8 reasons to ditch Chrome and switch to Firefox

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,479
The Live Key Press and Mouse Position are a scary feature, is there a way to disable/spoof those?
it also has the option to impact your typing speed, so that you can't be profiled with the way you type.

Brave does a better job with plugins, I don't know how to spoof either in Firefox.
plugin.scan.plid.all = false

But I doubt that it's that effective..
 

M4RT1NE2

Level 14
Verified
Top Poster
Well-known
Mar 19, 2022
650
Opera:

Screenshot_4.jpg

Brave:

Screenshot_5.jpg
 

Stronghold

Level 1
May 27, 2022
21
it also has the option to impact your typing speed, so that you can't be profiled with the way you type.
I've tried software like that before, it works but it has a huge impact on your browsing experience. Everything you type has delays and you end up with more grammatical errors. I can't have even more of those :ROFLMAO:
plugin.scan.plid.all = false

But I doubt that it's that effective..
I have that turned on. It works very well for add-ons because none are visible after you enable it, but it does nothing for plugins (eg PDF viewer, Chrome PDF viewer). I think the developers confused add-ons and plugins while writing that part of the code.
 
  • Like
Reactions: Sorrento and Kongo

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,479
I've tried software like that before, it works but it has a huge impact on your browsing experience. Everything you type has delays and you end up with more grammatical errors. I can't have even more of those
You can regulate the intesity of the the impact but I agree, probably not worth the hassle.
 

Stronghold

Level 1
May 27, 2022
21
check out my security config. There you can see my Firefox settings in detail. (y)
I looked at your config, my settings are exactly the same as yours but I'm not getting the results you are, the only difference is your addons. I don't use bitwarden, skip redirect or adguard, and I don't sandbox my browser. I use uBlock, ClearURLs and Kee instead.
The only thing I can think of is my CanvasBlocker spoofing a value to a unique value. Do you get a WebGL Hash when testing on Cover Your Tracks?
I still don't think the site is the best tool to measure uniqueness but it bothers me that the same settings get better result on one computer as they do on the other.
 
  • Like
Reactions: Kongo and Sorrento

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,479
I looked at your config, my settings are exactly the same as yours but I'm not getting the results you are, the only difference is your addons. I don't use bitwarden, skip redirect or adguard, and I don't sandbox my browser. I use uBlock, ClearURLs and Kee instead.
The only thing I can think of is my CanvasBlocker spoofing a value to a unique value. Do you get a WebGL Hash when testing on Cover Your Tracks?
I still don't think the site is the best tool to measure uniqueness but it bothers me that the same settings get better result on one computer as they do on the other.
You can just use the Legitimate URL Shortener blocklist in uBlock Origin instead of a standalone extension like ClearURLs. The fewer extensions the better for privacy. And why would you use CanvasBlocker while having privacy.resist.fingerprinting enabled? Choose either built in fingerprinting protection, or the extension. And yes, I also get a webgl hash.
 

Stronghold

Level 1
May 27, 2022
21
You can just use the Legitimate URL Shortener blocklist in uBlock Origin instead of a standalone extension like ClearURLs. The fewer extensions the better for privacy. And why would you use CanvasBlocker while having privacy.resist.fingerprinting enabled? Choose either built in fingerprinting protection, or the extension. And yes, I also get a webgl hash.
The URL shortening list no longer exists in uBlock or they renamed it, I can't find it anymore.
CanvasBlocker allows you to protect navigator, it allows you to spoof your navigator to force your OS when using a VPN. If you don't you'll get a double OS fingerprint (one for your computer and one for the server OS) in your canvas unless you use Linux. I don't know of any other add-on that allows you to change this.
 
Last edited:
  • Like
Reactions: Sorrento and Kongo

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,479
The URL shortening list no longer exists in uBlock or they renamed it, I can't find it anymore.
CanvasBlocker allows you to protect navigator, it allows you to spoof your navigator to force your OS when using a VPN. If you don't you'll get a double OS fingerprint (one for your computer and one for the server OS) in your canvas unless you use Linux. I don't know of any other add-on that allows you to change this.
Trace was a great extension, but it's discontinued now. But then at least disable privacy.resist.fingerprinting if you use CanvasBlocker. They just overlap.
 

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
363

Stronghold

Level 1
May 27, 2022
21
Trace was a great extension, but it's discontinued now. But then at least disable privacy.resist.fingerprinting if you use CanvasBlocker. They just overlap.

They do overlap but they also don't, CanvasBlocker sees the Canvas and fakes it, then RFP kicks in and randomizes it. So the result is the same as RFP alone but if that fails and gets disabled (by a now unknown exploit) it gets faked by CanvasBlocker so it will still be random.
Like Thorin-Oakenpants (who contributes to Arkenfox) says at the bottom of this github issue it's fine to use CanvasBlocker in default mode he also talks about a few times in the Arkenfox Wiki.
RFP is superior and Extensions can leak so having it as a fall back, so I can use it to spoof Navigator, is more secure than CanvasBlocker alone.

It's a third party filterlist for url parameters. You will have to manually add it to your filterlist, if you'd like to use it. In uBlock Origin, however, there is a built-in URL tracking list from AdGuard (AdGuard URL Tracking Protection).
Adblockers are very easy to fingerprint by testing the list entries so adding all the defaults is fine but the more special lists you add (country specific etc.) makes you more unique. If you start adding manual lists you'll become even more unique because the scripts that identify adblockers are written for add-ons such as uBlock or AdGuard and test those lists. By using a separate add-on like ClearURL it will be harder to track because it does things locally as far as I know. But I could be wrong.
 

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
363
They do overlap but they also don't, CanvasBlocker sees the Canvas and fakes it, then RFP kicks in and randomizes it. So the result is the same as RFP alone but if that fails and gets disabled (by a now unknown exploit) it gets faked by CanvasBlocker so it will still be random.
Like Thorin-Oakenpants (who contributes to Arkenfox) says at the bottom of this github issue it's fine to use CanvasBlocker in default mode he also talks about a few times in the Arkenfox Wiki.
RFP is superior and Extensions can leak so having it as a fall back so I can use it to spoof Navigator is more secure than CanvasBlocker alone.


Adblockers are very easy to fingerprint by testing the list entries so adding all the defaults is fine but the more special lists you add (country specific etc.) makes you more unique. If you start adding manual lists you'll become even more unique because the scripts that identify adblockers are written for add-ons such as uBlock or AdGuard and test those lists. By using a separate add-on like ClearURL it will be harder to track because it does things locally as far as I know. But I could be wrong.
With Firefox in specific, it doesn't matter. Addons in itself makes Firefox as a browser more unique in that regard, more so as opposed to Chromium browsers. Since it was built and intended to be customizable, hence it always being "unique". Anywho, I merely pointed out where you could find it, since you asked. ;) Filterlists are such a minor fingerprint in Firefox (specifically), that it can be neglected with how the algorithms target it. (y)
 

Stronghold

Level 1
May 27, 2022
21
With Firefox in specific, it doesn't matter. Addons in itself makes Firefox as a browser more unique in that regard, more so as opposed to Chromium browsers. Since it was built and intended to be customizable, hence it always being "unique". Anywho, I merely pointed out where you could find it, since you asked. ;) Filterlists are such a minor fingerprint in Firefox (specifically), that it can be neglected with how the algorithms target it. (y)
While I agree with you that is true and Add-ons do make you more unique I haven't found a leak in using "plugin.scan.plid.all = false" yet. Every site I test on says I'm not using any Add-ons at all.
It's easier to break and exploit a simple rule in a configuration (Firefox) than a browser built around not using any (or many) Add-ons (Brave) it looks like it still works.
I tested it with multiple different Add-ons enabled, none of them ever showed up in tests so far.
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,479
You can also use the Multi-Account Containers addon and put various sites in their own containers.
You might want to read this regarding the overlap of Total Cookie Protection (which is enabled if you set enhanced tracking protection to Strict) and Multi-Account Containers.


I personally think that MAC are not worth the hassle and that TCP is absolutely enough. I already discussed this with @oldschool and @SeriousHoax some time ago if I remember correctly.
 
Last edited:

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
363
That what I do to an extent. Microsoft services in one container, same for Google in another, but to also organise the tabs visually. If I got a dozen tabs open, then I could also notice immediately by colour, where colour x is for subject 1 and Y for subject 2 for example. A bit backwards organising while in use, however, since I got the add-on installed, might as well make use of it. :p

Side-note: I block all third-party cookies through ETP custom settings, so I don't get the cookie jar from Total Cookie Protection. Well, as far as I'm aware, that is.

You might want to read this regarding the overlap of Total Cookie Protection (which is enabled if you set enhanced tracking protection to Strict) and Multi-Account Containers.


I personally think that MAC are not worth the hassle and that TCP is absolutely enough. I already discussed this with @oldschool and @SeriousHoax some time ago if I remember correctly.
The link gets redirected to the Github Homepage, instead of the github issue. Due to the tld referring to .co, instead of .com. (y)
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,479
That what I do to an extent. Microsoft services in one container, same for Google in another, but to also organise the tabs visually. If I got a dozen tabs open, then I could also notice immediately by colour, where colour x is for subject 1 and Y for subject 2 for example. A bit backwards organising while in use, however, since I got the add-on installed, might as well make use of it. :p

Side-note: I block all third-party cookies through ETP custom settings, so I don't get the cookie jar from Total Cookie Protection. Well, as far as I'm aware, that is.


The link gets redirected to the Github Homepage. Due to the tld referring to .co, instead of .com. (y)
Post edited :)
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
You might want to read this regarding the overlap of Total Cookie Protection (which is enabled if you set enhanced tracking protection to Strict) and Multi-Account Containers.


I personally think that MAC are not worth the hassle and that TCP is absolutely enough. I already discussed this with @oldschool and @SeriousHoax some time ago if I remember correctly.
Yeah but I'm still confused about what happens if mine is set to block all third party cookies? Does Total Cookie Protection work in that case?
 
  • Like
Reactions: Kongo

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
363
Yeah but I'm still confused about what happens if mine is set to block all third party cookies? Does Total Cookie Protection work in that case?
Anyone can correct me, but the way I understood it all was that if you put the custom setting to "block third-party cookies" than you won't get the benefits of Total Cookie Protection. Sometimes also casually referred to as cookie jar. While only "strict" would give you that benefit. So I have configured my Firefox based on that understanding.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top