Friday, May 19, 2017

Security Settings Chrome - Firefox about:config

Being how things on the internet is these days security is needed!
When I worked on my version of K-Meleon db types browser it was for the
most part security. The internet has really changed in these last 10 years!
Back then the aim was mostly on getting speed out of the browser.
Now it's about security.

So with that here are the security settings I came up for K-Meleon db and
Firefox types. Always make a copy of your profile if you can.
This takes time but it is needed for the Firefox types.

As for the Chrome browser settings there is not a lot you can do.
There is a "chrome://flags" settings you can change but it is
not as useful as the Firefox settings.
https://beebom.com/chrome-flags-guide-to-enhance-web-browsing

To add a new setting to the Mozilla configuration, just type in "About:config"
Then when in there just right click & go to new,
then add what you want to add.
 As in, add a new "boolean" & name it "nglayout.debug.disable_xul_cache"
Then put the value "true" that would be one setting done.

To change the value of a setting just click on it twice & change the value,
that is how it works.

Always search for the setting to see if it is there already.
If it is not in there put in the setting.
Remember:
"Integer is 1,2,3..." 
"Boolean is True or False"
"String is Words etc!!!"
more info is at: http://kb.mozillazine.org/About:config

***Note if I update the settings the new update will be on the last
of the list. Also the three settings marked ~~!!!! is the settings that
has to be set stock for Twitter to work. The "dom.event.clipboardevents.enabled"
setting is a needed security setting so it's up to you on that!

network.http.sendSecureXSiteReferrer
set to FALSE Or keep as TRUE for websites that use it like Twitter etc~~!!!!

network.http.sendRefererHeader
set to 0 Or keep the setting as it is for websites that use it like Twitter etc~~!!!!

dom.event.clipboardevents.enabled
make a new Boolean named that and set it to FALSE
Or keep the setting as it is for websites that use it like Twitter etc~~!!!!
Me I prefer FALSE as it is a big security thing to me!

svg.enabled
set to FALSE
Or keep the setting as it is for websites that use it like Twitter etc~~!!!!

dom.indexedDB.enabled
set to FALSE
Or keep the setting as it is for websites that use it like Twitter etc~~!!!!

gfx.downloadable_fonts.enabled
set to FALSE
Or keep the setting as it is for websites that use it like Twitter etc~~!!!!
 
layout.css.visited_links_enabled
set to FALSE

beacon.enabled
set to FALSE

browser.send_pings
set to FALSE

browser.cache.memory.enable
set to FALSE

browser.cache.disk_cache_ssl
set to FALSE If you have a issue logging in set to norm!

network.prefetch-next
set to FALSE

network.dns.disableIPv6
set to TRUE

javascript.options.ion
FALSE

javascript.options.baselinejit
FALSE

javascript.options.asmjs
FALSE

dom.serviceWorkers.enabled
FALSE

dom.serviceWorkers.interception.enabled
FALSE

dom.push.enabled
FALSE

dom.push.connection.enabled
FALSE

security.xpconnect.plugin.unrestricted
set to FALSE
 
network.protocol-handler.external
set all listed to FALSE

network.protocol-handler.warn-external
set all listed to TRUE

browser.frames.enabled
frames is a setting for old Firefox browsers
it may not be effective in new browsers. set to FALSE

geo.enabled
See note about spoof Geolocation
on bottom of page. set to FALSE or TRUE if spoofed!
 
geo.wifi.logging.enabled
set to FALSE
 
geo.provider.network.url
Delete the address in it and save
 
dom.battery.enabled
set to FALSE

webgl.disabled
set to TRUE turns off WebGL

editor.use_css
set to FALSE

media.webm.enabled
set to FALSE

dom.disable_window_status_change
set to TRUE

dom.event.contextmenu.enabled
set to FALSE

services.sync.prefs.sync.dom.event.contextmenu.enabled
set to FALSE

dom.disable_image_src_set
set to TRUE

media.peerconnection.enabled
set to FALSE If you use video chat set to TRUE
turns off  WebRTC
If set to FALSE can set other setting to FALSE Might be buggy setting! (A)

set loop.enabled
set to FALSE (A)

browser.blink_allowed
set to FALSE

dom.disable_window_move_resize
set to TRUE

services.sync.prefs.sync.dom.disable_window_move_resize
set to TRUE

dom.allow_scripts_to_close_windows
set to FALSE

dom.disable_window_flip
set to TRUE

services.sync.prefs.sync.dom.disable_window_flip
set to TRUE

dom.storage.default_quota
set to 1000 If you are having a hard time with videos it's this setting.
This is a needed security setting for me!

network.websocket.max-message-size
set to 2000000 If you are having a hard time with videos it's this setting.
This is a needed security setting for me!

offline-apps.quota.max
2000 If you are having a hard time with videos it's this setting.
This is a needed security setting for me!

dom.storage.enabled
set to TRUE it's needed for some add ons to work and other settings here.

browser.chrome.favicons
set to FALSE

browser.cache.offline.enable
set it to FALSE

browser.sessionstore.max_tabs_undo
set to 0

browser.sessionstore.max_windows_undo
set to 0

browser.sessionstore.resume_from_crash
set to FALSE

network.dnsCacheEntries
make a new Integer named that and set it to 0

network.dns.disablePrefetch 
Set it to TRUE

network.dns.disablePrefetchFromHTTPS
set to TRUE

network.dnsCacheExpiration
make a new Integer named that and set it to 0

media.ogg.enabled
set to FALSE

media.enforce_same_site_origin
set to TRUE

dom.popup_allowed_events
open that and delete all in the setting. It will Kill all pop-ups
a needed thing!

nglayout.debug.disable_xul_cache
make a new Boolean named that and set it to TRUE

nglayout.debug.disable_xul_fastload
make a new Boolean named that and set it to TRUE
this might slowdown the load up time but is for security. 
 
browser.uidensity
set to 1 makes the tab smaller.
 
network.websocket.enabled
set to FALSE
 
extensions.pocket.enabled
set to FALSE and drag the pocket icon off the browser bar.

media.eme.enabled
set to FALSE

services.sync.prefs.sync-seen.media.eme.enabled
set to FALSE

services.sync.prefs.sync.media.eme.enabled
set to FALSE
 
media.gmp-eme-adobe.enabled
set to FALSE

browser.safebrowsing.enabled
set to FALSE or TRUE it does communicates with a third party, 
Google by default, and also sends them metadata about your downloads. (A)

browser.safebrowsing.downloads.enabled
set to FALSE or TRUE (A)

browser.safebrowsing.malware.enabled
set to FALSE or TRUE (A)

services.sync.prefs.sync.browser.safebrowsing.malware.enabled
set to FALSE or TRUE (A)

privacy.trackingprotection.enabled
set to FALSE or TRUE (A)

device.sensors.enabled
set to FALSE

camera.control.face_detection.enabled
set to FALSE

camera.control.autofocus_moving_callback.enabled
set to FALSE
 
network.http.speculative-parallel-limit
set to 0 stops arbitrary links on a page by the simple act of 
hovering over them, without your explicit permission.

toolkit.telemetry.enabled
set to FALSE turns off telemetry, this setting might be locked 
notable to change it so just go with the other settings. (A)
 
datareporting.healthreport.service.enabled
set to FALSE (A)
 
datareporting.healthreport.uploadEnabled
set to FALSE (A) 

datareporting.policy.dataSubmissionEnabled
set to FALSE (A)

datareporting.sessions.current.clean
set to TRUE (A) set to TRUE!
 
devtools.onboarding.telemetry.logged
set to FALSE (A)
 
toolkit.telemetry.updatePing.enabled
set to FALSE (A)

browser.newtabpage.activity-stream.feeds.telemetry
set to FALSE (A)

browser.newtabpage.activity-stream.telemetry
set to FALSE (A)
 
browser.ping-centre.telemetry
set to FALSE (A) 
 
toolkit.telemetry.bhrPing.enabled
set to FALSE (A)
 
toolkit.telemetry.firstShutdownPing.enabled
set to FALSE (A) 

toolkit.telemetry.hybridContent.enabled
set to FALSE (A)

toolkit.telemetry.newProfilePing.enabled
set to FALSE (A)
 
toolkit.telemetry.reportingpolicy.firstRun
set to FALSE (A)
 
toolkit.telemetry.shutdownPingSender.enabled
set to FALSE (A)
 
toolkit.telemetry.unified
set to FALSE (A)

toolkit.telemetry.updatePing.enabled
set to FALSE (A)

toolkit.telemetry.archive.enabled
set to FALSE (A)

toolkit.telemetry.server
delete everything in it (A)

toolkit.telemetry.ecosystemtelemetry.enabled
set to FALSE (A)

toolkit.telemetry.shutdownPingSender.enabledFirstSession
set to FALSE (A)

browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint
Delete the address in it and save (A)

browser.newtabpage.activity-stream.telemetry.structuredIngestion
set to FALSE (A)

browser.newtabpage.activity-stream.telemetry.ping.endpoint
set to FALSE (A)

browser.newtabpage.activity-stream.telemetry.ut.events
set to FALSE (A)

browser.urlbar.eventTelemetry.enabled
set to FALSE (A)

media.wmf.deblacklisting-for-telemetry-in-gpu-process
set to FALSE (A)

permissions.eventTelemetry.enabled
set to FALSE (A)

security.certerrors.recordEventTelemetry
set to FALSE (A)

security.identitypopup.recordEventTelemetry
set to FALSE (A)

security.ssl.errorReporting.url
set to FALSE (A)

services.sync.telemetry.maxPayloadCount
set to 0 (A)

services.sync.telemetry.submissionInterval
set to 0 (A)

telemetry.origin_telemetry_test_mode.enabled
set to FALSE

***That is it! I hope it keeps you safe.
Other that that are some addons that are needed in Firefox!

As a start a "Locked Profile" is when most of the files in the profile is set to  
"Hidden, Archive, Read-Only." All but "cert8.db and key3.db" 
they need to be set to "Hidden, Archive."  Also the "webappsstore.sqlite" 
needs to be opened in WordPad & all deleted, then type in "Privacy Program" 
& save, then set it to "Hidden, Archive, Read-Only."
 
Also after doing that I would copy the "webappsstore.sqlite" three times and 
open them in WordPad & delete everything and leave it blank
re-name the files "cookies.sqlite-journal"  "cookies.sqlite" and  
"cookies.sqlite.bak" also make sure its set to "Hidden, Archive, Read-Only."
Your cookie files are now Read-only with no info in them!

With a locked profile these files will pop up when you get around.
"prefs-1.js---localstore-1.rdf"---"NoScriptSTS.db.tmp." 
if you have "NoScript." Or others!
So that is where you need that old program CookieMuncher that deletes those 
files as they get on your PC. It is zipped in the FFILESyou can download at:
https://www.dropbox.com/s/vwp31zb4ufmsbx8/KMFILES-NEW.zip?dl=0

More info about a "Locked Profile" is at:
https://walmartramen.blogspot.com/2020/03/browser-locked-profile.html
 
After you set what files to delete you will have to go find the "cookiem" file & the  
"CookieMuncher.exe" Re-name the "CookieMuncher.exe" file & 
keep the "cookiem" name and set everything to "Hidden, Archive, Read-Only."
with a short cut to the "CookieMuncher.exe" file so you can turn it on and off.

Don't forget to rename the Firefox.exe in the Firefox program files and
make a shortcut to your desktop etc. 

Then set the Firefox program file, all files to "Hidden, Archive, Read-Only."


***You will get the hang of it.

Just for FYI have you tried typing in:

about:mozilla

about:robots

chrome://browser/content/browser.xul

Others at:


***There are some Chrome Extensions that are useful!
I need to note that many ad-blockers or other security extensions has
conflicts with "Scriptsafe" So for a ad-blocker I would just use 
adblock for youtube as it works with no issues!

https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf?hl=en-US

https://chrome.google.com/webstore/detail/history-eraser/gjieilkfnnjoihjjonajndjldjoagffm?utm_source=chrome-app-launcher-info-dialog

https://chrome.google.com/webstore/detail/disable-html/lfhjgihpknekohffabeddfkmoiklonhm?utm_source=chrome-app-launcher-info-dialog

https://chrome.google.com/webstore/detail/video-downloader-professi/kmdldgcmokdpmacblnehppgkjphcbpnn?utm_source=chrome-app-launcher-info-dialog

https://chrome.google.com/webstore/detail/adblock-for-youtube/cmedhionkhpnakcndndgjdbohmhepckk?utm_source=chrome-app-launcher-info-dialog


You can spoof Geolocation in Firefox. Sometimes you will note that when
Geolocation turned off, and when you test it, it still shows up as on!
So the best way to fix it is to spoof it!
 
In about:config look for "geo.wifi.uri" then put in:
 
data:application/json,{"location": {"lat": 40.7590, "lng": -73.9845}, "accuracy": 27000.0}