Hardening Firefox

[zippy99]

Very useful Addons for Firefox/Iceweasel

AdBlock Plus - Adblock Plus allows you to regain control of the internet and view the web the way you want to.
Beef Taco - Sets permanent opt-out cookies to stop behavioral advertising by 102 different advertising networks
BetterPrivacy - BetterPrivacy is a safeguard which protects from usually not deletable LSO's on Google, YouTube, Ebay...
Ghostery - Protect your privacy. See who's tracking your web browsing and block them with Ghostery.
HTTPS Everywhere - It encrypts your communications with a number of major websites.
NoScript - Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.
OptimizeGoole - Enhance Google search results and remove ads and spam
RefControl - Control what gets sent as the HTTP Referer on a per-site basis.
RequestPolicy - Be in control of which cross-site requests are allowed.
TrackMeNot - Protects users against search data profiling.
Beefree addon (save it and drag it in firefox window and not install xpi directly)
You can test also Anonymox

Add subscriptions in AdBlock to lists:
Easylist
http://dev.mathiasbaert.be/misc/face...t-opt-out.html

Disable Geolocation in Firefox:
about:config
geo.enabled --> false

Confuse user agent info:
about:config
create string general.useragent.override and set it to "Dummy"
verify here

Some tweaks:
network.http.pipelining true
network.http.pipelining.maxrequests 8
network.http.pipelining.ssl true
network.http.proxy.keep-alive true
network.http.proxy.pipelining true

Edit /etc/hosts and add actualized list from here:
hosts

use more secure search engines:
https://www.startpage.com/
https://www.duckduckgo.com/

[sg1efc]

A great list, Thanks a lot.

Originally Posted by zippy99

Edit /etc/hosts and add actualized list from here: hosts

I see in that PCBSD directory files such as:
hosts
hosts.deniedssh
hosts.deniedssh.purge.bak

and a couple others. To make certain, the plain Hosts file is similar to the Windows host file, in that it Blocks all the items saved in the PCBSD Host file? PCBSD newbie here and just want to make certain it works the same way. Thank you for your help.

[cabpa]

Originally Posted by zippy99

Very useful Addons for Firefox/Iceweasel AdBlock Plus - Adblock Plus allows you to regain control of the internet and view the web the way you want to. Beef Taco - Sets permanent opt-out cookies to stop behavioral advertising by 102 different advertising networks BetterPrivacy - BetterPrivacy is a safeguard which protects from usually not deletable LSO's on Google, YouTube, Ebay... Ghostery - Protect your privacy. See who's tracking your web browsing and block them with Ghostery. HTTPS Everywhere - It encrypts your communications with a number of major websites. NoScript - Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks. OptimizeGoole - Enhance Google search results and remove ads and spam RefControl - Control what gets sent as the HTTP Referer on a per-site basis. RequestPolicy - Be in control of which cross-site requests are allowed. TrackMeNot - Protects users against search data profiling. Beefree addon (save it and drag it in firefox window and not install xpi directly) You can test also Anonymox Add subscriptions in AdBlock to lists: Easylist http://dev.mathiasbaert.be/misc/face...t-opt-out.html Disable Geolocation in Firefox: about:config geo.enabled --> false Confuse user agent info: about:config create string general.useragent.override and set it to "Dummy" verify here Some tweaks: network.http.pipelining true network.http.pipelining.maxrequests 8 network.http.pipelining.ssl true network.http.proxy.keep-alive true network.http.proxy.pipelining true Edit /etc/hosts and add actualized list from here: hosts use more secure search engines: https://www.startpage.com/ https://www.duckduckgo.com/

Can firefox be built with this hardened configuration or you must manually add/configure this additional security addons/configs so that we can have a firefox hardened version?

[Tigersharke]

It would likely increase the size of a 'hardened' Firefox PBI, plus add to the problem of multiple addon versions which any number of them could become out of date at any time. It is much better to know about a useful set of addons strongly encouraged to be used.

In addition to the above list, I would add three more:

Share me not - designed to prevent third-party buttons (such as Facebook's “Like” or Twitter's “tweet” button) embedded by sites across the Internet from tracking you until you actually click on them.

HTTPS Finder - automatically detects and enforces valid HTTPS connections as you browse, as well as automating the rule creation process for HTTPS-Everywhere (instead of having to manually type "https://" in the address bar to test, and writing your own XML rule for it).

Element hiding helper for Adblock Plus - a companion extension for Adblock Plus meant to make creating element hiding rules easier. You simply select the element you want to be hidden and then choose which attributes of this element should be taken into account when hiding it in future. The element hiding rule is generated and added automatically.

[zippy99]

hello again!
Practical Third-Party Privacy for the Social Web:
http://priv3.icsi.berkeley.edu/

for Firefox 11+ in about:config set SPDY to TRUE value:
network.http.spdy.enabled TRUE

another great tool is DNSCrypt - encrypts all DNS traffic between you and OpenDNS:
https://blog.opendns.com/2011/12/06/...nd-about-time/
http://www.reviewlinux.com/encrypt-d...ndns-3857.html

DNS Cache with BIND:
http://www.pclinuxos.com/forum/index.php?topic=99575.0

[sg1efc]

Thanks a lot Zippy and Tigersharke for these new security and privacy tips.