VPN Security & Firefox

When you’re hunting in the digital landscape, you don’t want to stand out like a white lion on the Serengeti.

PeerConnections are enabled by default in Firefox. This is a bad juju for me as enabling this can leak my IP address when using a VPN connection.

In Firefox, go to ‘about:config’ in the address bar. In the config window search for this setting and change it as follows:

  • media.peerconnection.enabled and doubleclick it to change the value to false.

As this is such bad juju, I check this to make sure it is set at false before I start any research project. Of course, I do this because I always use a VPN.

Privacy Settings for Firefox–History

By default, Firefox remembers your browsing history to make it easier to return to a visited site.

Select Options and then Privacy in the left hand navigation panel. Under History, open the drop-down menu labeled “Firefox will:”and tell the browser to never remember your history or use custom settings.

Selecting “Always use private browsing mode,” is for hardcore privacy, but you need to understand the implications of private browsing mode. See the Mozilla’s support pages for more information on this.

Here are the History settings that I suggest.

Uncheck the box for remembering your browsing and download history, un-check remembering search and form history, and leave the box checked for “Accept cookies from sites.” Then under “Accept third-party cookies” set it as Never, but change “Keep until:” I close Firefox. Finally check the box that says “Clear history when Firefox closes.”

This combination of settings allows Firefox to behave normally, but erases most of your activity upon closing the browser. These settings provide some measure of privacy without sacrificing functionality.

Privacy Settings for Firefox–Tracking

Firefox is the best browser for protecting your data. However, Firefox does require several setting adjustments to avoid intrusive tactics like ad tracking.

Select Options and then Privacy in the left hand navigation panel.

By default, Firefox does not enable the do-not-track feature. Turn it on by selecting “Request that sites not track you.” Also select “Use Tracking Protection in Private Windows”, which enables tracking protection that blocks ads and other online trackers when you’re in private browsing mode. However, few sites honor this request.

To enforce your do-not-track intentions, you need to use an add-on such as Ghostery, Disconnect, or the Electronic Frontier Foundation’s Privacy Badger. We have found that some sites do not to allow access to content with add-ons like these enabled.

Fortress FireFox

To create my everyday fortress Firefox, I use the following:

For more anonymity, privacy, and security, I do the following to my instance:

  • To preserve privacy, I use a VPN.
  • To preserve anonymity, I use Tor to connect to an anonymous VPN.
  • To maintain security, I work from a Virtual Machine hosted by a different OS on a clean machine.

If you aren’t doing the same, then you don’t know what is on your PC and what it might be doing to work against you. There are a lot of bad actors out there trying to insinuate malware onto as many machines as possible. If you are using your PC to gather evidence, malware can destroy the integrity of everything you collect.

Conducting Investigative Internet Research is not as easy as it might seem. There is more to it than doing a few poorly structured Google searches. You need to understand how to create a clean machine that will pass muster under S. 31 Canada Evidence Act. You must prevent all your research, and your identity, from ending-up in the hands of the very people that you are investigating. This happens. I have to believe that it happens often but isn’t recognised by most investigators. Would you know if your machine had a trojan like FinSpy? Do you know how to prevent the installation of something like FinSpy? Do you know how to get rid of it?

If you frequent bad internet neighbourhoods, then you will encounter bad people doing bad things, and they will try to do bad things to you.

Firefox Addon — Search Site v.3.2

Search Site 3.2 allows you to search within the current site from the search bar, or from the context menu, or by drag-and-drop into the search bar. This makes it easy to do a website-specific search, using the search engine currently selected in the search bar, if the site doesn’t have its own search box. If you use the search bar, type the search terms into the search bar and then click on the Search Site icon that appears in the search box or press Ctrl+Enter.

Searching the current site can also be done by using the right-click (context) menu. Just select the word or words you want to search and select Search Site for selection in the context menu. Unfortunately, the search results do not automatically open in a new tab, you must hold down the ctrl key as you select the Search Site for selection context menu item. Using the ctrl key will move the results to the foreground tab or if using the search bar,  hold down Ctrl  when clicking on the Search Site icon to display the results in new foreground tab.

I also recommend selecting Enclose the selected text in quotes when searching from context menu in the Options Dialog.

FireFox V.10

The biggest change in V.10 that most Firefox users will see is the smaller number of add-ons marked as incompatible. About 80 percent of all add-ons should now be compatible. Previously, most add-ons would break when Firefox released a major update.

V.10 seems to work much better than any V.9 iteration. No more crashing and the add-ons and extensions work properly. I guess I will be able to stay with Firefox for a while yet.

Extended Support Release

Mozilla also released the enterprise version of Firefox, called ESR (Extended Support Release), which will release updates on a slower cycle (once per year) so that businesses don’t have to worry about their internal tools and security protocols failing. This should help make Firefox more popular in the corporate world.

 

Securing Firefox – Configuration Settings

This is about stopping the dreaded disease, Data Diarrhea. The websites you visit can leave behind a trail of data on your computer and in their server logs. All of this Data Diarrhea can identify the Investigator and this can complicate the problem he is trying to solve. Lax privacy & configuration settings may also leave the Investigator’s computer vulnerable to attack by hackers.

This article describes more advanced methods of customizing Mozilla applications, by editing the configuration files.

about:config entries

about:config is a feature of Mozilla applications which lists application settings (known as preferences) that are read from the profile files prefs.js and user.js, and from application defaults. Many of these preferences are not present in the Options or Preferences dialog. Using about:config is one of several methods of modifying preferences and adding other “hidden” ones.

Editing the user.js and prefs.js files are an alternative method of modifying preferences and recommended for very advanced users only. Unless you need a prefs.js and/or user.js file modified for a specific purpose, you should use about:config instead.

This article refers to the Firefox V. 9 edition of the browser. These entries may have adverse effects on Thunderbird and Mozilla Suite/SeaMonkey and older versions of Firefox. These settings will affect all profiles of the browser.

In Firefox, type about:config in the Location Bar (address bar) and press Enter to display the list of preferences. You may get a warning page next, just click OK and move on.

about:config > browser.display.use_document_fonts > change value to 0

0: Never use document’s fonts
1: Allow documents to specify fonts to use
2: Always use document’s fonts (deprecated)

Don’t let the site access to the fonts on your computer. That grants too much access that can be abused.

about:config > browser.sessionhistory.max_entries > change value to 2

The maximum number of pages in the browser’s session history, i.e. the maximum number of URLs you can traverse purely through the Back/Forward buttons. Default value is 50.  Set it to 2 so that the site you visit can’t see where you have been during your Investigative Internet Research (IIR) assignment.

about:config > dom.storage.enabled > double click to false

dom.storage.enabled is a mechanism allowing web pages to store information with a web browser (similar to cookies) called “client-side session and persistent storage.” Although use of session storage is subject to a user’s cookie preferences, this preference allows it to be disabled entirely.

about:config > geo.enabled > double click to false

True is location aware browsing enabled. Default is true. You want to disable this. See http://www.mozilla.com/en-US/firefox/geolocation/ for details of geolocation in Firefox.

 

Securing Firefox – General Privacy Settings

General Firefox Privacy Settings

The basic privacy settings in general settings, are found in the options bar in Firefox 9.0 (Firefox > Options > Options) or for iOS, Preferences.

  1. Content: Enable block popup windows and disable Javascript when it isn’t needed.
  2. Privacy: Enable the DNT (Do-Not-Track). For History, use custom settings. “Always use private browsing mode” should be enabled. “Remember my browsing history”, “Remember download history” and “Remember search and form history” should be turned off. “Accept cookies from sites”, but un-check “Accept third party cookies” as they aren’t needed often. Location bar: select “Suggest nothing”.
  3. Security: Enable “Warn me when sites try to install add-ons”, “Block reported attack sites” and “Block reported web forgeries”. Under Passwords, disable “Remember passwords for sites” and use a master password.
  4. Advanced – General – System Defaults: Disable “Submit crash reports and performance data”.
  5. Advanced – Network – Offline Storage: Check “Override automatic cache management and limit cache to 0MB space”. Further—you can un-check “Tell me when a website asks to store data for offline storage use”.
  6. Advanced – Encryption: Ensure both “Use SSL 3.0 and Use TLS 1.0” are enabled. Then click validation > check “When an OCSP server connection fails, treat the certificate as invalid”.

 

 

Security & Privacy Add-ons for Firefox

Firefox is the online researcher’s best friend. No other browser gives so much control to the user as Firefox. It is more customizable than either Google Chrome or Internet Explorer.

Like any browser, you must be aware of what data you are releasing when you visit a Web site. The following add-ons help eliminate two serious security threats that occur when doing Investigative Internet Research (IIR).

BetterPrivacy—This add-on is pretty basic, but a must have. BetterPrivacy deletes flash cookies (LSOs/SuperCookies).

KeyScrambler—Check out Alex Long’s post from Null Byte for information about what KeyScrambler is and how it works.

I have already written about:

  • NoScript— NoScript allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, and guards the “trust boundaries” against cross-site scripting attacks (XSS). Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!). This is a must-have for IIR.
  • HTTPS Everywhere—This is a must-have add-on provided by the Electronic Frontier Foundation. HTTPS Everywhere enables a secure connection on pages that have SSLCertificates.  For example, when you use Google search most people use the unencrypted version. This add-on will force Google to deploy its SSL certificate. The DuckDuckGo (DDG) search engine also uses a version of this.

 

 

The Next Browser

I’m a digital troglodyte that doesn’t like change, but sometimes there is no avoiding it.

Recently, Google stopped paying Mozilla for the little Google search window at the top right of the Firefox browser.  Google has paid Mozilla about $1 per copy to have that window. Last year, that Google search window accounted for 84% of Mozilla’s $123 million of revenue, or about $100 million. However, Google’s Chrome browser has made remarkable strides against Firefox and the rest of the the browser field.

The loss of funding to support FireFox, and Chrome’s association with the largest search engine, may herald the end of FireFox.  No other browser gives so much control to the user like Firefox does. Most users don’t understand that Firefox is more customizable than either Google Chrome or Internet Explorer.  If Mozilla doesn’t find a way to replace the lost revenue, then expert searchers may loose their most fundamental and productive tool.  That will lead to a forced change for this digital troglodyte expert searcher.

 

Disabling Geolocation

In a recent article about the DuckDuckGo search engine, I wrote about search leakage.  Many programs leak your location. Internet Explorer does not have a geolocation feature yet, but Firefox and its associated email program do.  Here is how to disable this annoying feature that may reveal that you are investigating a person or  company by your visits to their websites.  It doesn’t take a genius to figure-out that if he defrauded somebody in Toronto that web site visits from someone in Toronto might mean he is being investigated.

To test your browser, first go to this site, then make the changes below and revisit it to see the difference.

Firefox

• Type ‘about:config’ in the address bar without the ‘ ’
• Discard the warning by hitting ‘yes
•Scroll down until you reach ‘geo.enabled’ or you can simply search for ‘geo.enabled
• Doubleclick the item and it will change from its default value ‘True’ to ‘False
• Scroll down until you reach ‘geo.wifi.uri’or you can simply search for ‘geo.wifi.uri
• Rightclick the Value of ‘geo.wifi.uri’ and click ‘Modify
• Type in ‘localhost’ and hit ‘OK’

Thunderbird

• Goto ‘Tools
• Goto ‘Options
• Goto ‘Advanced
• Hit ‘Config Editor’ on the General tab
• Discard the warning by hitting ‘yes
• Scroll down until you reach ‘geo.enabled’ or you can simply search for ‘geo.enabled
• Doubleclick the item and it will change from its default value ‘true’ to ‘false

Search Engine Results

Doing a test search in Bing and Google revealed that turning off the geolocation feature changes the results rather dramatically.  All the search results in my test search went from Canada-centric before turning off the geolocation to U.S.-centric after it was turned off.

FireFox 3 – Incompatible Browser Add-ons

In Power User 110 – Browser Add-ons I recommended the following two FireFox add-ons:

Tab Mix Plus provides all sorts of Tab options that don’t exist in Firefox.

Internote allows you to create persistent sticky notes on a web page which will be there once you return. Notes are very customizable, and come with many small, useful features. A manager is available, in which you can see all of your saved notes, edit them, print them, and delete them.

Neither of these is compatible with FireFox 3 and no updates are available at this time. It looks like there may be a updated version of Tab Mix Plus at some future time.