Perfect OpSEC - Become Invisible Online
This series is for educational purposes only. To get back to top-level table click here.
You shouldn't use the onion browser to view clearnet sites, so we need a separate browser for that.
You should use Firefox, and the following guide will make sure you've hardened it as much as you can.
Full credit for the following goes to
/u/justno from dread.
- about:config These changes are made in about:config and deal with things such as cookie isolation, disabling telemety, preventing urls from autoloading (less risk of contact with malicious websites) and more. privacy.firstparty.isolate = true privacy.resistFingerprinting = true privacy.trackingprotection.enabled = true browser.cache.offline.enable = false browser.safebrowsing.malware.enabled = false [More privacy but less security. Decide if this one is right for you.] browser.safebrowsing.phishing.enabled = false [Same as above] browser.sessionstore.max_tabs_undo = 0 browser.urlbar.speculativeConnect.enabled = false dom.battery.enabled = false [Prevents websites for seeing your battery level, less information for fingerprinting] dom.event.clipboardevents.enabled = false geo.enabled = false security.ssl.enable_false_start = false media.eme.enabled = false -Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc.DRM-controlled content that requires the Adobe Flash or Microsoft Silverlight NPAPI plugins will still play, if installed and enabled in Firefox. media.gmp-widevinecdm.enabled = false -Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content. media.navigator.enabled = false network.cookie.cookieBehavior = 1 Disable cookies 0 = Accept all cookies by default 1 = Only accept from the originating site (block third-party cookies) 2 = Block all cookies by default network.cookie.lifetimePolicy = 2 cookies are deleted at the end of the session 0 = Accept cookies normally 1 = Prompt for each cookie 2 = Accept for current session only 3 = Accept for N days network.http.referer.trimmingPolicy = 2 Send only the scheme, host, and port in the Referer header 0 = Send the full URL in the Referer header 1 = Send the URL without its query string in the Referer header 2 = Send only the scheme, host, and port in the Referer header network.http.referer.XOriginPolicy = 2 Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.) 0 = Send Referer in all cases 1 = Send Referer to same eTLD sites 2 = Send Referer only when the full hostnames match network.http.referer.XOriginTrimmingPolicy = 2 0 = Send full url in Referer 1 = Send url without query string in Referer 2 = Only send scheme, host, and port in Referer webgl.disabled = true WebGL is a potential security risk. browser.sessionstore.privacy_level = 2 0 = Store extra session data for any site. (Default starting with Firefox 4.) 1 = Store extra session data for unencrypted (non-HTTPS) sites only. (Default before Firefox 4.) 2 = Never store extra session data. network.IDN_show_punycode = true media.peerconnection.turn.disable = true media.peerconnection.use_document_iceservers = false media.peerconnection.video.enabled = false media.peerconnection.identity.timeout = 1 media.webRTC - all options disabled, set media.webrtc.debug.aec_dump_max_size to 1 security.ssl3.rsa_des_ede3_sha = false security.ssl.require_safe_negotiation = true security.tls.enable_0rtt_data = false browser.formfill.enable = false browser.cache.disk.enable = false browser.cache.disk_cache_ssl = false browser.cache.memory.enable = false browser.newtabpage.activity-stream.telemetry = false browser.newtabpage.activity-stream.feeds.telemetry = false browser.ping-centre.telemetry = false toolkit.telemetry.archive.enabled = false toolkit.telemetry.bhrping.enabled = false toolkit.telemetry.firstshutdownping.enabled = false toolkit.telemetry.newprofileping.enabled = false toolkit.telemetry.unified = false toolkit.telemetry.updateping.enabled = false toolkit.telemetry.shutdownPingSender.enabled = false network.http.sendRefererHeader = 0 dom.serviceWorkers.enabled = false about:memory -> check anonymize box
- Firefox preferences Preferences -> Privacy & Security -> Enhanced Tracking Protection -> Strict Preferences -> Privacy & Security -> Remember history -> Never Preferences -> Privacy & Security -> Firefox Data Collection and Use -> make sure all of the boxes are unchecked Preferences -> General -> Network Settings -> Enable DNS over HTTPS [Do not do this if you filter DNS requests locally through your router or something else]