If you use the Windows Operating system, Microsoft presents you with either Internet Explorer or Microsoft Edge as your default web browser. Mac OS users are presented Safari by default. I believe OSINT investigators and cybersecurity professionals should avoid these at all costs. All are inferior in my opinion, and you will encounter difficulties with some of the websites and services mentioned later. Therefore, we need a better browser.
Mozilla Firefox is a free and open-source web browser developed by the Mozilla Foundation. It has a great reputation for protecting users’ privacy since its launch. In fact, the Tor project uses Firefox as the preferred engine for its Tor Browser bundle.
Check The Browser Fingerprint
A browser fingerprint is any information that is used to identify your machine online. It can be used to fully or partially identify individual users or devices even when cookies are turned off. Browser fingerprinting is used to identify individual users online and is considered, relatively, a new technique for tracking and recording the online activities of users stealthily.
Browser fingerprinting can reveal a great amount of information about your computer. It works by loading a script (generally JavaScript or Flash) into your browser. Once it has loaded successfully, it will detect a wide array of technical information about your computer, such as screen resolution, OS type, supported fonts, browser type and version, add-ons installed, and even your PC hardware components. A hash is then made based on the information the script has collected. That hash can help identify and track your computer like an IP address would. A digital fingerprint can draw a comprehensive unique picture about each user, allowing different outside parties to easily profile people without using traditional tracking techniques like computer IP addresses and cookies.
Fingerprinting is currently considered the greatest risk that faces users when surfing online. Let’s begin by seeing what your current digital fingerprint shows to the public. The following are two web sites that offer such services for free.
Browserleaks
Here, you will find the gallery of web browser security testing tools that tell you what exactly personal identifiable data may be leaked without any permissions when you surf the Internet. On this site, you will find the set of tools that can be used to reveal your digital fingerprint divided into groups; click each one to see a detailed report.
- https://browserleaks.com/webrtc: This page displays whether your browser is blocking WebRTC IP leaks as previously mentioned. The goal is to receive all red "False" responses.
- https://browserleaks.com/geo: This page identifies whether your browser is sharing location data. The optimal response is a red "Denied" result.
- https://browserleaks.com/proxy: This page discloses any unique filtering within your network which could make you a more unique visitor to a site. The goal is to receive all red "not detected" results, unless you approve of the technology filter. You may see uBlock filters, which eliminate specific data from entering your session.
- https://browserleaks.com/social: This page displays any social networks or online marketplaces which place a login cookie on your machine. As an example, if you are logged in to an Amazon account, you should see evidence of that here. This is a good test to ensure your Firefox containers are functioning properly.
- https://browserleaks.com/javascript: This page displays the information available about your connection to any site you visit. Interesting areas include local time, browser identifiers, and operating system data.
- https://browserleaks.com/flash: This page displays whether the Flash plugin is installed. My preference is that it is never used.
- https://browserleaks.com/silverlight: This page displays whether the Silverlight plugin is installed. My preference is that it is never used.
- https://browserleaks.com/java: This page displays whether the Java plugin is installed. My preference is that it is never used.
- https://browserleaks.com/donottrack: This page displays your "Do Not Track" browser settings.
Cover Your Tracks
CoverYourTracks is a research project created by the Electronic Frontier Foundation. It will analyse how well your browser and add-ons protect you against online tracking techniques.
Hardening Firefox for Privacy
In this section, we will give technical advice on how to modify the Firefox settings to assure your online privacy and lower the amount of data leaking from your browser. Once installed, execute the application and consider the following modifications.
- Click on the menu in the upper right and select "Settings".
- In the General options, scroll down to the "Browsing" pane and uncheck "Recommend extensions as you browse" and "Recommend features as you browse". This prevents some internet usage information from being sent to Firefox.
- In the Home options, change "Homepage and new windows" and "New tabs" to "Blank page". This prevents Firefox from loading their own site or services in new pages and tabs.
- In the Search options, change the default search engine to DuckDuckGo and uncheck the "Provide search suggestions" box. This prevents queries from going directly to Google, and blocks the Google API from offering search suggestions.
- In the Privacy & Security options, select the "Strict" option under Browser Privacy.
- Check the box titled "Delete cookies and site data when Firefox is closed" under Cookies and Site Data.
- Uncheck the box titled "Ask to save logins and passwords for websites" under the Logins and Passwords pane.
- Change the History setting to "Firefox will use custom settings for history".
- Uncheck the boxes "Remember browsing and download history" and "Remember search and form history".
- Check the box titled "Clear history when Firefox closes". Do not check the box titled "Always use private browsing mode", as this will break Firefox Containers.
- Uncheck "Browsing history" from the "Address Bar" menu.
- In the Permissions menu, click "Settings" next to Location, Camera, Microphone, and Notifications. Check the box titled "Block new requests ... " on each of these options.
- Uncheck all options under "Firefox Data Collection and Use" .
- Uncheck all options under "Deceptive Content and Dangerous Software Protection". This will prevent Firefox from sharing potential malicious site visits with third-party services. This leaves you more exposed to undesired software attacks, but protects your internet history.
After configuring the basic settings of Firefox to become more privacy friendly, you need to access its advanced options menu to make it more robust against cyber-attacks and user profiling.
To access the Firefox advanced settings, type about:config in the URL address bar of your browser (see Figure below). A warning message will appear; hit the button “Accept the risk and continue!” to access the advanced settings panel.
Some of these about:config settings may already be on the "correct" setting, but most probably will not. To change most of these settings you can simply double-click the setting to toggle it between "True" and "False". Some may require additional input, such as a number. Because the list of about:config settings contain hundreds of entries, you will probably wish to search for all of these through the search bar in the about:config interface.
- geo.enabled: FALSE - This will disable geolocation tracking, which may be requested by a site you are visiting. As explained by Mozilla, this preference is enabled by default and utilizes Google Location Services to pinpoint your location. In order to do that, Firefox sends Google:
- Your computer’s IP address
- Information about nearby wireless access points
- A random client identifier, which is assigned by Google (expires every two weeks)
- Other geolocation tracking features to consider include:
- geo.wifi.uri - Set this to blank
- browser.search.geoip.url - Set this to blank
- privacy.trackingprotection.enabled: TRUE - actively blocks domains which are known to track users. Sometimes Tracking Protection can cause issues with websites. Personally I’ve seen it interfere with third-party login systems and shopping carts. You may choose to disable Tracking Protection for a particular site by clicking on the shield icon and selecting “Disable protection for this site.” Once Tracking Protection is disabled for a site, you will see a shield with a red strike-through. You may choose to re-enable Tracking Protection for the site by clicking the shield icon again and selecting “Enable protection”. This will use a Disconnect.me filter list, but may be redundant if you are using uBlock Origin 3rd party filters.
- privacy.resistFingerprinting:TRUE - will help to make Firefox more resistant to browser fingerprinting.
- privacy.trackingprotection.cryptomining.enabled:TRUE - This will block crypto-miners.
- privacy.firstparty.isolate:TRUE - Changing this to true will isolate cookies to the first party domain, which prevents tracking across multiple domains. First party isolation also does much more than isolating cookies, it affects: cookies, cache, HTTP Authentication, DOM Storage, Flash cookies, SSL and TLS session resumption, Shared Workers, blob URIs, SPDY and HTTP/2, automated cross-origin redirects, window.name, auto-form fill, HSTS and HPKP supercookies, broadcast channels, OCSP, favicons, mediasource URIs and Mediastream, speculative and prefetched connections.
- places.history.enabled:FALSE - Disables recording of visited websites.
- browser.formfill.enable: FALSE - To force Firefox to forget form information.
- browser.cache.memory.enable: FALSE - Disables caching in memory
- browser.safebrowsing.phishing.enabled: FALSE - This setting disables Google's "Safe Browsing" and phishing protection. If this setting is "true" Google will be able to scan (and store) the sites that you visit for the presence of malware.
- browser.safebrowsing.malware.enabled: FALSE - Again, this disables Google's ability to monitor your web traffic for malware, storing the sites you visit. To disable Google's ability to monitor your internet traffic, consider the following options below in addition to the ones discussed above:
- browser.safebrowsing.downloads.enabled = FALSE
- browser.safebrowsing.provider.google4.dataSharing.enabled = blank
- browser.safebrowsing.provider.google4.updateURL = blank
- browser.safebrowsing.provider.google4.reportURL = blank
- browser.safebrowsing.provider.google4.reportPhishMistakeURL = blank
- browser.safebrowsing.provider.google4.reportMalwareMistakeURL = blank
- browser.safebrowsing.provider.google4.lists = blank
- browser.safebrowsing.provider.google4.getHashURL = blank
- browser.safebrowsing.provider.google4.dataSharingURL = blank
- browser.safebrowsing.provider.google4.dataSharing.enabled = FALSE
- browser.safebrowsing.provider.google4.advisoryURL = blank
- browser.safebrowsing.provider.google4.advisoryName = blank
- browser.safebrowsing.provider.google.updateURL = blank
- browser.safebrowsing.provider.google.reportURL = blank
- browser.safebrowsing.provider.google.reportPhishMistakeURL = blank
- browser.safebrowsing.provider.google.reportMalwareMistakeURL = blank
- browser.safebrowsing.provider.google.pver = blank
- browser.safebrowsing.provider.google.lists = blank
- browser.safebrowsing.provider.google.advisoryURL = blank
- browser.safebrowsing.provider.google.getHashURL = blank
- browser.safebrowsing.downloads.remote.url = blank
- media.navigator.enabled: FALSE - Website operators will identify your computer as unique to enable tracking around the web. One such tactic is to track the status of your webcam and microphone (ON/OFF). This disables the ability for website operators to see this information.
- browser.cache.disk.enable: FALSE - Firefox can cache data to disk. This is dangerous because some of your browsing history may reside on your disk even after you delete all your previous browsing history. To disable this feature, set this field to false. You need to do the same with the setting browser.cache.disk_cache_ssl because Firefox has two setting for the content cache, one for normal websites and the second for secure websites (has SSL in its name).
- browser.cache.offline.enable: FALSE - You must also prevent Firefox from caching web contents for offline use by changing this setting to false
- dom.battery.enabled: FALSE - Another technique used by website operators to track you is to view your exact battery levels. This setting blocks this information.
- extensions.pocket.enabled: FALSE - This disables the proprietary Pocket service.
- network.trr.mode - Change from O to 2. This will be used for encrypted DNS.
- network.cookie.alwaysAcceptSessionCookies: FALSE - Disables acceptance of session cookies.
- network.dnsCacheEntries - (Set this value to 100) Number of cached DNS entries. Lower number = More requests but less data stored.
- network.dnsCacheExpiration - Time DNS entries are cached in seconds.Set this value to 60.
- network.cookie.cookieBehaviour - This is an integer type preference with different values. Here are the cookie preference options:
- 0 = Accept all cookies by default
- 1 = Only accept from the originating site (block third-party cookies)
- 2 = Block all cookies by default
- 3 = Block cookies from unvisited sites
- 4 = New Cookie Jar policy (prevent storage access to trackers)
- Any selection between 1 and 4 would improve privacy. The New Cookie Jar policy (value 4) offers more protection, but it may also break the functionality of some websites.
- network.security.esni.enabled: Change from False to True, also for encrypted DNS.
- It is a good idea to ask Firefox to throw away all cookies automatically every time you close your browser. To do this, change the setting network.cookie.lifetimePolicy to 2. To change its value, double-click and enter 2 at the prompt. The different options are:
- 0 = Accept cookies normally
- 1 = Prompt for each cookie
- 2 = Accept for current session only
- 3 = Accept for N days
- network.dns.disablePrefetch: TRUE - Setting this preference to true will disable Firefox from “prefetching” DNS requests. While advanced domain name resolution may slightly improve page load speeds, this also comes with some risks.
- network.dns.disableIPV6: TRUE - If your OS or ISP does not support IPv6, there is no reason to have this preference set to false.
- network.prefetch-next: FALSE - Prevent pages from being prefetched by Firefox. Mozilla has deployed this feature to speed up web pages that you might visit. However, it will use up resources and poses a risk to privacy
- network.websocket.enabled: FALSE - WebSockets is a technology that makes it possible to open an interactive communication session between the user's browser and a server. (May leak IP when using proxy/VPN).
- network.http.speculative-parallel-limit - Set this value to zero to disable prefetch link on hover.
- network.http.sendRefererHeader - Tells website where you came from. Setting this value to 0 disables this feature. However, it may break some sites. Other available options include:
- 0 = Disable referrer headers
- 1 = Send only on clicked links
- 2 = (default) Send for links and images
- network.http.sendSecureXsiteReferrerHeader: FALSE - Disable referrer headers between https websites.
- network.http.referer.spoofSource: TRUE - Send fake referrer (if choose to send referrers).
- The most interesting setting that can reveal your list of installed plug-ins is plugin.scan.plid.all. It is essential to disable this setting so visited web sites will not be able to distinguish your browser from the add-on already installed (to minimize browser footprinting). In addition, some web sites may ask you to disable an ad blocker to view their web site because they can detect if you have an ad blocker already activated in your browser. Change this setting to false.
- plugins.enumerables_names: blank - Setting this value to blank disables site reading installed plugins.
- webgl.disabled: TRUE - WebGL is a security risk and should be disabled. Also it can be used to fingerprint your browser.
- dom.event.clipboardevents.enabled: FALSE - This prevents websites from getting notifications if you copy, paste, or cut something from the page.
- dom.event.contextmenu.enabled: FALSE - Don't allow websites to prevent use of right-click, or otherwise messing with the context menu.
- media.eme.enabled: FALSE - This disables the playback of DRM-controlled HTML5 content.
- network.IDN_show_punycode: TRUE - Help protect from character 'spoofing' (IDN homograph attacks) eg: xn--80ak6aa92e.com -> аррӏе.com
- To disable calls to home page every time Firefox is started or home page is visited, adhere to the following configuration settings.
- browser.selfsupport.url = blank
- browser.aboutHomeSnippets.updateUrL = blank
- browser.startup.homepage_override.mstone = ignore
- browser.startup.homepage_override.buildID = blank
- startup.homepage_welcome_url = blank
- startup.homepage_welcome_url.additional = blank
- startup.homepage_override_url = blank
- browser.send_pings: FALSE - Prevent website tracking clicks.
- browser.send_pings.require_same_host: TRUE - Only send pings if send and receiving host match (same website).
- extensions.pocket.api - Set this to blank. This disables third-party closed-source Pocket integration. Note: this is browser.pocket.enabled for older versions of Firefox.
- extension.pocket.site - Set this to blank.
- extension.pocket.oAuthConsumerKey - Set this to blank.
WebRTC
WebRTC stands for “Web Real-Time Communication” and it allows for voice, video chat, and P2P sharing through your browser. Unfortunately, this capability can also expose your real IP address through browser STUN requests, even if you are using a good VPN service. To disable WebRTC in Firefox simply adjust to the following settings:
- media.peerconnection.enabled: FALSE
- media.peerconnection.turn.disable: TRUE
- media.peerconnection.use_document_iceservers: FALSE
- media.peerconnection.video.enabled: FALSE
In addition to adhering very strictly to these settings, you may wish to harden your browser for more improved privacy by installing some Firefox add-ons listed below:
- uBlock Origin - Click on the uBlock Origin icon in the menu and select the Dashboard icon to the right. This will open a new tab with the program's configuration page. On the Settings tab, click the option of"I am an advanced user". Click on the Filter lists tab and consider enabling additional data sets that will protect your computer. I select all options within the Ads, Privacy, Malware Domains, and Annoyances categories. After you have made your selection, click the Update Now button at the top of the page. This will refresh all of the data and apply your new settings. You now have extended protection that will be applied to all visited websites without any interaction from you. When you encounter a web page with a lot of advertisements, such as a news media website, it should load much faster. It will block many of the pop-ups and auto-play media that can be quite annoying when conducting research.
- Decentraleyes - This complements the uBlock Origin extension. Websites have increasingly begun to rely on large third parties for content delivery, such as tracking software supplied by Google, Microsoft and various content delivery networks. Blocking this specific code which tracks your activity can often break the website you are visiting. Decentraleyes provides local files to replace the otherwise necessary content in order to improve online privacy.
- HTTPS Everywhere - HTTPS Everywhere is a Firefox extension to protect your communications by enabling HTTPS encryption automatically on sites that are known to support it, even when you type URLs or follow links that omit the https: prefix.
- User-Agent Switcher - Spoof websites trying to gather information about your web navigation—like your browser type and operating system—to deliver distinct content you may not want.
Post a Comment