Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Learn More

The Ultimate Firefox Privacy & Security Guide [about:config]

  • 4 trả lời
  • 1 gặp vấn đề này
  • 15 lượt xem
  • Trả lời mới nhất được viết bởi jazz

more options

I recently came across a website listing adjustments to Firefox's about:config settings. These are supposedly done to help make the browser more secure. Modifications to browser.safebrowsing.phishing.enabled,and after, are what I'm most curious about - mostly since the name Google is attached.

Others: - dom.event.clipboardevents.enabled [copy and paste tracking] - network.http.sendRefererHeader [hyperlink tracking]

Website for reference: https://proprivacy.com/privacy-service/guides/firefox-privacy-security-guide

I understand a lot can change within a year, but before breaking something, I wanted to ask if changing any of the above settings, particularly those having to do with Google, will cause damage to the browser itself. -thx

Giải pháp được chọn

browser.safebrowsing.phishing.enabled

This preference allows Firefox to block sites listed as sketchy in Google's SafeBrowsing database. I'm pretty sure that Firefox's background lookups in this database are done with a different cookie, so they are not directly associated with your Google browsing session (if any). Please see the following article: How does built-in Phishing and Malware Protection work?

dom.event.clipboardevents.enabled

Sites with more complicated script-driven forms may break if you disable their ability to detect pasting into the form (for example, Facebook and YouTube comments). This can lead to doubled or undeletable text. If you disable this preference, try not to paste into forms to avoid causing problems.

network.http.sendRefererHeader

Some sites require proof that you requested an image from their own site and not somewhere else, so turning off the header may prevent viewing some content. If your goal is to limit cross-site leakage of information about where you clicked a link or requested an image, you could experiment with another preference instead and perhaps experience less problems:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(2) In the search box in the page, type or paste network.http.referer.XOriginPolicy and pause while the list is filtered

(3) To modify the policy, double-click the preference to display an editing field, and change the value to either 1 or 2 as desired, then press Enter or click the blue check mark button to save the change.

Policy choices:

  • 0 => Follow default behavior [DEFAULT]
  • 1 => Omit referring URL if base domains do not match
    www.example.com to www.example.com SEND
    www.example.com to mail.example.com SEND
    www.example.com to www.othersite.com do NOT send
  • 2 => Omit referring URL if host names do not match -- may cause more breakage
    www.example.com to www.example.com SEND
    www.example.com to mail.example.com do NOT SEND
    www.example.com to www.othersite.com do NOT send
Đọc câu trả lời này trong ngữ cảnh 👍 1

Tất cả các câu trả lời (4)

more options

It is best to avoid making changes to prefs like suggested in that article and in other articles and leave them at their default to avoid inexplicable behavior. The default values are chosen to balance between security and not breaking websites. Even making changes in Settings (Options/Preferences) can cause issues, but you can find them easily and you do not need to dig on about:config and try to remember what changes you made. The warning (general.warnOnAboutConfig) you get when you open about:config is there for a reason.

Hữu ích?

more options

Giải pháp được chọn

browser.safebrowsing.phishing.enabled

This preference allows Firefox to block sites listed as sketchy in Google's SafeBrowsing database. I'm pretty sure that Firefox's background lookups in this database are done with a different cookie, so they are not directly associated with your Google browsing session (if any). Please see the following article: How does built-in Phishing and Malware Protection work?

dom.event.clipboardevents.enabled

Sites with more complicated script-driven forms may break if you disable their ability to detect pasting into the form (for example, Facebook and YouTube comments). This can lead to doubled or undeletable text. If you disable this preference, try not to paste into forms to avoid causing problems.

network.http.sendRefererHeader

Some sites require proof that you requested an image from their own site and not somewhere else, so turning off the header may prevent viewing some content. If your goal is to limit cross-site leakage of information about where you clicked a link or requested an image, you could experiment with another preference instead and perhaps experience less problems:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(2) In the search box in the page, type or paste network.http.referer.XOriginPolicy and pause while the list is filtered

(3) To modify the policy, double-click the preference to display an editing field, and change the value to either 1 or 2 as desired, then press Enter or click the blue check mark button to save the change.

Policy choices:

  • 0 => Follow default behavior [DEFAULT]
  • 1 => Omit referring URL if base domains do not match
    www.example.com to www.example.com SEND
    www.example.com to mail.example.com SEND
    www.example.com to www.othersite.com do NOT send
  • 2 => Omit referring URL if host names do not match -- may cause more breakage
    www.example.com to www.example.com SEND
    www.example.com to mail.example.com do NOT SEND
    www.example.com to www.othersite.com do NOT send

Hữu ích?

more options

@jscher - Such a detailed response, thank you for the time spent. I had a look at the article and did get some peace of mind when reading this part:

What information is sent to Mozilla or its partners when Phishing and Malware Protection are enabled? There are two times when Firefox will communicate with Mozilla’s partners.. The first is during the regular updates to the lists of reporting phishing and malware sites. No information about you or the sites you visit is communicated during list updates. The second is in the event that you encounter a reported phishing or malware site. This request does not include the complete address of the visited site, it only contains partial information derived from the address.

Despite the fact that Google is somehow connected, I now believe the trade off for being protected is more important. Reflecting back on the topic - it seems the idea of 'tracking', and all its associations, can lead to a bit of paranoia. In view of this, after having read the details you pointed out, I believe now that tracking isn't a serious concept in itself, and more geared towards the safekeeping of all. Thanks for providing that knowledge.

Được chỉnh sửa bởi jazz vào

Hữu ích?

more options

Btw, love your 'Google Hit Hider' extension

Hữu ích?

Đặt một câu hỏi

Bạn phải đăng nhập vào tài khoản của bạn để trả lời bài viết. Vui lòng bắt đầu một câu hỏi mới, nếu bạn chưa có tài khoản.