From d3c997404d6e681e78fa7cb666d000b07438139c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 19 Apr 2019 03:36:53 +0000 Subject: [PATCH] Updated 1.3 Implementation (markdown) --- 1.3-Implementation.md | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/1.3-Implementation.md b/1.3-Implementation.md index fcf7d4b..0679ec8 100644 --- a/1.3-Implementation.md +++ b/1.3-Implementation.md @@ -15,34 +15,28 @@ While not 100% definitive, we have included `[SETUP*` tags for troubleshooting a ### :small_orange_diamond: Very important, check these first... -:exclamation: ULTRA UBER IMPORTANT. You don't need to do anything with these, just be aware of them. +:exclamation: ULTRA UBER IMPORTANT: Pay attention! -- Auto-INSTALLING of Firefox updates is disabled (0302a) +- FYI: Auto-INSTALLING of Firefox updates is disabled (0302a) * :star: You will **always get prompts** and reminders from Firefox * Please keep your software up to date in a timely fashion. -- We provide information on Tracking Protection (TP) and Safe Browsing (SB) - * :star: Disable TP and SB at **your own risk** +- FYI: We provide information on Tracking Protection (TP) and Safe Browsing (SB) * The only part we have **ever** disabled, are the real-time binary checks with Google (0414) - -:exclamation: SUPER IMPORTANT: Some data is deleted forever - + * :star: Disable TP and the rest of SB at **your own risk** - We delete cookies and history (download, form and browsing histories) - * If you want to keep them, comment out those preferences (section 2800) + * :star: If you want to keep them, comment out those preferences (section 2800) - We disable search & form history (0860) - * todo: add why here + * :star: Form data can easily be stolen by third parties. The PoC (Proof of Concept) linked in [this](https://blog.mindedsecurity.com/2011/10/autocompleteagain.html) 2011 article is still not mitigated almost 8 years later -:exclamation: VERY IMPORTANT: Cookies & First Party Isolation +:exclamation: SUPER IMPORTANT: Cookies, First Party Isolation, RFP - First party cookies only are enabled (2701) - First Party Isolation is enabled (4001) - * It is recommended that you clear (Ctrl-Shift-Del) everything (except passwords and site preferences) when first enabling this, so non-Origin Attribute data is wiped - -:exclamation: REALLY IMPORTANT: privacy.resistFingerprinting (RFP) - -- The `user.js` uses RFP (section 4500) + * :star: It is recommended that you clear (Ctrl-Shift-Del) everything (except passwords and site preferences) when first enabling this, so non-Origin Attribute data is wiped +- `privacy.resistFingerprinting` (RFP) is enabled (section 4500) * As RFP patches land in stable, alternative existing preferences are moved to section 4600 and made inactive - * ESR and non-RFP users may want to enable section 4600 - * :exclamation: RFP users should ***make sure*** to reset items in 4600 in about:config, as some cause RFP to not behave as you would expect and alter your fingerprint. + * :star: non-RFP users may want to enable section 4600 + * :star: RFP users should reset items in 4600 in about:config, as some cause RFP to not behave as you would expect and alter your fingerprint :exclamation: RATHER IMPORTANT: Miscellaneous