[컴][웹] firefox 에서 보안설정 간편하게 하기

firefox 보안 / 파폭 설치 후  / 파이어폭스

firefox 에서 보안설정 간편하게 하기

user.js 를 이용해서 설정을 간단하게 할 수 있다.

user.js

주의할 점은 user.js 에 설정된 값은 firefox 내에서 수정해도, firefox 를 껐다켜면 다시 값을 user.js 로 복구시킨다. 한번 사용하고 user.js 는 지우면된다.

• profile folder:
  • Windows: %APPDATA%\Mozilla\Firefox\Profiles\
  • Linux: /home/<USRNAME>/.mozilla/random.default.
  • Android: /data/data/org.mozilla.firefox/files/mozilla/xxxxxxxx.default/
• profile folder 에 user.js 를 copy 해 놓으면 된다. 그러면 firefox 가 시작할 때 user.js 의 내용을 prefs.js 로 내용을 copy 한다.(참고: User.js file - MozillaZine Knowledge Base)
• backup : 혹시 모르니 prefs.js 를 backup 해 놓자.
• firefox 를 닫고 나서 작업을 하고 다시 켜자.(android 에서는 '강제종료'를 하고 하자.)

UTC Time zone

resistFingerprinting 가 기본 timezone 을 UTC 로 설정한다. 그래서 일부 website 에서 시간정보가 제대로 보이지 않을 수 있다. 참고하자. (firefox 79.0)

• firefox displays wrong time zone

user.js

• 개인용: users-2023.js

example

아래 예제는 ref.2 에서 가져와서, 몇개를 수정했다.

// Heimdallr -- Added -- Privacy Enhanced
// Disable Telemetry
user_pref("browser.urlbar.trimURLs","false");  
user_pref("browser.newtabpage.activity-stream.feeds.telemetry","false");
user_pref("browser.newtabpage.activity-stream.telemetry","false");
user_pref("browser.pingcentre.telemetry","false");
user_pref("devtools.onboarding.telemetry-logged","false");
user_pref("media.wmf.deblacklisting-for-telemetry-in-gpu-process","false");
user_pref("toolkit.telemetry.archive.enabled","false");
user_pref("toolkit.telemetry.bhrping.enabled","false");
user_pref("toolkit.telemetry.firstshutdownping.enabled","false");
user_pref("toolkit.telemetry.hybridcontent.enabled","false");
user_pref("toolkit.telemetry.newprofileping.enabled","false");
user_pref("toolkit.telemetry.unified","false");
user_pref("toolkit.telemetry.updateping.enabled","false");
user_pref("toolkit.telemetry.shutdownpingsender.enabled","false");

// Disable Plugin Scanning
user_pref("plugin.scan.plid.all","false");

// Disable Geolocation
user_pref("geo.enabled","false");

// Disable all disk caching PERIOD
user_pref("browser.cache.disk.enable","false");
user_pref("browser.cache.disk_cache_ssl","false");
user_pref("browser.cache.memory.enable","false");
user_pref("browser.cache.offline.enable","false");
user_pref("browser.cache.insecure.enable","false");

// Disable formfill
user_pref("browser.formfill.enable","false");

// Disable Zero Round Trip Time Resumption
user_pref("security.tls.enable_0rtt_data","false");

// Use only TLS 1.2 and 1.3
user_pref("security.tls.version.min","3");

// Disable Triple DES cipher
user_pref("security.ssl3.rsa_des_ede3_sha","false");

// Use strongest cipher
user_pref("security.ssl3.dhe_rsa_aes_128_sha", false);
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", false);
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
user_pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", false);
user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
user_pref("security.ssl3.rsa_aes_128_sha", false);

// Evade Finger printing
user_pref("privacy.resistfingerprinting","true");

// Disable the HORRIBLE webRTC
user_pref("media.peerconnection.enabled","false");

// Disable Prefetching
user_pref("network.dns.disablePrefetch","true");
user_pref("network.prefetch-next","false");

// Disable Referrer Headers (WHY is this is a thing)
user_pref("network.http.sendRefererHeader","0");

// Disable direct GPU access (WEBGL)
user_pref("webgl.disabled","true");

// Disable battery life check
user_pref("dom.battery.enabled","false");

// Disable session identifier
user_pref("security.ssl.disable_session_identifiers","true")

// Make requests only to site being visited
user_pref("privacy.firstparty.isolate","true")

// Disable auth fast starts 
user_pref("security.ssl.enable_false_start","false")

// Disable new tab privacy concerns
user_pref("accessibility.force_disabled", 1);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
user_pref("browser.newtabpage.activity-stream.feeds.section.highlights", false);
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories.rec.impressions", "{\"50465\":1576448311544,\"50504\":1576448311544,\"50513\":1576448311544}");
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories.spoc.impressions", "{\"2323\":[1576448311615,1576448311641,1576448317243]}");
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.feeds.topsites", false);
user_pref("browser.newtabpage.activity-stream.impressionId", "{bc349b2a-4696-4afa-bf4f-48d1fd919fe0}");
user_pref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", "google,amazon");
user_pref("browser.newtabpage.activity-stream.prerender", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false);
user_pref("browser.newtabpage.activity-stream.showSearch", false);
user_pref("browser.newtabpage.activity-stream.showSponsored", false);
user_pref("browser.newtabpage.enabled", false);
user_pref("browser.newtabpage.storageVersion", 1);

// Disable spell check and enable clear on shutdown
user_pref("layout.spellcheckDefault", 0);
user_pref("network.cookie.cookieBehavior", 4);
user_pref("network.cookie.lifetimePolicy", 2);
user_pref("network.http.speculative-parallel-limit", 0);
user_pref("network.trr.mode", 2);
user_pref("pdfjs.enabledCache.state", true);
user_pref("pdfjs.migrationVersion", 2);

// Correct Permissions
user_pref("permissions.default.camera", 2);
user_pref("permissions.default.desktop-notification", 2);
user_pref("permissions.default.geo", 2);
user_pref("permissions.default.microphone", 2);

// Enable privacy sanitization and disable PDF full page
user_pref("plugin.disable_full_page_plugin_for_types", "application/pdf");
user_pref("pref.privacy.disable_button.cookie_exceptions", false);
user_pref("privacy.clearOnShutdown.downloads", true);
user_pref("privacy.clearOnShutdown.formdata", true);
user_pref("privacy.clearOnShutdown.history", true);
user_pref("privacy.clearOnShutdown.offlineApps", true);
user_pref("privacy.clearOnShutdown.sessions", true);
user_pref("privacy.clearOnShutdown.siteSettings", true);
user_pref("privacy.donottrackheader.enabled", true);
user_pref("privacy.history.custom", true);
user_pref("privacy.resistFingerprinting", true);
user_pref("privacy.sanitize.pending", "[]");
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
user_pref("privacy.trackingprotection.cryptomining.enabled", true);
user_pref("privacy.trackingprotection.enabled", true);
user_pref("privacy.trackingprotection.fingerprinting.enabled", true);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("trailhead.firstrun.didSeeAboutWelcome", true);

See Also

1. http://browserspy.dk/: 자신의 브라우저가 어떤 정보를 노출시키는지 확인할 수 있다.
2. GitHub - yokoffing/Betterfox: user.js file to harden Firefox and optimize privacy, security, and speed : 여러가지 preset 들이 있다.
3. 쿠...sal: [컴][웹] firefox 보안 관련 설정

Reference

1. Profiles - Where Firefox stores your bookmarks, passwords and other user data | Firefox Help
2. Firefox Hardening Tips 2019 - Wikis & How-to Guides - Level1Techs Forums, 2019-01-18
3. Guide: Hardening Mozilla Firefox For Privacy & Security 2016 | Cyber Security Wiki | Viking VPN Service