hardening the firefox browser - uppsala universityuser.it.uu.se › ~arvge836 › cryptoparty ›...
Post on 03-Jul-2020
4 Views
Preview:
TRANSCRIPT
10
Hardening the Firefox browser
Preventing unwanted background traffic to Google, Pocket and hidden telemetry to Mozilla
Per Foyerper@foyer.se
10Cryptoparty 201911-R1
Hardening Firefox: Method
To harden Firefox we need to:
1. Adjust visible configurations in Options / Preferences
2. Do a fair amount of changes to parameters hidden in the about:config settings (behind the scene):
• Disabling Pocket• Disabling WebRTC (notorious for leaking)• Disabling sending of crash dumps• Combat telemetry settings• Remove all references to Google
First, let’s have a look what’s going on the network interface when using a stock installation of Firefox…
11per@foyer.se Cryptoparty 201911-R1
Firefox - stock install (1)
12
Firefox started…Not touching the browser!
Cryptoparty 201911-R1
Wireshark monitoring host’s NIC(outgoing traffic)
Per@Foyer.se
Firefox - stock install (2)
13
Not touching the browser!Massive amounts of requests being done…
Cryptoparty 201911-R1per@foyer.se
Firefox - stock install (3)
14
Not touching the browser!Say hello to Google…
Cryptoparty 201911-R1per@foyer.se
Firefox - stock install (4)
15
Still not touching the browser!Probable telemetry sent to Mozilla
Cryptoparty 201911-R1per@foyer.se
Firefox – Hardened!
16
Just startedA short initial burst of (unknown) connections to one single Akamai serverThen, silence…
Cryptoparty 201911-R1per@foyer.se
Hardening Firefox: Step 1
17
Visible settings
(Follow me)Cryptoparty 201911-R1per@foyer.se
Step 0:Backup yourbookmarks!!!
Hardening Firefox: Step 2
18
about:config: PocketCryptoparty 201911-R1per@foyer.se
(Follow me)
Hardening Firefox: Step 3
19
about:config: WebRTCCryptoparty 201911-R1per@foyer.se
(Follow me)
Hardening Firefox: Step 4
20
about:config: Crash dumpsCryptoparty 201911-R1per@foyer.se
(Follow me)
Hardening Firefox: Step 5
21
about:config: TelemetryCryptoparty 201911-R1per@foyer.se
(Follow me)
Hardening Firefox: Step 6
22
about:config: Google… (Done!)Cryptoparty 201911-R1per@foyer.se
Finito!
23Cryptoparty 201911-R1per@foyer.se
top related