Re: [Tails-dev] FireFox Hardening

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: Sephula, tails-dev
Subject: Re: [Tails-dev] FireFox Hardening
Hi,

Sephula:
>     I found this nifty tool for hardening FireFox:
> https://github.com/pyllyukko/user.js.  No doubt, you'd need to customize
> it to suit TAILS, as it's very restrictive (there is a "light version"
> available).  However, I like the concept of simply importing a 'user.js'
> file in order to automatically apply the settings which are required, as
> this definitely simplifies the setup process from having to manually
> enter settings.  Would you recommend using these settings with TAILS, or
> would this potentially make one susceptible to browser fingerprinting? 
> Even as a research tool for possible attack vectors, I think it deserves
> some investigation and consideration.


That's a huge amount of settings. Tails does not develop Tor Browser
so this list is not the best forum to discuss it. Now, before bringing
this to the Tor Browser team's consideration, first thing is to
acknowlege that this user.js ws not designed with Tor Browser in mind:
as the README says, "If you are concerned about more advanced threats,
use specialized hardened operating systems and browsers such as Tails
or Tor Brower Bundle". Next step, I think, would be to filter the list
and keep only the settings that are relevant in the context of Tor
Browser: at first glance, some are already the default in Tor Browser
and some mitigate issues that Tor Browser already mitigates
differently. Finally, identify the few settings that would make the
biggest difference and start a discussion about each of them.
This process will inform the following steps :)

> Thanks for taking the time, and
> thank you for all your hard work creating TAILS!


Thanks :)

> I've signed this message, and attached my public key.  Please, prefer
> encryption.  Thank you!


Well, you wrote to a public mailing list so I'll reply there.

Cheers,
--
intrigeri