hardening the firefox browser - uppsala universityuser.it.uu.se › ~arvge836 › cryptoparty ›...

Report

Post on 03-Jul-2020

4 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

10

Hardening the Firefox browser

Preventing unwanted background traffic to Google, Pocket and hidden telemetry to Mozilla

Per Foyerper@foyer.se

10Cryptoparty 201911-R1

Hardening Firefox: Method

To harden Firefox we need to:

1. Adjust visible configurations in Options / Preferences

2. Do a fair amount of changes to parameters hidden in the about:config settings (behind the scene):

• Disabling Pocket• Disabling WebRTC (notorious for leaking)• Disabling sending of crash dumps• Combat telemetry settings• Remove all references to Google

First, let’s have a look what’s going on the network interface when using a stock installation of Firefox…

11per@foyer.se Cryptoparty 201911-R1

Firefox - stock install (1)

12

Firefox started…Not touching the browser!

Cryptoparty 201911-R1

Wireshark monitoring host’s NIC(outgoing traffic)

Per@Foyer.se

Firefox - stock install (2)

13

Not touching the browser!Massive amounts of requests being done…

Cryptoparty 201911-R1per@foyer.se

Firefox - stock install (3)

14

Not touching the browser!Say hello to Google…

Cryptoparty 201911-R1per@foyer.se

Firefox - stock install (4)

15

Still not touching the browser!Probable telemetry sent to Mozilla

Cryptoparty 201911-R1per@foyer.se

Firefox – Hardened!

16

Just startedA short initial burst of (unknown) connections to one single Akamai serverThen, silence…

Cryptoparty 201911-R1per@foyer.se

Hardening Firefox: Step 1

17

Visible settings

(Follow me)Cryptoparty 201911-R1per@foyer.se

Step 0:Backup yourbookmarks!!!

Hardening Firefox: Step 2

18

about:config: PocketCryptoparty 201911-R1per@foyer.se

(Follow me)

Hardening Firefox: Step 3

19

about:config: WebRTCCryptoparty 201911-R1per@foyer.se

(Follow me)

Hardening Firefox: Step 4

20

about:config: Crash dumpsCryptoparty 201911-R1per@foyer.se

(Follow me)

Hardening Firefox: Step 5

21

about:config: TelemetryCryptoparty 201911-R1per@foyer.se

(Follow me)

Hardening Firefox: Step 6

22

about:config: Google… (Done!)Cryptoparty 201911-R1per@foyer.se

Finito!

23Cryptoparty 201911-R1per@foyer.se

top related

hardening rhel5 - hardening red hat enterprise linux 5
Documents
firefox - mac chrome – windows chrome – mac · firefox...
Documents
firefox party: firefox & web development
Technology
firefox presentation
Business
firefox 4 for mobile reviewer’s guide - mozilla ·...
Documents
firefox üveggömb - milyen fejlesztések érkeznek a...
Software
what firefox can tell about you? - firefox forensics
Technology
firefox extension
Documents
sql server hardening - cisco · sql server hardening •...
Documents
induction hardening and flame hardening
Engineering
chapter 1: introduction to firefox os · firefox os 1.3...
Documents
firefox (scan)
Documents
solar corporate profile v13-191122-test
Documents
firefox phonesimplifiedui
Technology
firefox addon29082010
Documents
hardening. consulting. contracting. - gerster.ch der... ·...
Documents
firefox brandbook
Documents
transition firefox
Technology
hardening. consulting. contracting....surface hardening...
Documents
firefox os
Documents