Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 19 Aug 2018, 01:29
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Firefox hard-coding "telemetry toolkit" into new versions
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [6 Posts]  
Author Message
belham2

Joined: 15 Aug 2016
Posts: 1531

PostPosted: Sat 02 Dec 2017, 08:32    Post subject:  Firefox hard-coding "telemetry toolkit" into new versions  

Hi all,

Found something strange with the new Firefox versions from Quantum on. Hopefully it is nothing, but I am not yet sure.

If you are a FF user, and you are one of those people who modifies the "about:config" settings of FF to harden it, and also not make it broadcast your surfing/locations habits to Google and everyone else, one of the settings you've hopefully been religiously changing all these years falls under the general heading of "Telemetry".

For those that don't know and/or understand "telemetry", Google it and read up on it. To be blunt, if a browser (like FF) gave/gives you the ability to control 'telemetry', you do it. No questions.

Every web address in 'telemetry" should be set to "" (that's right, just two quotation marks). Also, every setting for telemetry should be set to 'false'. But here is where FF has gotten sneaky with the new Quantum versions and above.

Hopefully when you setup Firefox overall (the about:config), you do it "off-line". After first dowloading and installing Firefox, never, ever start it the 1st time UNLESS you are off-line. Too many things (to explain) happen, and you shouldn't let it.

Anyhow, if you now make the mistake of opening Firefox (while it is still online), but you then remember "oh, crap, I've got to set my 'about:config" settings", and you go to do it, when you come to the "telemetry" entries that you should be modifying, you'll notice Mozilla hard-coded a new entry--upon that initial start---for "telemetry-toolkit" into the saved Firefox settings, and you cannot change it from accessing "about:config". This is new behavior.

At this point I am fairly certain they are hard-coding telemetry settings into the browser, and no matter what you set the other "telemetry" settings too, the browser is STILL going to be sending back telemetry data to Mozilla.....data that you do not want being sent back if you can help it.

Just wanted to give you all a heads about this. The urge by all browser makers to become like Google is overpowering...and Mozilla seems to have succumbed to this. But you can get around it if you remember to do things as I described above.

Never, ever start your browser the 1st time with it connected to the Net. Do all of your "about:config" settings offline, and then go back online. Hopefully you are not only changing the "telemetry" settings, but also things under services.sync*, social*, pocket*, prefetch*, media.peer*, media.eme*, media.autoplay, geo* (and all urls there), formfill https*, flyweb, experiment, dom.event, dom.battery, datareporting* (a biggie!), browser.session*, browser.cache*, browser.search*, and the most blantant tracking thing around currently on the web, putting "" (or a 1) in every single item under "browser.safebrowsing*" (Google should be whipped & fined heavily for getting this foisted on the public for this long, saying "it is to protect them safely while browsing"...bullsh!t, it is a NSA-level browser-tracking mechanism where every single thing you do browser-wise is sent back to Google servers around the world).
Back to top
View user's profile Send private message 
Sailor Enceladus

Joined: 22 Feb 2016
Posts: 1540

PostPosted: Sat 02 Dec 2017, 14:26    Post subject:  

Another thing I've noticed for a long time is that Firefox comes with a Google cookie already baked in, since around version 20 something. I was able to block it from appearing but was tricky because it keeps trying to come back when you clear cookies.

I think Palemoon managed to kill it though.
Screenshot.png
 Description   
 Filesize   25.91 KB
 Viewed   235 Time(s)

Screenshot.png

Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 1630
Location: N.E. USA

PostPosted: Sat 02 Dec 2017, 22:14    Post subject:  

Good post belham2.

I will add this... if you can, make a zip-file of your protected browser and store it. Or better yet remaster the pup itself with these settings. NOTE: during remaster DO NOT click on OK when the root files are transferred. Instead open two windows; one in root (show hidden files) and one in /tmp/root (show hidden files). DELETE the version in tmp/root, and drag-n-drop the /root version into /tmp/root.

edit: BTW do the copying or remaster off-line.

Depending upon FF-version it will be /root/firefox and/or /root/.mozilla. If both, do both.

Then continue with remaster.

Regards
8Geee

_________________
Linux user #498913

Some people need to reimagine their thinking.

Last edited by 8Geee on Sat 02 Dec 2017, 22:21; edited 1 time in total
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 1630
Location: N.E. USA

PostPosted: Sat 02 Dec 2017, 22:19    Post subject:  

Separately to Sailor...

I have not seen this, and it may be that google is not removed from default search engine listing ( all of the list should be empty in about:config). Inn about:config search for google. delete the text or false any occurance. Same for bing, yahoo, microsoft, amazon.

Regards
8Geee

_________________
Linux user #498913

Some people need to reimagine their thinking.
Back to top
View user's profile Send private message 
Smithy


Joined: 12 Dec 2011
Posts: 909

PostPosted: Sun 03 Dec 2017, 08:34    Post subject:  

Bit of info here:
https://support.mozilla.org/en-US/questions/965842

If you fancy making some kind of sensible file for general consumption that would be good belham2. Not sure if we could just drop in an optimised *.js file for about:config?
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 1630
Location: N.E. USA

PostPosted: Mon 04 Dec 2017, 15:07    Post subject: FF57.0.1 search engine notice  

Side-note here...

I went to my default search engine ixquick.com (AKA startpage) and was greeted with a warning that Firefox57.0.1 has an aggressive habit of defaulting to g00gle search engine.

Regards
8Geee

_________________
Linux user #498913

Some people need to reimagine their thinking.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [6 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0447s ][ Queries: 14 (0.0119s) ][ GZIP on ]