.
> not authorized by the owner of the SAN being visited.
> Source?
Firsthand experience with a large VOIP provider where communications would fail intermittently but in targeted ways that avoid common test failures. Call tests would intermittently but routinely fail in the silent-fail domain of interrupt driven calling (where you wouldn't know a call was inbound), and the failures would occur only in that domain. The issues were narrowed down to a mismatch in certificates through a lengthy support correspondence where the hosted certificate vs what was being provided at the edge were different. The artifacts were compared manually through correspondence.
The certificate revocation was revoked within 48h once the vendor reached out to Google, but we've seen it happen twice now. The standards in general use don't have a means aside from revocation to handle bad-acting at the root-PKI level. Chain of trust issues like this have been known about for over 2 decades in the respective fields.
> Do you have any more info on this? Why are more people not worried about it?
On the specifics? The Princeton Raptor attack paper (2015) covers the details.
Early termination of encryption, and traffic analysis are pretty bad.
Why more people aren't worried? I suppose its because most of the security industry (not all) has accepted the fact that device security is porous, and there isn't really much you can do to hold the manufacturer responsible or to make changes. Surveillance capitalism is also incentivized through profit motive to impose a state of complete and total dependency/compromise.
The state of security today, with your almost routine data breaches every quarter, is a direct consequence from lack of liability, accountability, and regulation, and honestly people in the overall media have stopped listening to many of the experts. They don't want to know how bad, bad is.
The breadth and depth of scale is enough to drive one a bit crazy when looking at the unvarnished reality, its such a complete departure from what is told that it becomes disbelief. The people are largely powerless to mitigate the issues as most of the market is silently nationalized in one form or another. Its no longer about the features people need, but about coercing the market where the only choice is what gets shoveled.
Do you suppose the average middle class worker has the headspace to worry about their county tracking their minute movements through suites of radio sensors (TPMS/OBD-2), or someone hacking into their car through the telematics unit while their driving and disabling the braking, or inducing race conditions related to safety-critical systems.
While we may not care domestically about many of these things when we are told, given our stance on free-speech, if your a critic of China; they might care, and no ones stopping them because the security deficits are almost equally imposed through inaction as they are through action.
Many of these uses are also no commonly disclosed; and manipulated rhetoric is jamming communication channels.
Cable modem security for instance requires a mandated backward compatibility to a 48bit RSA key (Cyphercon Talk), and while there are elevated security modes it boots in that mode, and pulls the config down remotely making it vulnerable to Eclipse.
Money-printing is largely what drives these incentives towards a dysfunctional market.
Firefox doesn't "help your privacy" and make promises just because it's developed by Mozilla, and Chromium doesn't become worse than Firefox just because it's developed by Google. As others have said, this article feels like it was written in LLM.
True but the next best thing is arkenfox which is even more of a pain. Librefox makes a lot of the flags toggleable/visible in settings which is convenient too.
I just want something (config or extension or instructions or whatever) to give me the best (rather, most common/average) fingerprint possible according to that EFF tool. Does that exist?
You have to choose from one of two strategies, either you go with tor-browser (also includes Mulvad-browser) route and try make your browser indistinguishable from others or you randomize values to make stable fingerprinting impossible.
When trying to be similar to everyone else, even small changes to the browser, like changing window size, can make you easily identifiable from everyone else. Randomizing will allow you to modify your browser. None of the fingerprinting protections matter if you use your browser and session to login to some sites.
I use multiple browsers. One is for login to sites and tor-browser is for most of my browsing.
This is easily the best fingerprinting extension that I have found so far:
https://jshelter.org/
I think you're right with having a two-browser setup and I actually want to give it a spin. I envision I'll need to change some habits but it really does seem like the cleanest way to go about it.
I think it just makes me a little sad that despite the effort I've put in, that tool (called Cover Your Tracks btw, or other ones like amiunique) still report that I am indeed unique.
- hooks between network steps
- hooks between steps while rendering/interacting with a website
Things that I want to do but I can't:
- catch a request and modify it, e.g. when a webpage tells my browser to visit ajax.googleapis.com/jquery.js then my browser SHOULD NOT DO IT. Seriously, just don't start running shit on my computer when I click something. Noone wants that, apart from Google. Not the users. I should be able to modify that request, and serve jquery from somewhere else.
- stop the browser's javascript execution
- run my own javascript (these two are currently unavailable together, if you don't allow javascript on a webpage, then you can't run your own) (or modify HTML/DOM in some other language)
I don't think Firefox is worth supporting, I believe it is a Trojan Horse of Google (or at least a Useful Idiot), and its existence is the main reason we have exactly 0 browsers (open source or proprietary) right now. It should die, so something else might flourish.
DDG reports all clicks to links.duckduckgo.com and improving.duckduckgo.com, etc. Which AdGuard seems to block, and maybe one of my browser settings/extensions as well.
Thanks for this ... great start. Mozilla Firefox COULD be an even more powerful source for good. Stop focusing on BS VPN, AI, etc ... focus on great browser, security, privacy. There is a possible niche for a centrally managed, security focused browser for companies ... like the Island Browser ... as an option.
There’s tradeoffs between privacy and convenience. Mozilla makes a particular set of tradeoffs, based on their judgment of what the average user will put up with; checklists like this allow you to make more aggressive tradeoffs.
90% of the stuff in the OP will break certain sites… The problem is that non-technical users will think “oh, privacy, that’s good” (which it is, don’t get me wrong), click the “max privacy” option, but then be unable to fix things when they don’t work and switch back to Chrome.
remember that "firefox -p" opens the profile manager so you can have one profile without the last two items on that list, just for when you need one or two sites that have broken login code that requires 3rd party cookie (it's always for malicious reasons rather than incompetence, but if you have to login you have to login)
One profile for banks, a different profile for Amazon, a third profile for Google sites, a fourth for news sites I log into, a fifth for news sites I don't log into, a sixth that automatically forgets everything on exit for sites that UBO breaks.
Then delete all data on each profile periodically, weekly for news sites, monthly for Amazon and banking sites.
It's a giant pain in the ass juggling all these profiles. Seems like there should be a browser that automatically and transparently isolates every site in its own profile.
Mozilla introduced new profile manager for Firefox somewhere around May. This thing uses new storage format and ignores already existing "old" profiles, except for the default one. Data remains untouched, profiles created in the past are still here accessible by about:profile and if you don't want to use that new profile manager set browser.profiles.enabled entry to false.
From what I've seen around people using the popular customized Firefox variants, like Floorp, Librewolf were surprised by this and not fond of the change.
There are things I also do like removing sponsored links on the about page and url bar. Also disable type-ahead to search engine.
My understanding is that Privacy Badger no longer learns by default. I never wanted that, just block known things, like search engine click hijacks.
I’m not sure what to do about the user agent header. Changing or simplifying it tends to break sites. Also I’d like to promote Linux there but that’s at odds with privacy.
After the shit Mozilla pulled with ad/tracking this summer, the first step for improved privacy should be to delete firefox and switch to brave / what have you.
Fun suggestion to switch to a browser that has a company behind it that has pulled a lot of shady stuff related to ads and tracking. A company where privacy is more marketing than a core value.
If you are one of those folks who don't care about the political arguments, feel free to skip over paragraph one and two. Paragraph three till ten cover actual shady stuff done by brave the company itself.
There is one more thing I can add to the list, though it wasn't as widely published about. At some point the team behind Brave decided to implement browser extension support from scratch and only support specific extensions. Which sounds okay in theory until you realize how they did so. Without involving the extension creator they would fork a version of the extension and bake that into Brave. They did so without informing the extension creator, meanwhile users would still go to the extension creator for support who couldn't fix a thing.
Every time one of these things come up, the Brave team either is irked (but changes it anyway) or goes "oh, yeah we'll remove it in the future". This to me indicates a company culture where there is no thinking ahead about the impact of features or where they simply don't care as long as they aren't called out on it.
This consistent pattern over a period of years has, to me anyway, shown that issues such as privacy or even being user centered are not a core part of their thinking but merely a marketing gimmick.
And to be ahead of the curve on some other things I have heard people say over this. Just that Mozilla sucks doesn't mean alternatives can't be worse.
See my updated comment, that contains all the details you should need. Unfortunately nothing about their privacy policy, I personally feel that actions taken by brave speak louder than whatever they have in their written policy.
My entire feeling about privacy is that, while surveillance economy tends to amplify the worst parts, ultimately, Richard Thieme's presentation is right: https://www.youtube.com/watch?v=atDgnkvzD8I
Thought experiment: in 100 years or even ten, can you imagine that there will not be tiny little camera robots that can get into the home of every person alive? Wouldn't every single living person be prone to having nude and unflattering, private moments leaked all over the internet?
Socially, if privacy is a construct, then so is the fallout we expect others and ourselves to feel when privacy is violated. To some extent, not all, this is self-inflicted Victorian thinking. To the extent that it's true, part of the answer is, in the words of the brave (lol) Michael Cohen, "So what?" Really, so what? I hope we can get to that kind of reaction to adults having their privacy upended because it just takes so much of the bite out of the problem, the shame that relatively innocent people would experience for something completely out of their control.
As far as the getting it back under control thing, we may also be coming to a point that more technologies are so dangerous or impactful that there becomes a need for more strict control so that powerful tech like miniaturization produces paper trails and the use of such technology comes with an implicit requirement for openness. I don't really care that people can use miniaturization, but I care if they can anonymize it to the extent that we create a lawless society with no remaining means of accountability.
What *will* Russia and North Korea do when it becomes plausible to unleash little robot assassins either in small numbers to target individuals or mass numbers to carry out what is essentially nuclear scale death without nuclear scale fallout and destruction? It is plausible that this is a new facet of WMDs and MAD-based deterrence.
Privacy, robots, and the inevitable slide into world war 3.
The paradox being that every thing you customize about your browser config becomes another thing that can potentially be fingerprinted and makes you stand out as one of the 1% who has ever looked in about:config.
Notice, if you have all these settings enabled, you can still be fingerprinted. Test here:
https://fingerprint.com/
In my tests only Tor was able to prevent that, but using Tor will give you bad rankings on payment sites like PayPal, you may even get banned there.
I learned this from here:
https://news.ycombinator.com/item?id=35243355
That site is now black, surely a coincidence. Here the archive.org link:
https://web.archive.org/web/20250801173508/https://www.bites...
Have a local copy.
> fingerprint dot com
Is this an ad? Of all the things I was expecting to see when I clicked that, "Contact Sales" was not one of them.
https://amiunique.org/ is scary.
This is kind of a stupid ChatGPT article.
No, this will not effectively help to reduce the fingerprint of your Browser.
A LOT more tracking services are integrated into the Firefox browser in various places (like New Tab page, Sync, Pocket, Shavar, Google Safebrowsing, OSCP, etc pp).
I wrote a more detailed article about this, and got an "as good as possible" as a result.
But yeah, please please start to use a Host Firewall where you can block on a per-domain and per-port and per-process basis (like LittleSnitch, OpenSnitch etc) to validate your assumptions. UIs will always lie to you, including the one from Firefox.
[1] https://cookie.engineer/weblog/articles/firefox-privacy-guid...
Set the browser.ml.chat.enabled and browser.ml.enabled to false as they intensively use the processor and drain the battery. All that to just find the best name for your tab groups. I prefer to have my laptop last one more hour instead.
I took a brief gander at its code [0] and saw it mainly focusses on k-means clustering algorithms (in JS, no less). To my ken this is likely for suggesting new tabs, something a user is even less likely to use than renaming them.
Its constant drain even when not 'in use' seems to imply it's classifying tabs as they change page (though it might be telemetry or uncommented testing). If so, it's an example of premature optimisation gone very wrong.
It's a shame, because it overshadows the fact that naming tab groups is a perfect use case for an LLM, alongside keyboard suggestions and reverse dictionaries [1]. I'm ardently distrustful of LLMs for many, many purposes, but for the tiny parameter and token usage needed it's hard to not like. Which is a shame it's (somehow) such a drain.
[0] https://github.com/mozilla-firefox/firefox/blob/7b42e629fdef... exports a SmartTabGroupingManager, though how or why that is used without being asked eludes me
[1] https://www.onelook.com/thesaurus/ Can be helpful in a pinch when a word's on the tip of your tongue, though its synonyms aren't always perfect.
I recall an extension (I think by a Mozilla dev) which could do automatic grouping of tabs (back before tab groups was removed). I'm surprised this hasn't come back.
Does anyone here struggle so much with naming a group of tabs that you'd reach for an LLM? I mean... really? How often does a group of tabs need a more complex name than "Work", "Gaming", etc? Maybe a suffix for the work project?
Wasn't that a bug that was fixed weeks ago? Like early August? If you are not averse to this feature then it is better to simply make sure you are running the latest version.
It was also caught during progressive rollout, i.e. it never affected anyone who had disabled "studies" in their preferences.
I litterally gained one hour off my charged battery when I switched these two settings off, just a week ago, and I keep my browser up to date. So not for me.
On an 80wh battery, say you go from 7hrs to 8hrs, so- 10wh saved over 8hrs. Thats a 1.125watt difference.
I propose the below as various factors that can be larger:
Slower fan speed because of lower ambient temperature.
Different dark/light ratio and/or adaptive screen brightness.
Wifi spectrum congestion, variable power levels to maintain proper SNR.
Wifi/ethernet- broadcast packets.
The list goes on. Most of these are below a watt, but demonstrate the point that you've got a lot more variables than just one setting in a browser.
You sound like 1.125 watts is insignificant to a laptop, but my laptop idles around 6 watts and it is currently using 8 watts since I've got some stuff running. Shaving off 1.125 watts is a 14-19% improvement.
The point is that the shaving might not be due to the firefox variable changes, but rather to other environmental differences.
Exactly. And honestly- the screen is way way more than 1watt. According to RAPL power, a USB-PD power analyzer- changing the brightness on my 15" 4k OLED laptop screen can reduce power usage by 15-20W. The nature of OLED makes it hard to get a clear picture.
I didn't know about this 2 settings but they were already disabled in my about:config. I wonder if Debian distributes a non-default about:config with Firefox.
They do, see /etc/firefox-esr/firefox-esr.js -- but the aforementioned settings are not in that file by default, and [0] seems to suggest Debian does not alter the compiled-in defaults either.
Some quick digging in the source suggests that it's simply not enabled by default in ESR 128. I don't know if that's because it's only enabled by default in a later release, or because it's disabled in all ESR releases; I suspect the former. Compare [1] and [2]:
The other pref, browser.ml.chat.enable[d] is not mentioned in that file at all.(edit: according to [3a] and [3b], it's browser.ml.enable and browser.ml.chat.enabled... yay for consistency, I guess)
[0] https://sources.debian.org/src/firefox-esr/128.14.0esr-1~deb...
[1] https://salsa.debian.org/mozilla-team/firefox/-/blame/upstre...
[2] https://salsa.debian.org/mozilla-team/firefox/-/blame/upstre...
[3a] https://salsa.debian.org/mozilla-team/firefox/-/blame/esr128...
[3b] https://salsa.debian.org/mozilla-team/firefox/-/blame/esr128...
Thanks for the heads-up! Yeah, I'm running ESR 128 right now so when I upgrade to the next ESR I'll keep an eye on these settings.
I've been a Firefox die-hard since it was called Phoenix a couple decades ago. That said, over the last two months I've been testing Orion Browser (from Kagi, to which I subscribe), and am smitten with it. It's Apple only at the moment, which is a drawback, but if you live in that ecosphere, it's worth a look.
Orion is Webkit-based, can install extensions from Chrome OR Firefox, privacy respecting, and a whole lotta niceties for per-website tweaks and other customizations.
[0] https://kagi.com/orion/
Orion indeed is a decent option for the privacy conscious as it is one of the few browsers that doesn't make any automated connections on startup (with the right config). But, if I remember right, they are still trying to get Ublock Origin to work perfectly on it (i.e. WebExtension support is still not fully supported on Orion).
PaleMoon ( http://www.palemoon.org/ ) is a hard fork of Firefox, with a mix of old tech (XUL) and new tech (from current codebase of Gecko), that is another full-featured zero-telemetry browser that doesn't make any automated connections. But on this too, the full features of uBlock Origin isn't supported as it is based on the abandoned uBlock Origin (legacy) codebase (though the legacy codebase has been updated by some PaleMoon developers, the original developers of uBlock Origin do not wish to support PaleMoon as it doesn't support WebExtension.
Then there's the Tor Browser ( https://www.torproject.org/ ) - it is a soft fork of Firefox, that supports the Tor network and has been configured by default to be "privacy hardened" - it has none of the crap that Mozilla bundles into Firefox, like Pocket, AI, Ads etc. The Tor software bundled in it can be easily deleted, to use it as privacy hardened Firefox. However, there are two issues with it - it does make unauthorised and unwanted automated connections (to SecureDrop) and you can no longer remove the NoScript browser extension that is bundled in it (you could from previous versions). When a browser maker forcefully bundles something in it, (however useful it may be), and does not allow you to modify it, that's well-founded ground to be suspicious of it. (Note: I did finally figure out that one can stop automated phoning to SecureDrop, after disabling it in about:rulesets ).
As the tor browser laid a good foundation to create a privacy hardened Firefox, there are many other browsers that are Forks of the Tor browser - the Mullvad Browser ( https://mullvad.net/en/browser ) is a popular one, and Mullvad bundles its VPN service in it instead of the Tor network. Last I checked, it made some automated connections on startup, so I didn't bother to explore it further).
I just need it to stop using Safari’s slow ass animation for the two-finger trackpad swipe back gesture
Apple is for suckers who want a parent to tell them what they can and cannot do with their own devices. (IMO)
A fools errand.
No matter how effective this list is, the settings will either revert, change, or be silently undone.
New settings will alter the efficacy of the old ones.
Existing settings will disappear.
The behavior you hoped to configure changed to its opposite.
Remember: there was one morning when we all woke up and saw every dns query sent to cloudflare doh by default, and with no opt-in.
> saw every dns query sent to cloudflare doh by default, and with no opt-in
True. And most people don't even know it.
If the first item isn't "whitelist JS", you're doing it wrong. So many problems arise from letting any site run programs on your computer that it's best to reserve the privilege to the most trusted of sites.
Meanwhile if I see that I just move on. It just isn't practical to have a workable browser with JS whitelisting for the general case. I doubt people who do this actually do any kind of thoughtful review before hitting "accept". It just adds manual toil with limited benefit.
If they are doing meaningful review, I question how much they actually get done in life.
When it was developed, uMatrix was a brilliant method of being cautious about what runs, and it had a logger so you could easily see what domains you should enable the current domain to have access to.
I still use it honestly, but I'll need to move on at some point - not just because it's MV2-only, but also I've found a way in which uMatrix can be bypassed if a website were to specifically target it. (It doesn't affect uBlock Origin, although I haven't tested the Lite MV3 version.)
I have NoScript by default set to no run. Some sites work better without it.
I very clearly remember, many years ago, a site (which was otherwise perfectly usable) nagging me to "enable JS for a better experience"; curious, I did and was immediately assaulted with all manner of hostile and irritating crap like popups, text selection hijacking, and even attempts to disable the right-click menu. Hurriedly disabled JS again to regain sanity. Nope. I'm never falling for that again... Of course the problem these days is with sites that don't work at all without JS even if they're just static content, and I suspect part of the reason is to force-feed you the crap along with the real content.
It's quite telling that even the mobile version of Chrome, well known for being the most user-hostile browser, has the option to whitelist or blacklist JS and various other features like location access.
Chrome didn't have anything other than a global JS on/off at first, so they clearly added this feature later.
You only have to whitelist your top sites once, not every day.
and it's trivial to do with uBlock.
it have both a global option to disable js, and a option to set a keyboard shortcut to reenable as needed for each site.
Also consider putting Firefox itself into a jail. E.g. using bubblewrap on Linux: https://gist.github.com/richardweinberger/cae9edeafeec4cdf65...
This checklist is a work in progress, would love to hear your feedback.
Disable WebGL. Not in a funny javascripty extension, in about:config.
Good work. There are some hardening options that you may be able to glean from ArkenFox [1] and Betterfox [2]. Another addon to consider listing is CSS Exfil protection [3a] CSS Exfil Test Site [3b].
[1] - https://github.com/arkenfox/user.js
[2] - https://github.com/yokoffing/Betterfox
[3a] - https://addons.mozilla.org/en-US/firefox/addon/css-exfil-pro...
[3b] - https://www.mike-gualtieri.com/css-exfil-vulnerability-teste...
Awesome, will check these out, thank you!
https://librewolf.net/
https://codeberg.org/librewolf/settings/src/branch/master/li...
Librefox is the most robust/maintained fork I've come across.
LibreFox? (2019)
https://github.com/intika/Librefox/issues/125
Typo! sorry. Librewolf is what I meant.
Personally I leave the anonymous daily usage ping enabled in the (perhaps naive) hope that my use of Firefox being counted might help keep it afloat/popular. I guess that's not really in the spirit of a privacy-focused hardening guide but it is something that some may wish to consider.
Some may argue that the data that is included is a bit much for a "daily usage ping," an assertion that I won't dispute—but I will say that I appreciate the fact that Firefox even provides this level of transparency in the first place:
https://dictionary.telemetry.mozilla.org/apps/firefox_deskto...
NoScript to automatically disable JS on first load, something to deal with Cookies (like cookie auto delete) and making use of MultiAccount containers. (defo privacy badger installed as well).
I have used Cookie Auto delete for years. Last time I checked development seemed to have stalled.
Also have a look at https://ffprofile.com/
Thank you, this helps a lot.
Nice site, thanks!
This is quite a rudimentary checklist, and it won't provide much in terms of privacy protections, but it will break a number of sites.
The current state of browser-fingerprinting is off-the-rails, where they deny service if they don't get those fingerprints, and the browser to a lesser degree has had its securities/privacy protections gradually degraded.
Stock Firefox will not be able to provide any sufficient guarantees. There are patches that need to be re-compiled in, because there have been about:config options removed.
I highly suggest you review Arkenfox's work, most of the hardening feature he recommends will provide a better defense than nothing. He regularly also contributes to the Mullvad browser which implements most of his hardening and then some but also has some differentiation from the Tor Browser, but many of the same protections.
The TL;DR of the problemscope is that there are artifacts that must be randomized within a certain range. There are also artifacts that must be non-distinct so as to not provide entropy for identification (system fonts and such that are shared among many people in a cohort).
JS, and several other components, if its active will negate a lot of the defenses that have been developed to-date.
Additionally, it seems that in some regional localities Eclipse attacks may be happening (multi-path transparent MITM), by terminating encryption early or through Raptor.
At a bare minimum, there seem to be some bad actors that have mixed themselves into the root pki pool. I've seen valid issued Google Trust certs floating around that were not authorized by the owner of the SAN being visited, and it was transparent and targeted to that blog, but its also happened with vendors (providing VOIP related telco services).
It seems Some ISPs may be doing this to collect sensitive data for surveillance capitalism or other unknown malign purposes. In either case TLS can't be trusted.
> I've seen valid issued Google Trust certs floating around that were not authorized by the owner of the SAN being visited
Did you confirm with the owner that they were unauthorized?
And can you point to the certificates in the Certificate Transparency logs?
> Did you confirm with the owner that they were unauthorized.
I confirmed with their support. I provided the certificate chain and sha-256 fingerprint being served, and they said it didn't match, and that they use a different provider for their certificates; which I suppose is Godaddy, at least that's what shows up on the crt.sh logs.
I don't run nor have access to a CT log for auditing. I was told it was revoked though. If you want to look into it you can; I'm including the CRT chain below.
There have been a number of issues uncovered while investigating the silent failing calls. Ranging from silent fail denial of service, unauthorized password changes after-the-fact, and with login credentials it seems some form of MITM translation, and these are consistent across many devices when accessing the site, or services.
The issues seem to clear up every month or so for about 1-2 weeks starting on the 4th, a new set of certs shows up every couple months.
The translation thing is that voip.ms doesn't allow @ symbols in passwords. About 2-4 hours after a lost password recovery the password that is set stops working with no change logged server-side. Replacing the token I used instead of @ with @, logs in without error from the edge successfully after that period occurs, despite their password policy/validator silent failing, and being against the use of that token which they have confirmed is still in effect. Craziness.
I can only conclude that this is some form MITM. I've seen similar issues across other vendors as well, but they haven't noticed failures yet, or have been completely non-responsive (with no phone contact), so they haven't been looking into it too hard, if at all.
www.voip.ms
-----BEGIN CERTIFICATE-----MIIDmjCCA0GgAwIBAgIRALnZP1MTVuRgEWRq2GuA7BkwCgYIKoZIzj0EAwIwOzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczEMMAoGA1UEAxMDV0UxMB4XDTI1MDYwNjA2MzQxOFoXDTI1MDkwNDA3MzM1M1owEjEQMA4GA1UEAxMHdm9pcC5tczBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHNo2vDB8rWItKKAgiIWPUU0T7upGdVUZE5uF24AjT9KmZhZBpdrXeOWJqWuA4jPWXBUzGrVzUGYsO6B/CvLkKqjggJNMIICSTAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUkFJpHoJsK+n+gV1HFtpEg27jxGAwHwYDVR0jBBgwFoAUkHeSNWfE/6jMqeZ72YB5e8yT+TgwXgYIKwYBBQUHAQEEUjBQMCcGCCsGAQUFBzABhhtodHRwOi8vby5wa2kuZ29vZy9zL3dlMS91ZGswJQYIKwYBBQUHMAKGGWh0dHA6Ly9pLnBraS5nb29nL3dlMS5jcnQwHQYDVR0RBBYwFIIHdm9pcC5tc4IJKi52b2lwLm1zMBMGA1UdIAQMMAowCAYGZ4EMAQIBMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jLnBraS5nb29nL3dlMS9fLTRpRndmQ2FjTS5jcmwwggEGBgorBgEEAdZ5AgQCBIH3BIH0APIAdwDd3Mo0ldfhFgXnlTL6x5/4PRxQ39sAOhQSdgosrLvIKgAAAZdEKXt9AAAEAwBIMEYCIQDjYC10JgSqWCbCE23l++70zgoHwTPUYsAf56DrZiWJdQIhANPwfZiTkV0N5eAVGYlRpPpQ88KovS80pPmThB8VHHzFAHcAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGXRCl7agAABAMASDBGAiEAzfEhazBYmOhzSujGbLErjeTwKQvV3/ASvWENwXycXCoCIQDM+tYWt/xzqBcYd4Ivs2Pba/EIuBMhRY9Rq2CdntkqYDAKBggqhkjOPQQDAgNHADBEAiBzcp1G0vLRX+ZvWJFnRG83/pt+0fx4j1uXu66R4nbVyAIgekwYAEhhA7aJ19uykBfTG/wesrmcrkLxX6XjqEzE2L8=-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIICnzCCAiWgAwIBAgIQf/MZd5csIkp2FV0TttaF4zAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMjMxMjEzMDkwMDAwWhcNMjkwMjIwMTQwMDAwWjA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMQwwCgYDVQQDEwNXRTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARvzTr+Z1dHTCEDhUDCR127WEcPQMFcF4XGGTfn1XzthkubgdnXGhOlCgP4mMTG6J7/EFmPLCaY9eYmJbsPAvpWo4H+MIH7MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUkHeSNWfE/6jMqeZ72YB5e8yT+TgwHwYDVR0jBBgwFoAUgEzW63T/STaj1dj8tT7FavCUHYwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAChhhodHRwOi8vaS5wa2kuZ29vZy9yNC5jcnQwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2MucGtpLmdvb2cvci9yNC5jcmwwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwMDaAAwZQIxAOcCq1HW90OVznX+0RGU1cxAQXomvtgM8zItPZCuFQ8jSBJSjz5keROv9aYsAm5VsQIwJonMaAFi54mrfhfoFNZEfuNMSQ6/bIBiNLiyoX46FohQvKeIoJ99cx7sUkFN7uJW-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzuhXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvRHYqjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/Cr8deVl5c1RxYIigL9zC2L7F8AjEA8GE8p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh4rsUecrNIdSUtUlD-----END CERTIFICATE-----
SHA-256 Fingerprint:
FB:4E:10:D3:58:0A:01:1A:9E:82:92:5B:33:AE:1C:E3:6D:5C:B3:97:53:73:B4:1C:4A:7E:30:8B:49:44:BA:24
Support staff said they were investigating the issue, but its been almost 90 days now without next-steps, explanation, or anything actionable. I've been getting stonewalled for quite awhile now.
I've seen this enough times now recently that TLS doesn't seem trustworthy anymore. Its quite maddening too where at a fairly fundamental level in troubleshooting; what you see on one end isn't what is actually being hosted on the other.
> JS, and several other components, if its active will negate a lot of the defenses that have been developed to-date.
I thought if you disabled JS, then that would greatly narrow down which user on the internet you are, since very few people (in comparison to everyone else in the world) actually do this.
> not authorized by the owner of the SAN being visited
Source?
> TLS can't be trusted
Do you have more info on this? Why are more people not worried about it?
> I thought if you disabled JS, then that would greatly narrow down which user on the internet you are...
It is a fundamentally cursed problem that has a lot of nuance.
You have buckets of people, and the entropy or difference between your collected artifacts and others must be sufficient to uniquely identify a single person, that is the point of fingerprinting. Your natural defense is in not sticking out of that group/crowd uniquely so others in the group may carry the same range of fingerprints.
At the same time, if you homogenize the artifacts to limit it down to a single fingerprint the sites will simply deny access.
Disabling JS altogether doesn't identify you aside from the fact that you are part of the overall group that has it disabled, the trade-off is that all the entropy JS would normally collect cannot be collected. So while they cannot identify you uniquely they can identify the group by denying that group, and that is the fundamental weakness of binary switches. Its a constant cat and mouse.
> not authorized by the owner of the SAN being visited. > Source?
Firsthand experience with a large VOIP provider where communications would fail intermittently but in targeted ways that avoid common test failures. Call tests would intermittently but routinely fail in the silent-fail domain of interrupt driven calling (where you wouldn't know a call was inbound), and the failures would occur only in that domain. The issues were narrowed down to a mismatch in certificates through a lengthy support correspondence where the hosted certificate vs what was being provided at the edge were different. The artifacts were compared manually through correspondence.
The certificate revocation was revoked within 48h once the vendor reached out to Google, but we've seen it happen twice now. The standards in general use don't have a means aside from revocation to handle bad-acting at the root-PKI level. Chain of trust issues like this have been known about for over 2 decades in the respective fields.
> Do you have any more info on this? Why are more people not worried about it?
On the specifics? The Princeton Raptor attack paper (2015) covers the details. Early termination of encryption, and traffic analysis are pretty bad.
Why more people aren't worried? I suppose its because most of the security industry (not all) has accepted the fact that device security is porous, and there isn't really much you can do to hold the manufacturer responsible or to make changes. Surveillance capitalism is also incentivized through profit motive to impose a state of complete and total dependency/compromise.
The state of security today, with your almost routine data breaches every quarter, is a direct consequence from lack of liability, accountability, and regulation, and honestly people in the overall media have stopped listening to many of the experts. They don't want to know how bad, bad is.
The breadth and depth of scale is enough to drive one a bit crazy when looking at the unvarnished reality, its such a complete departure from what is told that it becomes disbelief. The people are largely powerless to mitigate the issues as most of the market is silently nationalized in one form or another. Its no longer about the features people need, but about coercing the market where the only choice is what gets shoveled.
Do you suppose the average middle class worker has the headspace to worry about their county tracking their minute movements through suites of radio sensors (TPMS/OBD-2), or someone hacking into their car through the telematics unit while their driving and disabling the braking, or inducing race conditions related to safety-critical systems.
While we may not care domestically about many of these things when we are told, given our stance on free-speech, if your a critic of China; they might care, and no ones stopping them because the security deficits are almost equally imposed through inaction as they are through action.
Many of these uses are also no commonly disclosed; and manipulated rhetoric is jamming communication channels.
Cable modem security for instance requires a mandated backward compatibility to a 48bit RSA key (Cyphercon Talk), and while there are elevated security modes it boots in that mode, and pulls the config down remotely making it vulnerable to Eclipse.
Money-printing is largely what drives these incentives towards a dysfunctional market.
https://cyphercon.com/portfolio/exposing-the-threat-uncoveri...
https://www.youtube.com/watch?v=_hk2DsCWGXs
Privacy Possum is better than Privacy Badger imho
It appears not to have been updated since 2019?
See https://github.com/cowlicks/privacypossum
Oups - I had no idea. Thanks for noticing this. I'm back to the badger. :)
Firefox doesn't "help your privacy" and make promises just because it's developed by Mozilla, and Chromium doesn't become worse than Firefox just because it's developed by Google. As others have said, this article feels like it was written in LLM.
Or use LibreWolf and call it a day.
Librewolf randomizes your time zone data on every page load, screwing with websites. It's on by default, and can be turned off.
It’s not directly in popular distributions unfortunately.
True but the next best thing is arkenfox which is even more of a pain. Librefox makes a lot of the flags toggleable/visible in settings which is convenient too.
It's available as flatpak for a while - if that changes anything
Will enabling "HTTPS-Only Mode" block http://localhost? If so, it would interfere with web development.
No, it doesn't block localhost.
Also you can add exceptions, so if you have e.g. a HTTP-only server on your local network, you can whitelist it manually.
No, you can always continue on to non-HTTPS pages.
Can you create some certs for yourself?
I just want something (config or extension or instructions or whatever) to give me the best (rather, most common/average) fingerprint possible according to that EFF tool. Does that exist?
You have to choose from one of two strategies, either you go with tor-browser (also includes Mulvad-browser) route and try make your browser indistinguishable from others or you randomize values to make stable fingerprinting impossible.
When trying to be similar to everyone else, even small changes to the browser, like changing window size, can make you easily identifiable from everyone else. Randomizing will allow you to modify your browser. None of the fingerprinting protections matter if you use your browser and session to login to some sites.
I use multiple browsers. One is for login to sites and tor-browser is for most of my browsing.
This is easily the best fingerprinting extension that I have found so far: https://jshelter.org/
I think you're right with having a two-browser setup and I actually want to give it a spin. I envision I'll need to change some habits but it really does seem like the cleanest way to go about it.
That’s the extension Privacy Badger.
> Privacy Badger
UBO is enough; https://github.com/arkenfox/user.js/wiki/4.1-Extensions#-don...
IMO the EFF tool is a bad test because it only compares you against other people that have used the tool.
A better test would be CreepJS in my opinion: https://abrahamjuliot.github.io/creepjs/
I'm not aware of any FOSS browser setup that can actually result in a random FP ID shown in creepjs on every page load (please prove me wrong).
This probably won't be perfect on the EFF tool but try arkenfox
I think it just makes me a little sad that despite the effort I've put in, that tool (called Cover Your Tracks btw, or other ones like amiunique) still report that I am indeed unique.
Basic things that browsers lack:
Things that I want to do but I can't: I don't think Firefox is worth supporting, I believe it is a Trojan Horse of Google (or at least a Useful Idiot), and its existence is the main reason we have exactly 0 browsers (open source or proprietary) right now. It should die, so something else might flourish.How would you know if DuckDuckGo actually respected privacy? It's a black box.
DDG reports all clicks to links.duckduckgo.com and improving.duckduckgo.com, etc. Which AdGuard seems to block, and maybe one of my browser settings/extensions as well.
Allegedly they do that for "referer protection" reasons to hide the search term that was used to get to the site.
If you want a hardened version of Firefox, download LibreWolf.
Yeah, librewolf does a lot of the article's suggested things by default and is less likely to introduce new misfeatures to opt out from
or Waterfox
Thanks for this ... great start. Mozilla Firefox COULD be an even more powerful source for good. Stop focusing on BS VPN, AI, etc ... focus on great browser, security, privacy. There is a possible niche for a centrally managed, security focused browser for companies ... like the Island Browser ... as an option.
Good luck remembering to do that every time Firefox updates. Hopefully, that's the only time it changes settings, right? Right...?
Go for a Firefox fork and jump ship to Ladybird once it comes out. Forks wouldn't exist if it was trivial to revert Mozilla's mistakes.
Shouldn’t Firefox come hardened out of the box ?
There’s tradeoffs between privacy and convenience. Mozilla makes a particular set of tradeoffs, based on their judgment of what the average user will put up with; checklists like this allow you to make more aggressive tradeoffs.
Yes, but a lot of Mozilla's money comes from Google. https://www.pcworld.com/article/2772034/googles-search-monop...
Isn't that just to provide the search engine default? Which is easily changed?
That would be a great move by Mozilla. Have a "secure" version: Firefox, Firefox ESR, and Firefox SECURE. Or maybe just provide a switch to turn on.
90% of the stuff in the OP will break certain sites… The problem is that non-technical users will think “oh, privacy, that’s good” (which it is, don’t get me wrong), click the “max privacy” option, but then be unable to fix things when they don’t work and switch back to Chrome.
remember that "firefox -p" opens the profile manager so you can have one profile without the last two items on that list, just for when you need one or two sites that have broken login code that requires 3rd party cookie (it's always for malicious reasons rather than incompetence, but if you have to login you have to login)
Hypersegregate browsing with profiles.
One profile for banks, a different profile for Amazon, a third profile for Google sites, a fourth for news sites I log into, a fifth for news sites I don't log into, a sixth that automatically forgets everything on exit for sites that UBO breaks.
Then delete all data on each profile periodically, weekly for news sites, monthly for Amazon and banking sites.
It's a giant pain in the ass juggling all these profiles. Seems like there should be a browser that automatically and transparently isolates every site in its own profile.
Mozilla introduced new profile manager for Firefox somewhere around May. This thing uses new storage format and ignores already existing "old" profiles, except for the default one. Data remains untouched, profiles created in the past are still here accessible by about:profile and if you don't want to use that new profile manager set browser.profiles.enabled entry to false.
From what I've seen around people using the popular customized Firefox variants, like Floorp, Librewolf were surprised by this and not fond of the change.
There are things I also do like removing sponsored links on the about page and url bar. Also disable type-ahead to search engine.
My understanding is that Privacy Badger no longer learns by default. I never wanted that, just block known things, like search engine click hijacks.
I’m not sure what to do about the user agent header. Changing or simplifying it tends to break sites. Also I’d like to promote Linux there but that’s at odds with privacy.
Sorry, not the about page, the newtab page.
After the shit Mozilla pulled with ad/tracking this summer, the first step for improved privacy should be to delete firefox and switch to brave / what have you.
> switch to brave
Fun suggestion to switch to a browser that has a company behind it that has pulled a lot of shady stuff related to ads and tracking. A company where privacy is more marketing than a core value.
Edit: Since people are going to ask anyway, here is an article that covers a lot of the shady stuff brave pulled https://thelibre.news/no-really-dont-use-brave/
If you are one of those folks who don't care about the political arguments, feel free to skip over paragraph one and two. Paragraph three till ten cover actual shady stuff done by brave the company itself.
There is one more thing I can add to the list, though it wasn't as widely published about. At some point the team behind Brave decided to implement browser extension support from scratch and only support specific extensions. Which sounds okay in theory until you realize how they did so. Without involving the extension creator they would fork a version of the extension and bake that into Brave. They did so without informing the extension creator, meanwhile users would still go to the extension creator for support who couldn't fix a thing.
Every time one of these things come up, the Brave team either is irked (but changes it anyway) or goes "oh, yeah we'll remove it in the future". This to me indicates a company culture where there is no thinking ahead about the impact of features or where they simply don't care as long as they aren't called out on it.
This consistent pattern over a period of years has, to me anyway, shown that issues such as privacy or even being user centered are not a core part of their thinking but merely a marketing gimmick.
And to be ahead of the curve on some other things I have heard people say over this. Just that Mozilla sucks doesn't mean alternatives can't be worse.
Could you actually cite some from Brave’s privacy policy (as firefox has now) to corroborate these claims
See my updated comment, that contains all the details you should need. Unfortunately nothing about their privacy policy, I personally feel that actions taken by brave speak louder than whatever they have in their written policy.
A fork of Firefox like librewolf is even better incentives I think
My entire feeling about privacy is that, while surveillance economy tends to amplify the worst parts, ultimately, Richard Thieme's presentation is right: https://www.youtube.com/watch?v=atDgnkvzD8I
Thought experiment: in 100 years or even ten, can you imagine that there will not be tiny little camera robots that can get into the home of every person alive? Wouldn't every single living person be prone to having nude and unflattering, private moments leaked all over the internet?
Socially, if privacy is a construct, then so is the fallout we expect others and ourselves to feel when privacy is violated. To some extent, not all, this is self-inflicted Victorian thinking. To the extent that it's true, part of the answer is, in the words of the brave (lol) Michael Cohen, "So what?" Really, so what? I hope we can get to that kind of reaction to adults having their privacy upended because it just takes so much of the bite out of the problem, the shame that relatively innocent people would experience for something completely out of their control.
As far as the getting it back under control thing, we may also be coming to a point that more technologies are so dangerous or impactful that there becomes a need for more strict control so that powerful tech like miniaturization produces paper trails and the use of such technology comes with an implicit requirement for openness. I don't really care that people can use miniaturization, but I care if they can anonymize it to the extent that we create a lawless society with no remaining means of accountability.
What *will* Russia and North Korea do when it becomes plausible to unleash little robot assassins either in small numbers to target individuals or mass numbers to carry out what is essentially nuclear scale death without nuclear scale fallout and destruction? It is plausible that this is a new facet of WMDs and MAD-based deterrence.
Privacy, robots, and the inevitable slide into world war 3.