search

Start9Labs / start-os

Open source Linux distro optimized for self-hosting
https://start9.com
MIT License
960 stars 89 forks source link

[fix] better privacy settings for Firefox kiosk mode or switch to Libre wolf #2069

Open MattDHill opened 1 year ago

kn0wmad commented 1 year ago

+1 for LW

gStart9 commented 1 year ago

+2 for LibreWolf - all its settings out of the box are actually sane, they rip out pocket and turn off the sending of every url you visit to a 3rd party, and they release very quickly after firefox does. Only downside is they are not in debian (yet?), you have to add their own repo (so trusting yet another 3rd party, and their amazon web services hosting provider for that repo).

MattDHill commented 1 year ago

Are there any known interoperability issues with LibreWolf and eOS? I vaguely recall something.

gStart9 commented 1 year ago

Not that I'm aware of. I've been using it alone for months.

kn0wmad commented 1 year ago

I had one minor LW issue, but I can't say that it was eOS-related. I think with some testing we'd be good to go with it

gStart9 commented 1 year ago

Gonna drop this in here, we can make a custom profile for firefox-esr rather than letting mozilla take a huge dump all over user privacy with their default settings: https://github.com/mozilla/policy-templates/

Settings that seem like we should probably enable or disable away from the defaults: DisableFirefoxAccounts DisableFirefoxStudies DisablePocket DisableTelemetry NetworkPrediction NoDefaultBookmarks SearchSuggestEnabled

about:config options - don't send every url we visit to google safebrowsing:

browser.safebrowsing.blockedURIs.enabled = false
browser.safebrowsing.downloads.remote.block_potentially_unwanted = false
browser.safebrowsing.downloads.remote.enabled = false
browser.safebrowsing.downloads.remote.block_uncommon = false

Turn off data reporting to mozilla:

datareporting.healthreport.uploadEnabled = false
datareporting.policy.dataSubmissionEnabled = false

^ these settings should be able to eliminate the browser talking to 3rd parties (for the most part).

===========

Another note on the security of Kiosk mode: Running firefox-esr as the start9 user (which has unfettered sudo access) is not a good practice. We should create a user called 'kiosk' whose role is to just run the kiosk script and who has no shell or home dir or sudo access.

kn0wmad commented 1 year ago

Gonna drop this in here, we can make a custom profile for firefox-esr rather than letting mozilla take a huge dump all over user privacy with their default settings: https://github.com/mozilla/policy-templates/

Settings that seem like we should probably enable or disable away from the defaults: DisableFirefoxAccounts DisableFirefoxStudies DisablePocket DisableTelemetry NetworkPrediction NoDefaultBookmarks SearchSuggestEnabled

about:config options - don't send every url we visit to google safebrowsing:

browser.safebrowsing.blockedURIs.enabled = false
browser.safebrowsing.downloads.remote.block_potentially_unwanted = false
browser.safebrowsing.downloads.remote.enabled = false
browser.safebrowsing.downloads.remote.block_uncommon = false

Turn off data reporting to mozilla:

datareporting.healthreport.uploadEnabled = false
datareporting.policy.dataSubmissionEnabled = false

^ these settings should be able to eliminate the browser talking to 3rd parties (for the most part).

===========

Another note on the security of Kiosk mode: Running firefox-esr as the start9 user (which has unfettered sudo access) is not a good practice. We should create a user called 'kiosk' whose role is to just run the kiosk script and who has no shell or home dir or sudo access.

For simplicity - it seems Librewolf uses these about:config settings by default. Agree on setting up the kiosk user.

jordan-bravo commented 1 month ago

One thing to be aware of on the UX front, LibreWolf forces light theme to resist fingerprinting.