![]() |
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
3000003: Firefox – additional security, telemetry and privacy tweaks
Home › Forums › Knowledge Base › 3000003: Firefox – additional security, telemetry and privacy tweaks
- This topic has 38 replies, 12 voices, and was last updated 11 months, 3 weeks ago by
anonymous.
Viewing 21 reply threads-
AuthorPosts
-
-
February 15, 2017 at 3:03 pm #94462
woody
ManagerAKB3000003: Firefox – additional security, telemetry and privacy tweaks
By @Microfix
Published 15 Feb 2017 rev 1.1
These tweaks are for both Windows and Linux firefox browsers:
Edit by NightOwl:
Forgot the 1st rule in computing..backup, backup before making changes.
Thanks PKCano, Can you put your backup comment at the start of the tweak tutorial?
The Firefox profile is in C:\Users\”UserID”\AppData\Roaming\Mozilla\Firefox\Profiles\”an arbitrary numeric string”\ – it contains bookmarks, settings, add-ons, extensions, features, etc.
You need to backup your FireFox pre-changes Profile before making changes, in case something unexpected goes wrong when making changes, so you can restore your pre-changes Profile if something has gone wrong!
Open up firefox and in the address bar type: about:config
A popup will appear ‘Here be Dragons’ accept the risks and proceed.
Then in the filter search either copy and paste the string or edit value.
To change string values, double click the string to change.Security: Additional browser security
For the LOGJAM vulnerability follow the steps below:
1) Type: security.ssl3.dhe_rsa_aes_128_sha set to FALSE
2) Type security.ssl3.dhe_rsa_aes_256_sha set to FALSEDisable SSL 3.0 to be immune from the POODLE attack:
1) Type: security.tls.version.min set to 1 to enforce TLS.
2) Type: security.tls.version.max set to 3, which enables TLS 1.1 and 1.2 (default in FF v50+)Telemetry blocking:
1) Type: toolkit.telemetry.unified set to FALSE
2) Type: toolkit.telemetry.archive.enabled set to FALSE
3) Type: toolkit.telemetry.enabled set to FALSE
4) Type: datareporting.policy.dataSubmissionEnabled set to FALSE
5) Type: datareporting.policy.dataSubmissionEnabled.v2 set to FALSE (Pre v50 firefox)
6) Type: datareporting.healthreport.uploadEnabled set to FALSEAdditional Privacy Tweaks:
1) Type: browser.privatebrowsing.autostart set to TRUE (if you prefer private browsing all the time)
2) Type: dom.event.clipboardevents.enabled set to FALSE (hides Copy & Paste from Website tracking)
3) Type: dom.storage.enabled set to FALSE (prevent DOM Storage tracking by websites) Refer to #95310 for caution
4) Type: geo.enabled set to FALSE (geolocation prevention via websites, explicit or not)
5) Type: geo.wifi.uri set to 127.0.0.1 (Loopback related to geolocation and not to google host)
6) Type: privacy.trackingprotection.enabled set to TRUE (enables a blocklist via disconnect on cross site tracking)Disclaimer: I am not reponsible for borking your firefox, try these at your own risk.
I can assure you that they all work on our live and VM systems. -
February 15, 2017 at 3:12 pm #94469
Kirsty
Manager-
February 15, 2017 at 3:29 pm #94472
JNP
AskWoody LoungerKirsty, I don’t know if there is a formal way to backup the config. but what you can certainly do is go into the Mozilla/Firefox Profiles folder, make a copy of your profile and then, if things go off, you can simple use this “copy” to go back to your previous state.
-
February 15, 2017 at 6:11 pm #94535
PKCano
ManagerThe Firefox profile is in C:\Users\”UserID”\AppData\Roaming\Mozilla\Firefox\Profiles\”an arbitrary numeric string”\ – it contains bookmarks, settings, add-ons, extensions, features, etc.
This is one of the MANY reasons for backing up the AppData folder (hidden by default, unfortunately). When people do backups, they often just do Documents, Pictures, Music (the things that are not hidden). But the AppData folder is SO important as well.
When PCs are taken to shops to retrieve data from failing HDDs or non-bootable computers, this data is often not saved.-
February 15, 2017 at 6:20 pm #94543
-
-
-
February 15, 2017 at 3:19 pm #94470
Jayendra
AskWoody Loungerhello n.n
i have a question… what about plug ins like Privacy Settings from firefox addons, it’s useful?
thanks n.n-
February 15, 2017 at 5:51 pm #94523
Microfix
AskWoody MVPIt’s a matter of personal preference really, not fond of extensions in Firefox.
If any of the tweaks are duplicated, Privacy Settings will just enforce it again so no harm done there.
The top two security tweaks are the most important LOGJAM & POODLE even if they are set correctly without changing them, it’s better to check anyway.
No problem can be solved from the same level of consciousness that created IT- AE3 users thanked author for this post.
-
February 19, 2017 at 8:55 am #95659
anonymous
Guest-
February 19, 2017 at 10:53 am #95672
-
-
-
February 15, 2017 at 4:29 pm #94480
anonymous
Guest? says:
Thanks for the heads up everyone appreciates all the extra security we can get these days…
I’m running persistent live cd usb’s so i’m not too worried about any more borking than I already do for myself. I ran all the telemetry blocking after you let us know about it the other day and no problems, so far.
Check with our security loving German compatriot Martin Brinkmann’s Ghacks.net for three more:http://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/
the way i’m running (on purpose) makes worries about viruses non existent
the big eye in the sky can look all it wants (it is going to anyway) so when i’m feeling extra frisky and bored i will lead it back onto itself… kinda like the endless loop (yes i did) on the old mainframe arpanet… see:https://en.wikipedia.org/wiki/ARPANET if interested.
anyway, enough from me (for now) and thanks again for having my back whilst on our journey riding the wild interweb today… -
February 15, 2017 at 5:50 pm #94520
anonymous
GuestI followed all the suggestions and it seems that all but one of my dozens of open tabs work normally. However, feedly.com gave me the dreaded “Oops. Something went wrong!” page. As feedly is my most accessed site, I may have to copy back my saved profile. Bummer! BTW, it is not that feedly is coincidentally having problems, as it shows up OK in Chrome.
Any ideas which of the many settings may have borked feedly?
kk-
February 15, 2017 at 6:06 pm #94530
Microfix
AskWoody MVP-
February 15, 2017 at 6:22 pm #94539
anonymous
GuestThank you so much! I switched #2 with no effect, then tried #3 and it worked! I went back and put #2 back to the suggested security setting, and feedly still worked. Thanks again. Time for a visit to PayPal.
kk3 users thanked author for this post.
-
February 15, 2017 at 6:23 pm #94546
-
-
-
-
February 15, 2017 at 6:15 pm #94536
anonymous
GuestIt might also be worth unticking ‘play drm content’ if you’re not using it. I also unticked the ‘block dangerous and deceptive content’ option under security because that communicates back to the google mothership – https://support.mozilla.org/t5/Protect-your-privacy/How-does-built-in-Phishing-and-Malware-Protection-work/ta-p/9395 – i have enough other protections in place for me not to be too concerned with this but ymmv.
-T
1 user thanked author for this post.
-
February 15, 2017 at 6:40 pm #94549
Noel Carboni
AskWoody_MVP -
February 15, 2017 at 9:06 pm #94587
Jayendra
AskWoody LoungerThe top two security tweaks are the most important LOGJAM & POODLE even if they are set correctly without changing them, it’s better to check anyway.
thanks for the advise n.n/
i’m using FF ESR and logjam “problem” is present, now is fixed (yeah).
(somebody maybe ask… why im using esr? it’s because i feel more stable tan “normal” version) -
February 16, 2017 at 1:35 pm #94763
rc primak
AskWoody_MVPBacking Up Firefox Profiles both when Firefox and its Extensions are Available and when Firefox and its Extensions are Not Available:
For Windows, Mac and Linux, these instructions look good:
https://www.howtogeek.com/255587/how-to-find-your-firefox-profile-folder-on-windows-mac-and-linux/What differs is the exact location of the Mozilla or Firefox Profile Directories, and the kinds of permissions and hidden attributes which need to be considered for a successful copy-paste backup procedure.
Good storage options include a separate partition, a USB device, or an external drive. Preferably with an extra copy on an external drive just in case.
Both backing up and restoring are simple copy-paste operations.
BTW, Firefox and Chrome, Edge and Internet Explorer, all by default now exclude the insecure cipher sets which logjam and poodle relied on. No internal tweaking is required unless you are using a site which still relies on older, insecure cipher suites. Which no one should be doing now. The same applies to the TLS and SSL settings involved in these attacks.
I personally do use Ghostery, Abine Blur, HTTPS Everywhere and an extension to block HTML autoplay, for security and privacy. If NoScript is added, pretty much all telemetry and DOM and persistent cookie tracking can be blocked. (This involves using some Extension settings which are not set by default. Also, Click And Clean Extension has some settings panels, but these are more useful for Chrome — see below — than for Firefox.)
Tweaking the Firefox config. settings may bork the browser or make some sites unusable, so this is not my recommended action. It’s a lot easier to reset, suspend or disable an extension than to reconfigure a borked config. file.
RELATED ABOUT CHROME SETTINGS:
We should develop a KB article here about the changes in Chrome 57 with regard to Flash Player and Plugins controls. Most former Chrome Plugins have been moved to Extensions. There are also security settings which have been moved into little icons in the Location Bar in Chrome 57.These changes have caused a lot of finger-pointing, false accusations of loss of user controls and general confusion among Chrome users. I am still sorting through these Chrome changes. And unlike Firefox, if you mess with the Chrome configuration settings, you have no easy way to back up and restore these settings. Which is why the Chrome://Plugins page is no longer available to users.
-- rc primak
1 user thanked author for this post.
-
February 16, 2017 at 4:59 pm #94807
Jayendra
AskWoody Lounger-
February 16, 2017 at 5:19 pm #94813
Microfix
AskWoody MVPabout:telemetry is a checklist of all telemetry data within Firefox being sent to Mozilla.
Ideally (as I have), all the fields have (no data collected) indicating nothing being sent.There are many other informative about protocols listed below:
about:about takes you directly to all of these in link form.
about: Displays version and build information and links to the contributors, licensing information and build configuration
about:accounts Page used by the Sync feature
about:addons Add-ons Manager
about:app-manager App Manager
about:buildconfig Displays the configuration and platform used to build Firefox
about:cache Displays information about the memory, disk, and appcache
about:compartments Displayed information about compartments; since Firefox 26, that information can be found in the “Other Measurements” section of about:memory.
about:config Provides a way to inspect and change Firefox preferences and settings
about:crashes Lists all crashes, which happened during the runtime of Firefox (in case the user enabled the crash reporter)
about:credits Lists all contributors to the Firefox project
about:customizing Switches to the customization page, which allows to customize Firefox’ UI
about:downloads Displays all downloads done within Firefox
about:healthreport Displays performance information of Firefox (in case the user enabled the health report)
about:home Start page of Firefox when opening a new window
about:license Displays licensing information
about:logo Firefox logo
about:memory Provides a way to display memory usage, save it as report and run the GC and CC
about:mozilla Special page showing a message from “The Book of Mozilla”
about:networking Displays networking information
about:newtab Start page when opening a new tab
about:permissions Provides a way to display and manage website permissions. Removed in Firefox 45 (bug 933917)
about:plugins Displays information about installed plugins
about:preferences Firefox settings (also available through Firefox menu > Options)
about:privatebrowsing Start page when opening a private window
about:reader Indicates a web page has Firefox Reader View turned on. See Firefox Reader View for clutter-free web pages
about:rights Displays rights information
about:robots Special page showing notes about robots
about:sessionrestore Session restoration (displayed after a Firefox crash)
about:support Troubleshooting information (also available through Firefox menu > ? (question mark) > Troubleshooting Information)
about:sync-log Displays a synchronization protocol related to the Sync feature
about:sync-progress Page displayed after the Sync feature got set up
about:sync-tabs Lists tabs available for synchronization related to the Sync feature
about:telemetry Displays telemetry data collected and sent to Mozilla while Firefox is running (in case the user enabled telemetry)
about:webrtc Information about WebRTC usage
about:welcomeback Information page displayed after Firefox is reset
No problem can be solved from the same level of consciousness that created IT- AE
-
-
February 18, 2017 at 1:24 am #95278
Kirsty
ManagerRe: Additional Privacy Tweaks #5
geo.wifi.uri set to 127.0.0.1
My setting is [http://localhost:8888/]
Does this need to be changed?-
February 18, 2017 at 1:54 am #95281
anonymous
Guest-
February 18, 2017 at 2:01 am #95283
Kirsty
Manager-
February 18, 2017 at 3:23 am #95309
Microfix
AskWoody MVPAn extra precaution.
see here for details: http://www.tech-faq.com/127-0-0-1.html
No problem can be solved from the same level of consciousness that created IT- AE
-
-
-
-
February 18, 2017 at 3:31 am #95310
Microfix
AskWoody MVPAdditional Privacy Tweaks Note 3):
Setting the ‘dom.storage.enabled’ entry to false can “break” some websites as they are reliant on DOM storage tracking.
Changing this setting should therefore be done with caution.
If you have done this and find website does not display, revert setting back to default.
No problem can be solved from the same level of consciousness that created IT- AE1 user thanked author for this post.
-
April 18, 2017 at 12:37 pm #109333
Microfix
AskWoody MVPAn additional security tweak for a link issue which has recently resurfaced using language coding for weblinks.
The problem: Some letters in other languages like Cyrillic are different but look almost identical. You can get identical-looking versions of “a”, “B”, “c”, “i”, “l”, “O” and “p,” among others.
So by combining the codes for these other letters with non-coded letters you can appear to spell out a word like “apple,” therefore tricking people into visiting a different website from the one they think they are visiting.
To avoid this go to:
about:config
set the following string to TRUE
network.IDN_show_punycode
Source: Here
In depth info: Link
No problem can be solved from the same level of consciousness that created IT- AE -
May 26, 2017 at 6:25 pm #118275
Rick R
AskWoody LoungerI want to point out that anyone resetting “dom.storage.enabled” = False, will encounter an issue with the Microsoft Catalog.
Thanks to Microfix for mentioning potential issues regarding websites. It helped me identify the change that broke MS catalog.
I use the MSCat for Group B downloads, so for others in B, set this to default (True).
This is what you get with “False” set.
Attachments:
You must be logged in to access attached files.
1 user thanked author for this post.
-
May 26, 2017 at 6:29 pm #118279
PKCano
ManagerThe Group B patches are also available each month on this site in AKB2000003
1 user thanked author for this post.
-
-
April 22, 2018 at 11:19 am #186385
anonymous
GuestFor the truly adventurous, here’s a link to the ghacks website and an article by Martin Brinkmann on all kinds of Firefox tweaks for privacy and security. Remember, YMMV and some settings, such as those mentioned in posts above, may “break” certain or possibly most websites, so tread with caution. I suggest reading the explanations above each section to see what’s involved with that section to see if you really need to pay attention to it or if you feel you can ignore it.
The link was on this thread some time ago, but must’ve bitten the big one with the server migrations of recent months. If it’s still listed above, my sincerest apologies and feel free to delete this post.
Ok, here’s the link:https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/
As noted on the page itself, the list has been updated to reflect certain changes in newer editions of Firefox. Latest changes were last year, 2017. Enjoy!
-
July 18, 2018 at 11:18 am #204269
Microfix
AskWoody MVPFor Firefox Quantum 61.0 or greater, change the following attributes within about:config
1) Type: security.tls.version.min set to 3 (1 = TLS 1.0 / 2 = TLS 1.1/ 3 = TLS 1.2)
2) Type: security.tls.version.max set to 4 (Enables TLS 1.3)Remember: to take note of your existing settings prior to changing, should you need to revert back due to some websites not functioning properly.
No problem can be solved from the same level of consciousness that created IT- AE1 user thanked author for this post.
-
December 17, 2018 at 12:13 pm #240902
anonymous
Guest? says:
found this tidbit (only 10 months after)
as always, Martin is on it :
https://www.ghacks.net/2018/03/20/firefox-dns-over-https-and-a-worrying-shield-study/
and:
https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
if u have ever looked at the in/out traffic on wireshark…
-
January 21, 2019 at 3:59 pm #314783
-
March 16, 2019 at 8:57 pm #342423
DriftyDonN
AskWoody Plus -
August 22, 2019 at 9:15 pm #1915496
anonymous
Guest? says:
building yet another linux \w Firefox (loads more fun than watching the pain(t) dry on Microsoft) and stumbled upon thesse 3 additional security\telemetry tweaks:
https://www.ghacks.net/2017/10/14/what-is-pingsender-exe-on-windows/
https://www.askvg.com/tip-disable-telemetry-and-data-collection-in-mozilla-firefox-quantum/
and: ui.submenu.Delay (=0) just for fun!
-
August 23, 2019 at 4:22 pm #1917021
anonymous
Guest? says:
here is a way to disable “dom.push.enabled in “about:config:” in FF from a few years ago:
https://www.ghacks.net/2015/11/04/everything-you-need-to-know-about-push-notifications-in-firefox/
there used to be a setting in about:preferences. i turned off APPLE PUSH in itunes long ago. i object to being “pushed” especially if i’m not sure what i’m being “pushed,” into…
-
February 1, 2020 at 8:55 pm #2124421
Kirsty
ManagerFirefox now shows what telemetry data it’s collecting about you
Users can no go to about:telemetry and see what Mozilla is collecting about their Firefox installs.By Catalin Cimpanu | February 1, 2020
There is now a special page in the Firefox browser where users can see what telemetry data Mozilla is collecting from their browser.Accessible by typing about:telemetry in the browser’s URL address bar, this new section is a recent addition to Firefox.
The page shows deeply technical information about browser settings, installed add-ons, OS/hardware information, browser session details, and running processes.
…
However, if users are still uncomfortable with allowing Mozilla to collect even the most basic details about their browser install, they can disable Firefox’s telemetry feature from the browser’s settings section, at about:preferences#privacy in the “Firefox Data Collection and Use” section
Read the full article here-
February 1, 2020 at 9:13 pm #2124432
-
-
-
AuthorPosts
Viewing 21 reply threads - This topic has 38 replies, 12 voices, and was last updated 11 months, 3 weeks ago by
-
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search The Lounge
Recent Replies
Bob99 on Find the cable modem that’s just right for your ISP
17 minutes agoBundaburra on Which version of MS Office should we buy and where can we get it?
19 minutes agoDrcard:)) on How to put a picture ("Avatar") on your replies
23 minutes agogeekdom on Which version of MS Office should we buy and where can we get it?
1 hour, 52 minutes agoabbodi86 on Tasks for the weekend – January 9, 2021
2 hours, 36 minutes agoBundaburra on Fiber optic not available; options please
2 hours, 46 minutes agojohnf on Laptop with home and work networks
3 hours, 8 minutes agoRoger on Which version of MS Office should we buy and where can we get it?
3 hours, 9 minutes agoSFB on Find the cable modem that’s just right for your ISP
3 hours, 11 minutes agoBundaburra on Which version of MS Office should we buy and where can we get it?
3 hours, 21 minutes agoBill C. on Four GB of RAM vanishes … but then reappears
3 hours, 26 minutes agoCijan on Tasks for the weekend – January 9, 2021
3 hours, 33 minutes agodeuce120 on Susan recommending version 2004
4 hours, 10 minutes agoSusan Bradley on So I opened up an HP and where’s the hard drive?
4 hours, 18 minutes agoSusan Bradley on So I opened up an HP and where’s the hard drive?
4 hours, 19 minutes agoanonymous on What Linux is and why it has persisted
4 hours, 20 minutes agoanonymous on What Linux is and why it has persisted
4 hours, 20 minutes agoanonymous on What Linux is and why it has persisted
4 hours, 20 minutes agoanonymous on What Linux is and why it has persisted
4 hours, 20 minutes agoanonymous on What Linux is and why it has persisted
4 hours, 21 minutes agoanonymous on Windows 10 2004/20H2 Not Being Offered Due to Conexant HD Audio Issue
4 hours, 21 minutes agogeekdom on Is this the best science fiction show ever?
5 hours, 5 minutes agogeekdom on PNY Flash Drive Problem
5 hours, 12 minutes agoalkhall on So I opened up an HP and where’s the hard drive?
5 hours, 13 minutes agoLoneWolf on So I opened up an HP and where’s the hard drive?
5 hours, 16 minutes agocarpintero on How to be sure Flash Player is gone everywhere in Win10-1909?
5 hours, 48 minutes agoDriftyDonN on Find the cable modem that’s just right for your ISP
5 hours, 56 minutes agoDriftyDonN on Find the cable modem that’s just right for your ISP
5 hours, 59 minutes agocyberSAR on Susan recommending version 2004
6 hours, 44 minutes agoKirsty on Fiber optic not available; options please
6 hours, 50 minutes ago
Recent Topics
-
Linux is now completely usable on the Mac mini M1
6 hours, 19 minutes ago
-
User Feed Synchronization – Disable/Delete Task?
6 hours, 57 minutes ago
-
AV Alert from JetAudio Plus
8 hours, 33 minutes ago
-
System Restore Stopped Working
10 hours, 19 minutes ago
-
Malwarebytes was targeted by SolarWinds hackers too
18 hours, 42 minutes ago
-
So I opened up an HP and where’s the hard drive?
4 hours, 18 minutes ago
-
Which version of MS Office should we buy and where can we get it?
20 minutes ago
-
Fiber optic not available; options please
2 hours, 47 minutes ago
-
Best W10-Pro updater program ?
18 hours, 24 minutes ago
-
Accessing Old Laptop HD
18 hours, 12 minutes ago
-
DNSpooq lets attackers poison DNS cache – A Patch
1 day, 6 hours ago
-
Nitro data breach – what does it mean to me?
19 hours, 32 minutes ago
-
Check Point : “FreakOut” malware exploits new Linux vulnerabilities
1 day, 7 hours ago
-
How to STOP Outlook Hotmail config forcing signin to Office 2019
1 day, 7 hours ago
-
Permission on public desktop gets reset
1 day, 8 hours ago
-
Surface Pro 4 & Win v2004 update fail
1 day, 7 hours ago
-
Extra USB Sound driver?
17 hours, 58 minutes ago
-
PNY Flash Drive Problem
5 hours, 13 minutes ago
-
Windows 10 bug crashes your PC when you access this location
2 days, 7 hours ago
-
Doesn’t like external FAT32 HDD
7 hours, 11 minutes ago
-
Why won’t Task Scheduler launch Office product
9 hours, 32 minutes ago
-
Susan recommending version 2004
4 hours, 10 minutes ago
-
Replace Images for Text in Word
2 days, 9 hours ago
-
Windows 10 internet connection freezes
1 day, 16 hours ago
-
Windows Defender In Win 10 Concern
10 hours, 58 minutes ago
-
Laptop with home and work networks
3 hours, 8 minutes ago
-
Top 40+ iOS 14 Tips and Tricks
2 days, 15 hours ago
-
What Linux is and why it has persisted
4 hours, 20 minutes ago
-
Find the cable modem that’s just right for your ISP
17 minutes ago
-
Four GB of RAM vanishes … but then reappears
3 hours, 26 minutes ago
Search for Topics
Recent blog posts
- So I opened up an HP and where’s the hard drive?
- What Linux is and why it has persisted
- Find the cable modem that’s just right for your ISP
- Four GB of RAM vanishes … but then reappears
- Wow! Even more Office updates!
- Giving you the choice
- Tasks for the weekend – January 16, 2021
- Zero day Windows 10 bug
Key Links
Copyright © 2004 – 2021 AskWoody Tech LLC. All rights reserved.