←back to thread

Hardening Firefox – a checklist for improved browser privacy

(andrewmarder.net)
266 points amarder | 1 comments | 30 Aug 25 11:26 UTC | HN request time: 0s | source
Show context
cookiengineer ◴[31 Aug 25 04:49 UTC] No.45080461[source]
This is kind of a stupid ChatGPT article.

No, this will not effectively help to reduce the fingerprint of your Browser.

A LOT more tracking services are integrated into the Firefox browser in various places (like New Tab page, Sync, Pocket, Shavar, Google Safebrowsing, OSCP, etc pp).

I wrote a more detailed article about this, and got an "as good as possible" as a result.

But yeah, please please start to use a Host Firewall where you can block on a per-domain and per-port and per-process basis (like LittleSnitch, OpenSnitch etc) to validate your assumptions. UIs will always lie to you, including the one from Firefox.

[1] https://cookie.engineer/weblog/articles/firefox-privacy-guid...

replies(7): >>45082458 #>>45082927 #>>45083160 #>>45083737 #>>45084270 #>>45085747 #>>45100657 #
gruez ◴[31 Aug 25 13:53 UTC] No.45083160[source]
>No, this will not effectively help to reduce the fingerprint of your Browser.

Ironically many of your fingerprinting tweaks in your article make your more fingerprintable, because disabling random web APIs makes you stick out like a sore thumb (think https://xkcd.com/1105/). Besides, most of the configs you're modifying for anti-fingerprinting purposes are already covered by RFP.

>A LOT more tracking services are integrated into the Firefox browser in various places (like New Tab page, Sync, Pocket, Shavar, Google Safebrowsing, OSCP, etc pp).

Can you elaborate on how these services are "tracking"? Except for maybe safebrowsing, and OSCP, none of these services actually send information on what sites you visit. Unless you mean "tracking" to mean "make connections to the internet".

replies(1): >>45086817 #
1. cookiengineer ◴[31 Aug 25 20:33 UTC] No.45086817[source]
The real question is on what OSI layer are you willing to die.

TCP fingerprinting is a real threat and most surveillance systems can identify your unique connection pretty easily, thanks to the quantum surveillance technique where closer surrounding and compromised hops will send you packets faster than the actual endpoint because they are geographically closer to you.

A real privacy aware browser caches everything, and scatters requests as much as possible through different network paths, and farbles Web APIs of the most common system and browser combination (which is Microsoft Edge or Google Chrome on Windows/Android).

I tried to implement all that, but I gave up working on that after I've been targeted in 2021. Maybe I have the time to get back to it after I am done with my current mission.