Hardening Firefox/Gecko Browsers Against Threats to Privacy and Security

[e.Man]

I'm a bit of a privacy freak, to the point where, because of my research into on-line privacy and security, my freakishness is beginning to propagate into my off-line life. I have no social media accounts; i never provide accurate personal information if i can avoid it; i don't use Skype or any other mainstream messenger. When i applied to join this community, i wrote an email to Bill stating that i would rather not provide certain personal details. I didn't even provide my website address because i wanted to make it harder for certain organizations to profile me, primarily because of certain highly controversial topics which i have written about (in retrospect i think that not disclosing my web address was kind of nonsensical since i have linked to my site in many other places).

The fact is, however, that it would likely be trivial for anyone to identify anyone else who engages in on-line activity. A little creative social engineering would probably yield some very interesting results in many cases. So the question then becomes, 'who am i hiding from'? Who are you hiding from, assuming you think like me? Certainly not TPTB since it would be trivial for "them" to grab all kinds of information about pretty much anyone they decide to target.

Nevertheless, many of us persist in our quest for on-line anonymity/privacy. Even if we cannot thwart the efforts of the police/surveillance state in many cases, at least we can make it more difficult for certain data harvesting/advertising/search engine corporations to track and profile us using the reams of metadata we unknowingly provide through the services and software we use. I think that focusing on privacy and security is especially important to anyone who is a whistle-blower or who seriously researches and writes about controversial subjects.

I have been tinkering with Windows OS security and privacy since Win 95 when i learned about what kind of data IE stores permanently, even after the user "deletes" all cache, cookies, history, etc., and how this data can be, and is used by LE (law enforcement). I had conversations with a computer forensic cop who gave me a number of clues as to how they can access and use such data. In the end, i asked him straight out whether this data could be accessed remotely (we're talikg Windows here). His answer: "What do you think?".

Regardless of my studies, my level of tech knowledge, particularly in regard to networking, is ultimately very low and i fully and freely admit that I AM NO SECURITY EXPERT by any stretch of the imagination. Nevertheless, given my limitations, i do what i can to harden my OS, web browser and email client against data leakage and threats to my privacy and system security.

You want the TL:DR version? Simple: DON'T USE WINDOWS, and certainly do not use Internet Explorer. Unfortunately, many of us, including myself, are victims of Mr. Gates and his world-wide monopoly. Well sir, this the end of the road for me; i have vowed to make 7 my last MS OS. Next it's Linux (but not any of the Ubuntu derivatives) since ReactOS, a Windows like, open source NT compatible, will probably never reach a stable release in my lifetime at the rate they're going - LOL.

Regardless of our OS choice however, it is our web browsers and email clients that are the primary gateways to the on-line world for many of us and it is my opinion that anyone who cares about their privacy and security probably ought to direct some serious attention to the software that connects us to the www. In that vein, i have written a few guides for those that are interested ...

Firefox Configuration Guide for Privacy Freaks and Performance Buffs - this covers the Firefox/Gecko family of browsers, including Seamonkey and, to some extent, the Mozilla Thunderbird email client.

Firefox Extensions: My Picks - a nice selection of Firefox extensions and information about extensions in general.

Opting out of the Firefox / Google / Yahoo partnership - Don't want to be tracked by, or support Mozilla's partnerships with globs of unethical companies? Learn how you can easily opt-out.

Encrypting DNS Traffic (and why you want to) - Want to visit projectavalon.net? The computers that route internet traffic have no idea what the heck "projectavalon.net" is, so the domain name is sent from your machine to a DNS resolver which converts it to an IP address (198.143.158.131 for projectavalon.net). The problem is that, even if the connection is secure (https), your DNS query is not. This guide will show you how to secure DNS look-ups and help thwart MitM (Man in the Middle) attacks and other threats to your privacy.

Malware: It's worse than you think - You take precautions. You use an anti-virus/malware product and a software firewall. You use Firefox, or perhaps Chromium, or perhaps a privacy-centric fork of Google's Chrome. You disable JavaScript by default. You NEVER open executable email attachments. You are protected, right? Wrong!

Lastly, i'd like to add an aside regarding encryption...

I sold a PC once to an older fella who worked for the U.S. government, either directly or as a sub in the tech arena. I remember him telling me he had a security clearance, but i don't remember what type ("Crypto" maybe rings a bell - i seem to remember it was something i perceived as "high level"). We got talking about the government and encryption and he had some very interesting stories to tell but not the time to tell them. I suggested that we continue our dialog through email and that we could use encryption. His three word response: "Encryption is useless.".

Obviously encryption is not useless in general, but i think the point he was trying to make is that, depending on who is targeting you, it may be useless, especially if it is a high-level (3-letter) government agency doing the targeting - at least that's what i read in to his statement.

Something i read on the web long ago, and i'm paraphrasing; "Ever find any record of the NSA subpoenaing anyone for their password?". I never investigated that, but it's an interesting statement to make.

[Gaia]

This is a interesting thread... By the way, welcome on this forum e.man

Edward Snowden have publicly confirmed that digital privacy does not exist. Period! Eric Schmidt was on a panel at the World Economic Forum in Davos, where he suggested that: ''The future Internet will be, in one sense, invisible because it will be embedded into everything we interact with'' I use StartPage.com and it's work for me! I think the only real control we have over our data, is ourselves.

[e.Man]

thanks for the warm welcome!

in regard to Snowden, i would add that much of what he brought to the table is far from new, but it seems to have had a greater impact than previous stories, perhaps because comes off as a very modest, likable guy who isn't in it for the attention

whether his perceived profile is accurate is another story - James Corbett has had some interesting things to say about Snowden, as well as others

[Gaia]

Keep in mind that magicians don’t really do magic they perform illusions. Spies do the same things. They want you to think they are doing one thing, while they are actually doing something else. Snowden has exposed a practice that is as old as the Roman Empire. Whistleblower Russel Tice exposed NSA spying long before Edward Snowden. I like this thread because it tell me that the Internet is a very scary place! I would like to know more about encryption.... I'm using Firefox and I wonder why does my Firefox not have a Java plug-in? And what can I do?

Should you be interested e.Man in changing your settings to receive notes on your message board?

[ZKBNZMEN]

I uninstalled firefox as soon as a realized that they were rent seeking via their support for "net neutrality. "

[e.Man]

Posted by Gaia (here)
... I would like to know more about encryption.... I'm using Firefox and I wonder why does my Firefox not have a Java plug-in? And what can I do?

Should you be interested e.Man in changing your settings to receive notes on your message board?

i enabled the message thingy

your browser is missing the Java plugin because you probably never installed it, which is a good thing

the Java Virtual Machine, or JVM, has always had security issues and, secondly, very few websites leverage Java any longer (the ones that do seem to be mostly utility sites, like special calculators and converters, etc.)

browser plugins are becoming a thing of the past, finally! most modern browsers can play most videos and load PDF content without any plugins (at least i know Firefox can and i assume Chrome, Opera and IE as well), however there are exceptions depending on the video type and how it is embedded

as far as encryption, i honestly cannot be allot of help because i don't use it for anything other than storing some personal data and passwords - the information you probably want depends on what exactly you want to encrypt; your hard drive? email? certain files? instant messages? etc.. if you want to elaborate more on what you want to accomplish, i'll be happy to gather some resources for you

[Gaia]

i enabled the message thingy



I wonder why you came... here... We are a small community here. So your'e gonna miss opportunity: Friendship, knowledge and good loving energy...

I'm going to send you a private message. Thank you!!