Firefox hard-coding "telemetry toolkit" into new versions

For discussions about security.
Post Reply
Message
Author
belham2
Posts: 1715
Joined: Mon 15 Aug 2016, 22:47

Firefox hard-coding "telemetry toolkit" into new versions

#1 Post by belham2 »

Hi all,

Found something strange with the new Firefox versions from Quantum on. Hopefully it is nothing, but I am not yet sure.

If you are a FF user, and you are one of those people who modifies the "about:config" settings of FF to harden it, and also not make it broadcast your surfing/locations habits to Google and everyone else, one of the settings you've hopefully been religiously changing all these years falls under the general heading of "Telemetry".

For those that don't know and/or understand "telemetry", Google it and read up on it. To be blunt, if a browser (like FF) gave/gives you the ability to control 'telemetry', you do it. No questions.

Every web address in 'telemetry" should be set to "" (that's right, just two quotation marks). Also, every setting for telemetry should be set to 'false'. But here is where FF has gotten sneaky with the new Quantum versions and above.

Hopefully when you setup Firefox overall (the about:config), you do it "off-line". After first dowloading and installing Firefox, never, ever start it the 1st time UNLESS you are off-line. Too many things (to explain) happen, and you shouldn't let it.

Anyhow, if you now make the mistake of opening Firefox (while it is still online), but you then remember "oh, crap, I've got to set my 'about:config" settings", and you go to do it, when you come to the "telemetry" entries that you should be modifying, you'll notice Mozilla hard-coded a new entry--upon that initial start---for "telemetry-toolkit" into the saved Firefox settings, and you cannot change it from accessing "about:config". This is new behavior.

At this point I am fairly certain they are hard-coding telemetry settings into the browser, and no matter what you set the other "telemetry" settings too, the browser is STILL going to be sending back telemetry data to Mozilla.....data that you do not want being sent back if you can help it.

Just wanted to give you all a heads about this. The urge by all browser makers to become like Google is overpowering...and Mozilla seems to have succumbed to this. But you can get around it if you remember to do things as I described above.

Never, ever start your browser the 1st time with it connected to the Net. Do all of your "about:config" settings offline, and then go back online. Hopefully you are not only changing the "telemetry" settings, but also things under services.sync*, social*, pocket*, prefetch*, media.peer*, media.eme*, media.autoplay, geo* (and all urls there), formfill https*, flyweb, experiment, dom.event, dom.battery, datareporting* (a biggie!), browser.session*, browser.cache*, browser.search*, and the most blantant tracking thing around currently on the web, putting "" (or a 1) in every single item under "browser.safebrowsing*" (Google should be whipped & fined heavily for getting this foisted on the public for this long, saying "it is to protect them safely while browsing"...bullsh!t, it is a NSA-level browser-tracking mechanism where every single thing you do browser-wise is sent back to Google servers around the world).

Sailor Enceladus
Posts: 1543
Joined: Mon 22 Feb 2016, 19:43

#2 Post by Sailor Enceladus »

Another thing I've noticed for a long time is that Firefox comes with a Google cookie already baked in, since around version 20 something. I was able to block it from appearing but was tricky because it keeps trying to come back when you clear cookies.

I think Palemoon managed to kill it though.
Attachments
Screenshot.png
(25.91 KiB) Downloaded 243 times

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#3 Post by 8Geee »

Good post belham2.

I will add this... if you can, make a zip-file of your protected browser and store it. Or better yet remaster the pup itself with these settings. NOTE: during remaster DO NOT click on OK when the root files are transferred. Instead open two windows; one in root (show hidden files) and one in /tmp/root (show hidden files). DELETE the version in tmp/root, and drag-n-drop the /root version into /tmp/root.

edit: BTW do the copying or remaster off-line.

Depending upon FF-version it will be /root/firefox and/or /root/.mozilla. If both, do both.

Then continue with remaster.

Regards
8Geee
Last edited by 8Geee on Sun 03 Dec 2017, 02:21, edited 1 time in total.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#4 Post by 8Geee »

Separately to Sailor...

I have not seen this, and it may be that google is not removed from default search engine listing ( all of the list should be empty in about:config). Inn about:config search for google. delete the text or false any occurance. Same for bing, yahoo, microsoft, amazon.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#5 Post by Smithy »

Bit of info here:
https://support.mozilla.org/en-US/questions/965842

If you fancy making some kind of sensible file for general consumption that would be good belham2. Not sure if we could just drop in an optimised *.js file for about:config?

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

FF57.0.1 search engine notice

#6 Post by 8Geee »

Side-note here...

I went to my default search engine ixquick.com (AKA startpage) and was greeted with a warning that Firefox57.0.1 has an aggressive habit of defaulting to g00gle search engine.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

Post Reply