Firefox based browser add-ons and privacy tweaks
🦊 Ublock Origin
https://addons.mozilla.org/firefox/addon/ublock-origin
🦊 Privacy Badger
https://www.eff.org/privacybadger
🦊 Privacy Possum
https://addons.mozilla.org/firefox/addon/privacy-possum
🦊 HTTPS Everywhere
https://www.eff.org/https-everywhere
🦊 Decentraleyes block CDN
https://addons.mozilla.org/firefox/addon/decentraleyes
🦊 User-Agent Switcher
https://addons.mozilla.org/firefox/addon/uaswitcher
🦊 Disable webrtc ip leaks
https://addons.mozilla.org/firefox/addon/happy-bonobo-disable-webrtc
🦊 Forget Me Not - Forget cookies & other data
https://addons.mozilla.org/firefox/addon/forget_me_not
🦊 Cookie AutoDelete
https://addons.mozilla.org/firefox/addon/cookie-autodelete
🦊 Privacy settings
https://addons.mozilla.org/firefox/addon/privacy-settings
🦊 Canvas Defender
https://addons.mozilla.org/firefox/addon/no-canvas-fingerprinting
🦊 Dark Background and Light Text
https://addons.mozilla.org/firefox/addon/dark-background-light-text/
🦊 Bloody Vikings! Temp email
https://addons.mozilla.org/firefox/addon/bloody-vikings/
The following add-ons require quite a lot of interaction from user to get things working. Some sites will not work properly until you have configured the add-ons.
🦊 uMatrix
https://addons.mozilla.org/firefox/addon/umatrix
🦊 NoScript
https://addons.mozilla.org/firefox/addon/noscript
📝 Firefox Privacy Related "about:config" Tweaks
https://www.privacytools.io/#about_config
📄 ffprofile.com Helps you to create a Firefox profile with the defaults you like.
📖 Security and privacy-related preferences.
http://kb.mozillazine.org/Category:Security_and_privacy-related_preferences
📋 user.js Firefox hardening stuff - This is a user.js configuration file for Mozilla Firefox that's supposed to harden Firefox's settings and make it more secure.
https://github.com/pyllyukko/user.js
🎤 Share your suggestions:
https://t.me/joinchat/FyFlS0X2D7f6YNvdxhEsfw
📡 @NoGoolag
#ff #firefox
🦊 Ublock Origin
https://addons.mozilla.org/firefox/addon/ublock-origin
🦊 Privacy Badger
https://www.eff.org/privacybadger
🦊 Privacy Possum
https://addons.mozilla.org/firefox/addon/privacy-possum
🦊 HTTPS Everywhere
https://www.eff.org/https-everywhere
🦊 Decentraleyes block CDN
https://addons.mozilla.org/firefox/addon/decentraleyes
🦊 User-Agent Switcher
https://addons.mozilla.org/firefox/addon/uaswitcher
🦊 Disable webrtc ip leaks
https://addons.mozilla.org/firefox/addon/happy-bonobo-disable-webrtc
🦊 Forget Me Not - Forget cookies & other data
https://addons.mozilla.org/firefox/addon/forget_me_not
🦊 Cookie AutoDelete
https://addons.mozilla.org/firefox/addon/cookie-autodelete
🦊 Privacy settings
https://addons.mozilla.org/firefox/addon/privacy-settings
🦊 Canvas Defender
https://addons.mozilla.org/firefox/addon/no-canvas-fingerprinting
🦊 Dark Background and Light Text
https://addons.mozilla.org/firefox/addon/dark-background-light-text/
🦊 Bloody Vikings! Temp email
https://addons.mozilla.org/firefox/addon/bloody-vikings/
The following add-ons require quite a lot of interaction from user to get things working. Some sites will not work properly until you have configured the add-ons.
🦊 uMatrix
https://addons.mozilla.org/firefox/addon/umatrix
🦊 NoScript
https://addons.mozilla.org/firefox/addon/noscript
📝 Firefox Privacy Related "about:config" Tweaks
https://www.privacytools.io/#about_config
📄 ffprofile.com Helps you to create a Firefox profile with the defaults you like.
📖 Security and privacy-related preferences.
http://kb.mozillazine.org/Category:Security_and_privacy-related_preferences
📋 user.js Firefox hardening stuff - This is a user.js configuration file for Mozilla Firefox that's supposed to harden Firefox's settings and make it more secure.
https://github.com/pyllyukko/user.js
🎤 Share your suggestions:
https://t.me/joinchat/FyFlS0X2D7f6YNvdxhEsfw
📡 @NoGoolag
#ff #firefox
Get rid of annoying cookie warnings from almost all "infected" websites
The EU regulations require that any website using cookies must get user's permission before installing them. These warnings appear on most websites until the visitor agrees with the website's terms and conditions. Imagine how irritating that becomes when you surf anonymously or if you delete cookies automatically every time you close the browser.
This add-on will remove these annoying cookie warnings from almost all websites! You can report any website which still warns you about cookies: make a right click and choose 'Report a cookie warning' from the menu.
By using this add-on, you explicitly allow websites to do whatever they want with cookies they set on your computer (which they mostly do anyway, whether you allow them or not). Please educate yourself about cookie related privacy issues and ways to protect yourself and your data. For example, you can block 3rd party cookies, install ad blocking extensions and then block tracking tools, delete browsing data regularly, enable Tracking Protection in your browser etc.
Options:
🍪 Ublock Origin
https://addons.mozilla.org/firefox/addon/ublock-origin
Ublock settings -> Annoyance list -> select Fanboy's Cookiemonster list
🍪 I don't care about cookies
https://www.i-dont-care-about-cookies.eu
Firefox
https://addons.mozilla.org/addon/i-dont-care-about-cookies/
Chrome
https://chrome.google.com/webstore/detail/i-dont-care-about-cookies/fihnjjcciajhdojfnbdddfaoknhalnja
Palemoon
https://addons.palemoon.org/extensions/other/i-dont-care-about-cookies
Ublock Origin
https://www.i-dont-care-about-cookies.eu/abp/
🍪 Consent Manager
Firefox
https://addons.mozilla.org/en-US/firefox/addon/consent-manager/
Chrome
https://chrome.google.com/webstore/detail/consent-manager/gpkoajillfmlpnglbagpplnphadbfalh
#cookies #extension #firefox #ff #chrome
The EU regulations require that any website using cookies must get user's permission before installing them. These warnings appear on most websites until the visitor agrees with the website's terms and conditions. Imagine how irritating that becomes when you surf anonymously or if you delete cookies automatically every time you close the browser.
This add-on will remove these annoying cookie warnings from almost all websites! You can report any website which still warns you about cookies: make a right click and choose 'Report a cookie warning' from the menu.
By using this add-on, you explicitly allow websites to do whatever they want with cookies they set on your computer (which they mostly do anyway, whether you allow them or not). Please educate yourself about cookie related privacy issues and ways to protect yourself and your data. For example, you can block 3rd party cookies, install ad blocking extensions and then block tracking tools, delete browsing data regularly, enable Tracking Protection in your browser etc.
Options:
🍪 Ublock Origin
https://addons.mozilla.org/firefox/addon/ublock-origin
Ublock settings -> Annoyance list -> select Fanboy's Cookiemonster list
🍪 I don't care about cookies
https://www.i-dont-care-about-cookies.eu
Firefox
https://addons.mozilla.org/addon/i-dont-care-about-cookies/
Chrome
https://chrome.google.com/webstore/detail/i-dont-care-about-cookies/fihnjjcciajhdojfnbdddfaoknhalnja
Palemoon
https://addons.palemoon.org/extensions/other/i-dont-care-about-cookies
Ublock Origin
https://www.i-dont-care-about-cookies.eu/abp/
🍪 Consent Manager
Firefox
https://addons.mozilla.org/en-US/firefox/addon/consent-manager/
Chrome
https://chrome.google.com/webstore/detail/consent-manager/gpkoajillfmlpnglbagpplnphadbfalh
#cookies #extension #firefox #ff #chrome
https://www.bleepingcomputer.com/news/software/firefox-addons-being-disabled-due-to-an-expired-certificate/
#ff
#ff
BleepingComputer
Firefox Addons Being Disabled Due to an Expired Certificate
Mozilla Firefox users are discovering that all of their addons were suddenly disabled. It turns out that this is being caused by an expired intermediary certificate used to sign Mozilla addons.
Firefox's Enhanced Tracking Protection whitelists Google, Instagram... and Winamp?
Firefox adds Enhanced Tracking Protection that blocks tacking cookies. But specifically allows tracking from Google, Amazon, Microsoft, Yahoo. Adobe, and ... Winamp?
https://www.invidio.us/watch?v=UqkeZIPLY5M
https://www.youtube.com/watch?v=UqkeZIPLY5M
Web player: http://podplayer.net/?id=72699650
mp3: https://www.robertabittle.com/podcasts/lunduke/Firefox-39s-Enhanced-Tracking-Protection-whitelists-Google-Instagram-and-Winamp-UqkeZIPLY5M.mp3
More info about this:
https://t.me/ffconfig/55
#ff #firefox #tracking
Firefox adds Enhanced Tracking Protection that blocks tacking cookies. But specifically allows tracking from Google, Amazon, Microsoft, Yahoo. Adobe, and ... Winamp?
https://www.invidio.us/watch?v=UqkeZIPLY5M
https://www.youtube.com/watch?v=UqkeZIPLY5M
Web player: http://podplayer.net/?id=72699650
mp3: https://www.robertabittle.com/podcasts/lunduke/Firefox-39s-Enhanced-Tracking-Protection-whitelists-Google-Instagram-and-Winamp-UqkeZIPLY5M.mp3
More info about this:
https://t.me/ffconfig/55
#ff #firefox #tracking
Google Chrome has become surveillance software. It’s time to switch
https://outline.com/X5zMVJ
https://www.washingtonpost.com/technology/2019/06/21/google-chrome-has-become-surveillance-software-its-time-switch/?noredirect=on
Our latest privacy experiment found Chrome ushered more than 11,000 tracker cookies into our browser — in a single week. Here’s why Firefox is better.
#google #chrome #firefox #ff #why
📡 @NoGoolag
https://outline.com/X5zMVJ
https://www.washingtonpost.com/technology/2019/06/21/google-chrome-has-become-surveillance-software-its-time-switch/?noredirect=on
Our latest privacy experiment found Chrome ushered more than 11,000 tracker cookies into our browser — in a single week. Here’s why Firefox is better.
#google #chrome #firefox #ff #why
📡 @NoGoolag
Outline
Review | Google Chrome has become surveillance software. It’s time to switch.
Our latest privacy experiment found Chrome ushered more than 11,000 tracker cookies into our browser — in a single week.
user.js-updater by Fennec F-Droid | CHAT
Apply a security and privacy enhanced configuration to Firefox based browsers on android with this app:
https://github.com/v1nc/user.js-updater
1️⃣ Download and install Fennec F-Droid.
2️⃣ Download and install user.js-updater app from HERE
3️⃣ Start for the first time (offline mode/no data connections) and wait about 5 sec.
4️⃣ Close Fennec.
5️⃣ Open user.js-updater app.
6️⃣ Select the browser you want to apply user.js through the "SELECT BROWSER" bar at the top.
7️⃣ Select custom and paste in "custom user.js url" bar this link:
https://git.nixnet.xyz/quindecim/fennec_user.js/raw/branch/master/user.js
or MIRRORS:
https://git.lelux.fi/quindecim/fennec_user.js/raw/branch/master/user.js
https://git.lushka.al/quindecim/fennec_user.js/raw/branch/master/user.js
8️⃣ Tap "UPDATE" at the bottom and grant root permission to proceed.
9️⃣ Start Fennec and test:
_ Go to: about:config
_ Look if config.applied is true
❇️ Remember to enable connection to "Media Storage, Download Manager, Downloads, MTP Host" to see the app work correctly.
After applying, add ublock origin and extra blocking lists: https://lushka.al/blocklist/
📡: https://t.me/qd_invitation
#ff #firefox #fennec #browser #hardening #userjs
Apply a security and privacy enhanced configuration to Firefox based browsers on android with this app:
https://github.com/v1nc/user.js-updater
1️⃣ Download and install Fennec F-Droid.
2️⃣ Download and install user.js-updater app from HERE
3️⃣ Start for the first time (offline mode/no data connections) and wait about 5 sec.
4️⃣ Close Fennec.
5️⃣ Open user.js-updater app.
6️⃣ Select the browser you want to apply user.js through the "SELECT BROWSER" bar at the top.
7️⃣ Select custom and paste in "custom user.js url" bar this link:
https://git.nixnet.xyz/quindecim/fennec_user.js/raw/branch/master/user.js
or MIRRORS:
https://git.lelux.fi/quindecim/fennec_user.js/raw/branch/master/user.js
https://git.lushka.al/quindecim/fennec_user.js/raw/branch/master/user.js
8️⃣ Tap "UPDATE" at the bottom and grant root permission to proceed.
9️⃣ Start Fennec and test:
_ Go to: about:config
_ Look if config.applied is true
❇️ Remember to enable connection to "Media Storage, Download Manager, Downloads, MTP Host" to see the app work correctly.
After applying, add ublock origin and extra blocking lists: https://lushka.al/blocklist/
📡: https://t.me/qd_invitation
#ff #firefox #fennec #browser #hardening #userjs
HARDENED CONFIG FILES PROJECT for FIREFOX:
📡: https://t.me/qd_invitation
ANDROID:
https://git.nixnet.xyz/quindecim/mobile_user.js
DESKTOP:
https://git.nixnet.xyz/quindecim/mozilla.cfg
#ff #firefox #fennec #config #hardening #privacy #quindecim
📡: https://t.me/qd_invitation
ANDROID:
https://git.nixnet.xyz/quindecim/mobile_user.js
DESKTOP:
https://git.nixnet.xyz/quindecim/mozilla.cfg
#ff #firefox #fennec #config #hardening #privacy #quindecim
Firefox Announces New Partner in Delivering Private and Secure DNS Services to Users
https://blog.mozilla.org/blog/2019/12/17/firefox-announces-new-partner-in-delivering-private-and-secure-dns-services-to-users/
#firefox #ff #dns
https://blog.mozilla.org/blog/2019/12/17/firefox-announces-new-partner-in-delivering-private-and-secure-dns-services-to-users/
#firefox #ff #dns
The Mozilla Blog
Firefox Announces New Partner in Delivering Private and Secure DNS Services to Users
NextDNS Joins Firefox’s Trusted Recursive Resolver Program Committing to Data Retention and Transparency Requirements that Respect User Privacy Firefox announced a new partnership with NextDNS to provide Firefox users with ...
Mozilla has pushed out an update to patch a critical vulnerability in Firefox
It’s urging users to update as quickly as possible — and it’s joined in that warning by the US government.
Chinese cybersecurity firm Qihoo 360 reported the zero-day exploit. Mozilla claims to be aware of “targeted attacks in the wild abusing this flaw”
https://thenextweb.com/security/2020/01/10/upgrade-firefox-critical-vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17026
#ff #firefox #update #security #flaw #bug
It’s urging users to update as quickly as possible — and it’s joined in that warning by the US government.
Chinese cybersecurity firm Qihoo 360 reported the zero-day exploit. Mozilla claims to be aware of “targeted attacks in the wild abusing this flaw”
https://thenextweb.com/security/2020/01/10/upgrade-firefox-critical-vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17026
#ff #firefox #update #security #flaw #bug
The Next Web
You’re going to want this latest version of Firefox, trust us
Mozilla has pushed out an update to patch a critical vulnerability in Firefox. It’s urging users to update as quickly as possible — and it’s joined in that warning by the US government. Chinese cybersecurity firm Qihoo 360 reported the zero-day exploit. Mozilla…
Firefox now shows what telemetry data it's collecting about you
https://www.zdnet.com/article/firefox-now-shows-what-telemetry-data-its-collecting-about-you
#ff #firefox #telemetry
https://www.zdnet.com/article/firefox-now-shows-what-telemetry-data-its-collecting-about-you
#ff #firefox #telemetry
ZDNet
Firefox now shows what telemetry data it's collecting about you
Users can now go to about:telemetry and see what Mozilla is collecting about their Firefox installs.
user.js-updater-1.3.3.apk
1.2 MB
Hardening your favourite Firefox for Android with:
• Added Firefox Preview Nightly
• Fixed installation errors on Android 4.4 and below
https://github.com/v1nc/user.js-updater/releases/download/v1.3.3/user.js-updater-1.3.3.apk
[ROOT REQUIRED]
📡 From Fennec F-Droid | CHAT at @qd_invitation
#ff #firefox #fennec #userjs
User.js Updater 1.3.3• Added Firefox Preview Nightly
• Fixed installation errors on Android 4.4 and below
https://github.com/v1nc/user.js-updater/releases/download/v1.3.3/user.js-updater-1.3.3.apk
[ROOT REQUIRED]
📡 From Fennec F-Droid | CHAT at @qd_invitation
#ff #firefox #fennec #userjs
Firefox Privacy - The Complete How-To Guide including a List of about:config customizations
via RestorePrivacy.com
For more info - click 👉🏻 #ff #FireFox #userJS - or here: t.me/NoGoolag/99 to learn about Mozilla-based Fennec browser
#internet #browsing #surfing #privacy #security #online #browser #tutorial #howTo
via RestorePrivacy.com
For more info - click 👉🏻 #ff #FireFox #userJS - or here: t.me/NoGoolag/99 to learn about Mozilla-based Fennec browser
#internet #browsing #surfing #privacy #security #online #browser #tutorial #howTo
Telegraph
Firefox Privacy - The Complete How-To Guide | Restore Privacy
This guide contains updated recommendations and privacy tweaks for Firefox, revised to reflect the latest version and new features (October 2019). Mozilla Firefox is arguably the best browser available that combines strong privacy protection features, good…
Forwarded from BlackBox (Security) Archiv
Firefox Send offline due to malware distribution
Mozilla has taken his Firefox send offline. This is due to malware abuse of the file transfer. The service is being revised.
The Firefox Send web service, which was launched by browser manufacturer Mozilla just under a year ago, is offline. However, this is not a short failure or error. Mozilla itself pulled the plug on the service, which is supposed to transfer files quickly, easily and encrypted over the web.
On the service's website it says: "Firefox Send is temporarily unavailable while we work on product improvements. Thank you for your patience as we improve the Firefox Send experience". Details or a public statement as to why the Service is currently unavailable from Mozilla are not available on the website.
https://send.firefox.com/
👉🏼 Read more 🇬🇧:
https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/
👉🏼 Read more 🇩🇪:
https://www.golem.de/news/mozilla-firefox-send-wegen-malware-verbreitung-offline-2007-149529.html
#mozilla #ff #firefox #send #malware
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Mozilla has taken his Firefox send offline. This is due to malware abuse of the file transfer. The service is being revised.
The Firefox Send web service, which was launched by browser manufacturer Mozilla just under a year ago, is offline. However, this is not a short failure or error. Mozilla itself pulled the plug on the service, which is supposed to transfer files quickly, easily and encrypted over the web.
On the service's website it says: "Firefox Send is temporarily unavailable while we work on product improvements. Thank you for your patience as we improve the Firefox Send experience". Details or a public statement as to why the Service is currently unavailable from Mozilla are not available on the website.
https://send.firefox.com/
👉🏼 Read more 🇬🇧:
https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/
👉🏼 Read more 🇩🇪:
https://www.golem.de/news/mozilla-firefox-send-wegen-malware-verbreitung-offline-2007-149529.html
#mozilla #ff #firefox #send #malware
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Mozilla
Internet for people, not profit — Mozilla (US)
Did you know? Mozilla — the maker of Firefox — fights to keep the internet a global public resource, open and accessible to all.
Welcome a new Fennec F-Droid
https://forum.f-droid.org/t/welcome-a-new-fennec-f-droid/11113
By relan F-Droid Contributor
10 days ago
I have just submitted 300 a Fennec update to 81.1.1. Should be available soon™. This version brings a lot of changes, like a new UI and modular codebase. The bad news:
Mozilla now tracks you even more actively using proprietary 3rd party services. I removed all tracking I found. (Firebase, Adjust and Leanplum libraries were replaced with stubs, so some analyzers can erroneously report their presence in the APK.)
The new UI may break your habits and disappoint you. (IMHO it’s not that bad as one can conclude from reading r/Firefox.)
Android 5.0 or later is now required. Mozilla decided so.
x86 devices are not supported anymore. I stumbled upon linkage errors and gave up. Help is welcome.
The good news is that Fennec F-Droid is alive and continues to be truly free software.
#fennec #ff #firefox #fdroid
https://forum.f-droid.org/t/welcome-a-new-fennec-f-droid/11113
By relan F-Droid Contributor
10 days ago
I have just submitted 300 a Fennec update to 81.1.1. Should be available soon™. This version brings a lot of changes, like a new UI and modular codebase. The bad news:
Mozilla now tracks you even more actively using proprietary 3rd party services. I removed all tracking I found. (Firebase, Adjust and Leanplum libraries were replaced with stubs, so some analyzers can erroneously report their presence in the APK.)
The new UI may break your habits and disappoint you. (IMHO it’s not that bad as one can conclude from reading r/Firefox.)
Android 5.0 or later is now required. Mozilla decided so.
x86 devices are not supported anymore. I stumbled upon linkage errors and gave up. Help is welcome.
The good news is that Fennec F-Droid is alive and continues to be truly free software.
#fennec #ff #firefox #fdroid
F-Droid Forum
Welcome a new Fennec F-Droid
I have just submitted a Fennec update to 81.1.1. Should be available soon™. This version brings a lot of changes, like a new UI and modular codebase. The bad news: Mozilla now tracks you even more actively using proprietary 3rd party services. I removed…
Google Safebrowsing can no longer be disabled on mobile Firefox
I am reposting this because I was shadowbanned from Reddit with no reason given by their Anti-Evil Operations Team for several days which means nobody saw this even after it was restored:
[No way to disable Phishing and Malware Protection for users who are suspicious of Google and leaking browsing history to Google.](https://github.com/mozilla-mobile/fenix/issues/14163)
Relevant content on the failure of anonymization:
[How safebrowsing fails to protect privacy](https://blog.trailofbits.com/2019/10/30/how-safe-browsing-fails-to-protect-user-privacy/)
[A Privacy Analysis of Google and Yandex Safe Browsing](https://hal.inria.fr/hal-01120186v4/document)
> Our experimental analysis estimates the rate of such collisions and shows that hashing and truncation fails to prevent re-identification when a user visits small-sized domains or certain URLs of larger domains. We further materialize this in the form of an algorithm that Google and Yandex could potentially employ to track users. We conclude this work by providing an analysis of the databases of Google and Yandex (Section 7). By crawling their databases, we detect a number of “suspicious” prefixes that we call orphans. Orphans trigger communication with the servers, but no full digest corresponds to them. We also observe several URLs which have multiples prefixes included in the blacklists. These provide concrete examples of URLs and domains that can be easily tracked by Google and Yandex.
https://github.com/mozilla-mobile/fenix/issues/14163#issuecomment-680291892
> Does it have the potential of sending full URL-s to Google? Yes, it does. From the page given by you:
"Otherwise, send the binary file's metadata to the remote application reputation server (browser.safebrowsing.downloads.remote.url) and block the download if the server indicates that the file isn't safe."
with the link on "metadata" leading to parts of code where there is setting in request properties of origin URL. If I read code correctly - https://dxr.mozilla.org/mozilla-central/source/toolkit/components/reputationservice/ApplicationReputation.cpp#1306 - it is stripped from query params, but full hostname + path ARE included in this case.
https://forum.f-droid.org/t/google-safebrowsing-can-no-longer-be-disabled-on-mobile-firefox/11224
https://redd.it/j5i8h1
@r_privacy
#ff #firefox #Google
I am reposting this because I was shadowbanned from Reddit with no reason given by their Anti-Evil Operations Team for several days which means nobody saw this even after it was restored:
[No way to disable Phishing and Malware Protection for users who are suspicious of Google and leaking browsing history to Google.](https://github.com/mozilla-mobile/fenix/issues/14163)
Relevant content on the failure of anonymization:
[How safebrowsing fails to protect privacy](https://blog.trailofbits.com/2019/10/30/how-safe-browsing-fails-to-protect-user-privacy/)
[A Privacy Analysis of Google and Yandex Safe Browsing](https://hal.inria.fr/hal-01120186v4/document)
> Our experimental analysis estimates the rate of such collisions and shows that hashing and truncation fails to prevent re-identification when a user visits small-sized domains or certain URLs of larger domains. We further materialize this in the form of an algorithm that Google and Yandex could potentially employ to track users. We conclude this work by providing an analysis of the databases of Google and Yandex (Section 7). By crawling their databases, we detect a number of “suspicious” prefixes that we call orphans. Orphans trigger communication with the servers, but no full digest corresponds to them. We also observe several URLs which have multiples prefixes included in the blacklists. These provide concrete examples of URLs and domains that can be easily tracked by Google and Yandex.
https://github.com/mozilla-mobile/fenix/issues/14163#issuecomment-680291892
> Does it have the potential of sending full URL-s to Google? Yes, it does. From the page given by you:
"Otherwise, send the binary file's metadata to the remote application reputation server (browser.safebrowsing.downloads.remote.url) and block the download if the server indicates that the file isn't safe."
with the link on "metadata" leading to parts of code where there is setting in request properties of origin URL. If I read code correctly - https://dxr.mozilla.org/mozilla-central/source/toolkit/components/reputationservice/ApplicationReputation.cpp#1306 - it is stripped from query params, but full hostname + path ARE included in this case.
https://forum.f-droid.org/t/google-safebrowsing-can-no-longer-be-disabled-on-mobile-firefox/11224
https://redd.it/j5i8h1
@r_privacy
#ff #firefox #Google
GitHub
Option to disable Phishing and Malware Protection · Issue #14163 · mozilla-mobile/fenix
What is the user problem or growth opportunity you want to see solved? No way to disable Phishing and Malware Protection for users who are suspicious of Google and leaking browsing history to Googl...
Firefox: The Jewel^WEmbarassment of Open Source
https://drewdevault.com/2020/10/22/Firefox-the-embarassment-of-FOSS.html
Comments
https://news.ycombinator.com/item?id=24862825
#ff #firefox #Embarassment
https://drewdevault.com/2020/10/22/Firefox-the-embarassment-of-FOSS.html
Comments
https://news.ycombinator.com/item?id=24862825
#ff #firefox #Embarassment