Tweak your browser to enhance security and privacy
Browser leaks and fingerprinting
When you visit a web page, your browser voluntarily sends information about its configuration, such as available fonts, browser type, and add-ons. If this combination of information is unique, it may be possible to identify and track you without using cookies. EFF created a Tool called Panopticlick to test your browser to see how unique it is.You need to find what most browsers are reporting, and then use those variables to bring your browser in the same population. This means having the same fonts, plugins, and extensions installed as the large installed base. You should have a spoofed user agent string to match what the large userbase has. You need have the same settings enabled and disabled, such as DNT and WebGL. You need your browser to look as common as everyone else. Disabling JavaScript, using Linux, or even the TBB, will make your browser stick out from the masses.
Modern web browsers has not been architected to assure personal web privacy. Rather than worrying about being fingerprinted, it seems more practical to use free software plugins like Privacy Badger, uBlock Origin and Disconnect. They not only respect your freedom, but your privacy also. You can get much further with these than trying to manipulate your browser's fingerprint.
You can also find out other ways your browser might be leaking information about you on https://www.browserleaks.com/
Abrowser and GNU IceCat
The following recommendations will most likely only work for Firefox-based browsers such as Abrowser and GNU IceCat.Useful Addons
- Disconnect - the addon loads the pages you go to 27% faster and stops tracking by 2,000+ third-party sites. It also keeps your searches private.
- uBlock Origin - a lightweight and efficient blocker: easy on memory and CPU footprint. The extension has no monetization strategy and development is volunteered. AdBlock Plus is not recommended because they show "acceptable ads". The system behind that white list is lacking transparency.
- Random Agent Spoofer - aims to hinder browser fingerprinting. It does this by changing the browser/device profile on a timer.
- Self-Destructing Cookies - automatically removes cookies when they are no longer used by open browser tabs. With the cookies, lingering sessions, as well as information used to spy on you, will be expunged.
- HTTPS Everywhere - encrypts your communications with many major websites, making your browsing more secure. A collaboration between The Tor Project and the Electronic Frontier Foundation.
- GNU LibreJS (experimental) - allows only JavaScript code in your browser if they have been released under a free license.
- NoScript Security Suite - plugin to selectively allow JavaScript and Java to run only on websites you trust. Not for casual users, it requires technical knowledge to configure.
about:config Tweaks
- Enter "about:config" in the address bar and press Enter.
- Press the button "I'll be careful, I promise!"
- Follow the instructions below:
- privacy.trackingprotection.enabled = true
- This is Mozilla’s new built in tracking protection.
- geo.enabled = false
- Disables geolocation.
- browser.safebrowsing.enabled = false
- Disable Google Safe Browsing and phishing protection. Security risk, but privacy improvement.
- browser.safebrowsing.malware.enabled = false
- Disable Google Safe Browsing malware checks. Security risk, but privacy improvement.
- browser.safebrowsing.downloads.enabled = false
- Disable Google Safe Browsing for downloads.
- dom.event.clipboardevents.enabled = false
- Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
- network.cookie.cookieBehavior = 1
- Disable cookies
- 0 = accept all cookies by default
- 1 = only accept from the originating site (block third party cookies)
- 2 = block all cookies by default
- network.cookie.lifetimePolicy = 2
- cookies are deleted at the end of the session
- 0 = Accept cookies normally
- 1 = Prompt for each cookie
- 2 = Accept for current session only
- 3 = Accept for N days
- browser.cache.offline.enable = false
- Disables offline cache.
- browser.send_pings = false
- The attribute would be useful for letting websites track visitors’ clicks.
- webgl.disabled = true
- WebGL is a potential security risk.
- browser.search.suggest.enabled = false
- Stop sending to the search engine what you're witing on the search box
- media.eme.enabled = false
- Disable Encrypted Media Extensions / Digital Rights Management (DRM).
- Preventing WebRTC IP leaking DNS under VPN.
- media.peerconnection.turn.disable=true
- media.peerconnection.use_document_iceservers = false
- media.peerconnection.video.enabled = false
- media.peerconnection.identity.timeout = 1
- network.IDN_show_punycode=true
- Prevent IDN homographic attacks
Sources
- https://www.privacytools.io/ (Kopimi Licensed)
- https://github.com/amq/firefox-debloat (MIT Licensed)
- https://github.com/pyllyukko/user.js/ (MIT Licensed)