[OPSEC/Computer] Improve your firefox/TOR browser

EDIT: you should only use it for your firefox, NOT for the TOR browser

For all firefox users out there, here is a collection of some useful about:config adjustments. For those who don't know what about:config is: it's like the heart of the firefox in which you can change a lot of settings which are not reachable through the normal preferences. To access it just type about:config in you address bar and read the notification which might pop up. It says that you should be careful, which is true because you can easily fuck up your whole firefox if you don't know what you're doing.

However I tested the following changes and my firefox is still working. But I'd recommend to back up you firefox folder because in case anything goes wrong you don't lose any data.

If you have more about:config tips please write them in the comments.

EDIT: if you don't want to change every value manually download the user.js file (rename it to user.js after the download). For more information and where to copy this file visit this site.

Here we go:

network.http.pipelining;true //speeds up loading of websites; can cause Problems with some websites

network.http.pipelining.ssl;true // enables pipelining only for ssl connections; avoids problems occurring with http

network.http.pipelining.maxrequests;32 // number of requests sent at once

network.http.proxy.pipelining;true // if a proxy is used

network.dns.disableIPv6;true // disables IPv6 DNS Lookups

content.notify.backoffcount;5 // limits page reloads while reciving data; speeds up the download time

browser.cache.disk.enable;false // disables caching on hardrive

browser.cache.disk_cache_ssl;false // same with ssl connections

browser.cache.memory.enable;false // same with cache in memory

browser.cache.offline.enable;false // same with offline cache

browser.download.manager.alertOnEXEOpen;true // warning when opening an exe file

browser.formfill.enable;false // disables saving of formdata

places.history.enabled;false // disables recording of visited websites

browser.safebrowsing.enabled;false // disables checking website for forgery on google; may be a security risk

browser.safebrowsing. // change variables to another database to avoid google (.enabled to true)

browser.safebrowsing.malware.enabled;false // disables malwarechecking with Google service on downloded files

browser.safebrowsing.malware. // change variable to another database in order to avoid google

browser.search.defaultenginename;"%" // name of default searchengine (must be installed)

browser.sessionhistory.max_entries;5 // history of each tab (back/forward buttons)

browser.startup.homepage;about:newtab //startpage of browser

browser.startup.page;1 // startuppage of browser (1=blank)

dom.allow_scripts_to_close_windows;false //scripts cant close windows

dom.disable_image_src_set;false // disables image manipulation by scripts

dom.disable_open_during_load;true //enables firefox built in popup blocker

dom.disablewindow* // different possibilities of scripts to modify the window

dom.event.clipboardevents.enabled;false // block website access to clipboard

dom.event.contextmenu.enabled;false // disables website control over rightclick context menu

dom.popup_allowed_events // defines javascript events that are allowed to create popups

extensions.update.enabled;true // defines if extensions are checked for updates daily or not

geo.wifi.logging.enabled;false // disables firefox logging geolocation requests

geo.wifi.uri;"" // dataprovider of geolocation feature !(default Google service)!, overwrite it with a empty string

network.cookie.alwaysAcceptSessionCookies;false // disables acceptance of session cookies

network.cookie.cookieBehavior;2 // disables cookies (0:all;1:firstparty;2:no;3:almostall)

network.cookie.lifetimePolicy;2 // cookies are deleted at the end of the session

network.dnsCacheEntries;100 // number of cached DNS entries (lower number=more requests but less data stored)

network.dnsCacheExpiration;60 /time DNS entries are cached in seconds

network.http.use-cache;false //disables caching of http requests

network.prefetch-next;false // disables automatic download of linked sites which are recommended by the website

plugin.scan.plid.all;false // disables scanning registry for plugins

security.OCSP.require;true // enables OCSP Stapling which removes the need to connect to CA servers during certificate

validation, can cause trouble with some certificates

security.tls.version. // defines minimum and maximum of allowed SSL/TLS versions (0:SSL3.0;1:TSL1.0;2:TSL1.1;3:TSL1.2)

media.peerconnection.enabled;false // VPN cannot bypassed anymore (https://www.reddit.com/r/VPN/comments/2tva1o/websites_can_now_use_webrtc_to_determine_your/)

media.peerconnection.turn.disable;true // makes sure WebRTC is really disabled

media.peerconnection.use_document_iceservers;false // makes sure WebRTC is really disabled

media.peerconnection.video.enabled;false // makes sure WebRTC is really disabled

media.peerconnection.identity.timeout;1 // makes sure WebRTC is really disabled

plugins.click_to_play;true // click-to-play for plugins

geo.enabled;false // disables geolocation API to prevent websites from getting the exact location of the computer

right click -> new -> boolean -> name: 'config.trim_on_minimize' and value: true // reduce physical memory when firefox is minimized

security.dialog_enable_delay;0 (or to another value in milliseconds) // changes the delay time for the installation dialog of a new addon

browser.zoom.siteSpecific;false // doesn't save zoom settings for specific sites

browser.urlbar.clickSelectsAll;true // to select the whole URL with a click on it

browser.download.manager.scanWhenDone;false // disable antivirus scan when download completed (can take a long time with big files)


Comments


[3 Points] We_Are_Never_Safe:

-comment overwritten-


[3 Points] sapiophile:

WARNING - THESE SETTINGS WILL GRAVELY COMPROMISE YOUR ANONYMITY

Keep reading to understand why.

browser.cache.memory.enable;false // same with cache in memory

There's really no point to keeping cache out of memory - your Tor private encryption keys are already stored in memory, and they're the holy grail. If you're seriously at the point where you can't trust your own device's memory to be secure, there's absolutely nothing that you can do to remedy that situation. Disabling this and also disabling disk caching will also strongly impact the performance of the browser.

In fact, doing this will compromise your anonymity a great deal. Because with no caching, your browser will have to re-request a full copy of every file you view every single time you load a page, which will dramatically distinguish your browser's fingerprint and make it immediately traceable across sessions.

A similar thing could be said of the pipelining settings, and the cookie settings, and probably some others. Really, in my opinion, even better than attempting to mess with all of this stuff, is to simply just use the Tor Browser, and to use NoScript to block all scripts and embeds. Beyond that, you're just making yourself much, much more identifiable, and not actually gaining any practical security.


[3 Points] Trappy_Pandora:

This might be useful to you specifically but will not benefit very many people.

As /u/sapiophile said if you cannot trust your own device's memory then perhaps its best that you do not use tor. Please visit /r/tails and configure a TAILS device.


[2 Points] None:

But none of these commands have anything to do with anonymity?


[1 Points] None:

[removed]