neko
/
SpywareWatchdog
mirror of https://codeberg.org/shadow/SpywareWatchdog.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

lots of editing, mostly regarding the firefox mitigation guide

This commit is contained in:
anonymous 2020-04-03 03:18:03 -04:00
parent 4f300854d6
commit abd8d35804
4 changed files with 211 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
articles/surf.html
View File

@ -1,38 +1,38 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="Content-type" content="application/xhtml+xml;charset=utf-8"/>
<title>Surf - Spyware Watchdog</title>
<link rel="stylesheet" href="../style2.css"/>
<meta http-equiv="Content-type" content="application/xhtml+xml;charset=utf-8"/>
<title>Surf - Spyware Watchdog</title>
<link rel="stylesheet" href="../style2.css"/>
</head>
<body>
<div class="case">
<div class="nav"><a href="index.html">&larr; Catalog</a></div>
<div class="main">
<img width="100" height="37" src="../images/surf_logo.png" alt="Surf Logo"/>
<p>
From their website: "surf is a simple web browser based on WebKit2/GTK+. It is able to display websites and follow links."<sup><a href="#one">[1]</a></sup> Program tested: v2.0 for Linux. Mitmproxy was used to check for connections.
</p>
<h2>Spyware Level: <span class="green">Not Spyware</span></h2>
<p>
Surf <b><span class="green">makes no unsolicited requests at all.</span></b>
It is also fully libre software under the expat license. It was tested in conjuction with tabbed, another piece of software developed by the same people for use with surf, it adds support for tabs. From a privacy standpoint, this browser is an excellent choice.
</p>
<p>Surf requires proxychains to connect to Tor, as it only supports HTTP proxies, not SOCKS (which is what Tor uses).</p>
</div>
<hr/>
<div class="footer">
<div class="nav"><a href="index.html">&larr; Catalog</a></div>
<div class="main">
<img width="100" height="37" src="../images/surf_logo.png" alt="Surf Logo"/>
<p>
From their website: "surf is a simple web browser based on WebKit2/GTK+. It is able to display websites and follow links."<sup><a href="#one">[1]</a></sup> Program tested: v2.0 for Linux. Mitmproxy was used to check for connections.
</p>
<h2>Spyware Level: <span class="green">Not Spyware</span></h2>
<p>
Surf <b><span class="green">makes no unsolicited requests at all.</span></b>
It is also fully libre software under the expat license. It was tested in conjuction with tabbed, another piece of software developed by the same people for use with surf, it adds support for tabs. From a privacy standpoint, this browser is an excellent choice.
</p>
<p>Surf requires proxychains to connect to Tor, as it only supports HTTP proxies, not SOCKS (which is what Tor uses).</p>
</div>
<hr/>
<div class="footer">
<div class="sources">
<h4>Sources:</h4>
<ol>
<li id="one"><a href="https://surf.suckless.org/">surf.suckless.org</a> <a href="https://web.archive.org/web/20200307222953/https://surf.suckless.org/">[web.archive.org]</a></li>
</ol>
</div>
<hr/>
<p>If you want to edit this article, or contribute your own article(s), contact us on XMPP over in spyware@conference.nuegia.net, or visit us at the git repo on <a href="https://codeberg.org/TheShadow/SpywareWatchdog">Codeberg</a>.</p>
<p>All contributions must be licensed under the CC0 licensed to be accepted.</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img class="icon" src="../images/cc0.png" alt="CC0 License"/></a>
</div>
<hr/>
<p>If you want to edit this article, or contribute your own article(s), contact us on XMPP over in spyware@conference.nuegia.net, or visit us at the git repo on <a href="https://codeberg.org/TheShadow/SpywareWatchdog">Codeberg</a>.</p>
<p>All contributions must be licensed under the CC0 licensed to be accepted.</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="../images/cc0.png" alt="CC0 License"/></a>
</div>
</div>
</body>
</div>
</body>
</html>

2
articles/surf_fr.html
View File

@ -31,7 +31,7 @@
<hr/>
<p>Si vous voulez editer cet article ou contribuer sur vos propres article(s), contactez nous sur XMPP a spyware@conference.nuegia.net, ou visitez le repo Git a <a href="https://codeberg.org/TheShadow/SpywareWatchdog">Codeberg</a>.</p>
<p>Toutes les contributions doivent etre sous license CC0 pour etre acceptées.</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="../images/cc0.png" alt="CC0 License"/></a>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img class="icon" src="../images/cc0.png" alt="CC0 License"/></a>
</div>
</div>
</body>

282
guides/firefox.html
View File

@ -1,145 +1,137 @@
<!DOCTYPE html>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="../style2.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<center>
<h1>Mozilla Firefox Spyware Mitigation Guide</h1>
<p>
<a href="/">Back to Home</a><br>
<a href="/articles/firefox.html">Back to Firefox</a>
</p>
<img src="../images/firefox_logo.png">
<p>
After configuring Mozilla Firefox according to this guide it's rating changes like so:
</p>
<h3>Spyware Rating: <font color="orange">High</font> =&gt; <font color="lime">Not Spyware</font></h3>
<p>
Before beginning this guide it is important that you try and cross-reference it with other guides,
to see which prespective on this topic is the best way to do it for you. At the bottom of the page are links
to <a href="#Other_Guides">other guides</a> and projects like this one. You should strongly consider this as <b><font color=orange>
you may find other guides more useful than this one.</font></b>
</p>
<p>
Mozilla Firefox has a huge amount of spyware features, but they all can be disabled by using predefined profile settings.
To do this you need to create new Firefox profile:
<ul>
<li> Run <code>firefox -no-remote -ProfileManager</code> </li>
<li> Create a new profile </li>
<li> Exit. </li>
</ul>
Then open your Firefox user profiles directory. It should be located at:
<table border background="../images/bg.jpg" style="width:800px">
<tr>
<th> OS</th>
<th> Path</th>
</tr>
<tr>
<td> Windows 7</td>
<td><code> %APPDATA%\Mozilla\Firefox\Profiles\XXXXXXXX.your_profile_name</code></td>
</tr>
<tr>
<td> Linux </td>
<td><code> ~/.mozilla/firefox/XXXXXXXX.your_profile_name</code></td>
</tr>
<tr>
<td> OS X</td>
<td><code> ~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile_name</code></td>
</tr>
<tr>
<td> Android</td>
<td><code> /data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name</code></td>
</tr>
<tr>
<td> Sailfish OS + Alien Dalvik</td>
<td><code> /opt/alien/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name</code></td>
</tr>
<tr>
<td> Windows (portable)</td>
<td><code> [firefox directory]\Data\profile\</code></td>
</tr>
</table>
</p>
<p>
Delete everything from the new profile and get ghack's user.js<br>
<ul><li>cd /path/to/your/profile && rm -r * && wget https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js</li></ul>
You may want to edit the file to your needs, if so
<ul><li>yourtexteditor user.js</li></ul>
</p>
<p>
If you want to disable OCSP as well, you should also add this to your user.js. These settings are seperated
because while OCSP is a privacy breach it is also a security feature, and so whether to have it on or off should
be thought about before continuing. You can read about OCSP here: <a href="https://scotthelme.co.uk/revocation-is-broken/">
https://scotthelme.co.uk/revocation-is-broken/</a> <a href="http://web.archive.org/web/20180831224302/https://scotthelme.co.uk/revocation-is-broken/">
[web.archive.org]</a> . The problem is, that OCSP is a form of phoning home, and you might not want to make those requests.
</p>
<code>
user_pref("security.ssl.enable_ocsp_stapling", false);<br>
user_pref("security.OCSP.enabled", 0);<br>
user_pref("security.OCSP.require", false);<br>
</code>
<p>
With this installation method, if you change any of user.js settings through about:config or Firefox preferences dialogs,
they will be reset to the user.js defined values after you restart Firefox.
This makes sure they're always back to secure defaults when starting the browser.
At the end you need to delete several default plugins in Firefox directory at <code>\Mozilla Firefox\browser\features\</code> that can violate privacy:
</p>
<ul>
<li> firefox@getpocket.com.xpi - Pocket </li>
<li> followonsearch@mozilla.com.xpi - Follow On Search </li>
<li> activity-stream@mozilla.org.xpi - Activity Stream </li>
<li> screenshots@mozilla.org.xpi - Screenshots </li>
<li> onboarding@mozilla.org.xpi - Onboarding </li>
<li> formautofill@mozilla.org.xpi - Autofill </li>
<li> webcompat@mozilla.org.xpi - Web Compatibility Reporter </li>
</ul>
<p>
It is highly recommended to also check other user.js template settings from ongoing <i>"ghacks-user.js project"</i><sup><a href="#1">[1]</a></sup> for further hardening Firefox privacy, security and anti-fingerprinting.
</P>
<hr>
<a name="Other_Guides"></a>
<h2>Other Guides</h2>
<p>
These are other guides and projects to help protect your privacy using Firefox. It's important to look at
other prespectives instead of reading JUST this guide. So you should be comparing all of the
guides that you can find to hear everyone's ideas about how this should be done, before you
finish setting Firefox up. Librefox is less of a guide and more of a project and series of tools and settings
you can download to help you make Firefox private.
</p>
<a href="https://www.privacytools.io/#about_config">Firefox: Privacy Related "about:config" Tweaks</a>
<a href="http://web.archive.org/web/20181031171622/https://www.privacytools.io/">[web.archive.org]</a>
<a href="http://archive.fo/SEFXb">[archive.is]</a><br>
<a href="https://restoreprivacy.com/firefox-privacy/">Firefox Privacy The Complete How-To Guide</a>
<a href="https://web.archive.org/web/20181015023738/https://restoreprivacy.com/firefox-privacy/">[web.archive.org]</a>
<a href="http://archive.is/20180414165038/https://restoreprivacy.com/firefox-privacy/">[archive.is]</a><br>
<a href=" https://librefox.org">Librefox: Firefox with privacy enhancements</a>
<a href="http://web.archive.org/web/20181224083906/https://github.com/intika/Librefox">[web.archive.org]</a>
<a href="http://archive.is/Nb6oz">[archive.is]</a><br>
<hr>
<h2>Sources</h2>
<p>
<p>
<a name="1">1.</a>
<a href="https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js">ghacksuserjs/ghacks-user.js</a>
<a href="http://web.archive.org/web/20181015031306/https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js">[web.archive.org]</a>
<a href="http://archive.is/GXIBO">[archive.is]</a>
<br>
</p>
<hr>
<p><b>
This guide was created on 10/8/2018<br>
This guide was last updated on 4/2/2020
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), contact us on XMPP over in spyware@conference.nuegia.net, or visit us at the git repo on <a href="https://codeberg.org/TheShadow/SpywareWatchdog">Codeberg</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="../images/cc0.png" alt="CC0 Liscence"></a>
</center>
</body></html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="Content-type" content="application/xhtml+xml;charset=utf-8"/>
<title>Mozilla Firefox Spyware Mitigation Guide - Spyware Watchdog</title>
<link rel="stylesheet" href="../style2.css"/>
</head>
<body>
<div class="case">
<div class="nav">
<a href="../index.html">&larr; Home</a>
<a class="right" href="../articles/firefox.html">Firefox &rarr; </a>
</div>
<div class="main">
<img alt="Firefox Logo" src="../images/firefox_logo3.svg">
<h1>Mozilla Firefox Spyware Mitigation Guide</h1>
<p>This guide was tested working with Firefox version 74.</p>
<p>After configuring Mozilla Firefox with ghacks-user.js, according to this guide it's rating changes like so:</p>
<h2>Spyware Rating: <span class="orange">High</span> &rarr; <span class="green">Not Spyware</span></h2>
<p>The ghacks user.js is a template which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen).<sup><a href="#two">[2]</a></sup></p>
<br/>
<p>
Before beginning this guide it is important that you try and cross-reference it with other guides,
to see which prespective on this topic is the best way to do it for you. At the bottom of the page are links
to <a href="#Other_Guides">other guides</a> and projects like this one. You should strongly consider this as <b><span class="orange">
you may find other guides more useful than this one.</span></b>
</p>
<br/>
<p>For extra privacy &amp; security, disconnect your computer from the internet while following this guide, so that Firefox is unable to phone home by accident.</p>
<br/>
<p>
Mozilla Firefox has a huge amount of spyware features, but they can all be disabled by using predefined profile settings.
To do this you need to create new Firefox profile:
<ul>
<li>Run <code>firefox -no-remote -ProfileManager</code></li>
<li>Create a new profile </li>
<li>Exit.</li>
</ul>
<p>Then open your Firefox user profiles directory. It should be located at:</p>
<table>
<tr>
<th>OS</th>
<th>Path</th>
</tr>
<tr>
<td>Windows 7</td>
<td><code class="big-code">%APPDATA%\Mozilla\Firefox\Profiles\XXXXXXXX.your_profile_name</code></td>
</tr>
<tr>
<td> Linux </td>
<td><code class="big-code">~/.mozilla/firefox/XXXXXXXX.your_profile_name</code></td>
</tr>
<tr>
<td> OS X</td>
<td><code class="big-code">~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile_name</code></td>
</tr>
<tr>
<td> Android</td>
<td><code class="big-code">/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name</code></td>
</tr>
<tr>
<td>Sailfish OS + Alien Dalvik</td>
<td><code class="big-code">/opt/alien/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name</code></td>
</tr>
<tr>
<td>Windows (portable)</td>
<td><code class="big-code">[firefox directory]\Data\profile\</code></td>
</tr>
</table>
<br/>
<p>Delete everything from the new profile and get ghacks user.js:</p>
<code class="big-code">cd /path/to/your/profile && rm -r * && wget https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js</code>
<p>You may want to edit the file to your needs, if so:</p>
<code class="big-code">$EDITOR user.js</code>
<p>
If you want to disable OCSP as well, you should also add this to your user.js. These settings are seperated
because while OCSP is a privacy breach, it is also a security feature. It works by contacting other servers to verify the authenticity of the address you are connecting to.
</p>
<p>
You should think about it before making a decision. You can read more about OCSP here: <a href="https://scotthelme.co.uk/revocation-is-broken/">
https://scotthelme.co.uk/revocation-is-broken/</a> <a href="http://web.archive.org/web/20180831224302/https://scotthelme.co.uk/revocation-is-broken/">
[web.archive.org]</a>. </p>
<code class="big-code">
user_pref("security.ssl.enable_ocsp_stapling", false);<br/>
user_pref("security.OCSP.enabled", 0);<br/>
user_pref("security.OCSP.require", false);<br/>
</code>
<p>
With this installation method, if you change any of the settings in user.js through about:config or Firefox preferences dialogs,
they will be reset to the user.js defined values after you restart Firefox.
This makes sure they're always back to secure defaults when starting the browser.
At the end you need to delete several default plugins in Firefox directory at <code>/path/to/firefox/browser/features</code> (ie <code>/usr/lib/firefox/browser/features/</code>) that can violate privacy:
</p>
<ul>
<li>firefox@getpocket.com.xpi - Pocket</li>
<li>followonsearch@mozilla.com.xpi - Follow On Search</li>
<li>activity-stream@mozilla.org.xpi - Activity Stream</li>
<li>screenshots@mozilla.org.xpi - Screenshots</li>
<li>onboarding@mozilla.org.xpi - Onboarding</li>
<li>formautofill@mozilla.org.xpi - Autofill</li>
<li>webcompat@mozilla.org.xpi - Web Compatibility Reporter</li>
</ul>
<p>
It is highly recommended to also check other user.js template settings from ongoing <i>"ghacks-user.js project"</i><sup><a href="#one">[1]</a></sup> for further hardening Firefox privacy, security and anti-fingerprinting.
</p>
<br/>
<p>Run <code>firefox -no-remote -ProfileManager</code> again and start the profile you created. Delete any others if needed. Check to make sure, after the first start, that another profile which does <i>not</i> use ghacks was not created by Firefox.</p>
<hr/>
<h2>Other Guides</h2>
<p>
These are other guides and projects to help protect your privacy using Firefox. It's important to look at
other perspectives instead of reading JUST this guide. So you should be comparing all of the
guides that you can find to hear everyone's ideas about how this should be done, before you
finish setting Firefox up. Librewolf is less of a guide and more of a project and series of tools and settings
you can download to help you make Firefox private.
</p>
<ol>
<li><a href="https://www.privacytools.io/#about_config">Privacy Related "about:config" Tweaks to Firefox</a> <a href="http://web.archive.org/web/20181031171622/https://www.privacytools.io/">[web.archive.org]</a> <a href="http://archive.fo/SEFXb">[archive.is]</a></li>
<li><a href="https://restoreprivacy.com/firefox-privacy/">Firefox Privacy The Complete How-To Guide</a> <a href="https://web.archive.org/web/20181015023738/https://restoreprivacy.com/firefox-privacy/">[web.archive.org]</a> <a href="http://archive.is/20180414165038/https://restoreprivacy.com/firefox-privacy/">[archive.is]</a></li>
<li><a href="https://gitlab.com/librewolf-community/browser/linux/">Librewolf, Firefox with privacy enhancements</a></li>
</ol>
<hr/>
<h2>Sources</h2>
<ol>
<li value="0"><a href="https://commons.wikimedia.org/wiki/File:Firefox_logo,_2019.svg">https://commons.wikimedia.org/wiki/File:Firefox_logo,_2019.svg</a> (Firefox Logo)</li>
<li id="one"><a href="https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js">ghacksuserjs/ghacks-user.js</a> <a href="http://web.archive.org/web/20181015031306/https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js">[web.archive.org]</a> <a href="http://archive.is/GXIBO">[archive.is]</a></li>
<li id="two"><a href="https://github.com/ghacksuserjs/ghacks-user.js/blob/master/README.md">https://github.com/ghacksuserjs/ghacks-user.js/blob/master/README.md</a></li>
</ol>
<hr/>
<p>
If you want to edit this article, or contribute your own article(s), contact us on XMPP over in spyware@conference.nuegia.net, or visit us at the git repo on <a href="https://codeberg.org/TheShadow/SpywareWatchdog">Codeberg</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img class="icon" src="../images/cc0.png" alt="CC0 Liscence"></a>
</div>
</div>
</body>
</html>

48
style2.css
View File

@ -28,6 +28,9 @@ a {
a:hover {
color: #094561;
}
:target a {
color: #959800;
}
.img-link a:hover {
border: none;
}
@ -37,13 +40,52 @@ img {
margin-right: auto;
margin-bottom: 2vh;
margin-top: 1vh;
width: 155px;
}
.icon {
width: 77px
}
hr {
border: 1px solid #1A1A1A;
}
ul {
max-width: 780px;
margin-left: auto;
margin-right: auto;
}
table, th, td {
text-align: center;
border: 1px solid white;
margin-left: auto;
margin-right: auto;
max-width: 780px;
}
td {
padding-right: 10px;
padding-left: 10px;
}
code {
text-align: left;
display: inline-block;
font-family: Monospace;
color: #890000;
border: 1px solid #890000;
margin: 2px;
padding-left: 5px;
padding-right: 5px;
}
.big-code {
display: block;
margin-left: auto;
margin-right: auto;
margin-top: 10px;
margin-bottom: 10px;
max-width: 500px;
}
.nav {
margin-top: 0.5vh;
margin-left: 0.6vw;
margin-right: 0.6vw;
}
.nav a {
text-decoration: none;
@ -51,6 +93,9 @@ hr {
.green {
color: #00981B;
}
.orange {
color: #FF6100;
}
.case {
border: 2px solid #1A1A1A;
border-radius: 15px;
@ -59,6 +104,9 @@ hr {
margin-bottom: 3vh;
margin-top: 3vh;
}
.right {
float: right;
}
.main {
min-height: 60vh;
}