Today's Privacy Cookbook is all about browser security.
Let's start with Chrome or Chromium!
If it is your main browser, do the following.....use your browser to go to https://www.mozilla.org, to download the latest Firefox and after doing that delete Chrome!
Congrats you have fixed the first issue!
Now lets go to step 2
Let's install a few add-ons.
Raymond Hill
CAD Team
ToS;DR Team
Giorgio Maone
Ok, so now let's introduce a couple or three really cool tweaks to our Firefox browser:
Enter "about:config" in the Firefox address bar and press enter
Press the button "I'll be careful, I promise!"
Search for "media.peerconnection.enabled"
Double click that entry and the column "Value" should now be "false"
To be sure every single WebRTC-related setting is now disabled change these settings:
media.peerconnection.turn.disable = true
media.peerconnection.use_document_iceservers = false
media.peerconnection.video.enabled = false
media.peerconnection.identity.timeout = 1
Now you can be 100% sure it is done!
Now just a few more options of a more advanced nature with regard to the about:config page
privacy.trackingprotection.enabled = true
This is Mozilla's own built-in tracking protection. It employs the Disconnect.me filter list, which you won't need if you are already using uBlock Origin 3rd party filters, in which case you should set it as false.privacy.firstparty.isolate = true
This preference isolates all browser identifier sources (e.g. cookies) to the first-party domain with the aim of stopping tracking across different domains. (There is no need for this if you have already installed "Cookie AutoDelete" with Firefox v58 or below.)
privacy.resistFingerprinting = true
This preference makes Firefox more resistant to browser fingerprinting.
privacy.trackingprotection.fingerprinting.enabled = true
[FF67+] Blocks Fingerprinting
privacy.trackingprotection.cryptomining.enabled = true
[FF67+] Blocks CryptoMining
browser.send_pings = false
This attribute would be useful for letting websites track visitors' clicks.
browser.sessionstore.max_tabs_undo = 0
Even when Firefox set to not remember history, your closed tabs are still stored temporarily at Menu -> History -> Recently Closed
Tabs.browser.urlbar.speculativeConnect.enabled = false
Disable pre-loading of autocomplete URLs a user types into the address bar which could inadvertently display information or links or history
dom.event.clipboardevents.enabled = false
Disable as this allows websites to get notifications if you copy, paste or cut anything from a website page as well as letting know which part of the page has been selected.
media.eme.enabled = false
Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. DRM-controlled content that requires the Adobe Flash or Microsoft Silverlight NPAPI plug-ins will still play, if installed and enabled within Firefox.
media.gmp-widevinecdm.enabled = false
Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content.
media.navigator.enabled = false
Websites can track both the microphone and camera status on your device.
network.cookie.cookieBehavior = 1
Disable cookies
0 = Accept all cookies by default
1 = Only accept from the originating site (block third-party cookies)
2 = Block all cookies by default
network.http.referer.XOriginPolicy = 2
Only send Referer header when the full hostname matches. (NB: if you notice significant breakage, you might try it in combination with an XOriginTrimmingPolicy see tweak below.)
0 = Send Referer in all cases
1 = Send Referer to same eTLD sites
2 = Send Referer only when the full hostnames match
network.http.referer.XOriginTrimmingPolicy = 2
When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests.
0 = Send full url in Referer
1 = Send url without query string in Referer
2 = Only send scheme, host, and port in Referer
webgl.disabled = true
WebGL is a potential security risk!
browser.sessionstore.privacy_level = 2
This preference controls when to store extra information about a session: contents of forms, scrollbar positions, cookies, and POST data.
0 = Store extra session data for any site. (Default starting with Firefox 4.)
1 = Store extra session data for unencrypted (non-HTTPS) sites only, default before Firefox 4.)
2 = Never store extra session data.
network.IDN_show_punycode = true
Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks that can be difficult to notice.
Nearly done......next lets encrypt your DNS requests
DNS-over-HTTPS
1. Open Preferences.
2. Scroll down to the Network Settings section and click on Settings.
3. Scroll down and check Enable DNS over HTTPS.
4. Select Custom, enter https://dns.nextdns.io/Your_UserID or https://fdns1.dismail.de and click OK. (You can use any provider that supports https-over-dns.
5. Enter "about:config" in the address bar (and click on 'I accept the risk!', if asked).
6. Set network.trr.bootstrapAddress to 45.90.28.0 (For NextDNS) or 80.241.218.68 for dismail.de
7. Set network.trr.mode to 3.
https://dt.gl/the-privacy-cookbook-chapter-2-protecting-your-dns/
Bonus!
If you like Twitter but love privacy more, install this little goody:
Austin Moore
