Page 3 of 3

Re: Is Linux Mint Spyware/Prism proof?

Posted: Thu Oct 31, 2013 3:43 pm
by linuxviolin
MishaSherpa wrote:Hi Violin. Interesting info! They never give up. First it was LSO, now it's dom. Thanks for the about:config
samriggs wrote:Thanks Violin
I don't know much about lightbeam, just thought it was a fun toy to play with, and decided to share with anyone else that wanted to fool around with. I seen it on the video that showed cinnamon 2 on the Linux Action Show and it sounded interesting.
Thanks also for the dom config, I just changed it on mine.
Sam
You're welcome :D

About Lightbeam, yes, it is interesting and vou should see the difference between DOM storage allowed and disabled, like with cookies... :wink:


If you want more about:config edits you could make these, even if not all related to the security and privacy:



Prefetch Control:

about:config Name: network.prefetch-next

Default Value: true

Modified Value: false


By setting network.prefetch-next to false, we are controlling the following:

Link prefetching, is when a web page hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user request



User Agent Strings:

about:config Name: general.useragent.override

Default Value: as per machine's configuration


The ability to change the useragent string via this about:config preferences option - general.useragent.override - to a more common string, may prove to be useful for some users, as the following example may show:
Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
(If the required Preference Name is non-existent, creating a new entry requires you to Right Mouse Button click in the about:config page, then by using the RMB menu option ->NEW, a new entry can be created.)

[url=http://www.useragentstring.com/pages/useragentstring.php/]Here[/url] is a great useragent string reference page from where you can copy & paste.

[url=http://spiralinear.org/forum/viewtopic.php?f=17&t=183&p=1448#p1448/]Here[/url] is a link to a step by step guide for changing the useragent string.

Changing this setting can be advantageous in certain circumstances;- like being able to access a site that won't let any other browser than I.E. in. Or fooling sites that your computer is a hand-held so that you get a lighter & faster display, for instance.

As far as using it so as not to stand out in the crowd as a Firefox Linux 64bit user with some other uncommon settings & browser additions is concerned;- if you are taking effective privacy precautions that are mentioned in this thread, it really shouldn't make much difference as the trackers don't know you are there anyway.


On the other hand, if you are doing something on a public wireless network where you would prefer to be untraceable then it would certainly be a good idea to modify your useragent string & then modify it back again when you have finished.

Here is a Firefox add-on called User Agent Switcher that can make this job much easier & quicker for you. You will most likely have to search out additional strings that you can add strings to its menu, which is a nice touch too.



Match Accept Headers to your User Agent String:

about:config Name: network.http.accept.default

Default Value: as per machine's configuration


If you want you can then change the accept headers to match the default for whichever useragent string you went with.

[url=http://www.gethifi.com/blog/browser-rest-http-accept-headers/]This link[/url] is informative.

You can also use the Modify Headers add-on.


OR, if you know what you are doing, you can modify the network.http.accept.default key in about:config.



Enable Spell Checking In All Text Fields:

about:config Name: layout.spellcheckDefault

Default Value: 1

Possible Values:
0 - disable spell checker.
1 - spell check multi-line text boxes only.
2 - enable spell checker for all text boxes.
The default spell checking function only checks for multi-line text boxes. You can get it to spell-check for single line text box as well.

Which is a great find for me as I'm not a perfect speller.



Open Search Box Results In New Tab:

about:config Name: browser.search.openintab

Default Value: false

Modified Value: true


When you search using the search box at the top right hand corner of the browser, it will display the search results in the current tab. If you don’t want the search to interfere with your current tab, you can tweak the browser.search.openintab to make it open in a new tab.



Speed up your Firefox:

Two tweaks required for this one;-


about:config Name: network.http.pipelining

Default Value: false

Modified Value: true


about:config Name: network.http.proxy.pipelining
Default Value: false

Modified Value: true

This combination works for me.

(network.prefetch-next helps for this too)



Setting your zoom limit:

If you find that the max/min zoom level is still not sufficient for your viewing, you can change the zoom limit to suit your viewing habits.


about:config Name: zoom.maxPercent

Default Value: 300 (percent)

Modified value: any value higher than 300


about:config Name: zoom.minPercent

Default Value: 30 (percent)

Modified Value: any value



Configure Your Backspace Button:

about:config Name: browser.backspace_action

Default Value: 2 (does nothing)

Modified Value:
Options Are:

0 - go back to previous page
1 - page up
2 - does nothing

In Firefox, you can set your backspace to better use by getting it to either go back to the previous page or act as page up function.

I set this one to 1 , as my mouse gives me previous page.


Disable Delay Time When Installing Add-on:

about:config Name: security.dialog_enable_delay
Default: 2000 (in msec)

Modified value:

Options Are:
0 – start installation immediately
any other value (in msec)
Everytime you wanted to install a Firefox add-on, you will have to wait for several seconds before the actual installation starts. If you are tired of waiting, you can turn the function security.dialog_enable_delay off so that the installation will start immediately upon clicking.



Disable Delay Time When Installing Add-on:

about:config Name: security.dialog_enable_delay

Default: 2000 (in msec)

Modified value:
Options Are:

0 – start installation immediately
any other value (in msec)
Everytime you wanted to install a Firefox add-on, you will have to wait for several seconds before the actual installation starts. If you are tired of waiting, you can turn the function security.dialog_enable_delay off so that the installation will start immediately upon clicking.



View Source in Your Favorite Editor:

Two modifications required here:

about:config Name: view_source.editor.external

Default Value: false

Modified Value: true (enable view source using external text editor)


about:config Name: view_source.editor.path

Default Value: blank

Modified Value: add the path to your editor here (for instance: /usr/bin/gedit or /usr/bin/kwrite)


This is very useful for developers who are always using the ‘view source‘ function. This tweak allows you to view the source code in your favourite external editor.



Turn off Browser Blink:

about:config Name: browser.blink_allowed

Default Value: true

Modified Value: false

You can see what is this here: [url]http://kb.mozillazine.org/Browser.blink_allowed[/url] (If the required Preference Name is non-existent, creating a new entry requires you to Right Mouse Button click in the about:config page, then by using the RMB menu option ->NEW, a new entry can be created.)



Middle Mouse Button Paste:

about:config Name: middlemouse.paste

Default Value: true

Modified Value: false


Turn on/off Middle Mouse Button Paste from Clipboard: "true" or "false" its your choice, so toggle away.


Also, for improving speed and responsiveness in Firefox you can add:

content.notify.backoffcount, 5
network.dns.disableIPv6, true
nglayout.initialpaint.delay, 0
plugin.expose_full_path, true
ui.submenu.delay, 0
Some don't already exist, probably "content.notify.backoffcount", "nglayout.initialpaint.delay" and "ui.submenu.delay", so you'll have to create them. For this, just click with the right button of your mouse somewhere in the page and choose "new" then "Numerical value" and fill the fields with the values given above.

I also use this tweak (but I have 4 GB RAM on my main desktop. With less, this can perhaps not be ideal... Try and see), but just the first part: Relocating only the cache to RAM. You can want to try the others parts too...

Personally, I also set-up "general.warnOnAboutConfig" on false. I know what I do, no need for a warning when I open this page. But it's just me. Make your choice about this...

You could also setup "geo.enabled" to false.


Also you should make these:
Think to clear your private data (this keeps the browser from filling up with junk) and in the Privacy tab, for "Cookies" set it to "Until I close Firefox" and check "Clear the history when I close Firefox". You should also click on ""Settings..." and check every box except "Saved passwords".

In the same tab, check "Indicate to sites that I do not wish to be tracked".

In the "Security" tab,uncheck if checked both: "Tell me if the site I am visiting is a suspected attack site" and "Tell me if the site I am visiting is a suspected forgery"' (This will help with Flash and besides, what are these warnings going to do if you are already on the site?)

Remove the check for automatically verify your installed addons (You can manually update addons at a time of your choosing)

Try to keep the number of addons to a minimum, if you have really need of some.
After all of that, restart Firefox and enjoy! :D

Re: Is Linux Mint Spyware/Prism proof?

Posted: Sat Nov 09, 2013 1:09 pm
by hoggar
Could somebody explain why those windows based Wifi drivers have that name so much used.
and to me it sounds little suspicious that ndiswrapper enables them to function in mint.

/usr/lib/linuxmint/mintWifi/drivers/i386

and btw. clamav barks /usr/lib/linuxmint/mintWifi/drivers/i386/WUSB54Gv4/WUSB54GV4.cat as an infection

Re: Is Linux Mint Spyware/Prism proof?

Posted: Sat Nov 09, 2013 4:20 pm
by xenopeek
If you have a Wifi device that doesn't have a driver for Linux, you can use ndiswrapper to load a Windows driver for that Wifi device instead. See ndiswrapper explained here: http://en.wikipedia.org/wiki/NDISwrapper. If a person would be concerned about using Window drivers, I'd think such a person wouldn't buy hardware or peripheral devices unless they came with an open source driver for Linux? I fail to see how Linux Mint enabling a person to use their Wifi device, despite it not having Linux driver, has anything to do with PRISM :?

As for the ClamAV warning, don't be hasty in drawing such conclusions. What was the possible threat that was identified for that file? I'm guessing it started with "PUA". PUA stands for "Potentially Unwanted Applications" and is explained here: http://www.clamav.net/lang/en/2007/09/03/detection-of-potentially-unwanted-applications/. If you don't understand the tools you are using, you're bound to jump to false conclusions.

Re: Is Linux Mint Spyware/Prism proof?

Posted: Sat Nov 09, 2013 5:05 pm
by hoggar
Yes PUA i think it was.
I hope that these well funded smart people, doing everyhing they can, cant jeopardise free software. That is, what are they doing? Everything possible.

Re: Is Linux Mint Spyware/Prism proof?

Posted: Wed Nov 13, 2013 12:36 pm
by Sydney
Linuxviolin, I LOVE your tweaks !! Thanks a lot for those. I just thought I'd add that the "blink" feature was removed in FF23 (thankfully) :-)

Re: Is Linux Mint Spyware/Prism proof?

Posted: Sat Nov 16, 2013 10:24 pm
by justy39
No html5 is not spyware proof or privacy proof. I have a video on the internet that teaches you how to exploit html5. You can take over the user's pc and also fill up their hard drive within a few minutes. The user won't even know what happened until they try rebooting or finding something on their hard drive. You can also use html5 to see what cookies they have installed and look in their folders for example document folder, or network folder. Very easy to do.

Re: Is Linux Mint Spyware/Prism proof?

Posted: Sun Nov 17, 2013 7:09 pm
by Resistor
linuxviolin wrote:About privacy and security, people always talk about things like cookies, flash... and they should not forget about the hosts file, but there is now something much more dangerous and it's DOM storage. DOM storage has become a much bigger threat to our privacy than the dreaded cookies were. Unfortunately this technology is certainly set to leave cookies in the dust. I strongly advise you in Firefox to change the default value of this configuration to false , if you make no other about:config edits in Firefox, please make this one:

Also, you could make these:

Referrer Control:

about:config Name: network.http.sendRefererHeader

Default Value: 1

Modified Value: 0


By setting network.http.sendRefererHeader in about:config to 0, whenever you visit a link from one site, the destination site doesn't know the original site you were referred from.

This in effect makes the Firefox add-on RefControl (& others) redundant.


There is a caveat:

If you find that you can't get into a site that you want to use it can be due to this setting. Under such circumstances you would be better off using the likes of RefControl as you can use whatever options you choose for your normal surfing & then choose a specific option that works with specific troublesome sites.

I am very rarely blocked from a site (for whatever reason) & under such circumstances I don't want to use the site anyway!



Turn off default Send Secure Referrer:

about:config Name: network.http.sendSecureXSiteReferrer

Default Value: true

Modified Value: false


I found technical info' on [url=http://kb.mozillazine.org/Network.http.sendSecureXSiteReferrer]sendSecureXSiteReffer[/url].

I've been running with this setting for at least 6 months, it gives no trouble on my sytems & I'm running https Everywhere too.
What happened to me?

Code: Select all

 Referrer Control:
about:config Name: network.http.sendRefererHeader
Current Value:  2 
I'll change to the modified value of setting network.http.sendRefererHeader in about:config to 0

But was wondering what is the function of the setting of 2?

Re: Is Linux Mint Spyware/Prism proof?

Posted: Sun Dec 01, 2013 10:24 pm
by linuxviolin
Resistor wrote:What happened to me?

Code: Select all

 Referrer Control:
about:config Name: network.http.sendRefererHeader
Current Value:  2 
I'll change to the modified value of setting network.http.sendRefererHeader in about:config to 0

But was wondering what is the function of the setting of 2?
Here's the answer:
Network.http.sendRefererHeader

Background

HTTP is the application-layer protocol with which most web pages are transferred. As part of HTTP, requests can include a [url=http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.36]"Referer" (sic) header[/url] that tells the server which page the user was on that initiated the request. Servers use this information to track users' paths through the site and possibly provide additional features.

Additionally, in JavaScript, the current page’s referrer is exposed in the DOM through [url=http://developer.mozilla.org/en/docs/DOM:document.referrer]document.referrer[/url]. Scripts running on the page can consult this property to see the same information that was sent in the Referer header.

This preference controls when to send the Referer header and set document.referrer.

Possible values and their effects

0

Never send the Referer header or set document.referrer.

1

Send the Referer header when clicking on a link, and set document.referrer for the following page.

2

Send the Referer header when clicking on a link or loading an image, and set document.referrer for the following page. (Default)

Re: Is Linux Mint Spyware/Prism proof?

Posted: Sun Dec 01, 2013 10:48 pm
by Resistor
Hi, linuxviolin.
Thank you, very much.

Re: Is Linux Mint Spyware/Prism proof?

Posted: Wed Nov 12, 2014 8:07 pm
by vito_spatafore
Thx 4 the clarification!
Mint though it is based on Buntus does not use unity and thus it does not have the problem of tracking searches

Re: Is Linux Mint Spyware/Prism proof?

Posted: Sat Nov 15, 2014 11:18 pm
by vito_spatafore
catweazel wrote:
100%, as long as you don't connect to the internet.
Interestin :!: :!: :!: :P