Phone locations can be tracked without GPS

The location of your phone can be tracked even If your GPS is turned off, and used to track your location. This is done by a method triangulating the phone using cell towers and the signal from them in called Radio Direction Finding.

Quick defense tactic to counter this tracking is a faraday bag, get yours here and support our site in the process

When your phone connects to a cell tower the cell tower generally can tell what general direction your phone is from that tower based on the strength of the connection in different directions. This is the same concept of how wildlife tracking collars have used for decades and how the FCC tracks down pirate radio stations, this is because “cell service” is really just a radio signal sent out from the tower, same as any radio station, or hand held radio just on a different frequency.

The result of this is a general direction/heading from that tower that your phone could be found. With typical cell phones now the signal sent out by the cell tower is a wide beam
that spreads out and gets weaker over distance, imagine a cone with the wide end extending out from the tower.

Now if your phone can connect to multiple towers this gives multiple directions/headings that if laid over a map would create a cross point, al be it a wide one where theoretically your phone would be located. Now the more towers your phone can connect to the more accurate the location will be because the
the area within that cross point where your phone can connect to all the towers theoretically gets smaller the more towers there are. Now in most areas your phone will connect to 1 or maybe 2 towers with the exception of larger major cities where you may connect to more.

This method can also be used to track location via Bluetooth connection. It was announced a few years ago that the UK was using Bluetooth hotspots in trashcans and other city fixtures to track “traffic patterns” by connecting to peoples phones that walk near them.

Any device that uses cell service or any radio frequency, can be tracked in this fashion, Tablet, Car, laptops, smart watches, ham radio, etc. If it has cell service or uses radio frequencies, it can be tracked by radio direction finding.

S2_Underground has a great video on Radio direction finding on their #lbry channel.

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get a small commission that helps support the

Sign up for our email list and you will receive exclusive content that adds to the articles we post here.

Get the most out of our posts by subscribing to our telegram or Matrix/element rooms ​

Faraday bags

We are starting a series of posts covering surveillance/counter surveillance or offense and defense and the equipment used and thought of no better place to start than faraday bags.

Faraday bags are a very simple but important piece of defensive equipment that serves basically two purposes. Blocking signals from entering or escaping and device protection from outside EMFs.

They come in sizes ranging from small for your key fob for newer high end luxury cars to prevent cloning and car theft on up to full on back packs and suit cases for those needing to carry around lots of sensitive equipment. The most popular sizes though are for Phones, tablets, and laptops.

Faraday bags consist of a special fabric that blocks out 100% of wireless signals being either sent or received by what ever device you put in them. (or at least they should) you should always test your bags before you are needing to rely on them.

Some can also offer protection from EMP and other sources of EMFs that can damage your electronic devices if they are strong enough. This is where the protection category falls as well as they prevent anyone in the immediate area from connecting to your device, usually this is done over bluetooth.

They come in sizes ranging from small for your key fob for newer high end luxury cars to prevent cloning and car theft on up to full on back packs and suit cases for those needing to carry around lots of sensitive equipment. The most popular sizes though are for Phones, tablets, and laptops.

There are many reasons you will want to use a faraday bag/pouch. Ones of those cases would be….

Privacy. Placing your devices in a faraday bag cuts off and keeps anyone or thing from connecting to your device with out your knowledge. This applies if you want to avoid being GPS tracked by apps or having your phone or device wifi/blutooth hacked. Another privacy related reason is that cities are starting to place blu tooth tracking nodes through out the city to track “traffic patterns” or so they say. These nodes connect to any device that enters their range and logs the information. Even if this is for traffic patterns it would not surprise me if this is used to look up who was in an area at a certain time when law enforcement needs too. Or in relation to our previous post when a rouge employee wants to track their girlfriend

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get a small commission that helps support the

Sign up for our email list and you will receive exclusive content that adds to the articles we post here.

Get the most out of our posts by subscribing to our telegram or Matrix/element rooms

Dodging Drones intro

Drones are quickly becoming a bigger and bigger part of everyday life. From governments to private citizens, for recreation to emergency response, and military operations. With this rapid expansion it’s only natural that criminals and their organizations have started using them as well.

This is ranging from smuggling contraband, IEDs, and illegal surveillance which can range from the neighborhood creep to high-end corporate espionage and organized crime such as recon for cartel groups and so on.

The average citizen wont likely encounter the majority of these except some form of illegal surveillance. The most common examples of this are peeping Toms, stalkers, and paparazzi for the more famous people out there. All three of these groups have been caught using drones to accomplish their tasks in one form or another. Papparazi don’t need to scale a fence or wall anymore when they run a drone from the road or side walk and get better pictures.

If you’re a high profile or targeted individual you also can’t rule out criminals and organizations that are targeting you from using drones for site recon, tailing, etc as they would be stupid not to. There is a reason that Law enforcement and the military started using drones in the first place.

The tactics used to counter a drone operation against you is going to depend on the your situation. Mainly, who is targeting you, the quality of the drone they are using, and whether you are mobile or stationary.

If a government or an organization that has access to predators, reapers, or other Nation state drone tech. You options are going to be very limited. As drones will not be the only equipment and type of surveillance directed at you. We will not really be covering this group but keep in mind that many of the tactics for other drones will still apply just to different degrees of effectiveness.

Evading surveillance by drones when you are mobile is going to be the same as other forms of surveillance. You need to break line of sight and then either hide or change direction and move out of the area without being re-acquired.

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get a small commission that helps support the site.

Sign up for our email list and you will receive exclusive content that adds to the articles we post here.

Get the most out of our posts by subscribing to our telegram or Matrix/element rooms ​

How AirTags are a Potential Threat to privacy

A new property tracking product turns the entire IOS network into a location tracking mesh network that could easily be used by stalkers and criminals to target their victims.

Apples AirTags are compact have wide spread coverage, and are affordable. These devices are designed to be used for tracking your belongings but potentially can track anything. Airtags are registered to the owners ICloud account so they can be found using the Find My app or simply by connect to blue tooth for near by locating.

This is done without GPS (allowing them to be much smaller) by turning every IOS/MacOS device into a mesh network. The AirTag sends out a secure Bluetooth signal that can be detected by nearby apple devices that have the bluetooth turned on and that device sends the location of your AirTag to iCloud for you to find in the Find My app.

These devices being small and lightweight means they could easily be concealed on someones person or in their possessions in order to track them without their permission/knowledge presenting a huge problem specifically for someone who is being harassed or stalked.

There is an attempted countermeasure to this use case but it is unclear at this point how effective it will be especially since it would seem it requires you own an IOS device in order for it to protect you. Apple states

“If someone else’s AirTag finds its way into your stuff, your iPhone will notice it’s traveling with you and send you an alert. After a while, if you still haven’t found it, the AirTag will start playing a sound to let you know it’s there.”

This “protection” requires if you have an IOS/MacOS device that you leave your bluetooth turned on otherwise your device cannot pick up the signal from the AirTag to know that it is there. This is unadvised as it leaves your phone vulnerable to host of other attacks and issues.

With Only 13.25% of computers in the United states being Mac and roughly 30% of mobile devices (tablets and phones) running IOS. Means that the majority of people are not protected by Apples safeguard against being tracked without consent while still having enough devices out there around a person to create a viable mesh network for someone to rather effortlessly track someone with out them ever knowing.

While compact tracking tech is not a new thing, The wide coverage, low cost, and small package due to no need for GPS makes this a serious potential threat to watch out specifically by targeted individuals, those who are victims of stalking, and criminal investigators in future cases.

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get a small commission that helps support the site.

Get the most out of our posts by subscribing to our telegram or Matrix/element rooms ​

Digital GoBag

With todays tech flash drives are an amazing and under utilized tool. You can use them to store an entire media library incase of emergency or install a whole operating system and carry a “computer” on your key ring. For those interested for more information on this look into linux live drives there is way better info out there than I could ever put out.

Live drives afford many possibilities when it comes to privacy and security especially when traveling, you’re in a situation where you can’t or don’t want to carry a computer or in extreme situations you need to have a secure/concealable system to store sensitive data.

This is often the case with politically persecuted people, people in countries that heavily censor their people. This also applies to investigative journalist that cover sensitive topics that could put a target on their back.

The main way I advocate using them for the every day person is using them to set up an emergency electronic #gobag of sorts.

Using an OS called TAILS you can set up an encrypted drive that you can store important documents such as passport images, birth certificates, visas and so forth within encrypted files as well as the flash drive being encrypted. You can also set up crypto currency wallets for emergency funds if you so desire.

Once this drive is set up properly you can carry or conceal it on your person and plug it into any computer if you need to and access the information you’ve stored, the internet, you’r crypto, what ever you need it for at the time.

The drives OS and anything you do will be isolated from the main system on the computer and leaves no trace of use as it wasn’t using the main systems memory (only its flash memory which wipes on shutdown)

This makes it so that anything you do, your passwords, your information and documents etc all are safe because no tracking software that may be on the main system or the next user can access your info or data because the.

To set this up in the manner that I mentioned above you will need to set up the drive with encrypted persistence.

To do so you will need two drives as you need one drive running TAILS to set up another with encrypted persistence.

SET UP INSTRUCTIONS

ENCRYPTED PERSISTENCE INFO

Once that is done your good to go. Just about everything you should need for a basic privacy set up is on there with the OS.

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get a small commission that helps support the site.

Sign up for our email list and you will receive exclusive content that adds to the articles we post here.

Get the most out of our posts by subscribing to our telegram or Matrix/element rooms ​

Trusted Resources

ProtonMail and Encrypted Email

A secure and encrypted email address is the backbone of even the most basic online privacy plan. This is the first thing that just about any other tool, account or service that you will need such as email forwarders, cell phone accounts, and so one is going to ask for.

I recommend having multiple addresses for different aspects of your plan/life. I have mentioned this before in other posts and I will cover this in more depth in the future as well as how to benifit most from Protonmail for the privacy minded.

The email service that I highly recommend is ProtonMail. I use it personally, as well my clients, and many people I know use it as their business email structure as well because you can link your web addresses to it so that you can have email addresses using your url.

They offer some of the best security and privacy protections in the business and have a grown a trusted reputation in the privacy sector as well as among people whoes life may very well depend on their privacy and security holding up, such as reporters, the politically and just generally persecuted and so one.

ProtonMail is a Switzerland-based secure/encrypted email service that was created in 2014. They also offer VPN service and are constantly adding features to their platform including cloud storage, contacts, and encrypted calendar(BETA). ProtonMail’s mission in their words is “to make secure and private email communication easily accessible to all.”

The following information is facts directly from Protonmail.

ProtonMail is owned by Proton Technologies, which has a long history and ​strong reputation in the privacy world.

The company maintains some of the world’s most widely used open source encryption libraries and has a long history of working towards promoting Internet privacy.

ProtonMail uses end-to-end, zero-access encryption so that no one even the company can access users’ messages, drives, calendar details and so on. There are no special or overly technical steps to follow, and all encryption happens automatically and by default.

To achieve this high level of security, in their words “ProtonMail assumes that all mail servers may eventually be compromised. Thus, ProtonMail uses end-to-end encryption and zero-access encryption to protect user data. If a server only contains encrypted messages, users have a much higher level of security in the event of a security breach. The use of encryption also prevents ProtonMail from being able to decrypt and share user emails with third parties.”

As well as their security precautions that keep them from being able to analyze user data they also have no incentive to
spy on or sell its users’ data as they have no advertising inside their apps.

The security of their platforms extends beyond just strong encryption and includes features designed to mitigate human vulnerabilities and physical threats.

End-to-end encryption
Which means that messages cannot be intercepted in transit and decrypted by any third party as they are encrypted on the senders device and can only be decrypted by the recipient.

Zero-access encryption
Even if a user’s contacts are not using ProtonMail, All emails sent to/from a ProtonMail account (even if the other side is not using ProtonMail) are stored with zero-access encryption. So that the messages are encrypted, they can only be decrypted by the account owner. (Keep in mind any copy on the other persons email account may not be stored encrypted.)

Additionally, ProtonMail users can also send end-to-end encrypted emails to non-ProtonMail users with the ​”encrypt to outside” feature​. Which sends the email encrypted to the recipient and you can give them a way to decrypt the email without them needing a ProtonMail account.

Open source cryptography
ProtonMail uses only secure implementations of AES, RSA, and adheres to the open source OpenPGP standard. By using open source libraries, users have greater assurance that the encryption algorithms do not have built-in back doors. ProtonMail’s open source software has also been vetted by security experts from around the world to ensure the highest levels of protection.

Hardware-level security
ProtonMail has invested heavily in owning and controlling its server hardware and doing so within Switzerland, so data never goes to a third party cloud. This ensures that all user data is protected by Swiss privacy laws and on a system level, ProtonMail servers utilize fully encrypted hard disks, which protects user data from physical hardware seizures.

Authentication
ProtonMail uses the Secure Remote Password protocol to ensure that neither ProtonMail nor an attacker with network access can obtain users’ passwords. ProtonMail also offers two-factor authentication via 2FA apps.

Address Verification

To mitigate man-in-the-middle attacks​ ProtonMail uses Address Verification which leverages ProtonMail’s ​Encrypted Contacts​ feature. This unique feature ensures secure communications cannot be intercepted by an attacker tampering with encryption keys.

This additional enhanced level of security, and it’s one of the reasons it is the preferred email provider for journalists and other individuals with the highest security and privacy needs.

Self-destructing emails
ProtonMail allows users to send messages that will automatically delete themselves after a user-selected period of time.

Plans and pricing
All of the company’s revenue comes from subscriptions to premium plans and donations from the user community and does not show ads or make money by abusing users’ privacy.

ProtonMail has apps for IOS and Android as well as web access that can be used on any OS with an internet browser. In addition ProtonMail offers other useful apps such as The ProtonMail Bridge, which is a desktop application for paid users that encrypts and decrypts mail as it is sent or received by the user using a program that supports IMAP and SMTP, such as Microsoft Outlook, Mozilla Thunderbird etc.

They also offer an Import-Export application (beta) which is a application currently available to users on paid plans that lets them transfer emails easily to and from their ProtonMail account. This allows users to import their mailbox from another email account, such as Gmail or upload email files stored on their computer into their ProtonMail encrypted Inbox. It can also be used to export emails from their ProtonMail account to their hard drive for secure local backups.

ProtonMail believes everyone in the world should have access to secure and private online communication, regardless of their ability to pay. Which is why they offer a free plans as well as paid plans for those who need more storage, more features, or just want to support the project so that they can continue to offer the service to those who need it and cannot afford it.

Element

Our Element/matrix room consists of a oneway feed (think Newsletter) much like a telegram channel. You will receive occasional posts and content that is equal to or more in depth and exclusive than that which you will find in our email newsletters.

The big benefit to Element is that it is end to end encrypted unlike telegram channels. This means our posts in the room, messages and files that are attached are all encrypted before they leave our devices and stay that way until they reach your devices. This means they can only be read by the people that are in the room.

This means…at least at this moment as things are always possible to change when it comes to tech and their companies running them.

No data mining

No eavesdropping

No censorship

At least for now

It is also decentralized to give all parties ownership and control of their data. As well as being universal and you should be able to connect with any app that uses Matrix protocol.

If this continues to work out and the desire is there on the part of our followers we plan to expand the usage of Element not just as a back up but hopefully we can gradually switch to it paying a more primary role.

Online Infosec Basics

You are the commodity! You’ve probably heard the saying “there is no such thing as a free lunch” well this truer than ever now. Your online personal Infosec is just as important as it is in your in person interactions and passive situations.

.

With only a few exceptions if a product, or service is free to you this means that the organization putting it out is working on an alternative business model. They are not getting money from their product users so you have to ask where they are getting their money from.

.

This usually means they are harvesting info from you. This can be addresses, name, phone number or any other personal info. How big a threat to your personal infosec will depend on where on the scale these companies and organizations fall.

.

On the low end of the scale they are asking for an email to send you a news letter where they will up sell you on paid content or that companies products. This’s is where most small businesses and entrepreneurs is operating including ourselves. They won’t sell your info, they are just trying to conduct their own businesses. The main threat in these instances are data leaks and hacks of either their own systems or any third party service they use to conduct their business.

.

On the other end you have organizations that will take any and all info they get and sell it. The more info they require the more likely this is the case. This info is likely then, not only used by them but sold to people search sites and other services. This is by larger organizations because they are getting a volume of info that people search sites are willing to pay for. Now not all companies do this and this does happen at everywhere on the spectrum. Do your due diligence and ask your self is what I’m getting worth it if they sell my info.

.

Now luckily the way to protect your self from both data leaks/breaches and the company them selves selling the information is the same. It’s called one time use information.

.

This is most easily done with emails as there are multiple services that offer one time use forwarding address. This allows you to create an email address that you will use for only one website or organization that forwards any email sent to it to your actual email address. By doing this you are able to protect your actual email address and if your one time address gets sold, leaked or hacked you are able to shut it off and stop receiving any spam you might be getting and if the information is hacked or leaked, it doesn’t matter because that email is only used for that site and doesn’t connect to any of your other accounts.

.

This tactic should be used for any newsletter, website, or organization you sign up for or give your information out to. That being said never use these services for anything that involves sensitive information. These services will be able to see any email that is sent to

you so it should not be used for financial, medical, or anything else you consider sensitive. For these instances you should just create a dedicated email for those purposes. We recommend proton mail for a email provider you can find them HERE.

You can either set up a separate account or you can set up a paid account and have multiple addresses that feed into one inbox.

Personal Infosec

A lie is a false statement made by one, to another who is entitled to hear and know the truth and which false statement tends toward injury to the other.

~JJ.lune

.

Whether to Lie or not, with only a few exceptions, is a moral issue. This means everyone has to make their own decision on when it is acceptable to lie. Of course with the few exceptions, when telling a lie is in fact illegal.

.

This applies to protecting your personal information when in person and on the internet and in this day and age your personal infosec is also your physical security.

.

Does the random person on the subway that started talking to you need to know where you were born, how old you are, where you live, or where you work?

.

Is this person just a friendly commuter looking for conversation? are they a corporate spy looking for info on a project at your work? or maybe they are a criminal deciding if you are a worthy target or not. The point is you can’t always tell a persons intentions from a single meeting

.

I am not saying lie to every one who strikes up conversation with you but take precautions and be more vague in your answers until you get to the know the person. Trust but verify.

.

JJ Luna gives an example of his personal guide lines that he follows in his book How to be invisible.

.

1. If no harm will be done, and no oath is sworn he gives false information.

2. If an oath is sworn or to be sworn he does not lie.

3. He MAY withhold or not volunteer info to government representatives unless specifically asked depending on the situation but he will not lie.

4.Under no condition whatsoever will he file a false tax return.

.

This covers most in person interactions but your infosec also applies to more passive situations where you’re not being directly interacted with but simply leave info laying around.

Few people realize how much information about themselves they leave lying around.

This is the bumper stickers, Parking permits on your windshield, the Stickers on your laptop, food wrappers on your floorboards, trash in garbage cans, and info on your face book (not just your profile but in your captions and comments).

.

From just a persons car you could glean where someone works or lives, where they like to eat, where their kids go to school, political affiliations just to name a few.

.

These details can all be used to decide whether or not to target you or develop a plan to target you or your family if they have already made the decision to do so.

.

Most people will say there is no reason to target me or some other form of it will never happen to me. Which statistically may be true, but if something happens and you end up on the wrong side of those stats and you haven’t taken precautions then it’s already too late.

.

You witness a crime, you cut off the wrong person in traffic, someone begins stalking you or simply being a wealthier than average individual. All are situations that the average person can find them selves in and have led to people being targeted for one crime or another. So make sure to make it as hard as possible for people to get the information about you.

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get a small commission that helps support the site.

Sign up for our email list and you will receive exclusive content that adds to the articles we post here.

How to set up a basic secure Browser

 

As we all should know most websites track or try to track just about everything you do. Some browsers make this easier, some make it harder and some just track you themselves. There are a couple good options to combat this threat. You have the easy ok option for the less tech savvy and the more hands on better option of setting up their own browser for those who are a little more tech savvy. (honestly you type words into a bar and click a button)

The out of the box easy option is called brave browser. It is a free and open-source web browser developed by Brave Software. Brave is based on the Chromium web browser and it blocks ads and trackers. This is good for anyone who doesnt want to mess around in the settings for a little bit and just download and go. However it is not the best set up.

The better set up involves Firefox which a lot of people use already and all you have to do is go tweak a few settings and edit the config file. This involves going down a list and entering text into a search bar and then changing the proper setting that by either entering text or clicking a button. It is really not that difficult provided you have a moderate attention to detail. You will also need to install some additional add ons to make this setup complete but we will cover those in the near future.

Both of these options are not complete and total solutions if you are looking to regain your privacy but they are a good step in the right direction to dam the flood of information that pours out of our systems that everyone it seems is trying to track.

DISCLAIMER: Anything you do with the information in this post is at your own risk, I am not responsible for anything that happens to your computer or browser. As you increase your privacy you also increase the need for your own personal responsibility. I have personally done this multiple times with no issue so as long as you stick to the directions, make sure your changing the right settings and dont mess with anything else you should be fine but again you do this at your own risk. Now that that is out of the way Lets get on with it,

Preparation:

(If you have not downloaded it yet download and install Firefox.)

You will start with the basic settings by going to the preferences section, and changing some or all of the following settings depending on your comfort level, and desire for privacy.

  1. In the general tab scroll down to the browsing section and make sure to UNCHECK Recommend extensions as you browseand recommend features as you browse
  2. In the home options change you home page and new windows and new tabs to blank pagein the drop down menus.
  3. Now in the search options change your default search engine to either duckduckgo or startpage and then remove the others from the options. Then UNCHECK provide search suggestions
  4. Next under the privacy and security options select the strictunder content blocking.
    1. CHECK delete cookies and site data when Firefox is closed
    2. UNCHECK ask to save logins and passwords for websites
    3. Change history settings to Firefox will use custom settings for history
      1. UNCHECK Remember browsing and download history
      2. CHECK Clear history when Firefox closes
      3. DO NOT CHECK the box always use private browsing mode(This will break Firefox containers which we will cover in an article on add ons)
    4. In the Address bar section UNCHECK Browsing History
    5. In the permissions section you will need to click Settingsnext to Location, Camera, Microphone, and Notifications. Inside each you will need to CHECK block new requests
    6. Make sure all boxes under Firefox Data Collection and Useare UNCHECKED.
    7. Under Deceptive Content and Dangerous Software ProtectionUNCHECK all options.
      1. DISCLAIMER: This will leave you more exposed to undesired software attacksbut this stops Firefox from sending your browsing history to third party organizations. This is where another instance where personal responsibility plays a roll. You have to decide what you are comfortable with.

Once that is done you can either stop there of continue on for further privacy and security enhancements.

 

If you wish to continue

  1. Enter “about:config” in the Firefox address bar and press enter. (remove the quotes)
  2. Press the button “Accept the risk and continue”
  3. Follow the instructions below… (keep in mind some may be on the correct setting already but it is good to check each one)

It is not required that you change all of these settings if your particular situation requires any of these settings but the more you change the more secure your browser will be.

Getting started:

  1. privacy.firstparty.isolate = true
    1. isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains. (Don’t do this if you are using the Firefox Addon “Cookie AutoDelete”
  2. privacy.resistFingerprinting = true
    1. This preference makes Firefox more resistant to browser fingerprinting.
  3. privacy.trackingprotection.enabled = true
    1. This is Mozillas new built in tracking protection.
  4. browser.cache.offline.enable = false
    1. Disables offline cache.
  5. browser.safebrowsing.malware.enabled = false
    1. Disable Google Safe Browsing malware checks. Security risk, but privacy improvement.
  6. browser.safebrowsing.phishing.enabled = false
    1. Disable Google Safe Browsing and phishing protection. Security risk, but privacy improvement.
  7. browser.send_pings = false
    1. The attribute would be useful for letting websites track visitorsclicks.
  8. browser.sessionstore.max_tabs_undo = 0
    1. Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -> History -> Recently Closed Tabs. The number is how many tabs it temporarily stores Set this at your own discretion.
  9. browser.urlbar.speculativeConnect.enabled = false
    1. Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect too.
  10. dom.battery.enabled = false
    1. Website owners can track the battery status of your device.
  11. dom.event.clipboardevents.enabled = false
    1. Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
  12. geo.enabled = false
    1. Disables geolocation (in browser only)
  13. media.navigator.enabled = false
    1. Websites can track the microphone and camera status of your device.
  14. network.cookie.cookieBehavior = 1
    1. Disable cookies

0 = Accept all cookies by default

1 = Only accept from the originating site (block third party cookies)

2 = Block all cookies by default

  1. network.cookie.lifetimePolicy = 2
    1. cookies are deleted at the end of the session

0 = Accept cookies normally

1 = Prompt for each cookie

2 = Accept for current session only

3 = Accept for N days

  1. network.http.referer.trimmingPolicy = 2
    1. Send only the scheme, host, and port in the Referrer header

0 = Send the full URL in the Referrer header

1 = Send the URL without its query string in the Referrer header

2 = Send only the scheme, host, and port in the Referrer header

  1. network.http.referer.XOriginPolicy = 2
    1. Only send Referrer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.)

0 = Send Referrer in all cases

1 = Send Referrer to same eTLD sites

2 = Send Referrer only when the full hostnames match

  1. webgl.disabled = true
    1. WebGL is a potential security risk.
  2. browser.sessionstore.privacy_level = 2
    1. This preference controls when to store extra information about a session: contents of forms, scrollbar positions, cookies, and POST data. more information

0 = Store extra session data for any site. (Default starting with Firefox 4.)

1 = Store extra session data for unencrypted (non-HTTPS) sites only. (Default before Firefox 4.)

2 = Never store extra session data.

  1. network.IDN_show_punycode = true
    1. Not rendering IDNs as their punycode equivalent leaves you open to phishing attacks that can be very difficult to notice.
  2. Network.trr.mode = 2
    1. This will be used with encrypted DNS
  3. network.security.esni.enabled = True
    1. also for encrypted DNS
  4. extensions.pocket.enabled = False
    1. This disables the proprietary pocket service.

These all have to do with limiting the risk of leaking your IP address

  1. Media.peerconnection.enabled = False
  2. Media.peerconnection.turn.disable = True
  3. Media.peerconnection.use_document_iceservers = False
  4. Media.peerconnection.video.enabled = False

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get  a small commission that helps support the site.

Sign up for our email list and you will receive exclusive content that adds to the articles we post here.