From b182946ae48d5a84f25d5b8ef2bfbe9eb2c004b9 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sat, 24 Nov 2018 05:19:24 +0000 Subject: [PATCH] Tor-related warnings (#551) Also reworded some stuff. --- README.md | 8 ++++++-- user.js | 8 +++++--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 2b3454b..1e1b28c 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,10 @@ The `ghacks user.js` is a **template** which aims to provide as much privacy and Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `ghacks user.js` settings. +Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services. + +Also be aware that this `user.js` is made specifically for Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser. + Sitemap: [Releases](https://github.com/ghacksuserjs/ghacks-user.js/releases), [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), [stickies](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22). [diffs](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+label%3Adiffs) ### ![][b] acknowledgments @@ -14,10 +18,10 @@ Literally thousands of sources, references and suggestions. That said... * Martin Brinkmann at [ghacks](https://www.ghacks.net/) 1 * The ghacks community and commentators * [12bytes](http://12bytes.org/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) - * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted at [GitLab](https://gitlab.com/labwrat/Firefox-user.js/tree/master) + * The 12bytes article now uses this user.js and supplements it with an additional JS hosted at [GitLab](https://gitlab.com/labwrat/Firefox-user.js/tree/master) 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. ### ![][b] [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -[b]: https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/wikipiki/bullet01.png +[b]: /wikipiki/bullet01.png diff --git a/user.js b/user.js index 741b47d..c077d57 100644 --- a/user.js +++ b/user.js @@ -13,6 +13,8 @@ * README: + 0. Consider using Tor Browser if it meets your needs or fits your threat model better + * https://www.torproject.org/about/torusers.html.en 1. READ the full README * https://github.com/ghacksuserjs/ghacks-user.js/blob/master/README.md 2. READ this @@ -441,7 +443,7 @@ user_pref("network.http.spdy.enabled.http2", false); user_pref("network.http.altsvc.enabled", false); user_pref("network.http.altsvc.oe", false); /* 0704: enforce the proxy server to do any DNS lookups when using SOCKS - * e.g. in TOR, this stops your local DNS server from knowing your Tor destination + * e.g. in Tor, this stops your local DNS server from knowing your Tor destination * as a remote Tor node will handle the DNS request * [1] http://kb.mozillazine.org/Network.proxy.socks_remote_dns * [2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ @@ -652,7 +654,7 @@ user_pref("browser.cache.disk_cache_ssl", false); * [NOTE] This means any permission changes are session only * [1] https://bugzilla.mozilla.org/967812 ***/ // user_pref("permissions.memory_only", true); // (hidden pref) -/* 1008: set DNS cache and expiration time (default 400 and 60, same as TBB) ***/ +/* 1008: set DNS cache and expiration time (default 400 and 60, same as Tor Browser) ***/ // user_pref("network.dnsCacheEntries", 400); // user_pref("network.dnsCacheExpiration", 60); /** SESSIONS & SESSION RESTORE ***/ @@ -926,7 +928,7 @@ user_pref("network.http.referer.defaultPolicy", 3); // (FF59+) default: 3 user_pref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 /* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain (FF54+) * [NOTE] Firefox cannot access .onion sites by default. We recommend you use - * TBB (Tor Browser Bundle) which is specifically designed for the dark web + * the Tor Browser which is specifically designed for hidden services * [1] https://bugzilla.mozilla.org/1305144 ***/ user_pref("network.http.referer.hideOnionSource", true); /* 1610: ALL: enable the DNT (Do Not Track) HTTP header