============================
1 - Tools > options
----------------------------
General Tab
When firefox stats Show my home page.
Set homepage to about:newtab
----------------------------
Content
Check block pop-up windows. Exceptions > Add sites.
----------------------------
Applications
Set all you can to always ask.
PDF > FOXIT
AVI,MP4,MPEG,WAV,WMA,WMV > VLC
----------------------------
Privacy
Click tell sites i dont want to be tracked.
History
Custom settings > uncheck remember search/form history.
Uncheck accept cookies
Check clear history when firefox closes, and click settings.
History > Uncheck cookies,active logons.
Data > Uncheck site preferences.
Go to cookies section for cookie exceptions.
----------------------------
Security
Check warn about addons
Uncheck block reported attack sites, web forgeries(uses google to do this)
Uncheck Remember passwords/master password.
Clear any saved passwords.
----------------------------
Sync
Set up sync for bookmarks,addons, preferences.
----------------------------
Advanced
General - Uncheck all except autoscrolling, smooth scrolling and always check firefox default browser.
Data choices - uncheck all.
Network - Click connection settings...go to proxy section.
Cached web content > override set to 0. Click tell me for offline web content.
Update - Automatically install and check warn me.
Check use background services, and updates to search engines.
Certificates - ask me everytime.
============================
2 - Search Engines
https://startpage.com/eng/download-startpage-plugin.html
https://duckduckgo.com/
============================
3 - Set Cookie Management
============================
Click Tools > options > privacy tab > exceptions.
ALLOW
==========
<set the cookies u want to keep/allow here>
============================
To allow youtube accounts to work
both google.com & accounts.google.com have to be set.
Block
==========
accounts.google.com
google-analytics.com
googleadservices.com
googlesyndication.com
googletagmanager.com
googletagservices.com
googleusercontent.com
gstatic.com
plus.google.com
google.com
youtube.com
facebook.net
google-analytics.com
petametrics.com
http://facebook.net
http://google-analytics.com
http://petametrics.com
https://facebook.net
https://google-analytics.com
https://petametrics.com
googlesyndication.com
doubleclick.net
doubleclick.com
============================
4 - about:config
============================
verification/info
---------
https://duckduckgo.com/User_agent
ip-check.info
http://fingerprint.pet-portal.eu/
http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries
---------
beacon.enabled;false // tracking
breakpad.reportURL; //replaces mozilla crash url w/ nothing
browser.cache.disk.enable;false // disables disk cache
browser.cache.disk.capacity;0 // 0 disk cache size
browser.cache.offline.capacity;0 // 0 offline cache size
browser.cache.offline.enable;false //disable offline cache
browser.cache.disk_cache_ssl;false // disables caching of ssl content(known to save passwords to disk)
browser.cache.disk.smart_size.enabled;false // disables auto-disk cache management
browser.contentHandlers.types.0.uri;localhost //disables link for my yahoo mime to add content to my yahoo
browser.display.use_document_fonts;0 //allows override of doc fonts
browser.download.hide_plugins_without_extensions;false //shows plugins w/o extensions
browser.download.manager.addToRecentDocs;false //disables adding downloads to recent docs
browser.download.manager.alertOnEXEOpen;true //alerts if exe is opened from dl manager
browser.fixup.alternate.enabled;false //disable domain guessing
browser.geolocation.warning.infoURL;localhost // disables external geo warning page request
browser.formfill.enable;false //disables formfill
browser.pagethumbnails.capturing_disabled;true //disables history from showing in new:tab
browser.preferences.advanced.selectedTabIndex;2 // display security tab in advanced options
browser.safebrowsing.remoteLookups;false // disable url checking
browser.safebrowsing.malware.enabled;false //disable url checking
browser.safebrowsing.enabled;false //disable url checking
browser.safebrowsing.gethashURL;localhost //disables google safebrowsing hashing
browser.safebrowsing.malware.reportURL;localhost // disables google malware url reporting
browser.safebrowsing.reportURL;localhost // disables google url reporting
browser.safebrowsing.updateURL;localhost // disables google url updating
browser.search.suggest.enabled;false // disable search suggestions
browser.search.openintab;true //opens browser search queries in a new tab
browser.send_pings;false // disables http pings
browser.send_pings.require_same_host;true // disable 3rd party pings
browser.sessionhistory.max_entries;2 // number of tabs you can recover
browser.urlbar.autofill;false // disable inline autofill
browser.urlbar.autofill.typed;false //disable autofill while being typed
browser.urlbar.maxRichResults;2 // shows 2 autocomplete urls from history or bookmarks
browser.urlbar.trimURL;false // always show full URL
datareporting.healthreport.nextDataSubmissionTime;1406414358372 // max time
datareporting.healthreport.service.enabled;false // disable report service
datareporting.healthreport.uploadEnabled;false // no upload
datareporting.policy.dataSubmissionEnabled;false // no data submission
dom.battery.enabled;false // fingerprinting due to differing OS implementations
dom.enable_performance;false // performance stats to mozilla
dom.gamepad.enabled;false // disable gamepad api
dom.network.enabled;false // fingerprinting due to differing OS implementat
dom.storage.enabled;false // can store per-session or domain-specific data as name/value pairs on the client using DOM Storage.
dom.storage.default_quota;0 // dom storage 0kbs
extensions.getAddons.cache.enabled;false // disable update add-on metadata
gecko.handlerService.schemes.irc.0.uriTemplate;localhost // disable irc
gecko.handlerService.schemes.ircs.0.uriTemplate;localhost // disable ircs
gecko.handlerService.schemes.mailto.0.uriTemplate;localhost // disable mailto
gecko.handlerService.schemes.mailto.1.uriTemplate;localhost // disable mailto
gecko.handlerService.schemes.webcal.0.uriTemplate;localhost // disable webcal
geo.enabled;false // location-aware browsing
geo.wifi.uri;localhost //disables wifi reporting?
gfx.direct2d.disabled;true //disable hardware accel. for fonts
gfx.downloadable_fonts.enabled;false //disable downloadable fonts
intl.accept_languages;en-US,en // languages
keyword.enabled;false //wrong urls =/= google search
layers.acceleration.disabled;true // disable hardware accel.
layout.spellcheckDefault;0 //disable spellchecker
media.peerconnection.enabled;false // Disable WebRTC
----------
network.cookie.cookieBehavior;0
0 - All cookies are allowed.
1 - Only cookies from the originating server are allowed.
2 - No cookies are allowed.
----------
network.cookie.prefsMigrated;true // The deprecated preferences have been migrated
network.dns.disableIPv6;true // Disable IPv6 DNS lookups
network.dns.disablePrefetch;true // disable link prefetching
network.dns.disablePrefetchFromHTTPS;true // disable https link prefetching
network.http.use-cache;false // do not cache http or https pages
network.http.sendRefererHeader;0 //Never send the Referer header or set document.referrer
network.http.pipelining;true //Attempt to use pipelining in HTTP 1.1 connections
network.http.pipelining.maxrequests;8 //max requests
network.http.pipelining.ssl;true // Use HTTP pipelining for secure websites
network.prefetch-next;false // Disable link prefetch
network.protocol-handler.warn-external.mailto;true //warn mailto
network.protocol-handler.warn-external.ms-windows-store;true //warn windows store
network.protocol-handler.warn-external.news;true // warn news
network.protocol-handler.warn-external.nntp;true // warn nntp
network.protocol-handler.warn-external.snews;true //warn snews
network.websocket.enabled;false //dns leak & can bypass settings
pageThumbs.enabled;false //disable page thumbnails
plugins.click_to_play;true //enable click to play flash
plugin.disable_full_page_plugin_for_types;application/pdf // disable full page pdf
plugins.enumerable_names; // dont send plugins
plugin.expose_full_path false // websites can't see the full path via navigator.plugins
plugins.notifyMissingFlash false // block Flash notifications from appearing in the browser
security.dialog_enable_delay;250 // launch security dialog in 250 msecs
services.sync.prefs.sync.browser.formfill.enable;false // dont sync formfill
services.sync.prefs.sync.browser.safebrowsing.enabled;false // dont sync safebrowing
services.sync.prefs.sync.browser.safebrowsing.malware.enabled;false // dont sync malware setting
social.enabled;false // disable social api
webgl.disabled;true // disable webgl
ADDONS:
noscript.untrusted;google-analytics.com petametrics.com http://facebook.net http://google-analytics.com http://petametrics.com https://facebook.net https://google-analytics.com https://petametrics.com googlesyndication.com doubleclick.net doubleclick.com ajax.googleapis.com blogergadgets.googlecode.com facebook.net google.com googlesyndication.com googletagmanager.com googletagservices.com linkedin.com petametrics.com quantserve.com reddit.com scorecardresearch.com twitter.com wwwpromoter.com http://facebook.net http://google.com http://googlesyndication.com http://googletagmanager.com http://googletagservices.com http://linkedin.com http://petametrics.com http://quantserve.com http://reddit.com http://scorecardresearch.com http://twitter.com http://wwwpromoter.com https://facebook.net https://google.com https://googlesyndication.com https://googletagmanager.com https://googletagservices.com https://linkedin.com https://petametrics.com https://quantserve.com https://reddit.com https://scorecardresearch.com https://twitter.com https://wwwpromoter.com www.addthis.com
-------------
USER STRING // tells websites your config...barely changes website appearence unless switched to mobile/tablet
general.appname.override;Netscape
general.appversion.override;5.0 (X11)
general.buildID.override;20140923184509
general.oscpu.override;Linux i686
general.platform.override;Linux i686
general.productsub.override;20100101
general.useragent.override;Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0
general.useragent.vendor;
general.useragent.vendorSub;
Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0
Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0
============================
============================
5 - Addons
============================
AdBlock Edge
Better Privacy
Classic Theme Restorer
Cookie Controller
Disconnect
FEBE
Ghostery
HTTPS Everywhere
NoScript *
Privacy Badger
Profile Switcher
RefControl *
Request Policy *
Smart Referer
* Has to be setup for each website.
************
I know most people would say oh well with all those plugins you're sending your websites visited/other info to various organizations, well yes i am, but at least theyre not being sent to google.
And as far as attempting to hide what you're doing, notice that none of this involves encrypted dns queries, tor, or completely changing the OS to tails or a similar linux based livecd w/ no hdd.
Just attempting to avoid browser based tracking by companies.
Also keep in mind when even going the 100 percent paranoid route, there still can be hardware based exploits/backdoors which not even the best setup could protect against.
Such as your encryption and other methods are rendered useless when/if the govts/industries are using kernal or driver level backdoors/exploits, they can steal the info before it ever reaches the means of encryption.
******************
For a superior privacy based browser please refer to tor.
https://www.torproject.org/
No comments:
Post a Comment