Advanced Security Timothytimes' Security Config 2022

Last updated
Jun 24, 2022
Use case
A shared device for my family
Shared with
Desktop OS
Windows 11
Windows OS SKU
Pro
Login Unlock
    • Passwordless PIN or Biometrics
Sign-in with
Microsoft account
Primary user
Administrator rights - Full permissions that can perform harmful changes
OS updates
Automatic updates
Windows UAC
Always notify
Network firewall
Unsure about my network security
Always-on protection
F-Secure SAFE 18.3
Malwarebytes Windows Firewall Control
Firewall
Firewall (user-choice). See details below.
Custom RT/Firewall security
O&O ShutUp10++: almost all the recommended settings
Simple Windows Hardening: basic recommended settings
Malware testing
No malware samples
Periodic scanning
Emsisoft Emergency Kit, Adwcleaner, HitmanPro, Norton Power Eraser
Secure DNS
Comss.one DNS (system-wide)
VPN
Windscribe or Bitdefender VPN (when it's necessary)
Password manager
Bitwarden (desktop application and browser extension) and KeepassXC (for backups)
Browsers and Extensions
Librewolf 100.0.2-1
Extensions: Bitwarden, Browsing Protection by F-Secure, Netcraft, Feedbro, Tampermonkey (AdGuard Extra), Translate Web Pages, uBlock Origin (filters, medium mode), AnonAddy
Search engine: Startpage
Utilities for Maintenance
Reg Organizer 8.91, Revo Uninstaller Pro 5.0.1, SUMo
Files & Photos backup
iCloud; MEGA
Files & Photos backup routine
Manual
Emergency recovery plan
-
Integrity of recovery plan
I have no recovery plan
Tasks performed
    • Working from home
    • Browsing the web
    • Browsing to unknown sites
    • Receiving, sending and opening email attachments
    • Buying goods from online stores, entering card details and addresses
    • Logging into personal banking to check statements and payments
    • Downloading software from reputable sites
    • Sharing and receiving files and torrents
    • PC games, mods and cloud-based gaming
    • Watching movies and TV series via subscriptions
Computer specs
i3 7100, GTX 1050Ti, 8Gb DDR4, 1Tb HDD.
Notable changes
01.01.2022 - the post was created;
02.01.2022 - deleted Privacy Badger, DDG Privacy Essentials, LocalCDN and ClearURLs; enabled medium blocking mode in uBo and strict tracking protection in Firefox;
04.02.2022 - switched from FS Protection and Simplewall to Kaspersky Standard;
18.02.2022 - deleted Avast AntiTrack;
23.02.2022 - switched from Kaspersky Standard to FS Protection and Simplewall.
20.03.2022 - switched from Firefox to librewolf
25.05.2022 - added Simple Windows Hardening
Feedback response

I am partially satisfied. General feedback is greatly appreciated, to make improvements to my overall security / privacy.

SecureKongo

Level 30
Verified
Top poster
Well-known
Feb 25, 2017
1,903
It's my security config for 2022. In 2021 I used the similar one (without Avast AntiTrack and Simplewall).
To me it seems like you are trying to set your focus mainly on privacy according to all the privacy extensions you are using. The problem is that more privacy extensions do not actually improve, but lower your privacy and security on the web.

Some articles about this topic:
1. How anti-fingerprinting extensions tend to make fingerprinting easier
2. Why you should be careful with browser extensions
 

timothytimes

Level 1
Thread author
Aug 1, 2021
14

SecureKongo

Level 30
Verified
Top poster
Well-known
Feb 25, 2017
1,903
What addons do you think I ought to remove?
Thats up to you. I personally would remove all extensions that provide some kind of tracking protection (CleanURLs, PrivacyBadger, DuckDuckGo Privacy Essentials and LocalCDN if you have Strict tracking protection enabled in Firefox. Firefox has solid integrated tracking protections that cover quite a lot of tacking mechanisms and uBlock Origin would be a good and simple addition.
Consider setting up one of those modes for uBlock Origin for enhanced security: Blocking mode · gorhill/uBlock Wiki
 

timothytimes

Level 1
Thread author
Aug 1, 2021
14
Thats up to you. I personally would remove all extensions that provide some kind of tracking protection (CleanURLs, PrivacyBadger, DuckDuckGo Privacy Essentials and LocalCDN if you have Strict tracking protection enabled in Firefox. Firefox has solid integrated tracking protections that cover quite a lot of tacking mechanisms and uBlock Origin would be a good and simple addition.
Consider setting up one of those modes for uBlock Origin for enhanced security: Blocking mode · gorhill/uBlock Wiki
Thanks! I've removed Privacy Badger and DDG Privacy Essentials, and medium blocking mode has been enabled in uBo
 
Last edited:

SecureKongo

Level 30
Verified
Top poster
Well-known
Feb 25, 2017
1,903
Thanks! I've removed Privacy Badger and DDG Privacy Essentials, and medium blocking mode has been enabled in uBo
Great! I personally also used LocalCDN for a long time but found out that it is not really needed if you have First Party Isolation (FPI) or Total Cookie Protection / Dynamic First Party Isolation (dFPI) enabled.
Total Cookie Protection or dFPI will automatically be enabled when you choose to set Firefox's Enhanced Tracking Protection to Strict --> Firefox 86 Introduces Total Cookie Protection – Mozilla Security Blog
If you don't want to do that you can still enable FPI in about:config by setting the value of privacy.firstparty.isolate to true.

Here a Reddit thread about all this:

Hope it's not too confusing. :)
 

timothytimes

Level 1
Thread author
Aug 1, 2021
14
Great! I personally also used LocalCDN for a long time but found out that it is not really needed if you have First Party Isolation (FPI) or Total Cookie Protection / Dynamic First Party Isolation (dFPI) enabled.
Total Cookie Protection or dFPI will automatically be enabled when you choose to set Firefox's Enhanced Tracking Protection to Strict --> Firefox 86 Introduces Total Cookie Protection – Mozilla Security Blog
If you don't want to do that you can still enable FPI in about:config by setting the value of privacy.firstparty.isolate to true.

Here a Reddit thread about all this:

Hope it's not too confusing. :)

Great! I appreciate your kindness and efforts to make my config better. I've just deleted LocalCDN and set my tracking protection to scrict. Also, I've enabled FPI, but it might be unnecessarily
 

timothytimes

Level 1
Thread author
Aug 1, 2021
14
I agree with @SecureKongo. What do AdGuard Extra do for you? Are you using it as a script built in Tampermonkey?

I'm using 'Legitimate URL Shortener' filter instead of ClearURLs.
I use Adguard Extra script which I added in Tampermonkey. In my opinion, Adguard Extra is a good decision to block YandexDirect (and not only this) advertisements where it won't delete by DNS and uBo filters.
 

SecureKongo

Level 30
Verified
Top poster
Well-known
Feb 25, 2017
1,903
I agree with @SecureKongo. What do AdGuard Extra do for you? Are you using it as a script built in Tampermonkey?

I'm using 'Legitimate URL Shortener' filter instead of ClearURLs.
Nice recommendation. The filters "Legitimate URL Shortener" and "AdGuard URL Tracking Protection" in uBlock Origin are basically doing the same as ClearURLs @timothytimes
 

plat

Level 28
Verified
Top poster
Well-known
Sep 13, 2018
1,645
If you have set the tracking protection to "Strict" you should disable FPI as it can conflict with dFPI.
I use the Custom setting in Firefox. This is what it looks like. So far, no problems--since about 4-5 months. I still get "breakthrough" cookie notices occasionally so the Element Picker comes in handy rather than scrounging around for more lists.


ffcus.PNG
 

SecureKongo

Level 30
Verified
Top poster
Well-known
Feb 25, 2017
1,903
I use the Custom setting in Firefox. This is what it looks like. So far, no problems--since about 4-5 months. I still get "breakthrough" cookie notices occasionally so the Element Picker comes in handy rather than scrounging around for more lists.


I am not quite sure about that but I think that setting tracking protection to custom might not trigger the dFPI feature of Firefox. At least they are only stating that "Strict" will enable it on their site: Firefox 86 Introduces Total Cookie Protection – Mozilla Security Blog
 

oldschool

Level 69
Verified
Top poster
Well-known
Mar 29, 2018
5,811
I am not quite sure about that but I think that setting tracking protection to custom might not trigger the dFPI feature of Firefox. At least they are only stating that "Strict" will enable it on their site: Firefox 86 Introduces Total Cookie Protection – Mozilla Security Blog
I'm not either but I found this on Reddit Who knows what to believe on R when there are no references/documentation.

I believe if you select "Custom", Cookies -> "All 3rd party cookies" and Tracking content -> "In all windows" it is at least as strong if not more so. Website breakage could occur but I've never encountered any while blocking 3rd party cookies.

In the end I think it's 6 of one, 1/2 dozen of the other. FF strict is very good protection with recent developments.
 
Last edited:

oldschool

Level 69
Verified
Top poster
Well-known
Mar 29, 2018
5,811