Perfect OpSEC - Become Invisible Online
This series is for educational purposes only. To get back to top-level table click here.
Clearnet Browser
You shouldn't use the onion browser to view clearnet sites, so we need a separate browser for that.
You should use Firefox, and the following guide will make sure you've hardened it as much as you can.
Full credit for the following goes to /u/justno
from dread.
- about:config These changes are made in about:config and deal with things such as cookie isolation, disabling telemety, preventing urls from autoloading (less risk of contact with malicious websites) and more. privacy.firstparty.isolate = true privacy.resistFingerprinting = true privacy.trackingprotection.enabled = true browser.cache.offline.enable = false browser.safebrowsing.malware.enabled = false [More privacy but less security. Decide if this one is right for you.] browser.safebrowsing.phishing.enabled = false [Same as above] browser.sessionstore.max_tabs_undo = 0 browser.urlbar.speculativeConnect.enabled = false dom.battery.enabled = false [Prevents websites for seeing your battery level, less information for fingerprinting] dom.event.clipboardevents.enabled = false geo.enabled = false security.ssl.enable_false_start = false media.eme.enabled = false -Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc.DRM-controlled content that requires the Adobe Flash or Microsoft Silverlight NPAPI plugins will still play, if installed and enabled in Firefox. media.gmp-widevinecdm.enabled = false -Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content. media.navigator.enabled = false network.cookie.cookieBehavior = 1 Disable cookies 0 = Accept all cookies by default 1 = Only accept from the originating site (block third-party cookies) 2 = Block all cookies by default network.cookie.lifetimePolicy = 2 cookies are deleted at the end of the session 0 = Accept cookies normally 1 = Prompt for each cookie 2 = Accept for current session only 3 = Accept for N days network.http.referer.trimmingPolicy = 2 Send only the scheme, host, and port in the Referer header 0 = Send the full URL in the Referer header 1 = Send the URL without its query string in the Referer header 2 = Send only the scheme, host, and port in the Referer header network.http.referer.XOriginPolicy = 2 Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.) 0 = Send Referer in all cases 1 = Send Referer to same eTLD sites 2 = Send Referer only when the full hostnames match network.http.referer.XOriginTrimmingPolicy = 2 0 = Send full url in Referer 1 = Send url without query string in Referer 2 = Only send scheme, host, and port in Referer webgl.disabled = true WebGL is a potential security risk. browser.sessionstore.privacy_level = 2 0 = Store extra session data for any site. (Default starting with Firefox 4.) 1 = Store extra session data for unencrypted (non-HTTPS) sites only. (Default before Firefox 4.) 2 = Never store extra session data. network.IDN_show_punycode = true media.peerconnection.turn.disable = true media.peerconnection.use_document_iceservers = false media.peerconnection.video.enabled = false media.peerconnection.identity.timeout = 1 media.webRTC - all options disabled, set media.webrtc.debug.aec_dump_max_size to 1 security.ssl3.rsa_des_ede3_sha = false security.ssl.require_safe_negotiation = true security.tls.enable_0rtt_data = false browser.formfill.enable = false browser.cache.disk.enable = false browser.cache.disk_cache_ssl = false browser.cache.memory.enable = false browser.newtabpage.activity-stream.telemetry = false browser.newtabpage.activity-stream.feeds.telemetry = false browser.ping-centre.telemetry = false toolkit.telemetry.archive.enabled = false toolkit.telemetry.bhrping.enabled = false toolkit.telemetry.firstshutdownping.enabled = false toolkit.telemetry.newprofileping.enabled = false toolkit.telemetry.unified = false toolkit.telemetry.updateping.enabled = false toolkit.telemetry.shutdownPingSender.enabled = false network.http.sendRefererHeader = 0 dom.serviceWorkers.enabled = false about:memory -> check anonymize box
- Firefox preferences Preferences -> Privacy & Security -> Enhanced Tracking Protection -> Strict Preferences -> Privacy & Security -> Remember history -> Never Preferences -> Privacy & Security -> Firefox Data Collection and Use -> make sure all of the boxes are unchecked Preferences -> General -> Network Settings -> Enable DNS over HTTPS [Do not do this if you filter DNS requests locally through your router or something else]
- Extensions Ublock Origin- great for blocking ads and malicious connections from malvertising. If you enable "I am an advanced user" then the addon can be used to block scripts as well. I highly recommend enabling this to block third party scripts and frames. An instructional video can be found here https://invidious.fdn.fr/watch?v=2lisQQmWQkY User Agent Switcher- Allows you to change your user agent string to something more generic. Only about 3% of internet users use Firefox with about 96% of the web are using Chrome. Make your hostname show a different browser and operating system to blend in a bit more. Cookie Auto Delete- Cookies follow you around the web, and some of them even mine crypto with your browser. One of the best ways to stop this is with Cookie Autodelete. Whenever you close a Tab all of the cookies from that tab will be deleted. Privacy Badger- blocks trackers from around the web Privacy Possum- Similar to Privacy Badger but blocks different types of content If you want to block javascript entirely then go into about:config type "javascript.enabled" then double click for false. No point in using a dedicated extension for that. Keep in mind that this will break a lot of functionality in the web and you might want to save such extreme measures for the Tor browser as it is more sensitive.