Welcome
Welcome to refracta

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today!

iceweasel firefox security settings

Tips and Instructional topics. Not for support questions.

iceweasel firefox security settings

Postby nadir » Mon Jul 01, 2013 2:06 am

plugins

- noscript
- https-everywhere
- https://disconnect.me/
- adblock
- cookie-monster
- requestpolicy
Last edited by nadir on Tue Sep 03, 2013 9:05 am, edited 2 times in total.
So i herd u liek mudkip?
User avatar
nadir
 
Posts: 1160
Joined: Wed Mar 09, 2011 4:18 am
Location: here

Re: iceweasel firefox security settings

Postby nadir » Mon Jul 01, 2013 2:07 am

Uwe Hermann blog,
http://www.hermann-uwe.de/blog/configur ... e-bearable

gui-settings
Menu Bar, Edit, Preferences
1) content
- At the right-hand side of "Enable JavaScript" click "Advanced" and uncheck all checkboxes. JavaScript stuff shouldn't need to do any of those operations.
- Uncheck "Enable Java". Nobody needs this crap and it's a huge security risk (strike that, not possible anymore)

2) privacy
- Disable "Keep my history for xyz days" completely. Huge privacy risks.
- Disable "Remember what I enter in forms and the search bar". Huge security and privacy risks, almost no gain.
- Disable "Remember what I've downloaded". Huge privacy risks.
- Uncheck "Accept third-party cookies".
- Choose "Keep until: I close Iceweasel".
- Click "Show Cookies" and remove all of them.
- Enable "Always clear my private data when I close Iceweasel". Click "Settings" and check all items. You want to purge everything when closing Iceweasel.
Since a while you will have to tick "History: iceweasel will -> "use custom settings for history". Default is "remember history".

3) security
- On the right-hand side of "Warn me when sites try to install add-ons" click "Exceptions" and remove all exceptions.
- Disable "Tell me if the site I'm visiting is a suspected attack site". Useless crap, possibly a privacy issue.
- Disable "Tell me if the site I'm visiting is a suspected forgery". Useless crap, possibly a privacy issue.
-. Disable "Remember passwords for sites". This is a huge security risk, never ever enable it!

4) Advanced:
4.a) "General" tab:
- Enable "Warn me when web sites try to redirect or reload the page".
- Disable "Check my spelling as I type". Useless, annoying crap, which probably even impacts performance.

4.b) "Update" tab:
- Disable "Automatically check for updates to: Installed Add-ons".
- Disable "Automatically check for updates to: Search Engines".
- Select "When updates to Iceweasel are found: Ask me what I want to do".



Plugins
None. Don't even think about installing crap like the closed-source Flash player if stability or security are important to you. If you absolutely must watch YouTube videos, I recommend youtube-dl.

Extensions
Use as few as possible. Every extention may have security problems or bugs, and can negatively affect performance etc.
Pretty much the only one I use is NoScript to selectively enable JavaScript for some trusted websites (and disable it for all other sites).
So i herd u liek mudkip?
User avatar
nadir
 
Posts: 1160
Joined: Wed Mar 09, 2011 4:18 am
Location: here

Re: iceweasel firefox security settings

Postby nadir » Mon Jul 01, 2013 2:07 am

Uwe Hermann blog,
http://www.hermann-uwe.de/blog/configur ... e-bearable

about:config
- browser.urlbar.matchOnlyTyped = true disable the new, annoying "AwesomeBar" URL bar feature (which is also a huge privacy risk).
- extentions.getAddons.showPane = false ; Disable the annoying, flashing auto-search stuff when you select "Tools / Add-ons / Get Add-ons": Set
- bidi.support = 0. You'll probably never need it, so reduce the number of potential bugs and security issues by disabling it.
- browser.ssl_override_behavior = 2 and
- browser.xul.error_pages.expert_bad_cert = true ; both: Self-signed certificate handling is annoying, so fix it with
- network.prefetch-next = false ; prevent random prefetching of webpages which means wasting CPU cycles and bandwidth, as well as subtle privacy and security issues.
So i herd u liek mudkip?
User avatar
nadir
 
Posts: 1160
Joined: Wed Mar 09, 2011 4:18 am
Location: here

Re: iceweasel firefox security settings

Postby nadir » Mon Jul 01, 2013 2:08 am

Tor

1) tor browser bundle
If all you want is to use tor, then the tor browser bundle is the recommended way to go.
Download and extract it to your home and run it manually. It has all the settings to prevent you from leaking data/info (as far possible)
Download for Windows, Mac and Linux is here:
https://www.torproject.org/projects/torbrowser.html.en

2) privoxy and tor and iceweasel
I use tor and i2p and i want it to run from one central machine. Hence i do it like this, but make me more vulnerable by that.
- install tor and privoxy or freedombox-privoxy (cool **** with adblock)
- configure /etc/privoxy/config to:

Code: Select all
    # tor, onion and i2p
    forward-socks5 / 127.0.0.1:9050 .
    forward-socks5 .onion 127.0.0.1:9050 .
    #forward .i2p localhost:4444 #commented, only left for the ones who search for it


I think neither privoxy nor polipo is needed anymore to run it at all (if you will be able to run it secure i leave as a homework question :-) aka: i don't know Search the tor wiki).
https://www.torproject.org/docs/faq#TBBPolipo
Search here for polipo and privoxy
https://trac.torproject.org/projects/to ... doc/TorFAQ

Open the settings of iceweasel:
MenuBar -> Edit ->Preferences -> Advanced -> connection
and set it to:
manually: 127.0.0.1 and port 8118

3) about:config and settings
- disable flash
- disable cookies
- don't install plugins (flash and such)
- about:config network.http.sendRefererHeader to 0
- about:configs network.proxy.socks_remote_dns to true
More, i can't find it right now, check the check-link in the next section, it will give recommendations if configured wrong.

4) check if it works
https://check.torproject.org
http://ip-check.info/?lang=en
https://panopticlick.eff.org/ (won't hurt to run it, though not that related).
Last edited by nadir on Mon Jul 01, 2013 2:11 am, edited 1 time in total.
So i herd u liek mudkip?
User avatar
nadir
 
Posts: 1160
Joined: Wed Mar 09, 2011 4:18 am
Location: here

Re: iceweasel firefox security settings

Postby nadir » Mon Jul 01, 2013 2:08 am

EFF (Electronic Frontier Foundation)
4 simple changes to stop online tracking:
https://www.eff.org/deeplinks/2012/04/4 ... acy-online

1) install adblock plus
2) block third party cookies in Menu-Bar->Edit->Preferences->Privacy -> untick "accept third party cookies"
3) install https-everywhere
4) about:config network.http.sendRefererHeader to 0

Turn on "Do not track in browser"
https://www.eff.org/deeplinks/2012/06/h ... ur-browser
MenuBar->Edit->Preferences-> Privacy -> "Tell websites i do not want to be tracked"
So i herd u liek mudkip?
User avatar
nadir
 
Posts: 1160
Joined: Wed Mar 09, 2011 4:18 am
Location: here

Re: iceweasel firefox security settings

Postby nadir » Mon Jul 01, 2013 2:09 am

by cynwulf:

plugins
- requestpolicy # fine grained control over cross-site requests. i.e. stops every site contacting googleanalytics, googleapis, etc, etc, etc...

about:config
- browser.safebrowsing.enabled;false # google spyware built into all mozilla browsers which is
- browser.safebrowsing.malware.enabled;false # probably the biggest privacy risk imaginable

tor specific
- network.proxy.socks_remote_dns;true # otherwise the browser will leak DNS lookups via the system DNS server (in other words you may as well not be using tor...)
So i herd u liek mudkip?
User avatar
nadir
 
Posts: 1160
Joined: Wed Mar 09, 2011 4:18 am
Location: here

Re: iceweasel firefox security settings

Postby nadir » Mon Jul 01, 2013 2:09 am

I used facebook for a while and i sometimes use google. adblock seems to work for them (for facebook for sure).
Good hint.


DNS
In general the subject is above me.
The following are just some loose ideas:

public dns server
This seems to be a good link:
http://www.opennicproject.org/

I am not sure about:
http://www.dnsreactor.net/index.html
https://www.opendns.com/
while google might suck, it is sure better than your ISP
https://developers.google.com/speed/public-dns/
Any hints about a good dns provider are welcome.

To change it you can
a) Use the webinterface of your router or
b) edit /etc/dhcp/dhclient.conf and add something like:

Code: Select all
    supersede domain-name-servers 127.0.0.1, 204.45.18.18, 204.45.18.26;



tor-resolve
You can also use tor-resolve
$ tor-resolve google.de
74.125.239.152
Well: i think. I never use it (doesn't look very comfortable for each and every URL, does it?).

dns-crypt:
Interesting link:
https://www.opendns.com/technology/dnscrypt/
no idea. The Web has how-to's.
Last edited by nadir on Mon Jul 01, 2013 2:12 am, edited 1 time in total.
So i herd u liek mudkip?
User avatar
nadir
 
Posts: 1160
Joined: Wed Mar 09, 2011 4:18 am
Location: here

Re: iceweasel firefox security settings

Postby nadir » Mon Jul 01, 2013 2:10 am

searchengines

Face it: They all suck.

The common ones:
https://duckduckgo.com
https://duckduckgo.com/html/
https://startpage.com/
https://www.ixquick.com/
If i am not wrong they are closed source.

Didn't know it yet:
http://www.exalead.com/search/web/

duckduckgo onion (tor):
http://3g2upl4pq6kufc4m.onion/

distributed searchengines
http://yacy.net/
http://www.seeks-project.info/site/
public nodes for them:
http://search.yacy.net/ #for example, use a searchengine "yacy public node" to find more.
http://seeks-project.info/wiki/index.ph ... eeks_nodes

One idea is to use metasearchengines hosted by universities and such. Here is a german one:
http://meta.rrzn.uni-hannover.de/
No idea where to find a list of them. Keep the eyes open.
Last edited by nadir on Mon Oct 28, 2013 10:38 pm, edited 1 time in total.
So i herd u liek mudkip?
User avatar
nadir
 
Posts: 1160
Joined: Wed Mar 09, 2011 4:18 am
Location: here

Re: iceweasel firefox security settings

Postby nadir » Sun Aug 18, 2013 9:02 pm

I found a list with DNS servers:
Chaos Computer Club Berlin

213.73.91.35

Comodo Secure DNS


156.154.70.22
156.154.71.22



Censurfridns (Denmark)

89.233.43.71
89.104.194.142



DNS Advantage

156.154.70.1
156.154.71.1



Dotplex

91.102.11.144
212.222.128.86



FoeBuD e.V.

85.214.20.141

German Privacy Foundation e.V.

87.118.100.175 (Ports 53,110, DNSSEC IPv6)
94.75.228.29 (Ports: 53, 110, HTTPS-DNS, DNSSEC, IPv6)



awxcnx

62.75.219.7 (Ports: 53, 110, DNSSEC, IPv6)

Swiss Privacy Foundation

87.118.104.203 (Ports: 53, 110, DNSSEC)
62.141.58.13 (Ports: 53, 110, HTTPS-DNS, DNSSEC IPv6)
87.118.109.2 (Ports: 53, 110, DNSSEC)



Schweden DNS Kalmar NDC Registry

213.132.114.4



Island DNS Island Telecom

213.167.155.16

Antartica DNS (Cyberbunker NL)

84.22.106.30

US DNS Westelcom Internet, Inc.

here:
http://www.secret-zone.net/f119/censors ... vers-5901/

I think to change them there are several options:
a) in the routers web-interface
b) in /etc/dhcp/dhclient.conf
Code: Select all
supersede domain-name-servers 127.0.0.1, 8.8.8.8, 8.8.4.4;

c) system wide from the gui desktop-environement (i don't know how, but i think it is possible).
So i herd u liek mudkip?
User avatar
nadir
 
Posts: 1160
Joined: Wed Mar 09, 2011 4:18 am
Location: here

Re: iceweasel firefox security settings

Postby nadir » Sun Sep 01, 2013 9:04 pm

Not sure where else to put this:
http://freehaven.net/papers.html
I will add more links if and when i run into them
So i herd u liek mudkip?
User avatar
nadir
 
Posts: 1160
Joined: Wed Mar 09, 2011 4:18 am
Location: here

Next

Return to How-to

Who is online

Users browsing this forum: No registered users and 0 guests

suspicion-preferred