Hardened Web Browser

Jan. 8, 2024 [hardening] [privacy-security] [guides] [libre] [technology]

While there remains no ideal browser, there are a few decent options. One that I would have recommended, if not for some glaring issues, would have been the recent Mullvad browser. Unfortunately, Mullvad committed to the following design choices;

• Self-updating, foreign to distro repository
• Pre-built binaries only supplied for x86 architecture (and if you’re going to compile, you might as well just compile upstream Firefox using Mullvad’s selected compile flags)
• Pre-installed addons cannot easily be removed (one must manually delete unwanted extensions from the /extensions directory) as they seem eager to make choices for the user rather than recommendations

Until such flaws can be rectified or another browser beats them to the punch, this config guide will make use of Arkenfox’d Firefox ESR as its foundation. Firefox ESR is the most upstream to security and bug patches in the gecko family, while also insulating users from Mozilla’s “experiments” and silent feature changes, and also being highly configurable. Its default configuration is not entirely sane but will be mitigated via the Arkenfox user.js. Debian should have firefox-esr by default, other distributions may be necessary to explicitly select some firefox-esr package.

While some settings are exposed through the GUI settings menus, which can be used to harden privacy and security features, some critical settings can only be accessed through about:config. So many, in fact, that it can be exhausting to manually adjust each by hand. That is why we are going to deploy user.js scripts.

Arkenfox iterates over hundreds of various settings, vetted by community contributors, which reduce Firefox’s footprint and attack surface while disabling blatant malfeatures. Navigate to your Firefox profile which should look something like:

cd .mozilla/firefox/14a58bc9.default-esr

And download the prefsCleaner.sh and updater.sh scripts into place (consider torsocks‘ifying since github==microsoft):

torsocks wget --https-only https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh https://raw.githubusercontent.com/arkenfox/user.js/master/prefsCleaner.sh

There are certain settings Arkenfox enables that you may want to leave disabled. Likewise, there are probably settings that are personal preference which you may not want changed by Arkenfox. Create a user-overrides.js file in the same directory.

vi user-overrides.js

The settings format in user-overrides.js follows: user_pref(“some.setting”, boolean/integer);

Here are just a few that you may want to consider adding if you plan to implement customizations from the DNS and metasearch guides:

user_pref("browser.startup.homepage", "http://localhost:8888/");  
user_pref("browser.startup.page", 1);  
user_pref("keyword.enabled", true);  
user_pref("browser.send_pings", false);  
user_pref("network.proxy.socks_remote_dns", false);  
user_pref("network.trr.mode", 5);  
user_pref("network.proxy.failover_direct", false);  
user_pref("browser.urlbar.suggest.engines", false);  
user_pref("browser.urlbar.suggest.topsites", false);  

One should really read over the user.js comment notes to get a sense of what settings are being modified and to construct a desirable user-overrides.js. Each individual’s needs will vary slightly, which is the intent behind user overrides. For example, some optimal preferences can be gleaned from 12byte’s overrides.

Once you are happy with your user overrides, it is time to run the Arkenfox updater.sh. Close out any instances of Firefox that may be open. Use the “e” switch to instruct Arkenfox to run ESR preferences and the “d” switch to disable update checking since we just pulled the most recent version with wget above:

torsocks ./updater.sh -de

Run prefsCleaner after the first application of the new user.js. And always run prefsCleaner following major version number changes to the browser.

./prefsCleaner.sh

Now when you launch Firefox ESR, things may look a bit different. If there are borders around the window, this is just incremental padding to help mitigate canvas fingerprinting. There will probably be nuances in how Arkenfox’d Firefox ESR behaves that you will want to tweak through user overrides. Your browser now has a strong baseline resistance to stateful fingerprinting and tracking.

Arkenfox+Firefox ESR is no silver bullet on its own but can be formidable when combined with strong add-ons and system hardening which I will continue to detail in hardening guides.