Friday, May 19, 2017

Security Settings Chrome - Firefox about:config

Being how things on the internet is these days security is needed!
When I worked on my version of K-Meleon db types browser it was for the
most part security. The internet has really changed in these last 10 years!
Back then the aim was mostly on getting speed out of the browser.
Now it's about security.

So with that here are the security settings I came up for K-Meleon db and
Firefox types. Always make a copy of your profile if you can.
This takes time but it is needed for the Firefox types.

As for the Chrome browser settings there is not a lot you can do.
There is a "chrome://flags" settings you can change but it is
not as useful as the Firefox settings.
https://beebom.com/chrome-flags-guide-to-enhance-web-browsing

To add a new setting to the Mozilla configuration, just type in "About:config"
Then when in there just right click & go to new,
then add what you want to add.
 As in, add a new "boolean" & name it "nglayout.debug.disable_xul_cache"
Then put the value "true" that would be one setting done.

To change the value of a setting just click on it twice & change the value,
that is how it works.

Always search for the setting to see if it is there already.
If it is not in there put in the setting.
Remember:
"Integer is 1,2,3..." 
"Boolean is True or False"
"String is Words etc!!!"
more info is at: http://kb.mozillazine.org/About:config

***Note if I update the settings the new update will be on the last
of the list. 

layout.css.visited_links_enabled
set to FALSE

browser.cache.memory.enable
set to FALSE

network.prefetch-next
set to FALSE

network.dns.disableIPv6
set to TRUE

javascript.options.ion
FALSE

javascript.options.baselinejit
FALSE

javascript.options.asmjs
FALSE

dom.serviceWorkers.enabled
FALSE

dom.serviceWorkers.interception.enabled
FALSE

dom.push.enabled
FALSE

dom.push.connection.enabled
FALSE

security.xpconnect.plugin.unrestricted
set to FALSE

network.http.sendSecureXSiteReferrer
set to FALSE

network.http.sendRefererHeader
set to 0

network.protocol-handler.external
set all listed to FALSE

network.protocol-handler.warn-external
set all listed to TRUE

browser.frames.enabled
frames is a setting for old Firefox browsers
it may not be effective in new browsers. set to FALSE

geo.enabled
See note about spoof Geolocation
on bottom of page. set to FALSE or TRUE if spoofed!

svg.enabled
set to FALSE

webgl.disabled
set to TRUE

editor.use_css
set to FALSE

gfx.downloadable_fonts.enabled
set to FALSE

media.webm.enabled
set to FALSE

dom.disable_window_status_change
set to TRUE

dom.event.contextmenu.enabled
set to FALSE

browser.blink_allowed
set to FALSE

dom.disable_window_move_resize
set to TRUE

dom.allow_scripts_to_close_windows
set to FALSE

dom.disable_window_flip
set to TRUE

dom.indexedDB.enabled
set to FALSE

dom.storage.default_quota
set to 1000

network.websocket.max-message-size
set to 2000000

offline-apps.quota.max
2000

browser.chrome.favicons
set to FALSE

browser.cache.offline.enable
set it to FALSE

browser.sessionstore.max_tabs_undo
set to 0

browser.sessionstore.max_windows_undo
set to 0

browser.sessionstore.resume_from_crash
set to FALSE

network.dnsCacheEntries
make a new Integer named that and set it to 0

network.dns.disablePrefetch 
make a new Boolean named that and set it to TRUE

network.dnsCacheExpiration
make a new Integer named that and set it to 0

dom.event.clipboardevents.enabled
 make a new Boolean named that and set it to FALSE

dom.storage.enabled
set to FALSE

media.ogg.enabled
set to FALSE

media.enforce_same_site_origin
set to TRUE

dom.popup_allowed_events
open that and delete all in the setting. It will Kill all pop-ups
a needed thing!

extensions.blocklist.enabled
set to FALSE if you are in a fire, being on is a security
issue if there is a lot of fire around you!
It is good to have on when things are normal.

nglayout.debug.disable_xul_cache
make a new Boolean named that and set it to TRUE

nglayout.debug.disable_xul_fastload
make a new Boolean named that and set it to TRUE
this might slowdown the load up time but is for security.

***That is it! I hope it keeps you safe.
Other that that are some addons that are needed in Firefox!

As a start a "Locked Profile" is when most of the files in the profile is set to  
"Hidden, Archive, Read-Only." All but "cert8.db and key3.db" 
they need to be set to "Hidden, Archive."  Also the "webappsstore.sqlite" 
needs to be opened in WordPad & all deleted, then type in "Privacy Program" 
& save, then set it to "Hidden, Archive, Read-Only."
 
Also after doing that I would copy the "webappsstore.sqlite" three times and 
open them in WordPad & delete everything and leave it blank
re-name the files "cookies.sqlite-journal"  "cookies.sqlite" and  
"cookies.sqlite.bak" also make sure its set to "Hidden, Archive, Read-Only."
Your cookie files are now Read-only with no info in them!

With a locked profile these files will pop up when you get around.
"prefs-1.js---localstore-1.rdf"---"NoScriptSTS.db.tmp." 
if you have "NoScript."
So that is where you need that old program CookieMuncher that deletes those 
files as they get on your PC. It is ziped in the FFILES or with the 
K-Meleon-db browser.
http://www.angelfire.com/bug/dugbuglas2/Download.html
 
After you set what files to delete you will have to go find the "cookiem" file & the  
"CookieMuncher.exe" Re-name the "CookieMuncher.exe" file & 
keep the "cookiem" name and set everything to "Hidden, Archive, Read-Only."
with a short cut to the "CookieMuncher.exe" file so you can turn it on and off.

Don't forget to rename the Firefox.exe in the Firefox program files and
make a shortcut to your desktop etc. 

Then set the Firefox program file, all files to "Hidden, Archive, Read-Only."


***You will get the hang of it. Here are some Plug-ins for Firefox to help!







Just for FYI have you tried typing in:

about:mozilla

about:robots

chrome://browser/content/browser.xul

Others at:


***There are some Chrome Extensions that are useful!
I need to note that many ad-blockers or other security extensions has
conflicts with "Scriptsafe" So for a ad-blocker I would just use 
adblock for youtube as it works with no issues!

https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf?hl=en-US

https://chrome.google.com/webstore/detail/history-eraser/gjieilkfnnjoihjjonajndjldjoagffm?utm_source=chrome-app-launcher-info-dialog

https://chrome.google.com/webstore/detail/disable-html/lfhjgihpknekohffabeddfkmoiklonhm?utm_source=chrome-app-launcher-info-dialog

https://chrome.google.com/webstore/detail/video-downloader-professi/kmdldgcmokdpmacblnehppgkjphcbpnn?utm_source=chrome-app-launcher-info-dialog

https://chrome.google.com/webstore/detail/adblock-for-youtube/cmedhionkhpnakcndndgjdbohmhepckk?utm_source=chrome-app-launcher-info-dialog


You can spoof Geolocation in Firefox. Sometimes you will note that when
Geolocation turned off, and when you test it, it still shows up as on!
So the best way to fix it is to spoof it!
For FireFox 4+ it is unknown, you might have to add
a new "String" called "geo.wifi.uri" then put the settings in it.
   1.  Create a text file somewhere on your computer with the following text:

{"location":{"latitude":0.000000,"longitude":0.000000, "accuracy":20.0}}

   2. Change latitude, longitude, and accuracy (in meters) to whatever you need to use
   3. Open about:config and find the "geo.wifi.uri"
   4. Replace the URL (by default https://www.google.com/loc/json) with the path to the text file created in step 1 above.

1 comment:

YTECHB said...

Thanks for sharing. Explore Android Tips & Tricks on YTECHB.