搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

Learn More

The Ultimate Firefox Privacy & Security Guide [about:config]

  • 4 回覆
  • 1 有這個問題
  • 13 次檢視
  • 最近回覆由 jazz

more options

I recently came across a website listing adjustments to Firefox's about:config settings. These are supposedly done to help make the browser more secure. Modifications to browser.safebrowsing.phishing.enabled,and after, are what I'm most curious about - mostly since the name Google is attached.

Others: - dom.event.clipboardevents.enabled [copy and paste tracking] - network.http.sendRefererHeader [hyperlink tracking]

Website for reference: https://proprivacy.com/privacy-service/guides/firefox-privacy-security-guide

I understand a lot can change within a year, but before breaking something, I wanted to ask if changing any of the above settings, particularly those having to do with Google, will cause damage to the browser itself. -thx

被選擇的解決方法

browser.safebrowsing.phishing.enabled

This preference allows Firefox to block sites listed as sketchy in Google's SafeBrowsing database. I'm pretty sure that Firefox's background lookups in this database are done with a different cookie, so they are not directly associated with your Google browsing session (if any). Please see the following article: How does built-in Phishing and Malware Protection work?

dom.event.clipboardevents.enabled

Sites with more complicated script-driven forms may break if you disable their ability to detect pasting into the form (for example, Facebook and YouTube comments). This can lead to doubled or undeletable text. If you disable this preference, try not to paste into forms to avoid causing problems.

network.http.sendRefererHeader

Some sites require proof that you requested an image from their own site and not somewhere else, so turning off the header may prevent viewing some content. If your goal is to limit cross-site leakage of information about where you clicked a link or requested an image, you could experiment with another preference instead and perhaps experience less problems:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(2) In the search box in the page, type or paste network.http.referer.XOriginPolicy and pause while the list is filtered

(3) To modify the policy, double-click the preference to display an editing field, and change the value to either 1 or 2 as desired, then press Enter or click the blue check mark button to save the change.

Policy choices:

  • 0 => Follow default behavior [DEFAULT]
  • 1 => Omit referring URL if base domains do not match
    www.example.com to www.example.com SEND
    www.example.com to mail.example.com SEND
    www.example.com to www.othersite.com do NOT send
  • 2 => Omit referring URL if host names do not match -- may cause more breakage
    www.example.com to www.example.com SEND
    www.example.com to mail.example.com do NOT SEND
    www.example.com to www.othersite.com do NOT send
從原來的回覆中察看解決方案 👍 1

所有回覆 (4)

more options

It is best to avoid making changes to prefs like suggested in that article and in other articles and leave them at their default to avoid inexplicable behavior. The default values are chosen to balance between security and not breaking websites. Even making changes in Settings (Options/Preferences) can cause issues, but you can find them easily and you do not need to dig on about:config and try to remember what changes you made. The warning (general.warnOnAboutConfig) you get when you open about:config is there for a reason.

有幫助嗎?

more options

選擇的解決方法

browser.safebrowsing.phishing.enabled

This preference allows Firefox to block sites listed as sketchy in Google's SafeBrowsing database. I'm pretty sure that Firefox's background lookups in this database are done with a different cookie, so they are not directly associated with your Google browsing session (if any). Please see the following article: How does built-in Phishing and Malware Protection work?

dom.event.clipboardevents.enabled

Sites with more complicated script-driven forms may break if you disable their ability to detect pasting into the form (for example, Facebook and YouTube comments). This can lead to doubled or undeletable text. If you disable this preference, try not to paste into forms to avoid causing problems.

network.http.sendRefererHeader

Some sites require proof that you requested an image from their own site and not somewhere else, so turning off the header may prevent viewing some content. If your goal is to limit cross-site leakage of information about where you clicked a link or requested an image, you could experiment with another preference instead and perhaps experience less problems:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(2) In the search box in the page, type or paste network.http.referer.XOriginPolicy and pause while the list is filtered

(3) To modify the policy, double-click the preference to display an editing field, and change the value to either 1 or 2 as desired, then press Enter or click the blue check mark button to save the change.

Policy choices:

  • 0 => Follow default behavior [DEFAULT]
  • 1 => Omit referring URL if base domains do not match
    www.example.com to www.example.com SEND
    www.example.com to mail.example.com SEND
    www.example.com to www.othersite.com do NOT send
  • 2 => Omit referring URL if host names do not match -- may cause more breakage
    www.example.com to www.example.com SEND
    www.example.com to mail.example.com do NOT SEND
    www.example.com to www.othersite.com do NOT send

有幫助嗎?

more options

@jscher - Such a detailed response, thank you for the time spent. I had a look at the article and did get some peace of mind when reading this part:

What information is sent to Mozilla or its partners when Phishing and Malware Protection are enabled? There are two times when Firefox will communicate with Mozilla’s partners.. The first is during the regular updates to the lists of reporting phishing and malware sites. No information about you or the sites you visit is communicated during list updates. The second is in the event that you encounter a reported phishing or malware site. This request does not include the complete address of the visited site, it only contains partial information derived from the address.

Despite the fact that Google is somehow connected, I now believe the trade off for being protected is more important. Reflecting back on the topic - it seems the idea of 'tracking', and all its associations, can lead to a bit of paranoia. In view of this, after having read the details you pointed out, I believe now that tracking isn't a serious concept in itself, and more geared towards the safekeeping of all. Thanks for providing that knowledge.

由 jazz 於 修改

有幫助嗎?

more options

Btw, love your 'Google Hit Hider' extension

有幫助嗎?

問個問題

如果您還沒有帳號,您必須先 登入您的帳號 來回覆文章。請 開始一個新問題