Options Tab Usage
This section contains various privacy options such as canvas blocking, screen spoofing, etc
-
Enable Script Injection- Enables the use of script injection -
Time zone spoofing (UTC)- Spoof the date and time zone.-
Default- Do not spoof the date and time zone -
Random- Choose a random timezone offset and adjust the date accordingly -
Specific Offset- Choose a specific timezone offset . eg-12:00or+04:30etc.
Time zone offsets obtained from https://en.wikipedia.org/wiki/Time_zone#List_of_UTC_offsets
You can test it at http://browserspy.dk/date.php
-
-
Screen size spoofing- Spoof the screen and window dimensions including color depth & pixel depth.-
Default- Do not spoof the window and screen values , color depth or pixel depth -
Random- Choose one of the common screen sizes at random per request (color and pixel depth defined by profile) -
Profile- Choose one of the screen sizes defined in the profile at random per request (Most accurate and includes correct sizes for mobiles) -
WidthxHeight- Choose a specific screen size (The specific options are for desktops only as mobiles vary too much)
Desktop Screen sizes obtained from https://en.wikipedia.org/wiki/Display_resolution#Computer_monitors
You can test it at http://browserspy.dk/screen.php
-
-
Protect window.name- Prevents window.name from being used to store information. All current web browsers can store a fairly large amount of data (2–32 MB) via JavaScript using the DOM property window.name. This data can be used instead of session cookies and is also cross-domain. The technique can be coupled with JSON/JavaScript objects to store complex sets of session variables on the client side. This can be used for tracking visitors across different websites -
Disable canvas support- This prevents the canvas element from working properly preventing a site from obtaining a fingerprint. Canvas fingerprinting works by exploiting the HTML5 canvas element. When a user visits a website with canvas fingerprinting, their browser is instructed to "draw" a hidden line of text or 3D graphic that is then converted to a digital token. Variations in which GPU is installed or the graphics driver cause the variations in the rendered digital token. The token can be stored and shared with advertising partners to identify users when they visit affiliated websites. A profile can be created from the user's browsing activity allowing advertisers to target advertising to the user's inferred demographics and preferences. You can test it at http://www.browserleaks.com/canvas -
Limit tab history to 2- Prevents a web site from counting how many pages you have visited before visiting it.
-
Limit detectable fonts- limits fonts to a standard set (monospace, serif, sans-serif and default with later versions of firefox) to reduce the set of fonts available to websites. The number and type of fonts installed on your system may, under certain circumstances, strongly contribute to your unique identification. Your fonts might even be read without JavaScript! This is possible, as a website may force loading web fonts if the respective font is not installed on your local computer. If the site forbids font caching, the fonts will be reloaded on any access. You can test your fonts at http://www.browserleaks.com/fonts and http://www.lalit.org/lab/javascript-css-font-detect/ -
Disable local dom storage- Disables client-side session and persistent storage for web pages -
Disable browsing and download history- The browser will not remember pages you have visited or downloads -
Disable memory cache- The browser's memory cache is disabled and thus not used. (This can break some sites) -
Disable disk cache- Disk cache is not used (This can break some sites). -
Disable network cache- This preference controls whether to cache files retrieved by HTTP or HTTPS either in memory (memory cache) or on disk (disk cache). (To use the memory or disk cache this preference must be enabled) -
Enable geolocation- Enables the geolocation API. The W3C Geolocation API provides a simple, high-level JavaScript API to allow web sites to request location information — primarily latitude and longitude coordinates — from web browsers, whether on a mobile phone or a laptop computer or any other Web-capable device. The API itself is agnostic to how the browser or device determines the current location: a phone or other mobile device might use a Global Positioning System (GPS) receiver, while a laptop's location might be triangulated from nearby Wi-Fi networks or inferred from its IP address.
RAS currently supports two geolocation API's Mozilla's API and Google's API. you can test it at http://www.browserleaks.com/geo
-
Disable link prefetching- Link prefetching is a browser mechanism, which utilizes browser idle time to download or prefetch documents that the user might visit in the near future. A web page provides a set of prefetching hints to the browser, and after the browser is finished loading the page, it begins silently prefetching specified documents and stores them in its cache. When the user visits one of the prefetched documents, it can be served up quickly out of the browser's cache.Along with the referral and URL-following implications, prefetching will generally cause the cookies of the prefetched site to be accessed. (For example, if you google amazon, the google results page will prefetch www.amazon.com, causing amazon cookies to be sent back and forth.
Read more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ
-
Disable DNS prefetching- Disables DNS prefetching. This is a feature by which Firefox proactively performs domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth.From a security point of view, the negative aspect of DNS prefetching is the large number of DNS queries it induces, which may give helpful information to an attacker for the development of potential attacks. For instance, it is possible to imagine a malicious website that tracks users through links to specific domains within HTML pages, and by observing the DNS resolution requests made by the browser for these domains.
-
Disable webGL- This disables webGL support. WebGL provides a Javascript API for rendering 3D graphics in a canvas element. It may be used to fingerprint the performance of your computer graphics. You can test it at http://www.browserleaks.com/webgl -
Disable webRTC- Disable webRTC. WebRTC can be used to get the local IP of your machine. You can test it at http://www.browserleaks.com/webrtc -
Disable pdfjs- Disable firefox's built in pdf reader if you would rather not have firefox open PDF's. -
Disable search suggestions- Prevent firefox from sending queries as you type them. -
Disable dom performance- Disable performance timing https://bugzilla.mozilla.org/show_bug.cgi?id=870667 -
Disable dom resource timing- Disables resource timing
"Statistical fingerprinting is a privacy concern where a malicious web site may determine whether a user has visited a third-party web site by measuring the timing of cache hits and misses of resources in the third-party web site. Though the PerformanceResourceTiming interface gives timing information for resources in a document, the cross-origin restrictions prevent making this privacy concern any worse than it is today using the load event on resources to measure timing to determine cache hits and misses." W3 Resource Timing
-
Disable battery api- Disables Battery API. See The leaking battery – A privacy analysis of the HTML5 Battery Status API -
Disable gamepad api- Disables the gamepad API -
Use click to play for plugins- By enabling Click to Play, web content that requires plugins such as Java, Flash, Silverlight, Adobe Reader, QuickTime, and more will be disabled by default. Users must manually Click to Play plugin content on any given web page in order for the content to load. This provides a useful security control, so that malicious content is not automatically executed by the browser. (Recommended) -
Block active mixed content- Blocks Mixed Active Content (a.k.a. Mixed Script Content) See Mixed Content Explained -
Block display mixed content- Blocks Mixed Passive Content (a.k.a. Mixed Display Content) See Mixed Content Explained -
Disable browser pings- Prevents sending a POST request to URI(s) listed in the ping attribute of HTML elements. See MozillaZone preference page -
Disable web beacons- Disables web beacons -
Disable clipboard events- Prevents websites from getting notifications if the user copies, pastes, or cuts something from a the site, and it prevents a site from knowing which part of the page had been selected. The emitting of the oncopy, oncut and onpaste events are controlled by this preference. -
Disable context menu events- Web pages won't be allowed to manipulate or block the context menu -
Enable tracking protection- Uses data provided by Disconnect to block certain web trackers from being executed on websites that you visit. -
Disable plugin name enumeration- Prevents a website from enumerating plugins. They must directly get a plugin name instead of looping through all of the plugins. This was removed in firefox 41, but still works in the ESR release. There is an issue open to look for a work around -
Disable CSS visited links- This option is no longer necessary and needs to be removed. See Plugging the CSS history leak
-
Disable safe browsing (Google)- Disables Comparing visited URLs against a blacklist or submitting URLs to a third party (Google) to determine whether a site is legitimate -
Disable safe browsing downloads check (Google)- See How does phishing and malware protection work in firefox -
Disable safe browsing malware check (Google)- Disables downloading a malware list (from Google) to compare against data the user downloads. In the event the user downloads known malware, a warning can be displayed. This preference determines whether to enable these malware checks. Also See above link -
Disable browser health reports- See Understanding browser health reports -
Disable health report uploads- See above link -
Disable telemetry reports- See Telemetry FAQ