GitHub - intika/Librefox: Librefox, patches for mainstream Firefox for an enforc...
source link: https://github.com/intika/Librefox
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
Librefox : Browse With Freedom 
This project aims at enforcing privacy and security of Firefox without forking the project.
Librefox uses more than 500 privacy/security/performance settings (gHacks and additional options), patches, Librefox-Addons (optional) and a cleaned bundle of Firefox (updater, crashreporter and Firefox's integrated addons that don't respect privacy are removed).
Features :
- Updated Browser : because this project is not a fork, it is kept updated with the latest Firefox version.
- Extensions Firewall : limit internet access for extensions (firewall-test-feature)
- IJWY (I Just Want You To Shut Up) : embedded server links and other calling home functions are removed (zero unauthorized connection by default).
- User Settings Update : gHacks/pyllyukko base is kept up to date.
- Settings Protection : important settings are enforced/locked within
mozilla.cfgandpolicies.json, those settings cannot be changed by addons/updates/Firefox or unwanted/accidental manipulation; To change those settings you can easily do it by editingmozilla.cfgandpolicies.json. - Librefox Addons : set of optional Librefox extensions
- Statistics Disabled : telemetry and similar functions are disabled
- Tested Settings : settings are performance aware
- ESR and Tor version (Librefox TBB Beta)
- Tor Librefox Addons : adapted Librefox extensions for TBB
- Multi-platform (Windows/Linux/Mac/and soon Android)
- Dark theme (classic and advanced)
- Recommended and code reviewed addons list
- Community-Driven
- And much more...
Index :
> Librefox : Features ............................................................... > Librefox : Download ............................................................... > Librefox : Capture ................................................................ > Addons : Librefox Addons .......................................................... > Addons : Recommended Addons ....................................................... > Addons : Recommended Addons Settings .............................................. > Addons : Reviewing Addons Source Code ............................................. > Addons : Other Useful Addons Listing .............................................. > Wiki : Extensions Network Firewall ................................................ > Wiki : IJWY (I Just Want You To Shut Up) .......................................... > Wiki : Edit Locked Settings ....................................................... > Wiki : Settings Index ............................................................. > Wiki : Cookies Settings ........................................................... > Wiki : Tracking Protection ........................................................ > Wiki : Comparing Changes And Updates .............................................. > Wiki : Documentation .............................................................. > Wiki : Librefox Dark Theme ........................................................ > Wiki : Tuning Librefox ............................................................ > Wiki : Librefox ESR ............................................................... > Wiki : Tor Compatibility .......................................................... > Wiki : DRM Compatibility .......................................................... > Wiki : Building And Packaging ..................................................... > Browser Tests : Security/Fingerprint .............................................. > Browser Tests : Performance ....................................................... > Browser Tests : DNS/VPN/Proxy Leak ................................................ > Infos : Librefox Roadmap .......................................................... > Infos : Changelog ................................................................. > Infos : About .....................................................................
Download :
Linux :
-
Librefox-2.1-Linux-64.0.0-x64.tar.xz - 45.1 MB - SHA1 : 1d25c606e08e6ad2e674abf3032255902067a81d
-
Librefox-2.1-Linux-64.0.0-x32.tar.xz - 47.1 MB - SHA1 : 531ec9b6e1e763d7e13f6b7ce96640c26b7a85f5
-
Librefox-2.1-Linux-60.4.0-x64-ESR.tar.xz - 40.3 MB - SHA1 : 1522f48aaf6189021beb6cbad0e4875c75e6e9c0
-
Librefox-2.1-Linux-60.4.0-x32-ESR.tar.xz - 42.2 MB - SHA1 : 9b1608a1c96ac71942b71b012d960f1958a23c24
-
Librefox-2.1-TBB-Linux-v8.0.4-x64-Beta.tar.xz - 71.6 MB - SHA1 : de33e586c2701fc62e023081af0d51c7829efc26
-
Librefox-2.1-TBB-Linux-v8.0.4-x32-Beta.tar.xz - 73.0 MB - SHA1 : 970628ef040eff3122a4e869ce3db6ffb2a060f5
Windows :
-
Librefox-2.1-Win-64.0.0-x64.zip - 60.8 MB - SHA1 : 0fe4804e99b6147a00ff83f1f99d1ba09663c7ca
-
Librefox-2.1-Win-64.0.0-x32.zip - 58.3 MB - SHA1 : 721da788f47701b2ae3d1de13d91efc01ffa990e
-
Librefox-2.1-Win-60.4.0-x64-ESR.zip - 51.1 MB - SHA1 : 333eff737a31cd0791bd758e9adfc6f1401e1091
-
Librefox-2.1-Win-60.4.0-x32-ESR.zip - 47.6 MB - SHA1 : 80c4c6e8351a7cc03f6b290aa26d68d89cbeedc7
-
Librefox-2.1-TBB-Win-v8.0.4-x64-Beta.zip - 66.3 MB - SHA1 : 0b36604d01b480044de9be730b6bc59fb58b293f
-
Librefox-2.1-TBB-Win-v8.0.4-x32-Beta.zip - 69.2 MB - SHA1 : 2180f4d9d8afeeff4c50a3fe74b6df89281b2d3b
Mac :
-
Librefox-2.1-Mac-64.0.0-x64.dmg - 67.3 MB - SHA1 : 3193c77f86aa1344de5430be8d5aeb304e3be10e
-
Librefox-2.1-Mac-60.4.0-x64-ESR.dmg - 57.7 MB - SHA1 : 0435746f1a41e699ee586f651e54974ae0e9044b
-
Librefox-2.1-TBB-Linux-v8.0.4-x64-Beta.dmg - 64.1 MB - SHA1 : 42047b39ecdb188552a36450adba058247a86edc
Capture :
Librefox Addons :
Librefox addons are not bundled and need to be installed manually
- Librefox Dark Theme : Dark theme
- Librefox HTTP Watcher : Change the url bar color on HTTP sites
- Librefox Reload Button : Add a reload button to URL bar
Recommended Addons :
Recommended addons are not bundled and need to be installed manually
- Cookie Master : Block all cookies and only allow authorized sites
- First Party Isolation : Enable/Disable FPI with the click of a button
- User Agent Platform Spoofer : Spoof a different UserAgent OS Linux/Windows/Mac
- Browser Plugs Privacy Firewall : Sets of settings to prevent fingerprinting and security issues
- uBock Origin + IDCAC List + Nano-Defender List : Block web advertisement and tracking
Recommended Addons Settings :
uBlock : Additional filters are availables here: https://filterlists.com/ (don't surcharge it to avoid performance loss)
Browser Plugs Privacy Firewall : Keep settings light to make privacy.resistFingerprinting efficient because too much customization will lead to uniqueness and therefore easy fingerprinting.
- Privacy / Fingerprint / Fake values for getClientRects
- Privacy / Fingerprint / Randomize Canvas Fingerprint
- Privacy / Fingerprint / 100% Randomize ALL Fingerprint Hash
- Firewall / Experimental / Block SVG getBBox and getComputedTextLength
- Privacy / Font / Randomize
- Privacy / Font / Enable protection for font and glyph fingerprinting
Reviewing Extensions Code :
Recommended extensions code have been reviewed for potential unwanted behaviour... reviewed version are available under extensions directory.
Extensions Firewall :
Extensions Firewall - Description :
This is a test experiment feature and it is disabled by default !!! A new section Extensions Manager is added to manage addons globally (and addons networking in the subsection Extensions Firewalling). Firewalling the network for addons is doable, but it requires a considerable amount of additional work in Librefox to make it usable through a button or in a per addon basis (this may or may not be added in a future version, it also could be abandoned as it is a test feature). Currently you can block a list of domains or block the whole network for all the extensions.
Extensions Firewall - The Settings :
Available native network restriction settings for addons :
- Restricted domains list :
extensions.webextensions.restrictedDomainsthis is a list of restricted domains that will be used to block some hosts for all the extensions, Firefox uses this setting to block extensions from accessing mozilla's domains/sites, by default in Librefox this setting is set to allow extensions to access all the web (You can edit that list to match your needs or to block a specific domain, note that the domain name has to be 'exact' (for instance facebook.com will only block facebook.com not mobile.fabcebook.com) - Content security policy :
extensions.webextensions.base-content-security-policyandextensions.webextensions.default-content-security-policythe later settings can be redefined/changed within an extension so it's not efficient for a firewall purpose. CSP settings are used in Firefox as an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware; In short: CSP settings block and allow certain domains under certain circumstances and thus could be used to firewall the extensions (CSP Documentations, its sources code and implementation)
Extensions Firewall - Blocking A Domain :
Edit the restricted domains setting as follow under the about:config page :
- Restricted Domains Setting :
extensions.webextensions.restrictedDomainsValue :ExactDomains1,ExactDomains2,ExactDomains3etc.
Extensions Firewall - Blocking The Network :
To enable the feature and block the network for all the extensions open mozilla.cfg search for Enable-Firewall-Feature-In-The-Next-Line and remove the // in the next line.
Note that this will block the network access for all the extensions and a lot of extensions needs to be connected in order to work. In the current version of Librefox you can block the network for all the extensions or allow it for all of them, a future version may provide additional features like "per addon" setting (By default Librefox allows networking for extensions).
Extensions Firewall - More Infos :
Check debug-check-todo.log for additional info about future version and researches about the subject. Also check CSP Documentations, its sources code and implementation.
IJWY (I Just Want You To Shut Up) :
This is a set of settings that aim to remove all the server links embedded in Firefox and other calling home functions in the purpose of blocking un-needed connections. The objective is zero unauthorized connection (ping/telemetry/Mozilla/Google...).
Changelog :
Available in the releases page
Edit Locked Settings :
Just edit mozilla.cfg, save and restart Librefox.
Browser Tests - Security/Fingerprint :
Firefox 60 and privacy.resistFingerprinting are relatively new, please give it some time to be more widely used and thus less finger-printable; If you are using a different site to analyze your browser make sure to read and understand what the test is about.
- SSLLabs
- AmiUnique
- BrowserLeaks
- BrowserPlugs
- FingerPrintJS2
- Third-Party-Cookies
- Testing-Notifications
- Browser-Storage-Abuser
- Service-Workers-Push-Test
Browser Tests - Performances :
Performance tests can be done here LVP Octane, it needs to be launched alone with other applications closed and with no other activity but the benchmark, also it's recommended to launch it many times and then calculate the average.
Browser Tests - DNS/VPN/Proxy Leak :
About :
Author : Intika - [email protected]
Donation : Paypal : [email protected]
Based on : User.js, PrivaConf and Ghacks-user.js big thanks to everyone.
Contributors : @Thorin-Oakenpants @claustromaniac @earthlng @brainscar @Eloston @dimqua @pyllyukko @anchev @antuketot76 big thanks to everyone (and all others i forget to mention).
Librefox Roadmap :
Objectives for future versions of Librefox (this may change) :
- Develop an all-in-one Librefox addon to rule them all ? (Normal & Tor Version… this would simplify Librefox)
- Develop an easy to use firewall system for extensions (button/hosts/allow/deny/per-addon)
- Update checker extension (feature in the full extension ?)
- Advertisement for the project to reach more users ?
Todo for future versions of Librefox (this may change) :
- Improve HD-video playback performance
- Testing compatibility on those sites and adjust the related settings.
- Review un-reviewed addons code (dont-track-me-google/decentraleyes/canvasblocker/temporary-containers/switch-container/smart-referer)
Settings Index :
// ==============================
// Index mozilla.cfg .......... :
// ==============================
//
// -----------------------------------------------------------------------
// Section : User settings // Bench Diff : +0 / 5000
// Section : Defaulting Settings // Bench Diff : +0 / 5000
// -------------------------------------------
// Section : Controversial // Bench Diff : +0 / 5000
// Section : Firefox Fingerprint // Bench Diff : +0 / 5000
// Section : Locale/Time // Bench Diff : +0 / 5000
// Section : Ghacks-user Selection // Bench Diff : +100 / 5000
// Section : Extensions Manager // Bench Diff : +0 / 5000
// Section : IJWY To Shut Up // Bench Diff : +0 / 5000
// Section : Microsoft Windows // Bench Diff : +0 / 5000
// Section : Firefox ESR60.x // Bench Diff : +0 / 5000
// -------------------------------------------
// Section : Security 1/3 // Bench Diff : +0 / 5000
// Section : Security 2/3 // Bench Diff : +0 / 5000
// Section : Security 3/3 (Cipher) // Bench Diff : +0 / 5000
// -------------------------------------------
// Section : Performance 1/5 // Bench Diff : +650 / 5000
// Section : Performance 2/5 // Bench Diff : -800 / 5000
// Section : Performance 3/5 // Bench Diff : -1720 / 5000
// Section : Performance 4/5 // Bench Diff : -200 / 5000
// Section : Performance 5/5 // Bench Diff : -50 / 5000
// -------------------------------------------
// Section : General Settings 1/3 // Bench Diff : +100 / 5000
// Section : General Settings 2/3 // Bench Diff : +0 / 5000
// Section : General Settings 3/3 // Bench Diff : -40 / 5000
// -------------------------------------------
// Section : Disabled - ON/OFF // Bench Diff : +0 / 5000
// Section : Disabled - Deprecated Active // Bench Diff : +0 / 5000
// Section : Disabled - Deprecated Inactive // Bench Diff : +0 / 5000
// -----------------------------------------------------------------------
// ==============================
// Index local-settings.js .... :
// ==============================
//
// -----------------------------------------------------------------------
// Section : General Settings // Bench Diff : ++ / 5000
// -----------------------------------------------------------------------
Cookies Settings :
Using different web services without cookies is impossible and cookie settings in a browser are very important when it come to privacy, in Librefox the settings are locked to avoid unwanted changes in such an important setting, but they can be easily changed in mozilla.cfg under User Settings : Cookies settings.
Tracking Protection :
Firefox now integrates a tracking protection feature (based on disconnect.me) it's a small content blocking list, the listing can not be edited, this feature is disabled in Librefox. It's recommended to use uBlock Origin instead. This feature is disabled :
- Until it evolves and integrates at least list editing.
- Because double filtering (this + ublock) is not suitable for performance.
You can however easily enable this feature in mozilla.cfg under User Settings : Track Protection (just comment active lines with // or remove the entire section).
Comparing Changes And Updates :
If you want to compare changes over updates or if you already have a user.js/mozilla.cfg/policies.json. consider using Compare-UserJS, it's an amazing tool to compare user.js files and output the diffs in detailed breakdown, developed by gHack's very own resident cat, claustromaniac ?
Usage : If not on windows install PowerShell then (for example) pwsh Compare-UserJS.ps1 mozilla.cfg user.js (Warning that PowerShell connects to Microsoft sometimes).
Documentation :
Mozilla.cfg : Locking and defaulting Librefox settings for security, privacy and performance.
Policies.json : Policies for enterprise environments (the settings availables with policies.json are limited right now because this is a new feature of Firefox).
Bench diff : Impact on the performance of Librefox, it can be a gain or a loss of performance +100/5000 stand for 2% gained performance and -1500/5000 stand for -30% performance loss.
lockPref : Locked preference can not be changed by extensions or updates, they can only be changed in mozilla.cfg.
Section : Description of the settings section separated by ">>>".
Defaulting VS Enforcing : Defaulted settings can be changed by the user or an extension if permitted within the browser while enforced settings are locked and can not be changed within the browser, enforced settings can be changed in mozilla.cfg.
About:config : http://kb.mozillazine.org/About:config_entries.
Librefox Dark Theme :
Librefox provides a classic dark theme extension (Librefox Dark Theme) but also a purified version of ShadowFox available under dark-theme directory to install it just copy the directory chrome to your Librefox profile directory and then restart Librefox, this will expand the dark theme to internal pages like settings pages.
Tuning Librefox :
Restart Button :
One simple solution is to bookmark about:restartrequired or about:profiles ... when restart is needed open that page and click "normal restart". You can even go further and add the bookmarks links to your icons bar and rename the link to an empty text (you will then have a direct icon to about:profiles and a 2 clicks restart).
...
Alternative Dark Theme :
Linux Fix Text Colors :
On Linux when using a dark desktop theme Librefox could display white text over white background or black text on black input on some sites or addons, this is fixed in Librefox with lockPref("ui.use_standins_for_native_colors", true);.
If ui.use_standins_for_native_colors is not enough to fix everything you can fix this issue with an other additional solution by using the following values in about:config (you need to have Adwaita theme installed) more details (Note that this is not needed with the default Librefox settings as it is already fixed)
widget.content.allow-gtk-dark-theme;false
widget.chrome.allow-gtk-dark-theme;false
widget.content.gtk-theme-override;Adwaita:light
Other Addons :
Other privacy addons :
- NoHTTP : Block http traffic and/or redirect it to https (Excellent remplacment for the unrecommended https-everywhere)
- Google-Container : Open all Google sites in a container
- Facebook-Container : Open all Facebook sites in a container
- Request-Blocker : Hosts style blocking sites
- Decentraleyes : Makes a lot of web resources available locally to improve privacy
- Dont-Track-Me-Google : Cleaning Google search result links
- Canvas-Blocker : Prevent some fingerprinting techniques (This should not be used with browser plugins addon as it provide similar features)
- Cookie-Quick-Manager : View and edit cookies
- Mozilla-Multi-Account-Containers : Manage containers and assign sites to specific container
- Switch-Containers : Switching container for the current tab easily
- Temporary-Containers : Maximizing and automating container potential
- Smart-Referer : Manage referer with a button (Send referers only when staying on the same domain.)
Other useful addons :
- Dormancy : Unload tab after a certain time, useful for performance when opening a lot of tabs
- Add Custom Search Engine : Customize your search engine
- ProxySwitcheroo : Apply proxy settings in a click
- UndoCloseTabButton : Reopen last closed tab
- Advanced Github Notifier : Github notifications
- Shortkeys : Add custom shortkeys
- Tabboo : Session manager
Librefox Addons For ESR And Tor :
- Librefox HTTP Watcher ESR - Tor MoD : Change the url bar color on http and onion sites (to green/red)
- Librefox NoHTTP - Tor MoD : Block http traffic and/or redirect it to https (Excellent replacement for the unrecommended https-everywhere)
Tor Compatibility :
Same as gHacks recommendations, we do not recommend connecting over Tor on Librefox. Use the Tor Browser if your threat model calls for it, or for accessing hidden services (Thus said tor settings have been enabled in v2 for user toriffying/proxifying their entire connection).
Currently Librefox-TBB is in beta test, Tor compatibility may change.
DRM Compatibility :
Digital rights management (DRM) is enforced off by default (this is needed for Netflix and similar); you can enable it with the following instructions :
- Open
mozilla.cfg - Under the section
Section : User Settings - Comment the active lines with
//under the subsectionUser Settings : DRM/CDM - Main - Comment the active lines with
//under the subsectionUser Settings : DRM/CDM - Widevine - Restart Firefox then open
about:preferencesand enablePlay DRM...under general section - Firefox will download Widevine and enable it (under
about:addonsplugins section) you can force the download by clickingCheck for updatesunder the tools button
Librefox ESR :
For ESR users if you opt for Librefox HTTP Watcher you need to use this version Librefox HTTP Watcher ESR - Tor MoD
Building And Packaging :
Currently Librefox is applied to a built version of Firefox, you can build it or use the version provided by mozilla
Linux :
- Extract firefox-63.0.3.tar.bz2
git clone https://github.com/intika/Librefox.git- Copy
mozilla.cfgtofirefox/ - Copy
local-settings.jstofirefox/defaults/pref/ - Create a folder
firefox/distribution/ - Copy
policies.jsontofirefox/distribution/ - Delete the following files and then compress the package (tar.bz2)
firefox/browser/features/[email protected]
firefox/browser/features/[email protected]
firefox/browser/features/[email protected]
firefox/browser/features/[email protected]
firefox/browser/features/[email protected]
firefox/update-settings.ini
firefox/updater.ini
firefox/updater
firefox/crashreporter.ini
firefox/crashreporter
Windows :
- Extract Firefox Setup 63.0.3.exe (Can be done by launching it, files are extracted to
%tmp%) git clone https://github.com/intika/Librefox.git- Copy
mozilla.cfgtocore/ - Copy
local-settings.jstocore/defaults/pref/ - Create a folder
core/distribution/ - Copy
policies.jsontocore/distribution/ - Delete the following files and then compress the package (zip)
core/browser/features/[email protected]
core/browser/features/[email protected]
core/browser/features/[email protected]
core/browser/features/[email protected]
core/browser/features/[email protected]
core/update-settings.ini
core/updater.ini
core/updater.exe
core/crashreporter.ini
core/crashreporter.exe
Mac :
- Require a mac
- Decompressing Firefox 63.0.3.dmg with tools like (hdiutils/dropdmg/disk-utilities/ultraiso/transmac)
git clone https://github.com/intika/Librefox.git- Rename the decomrpessed Firefox-63.0.3.dmg to Librefox-63.0.3.dmg
- Mount Librefox-63.0.3.dmg
- Replace
Firefox/Firefox.app/.background/background.pngwith the one from this git - Remove the directory
Firefox/Firefox.app/Contents/_CodeSignature - Remove the directory
Firefox/Firefox.app/Contents/MacOS/plugin-container.app/Contents/_CodeSignature(this one does not seem to be required) - Run
codesign --remove-signature Firefox.app(This basically remove the signature fromFirefox/Firefox.app/Contents/MacOS/firefox) - Remove the directory
Firefox/Firefox.app/Contents/MacOS/crashreporter.app/ - Remove the directory
Firefox/Firefox.app/Contents/MacOS/updater.app/ - Remove
Firefox/Firefox.app/Contents/Library/LaunchServices/org.mozilla.updater - Remove
Firefox/Firefox.app/Contents/Ressources/browser/features/[email protected] - Remove
Firefox/Firefox.app/Contents/Ressources/browser/features/[email protected] - Remove
Firefox/Firefox.app/Contents/Ressources/browser/features/[email protected] - Remove
Firefox/Firefox.app/Contents/Ressources/browser/features/[email protected] - Remove
Firefox/Firefox.app/Contents/Ressources/browser/features/[email protected] - Remove
Firefox/Firefox.app/Contents/Ressources/update-settings.ini - Remove
Firefox/Firefox.app/Contents/Ressources/updater.ini - Copy
mozilla.cfgtoFirefox/Firefox.app/Contents/Ressources/ - Copy
local-settings.jstoFirefox/Firefox.app/Contents/Ressources/defaults/pref/ - Create a folder
Firefox/Firefox.app/Contents/Ressources/distribution/ - Copy
policies.jsontoFirefox/Firefox.app/Contents/Ressources/distribution/ - Unmount the dmg file
- Compress it with tools like (hdiutils/dropdmg/disk-utilities/ultraiso/transmac)
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK