Archive for the ‘Firefox’ Category

Disabling Referer Headers in Firefox

Sunday, November 21st, 2010

Given the awesome work detailed by Bala from AT&T, and some recent privacy related measures I have been taking in my Firefox browser (see https-everywhere and adblocking fb), I have decided to instruct my browser to stop sending the Referrer Header (nb: incorrectly referred to as the ‘referer header’), when I am clicking around on the web.

The following example shows the Referrer header of the HTTP request telling facebook.com, that I have just been looking at a page about HIV on the NHS choices website.

GET /
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-gb) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Referer: http://www.nhs.uk/conditions/HIV/Pages/Introduction.aspx
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
Cookie: presence=DJ290173073BchADhA_22112.channelH1L60X...

I followed instructions on the following blog post http://cafe.elharo.com/privacy/privacy-tip-3-block-referer-headers-in-firefox/ to configure my Firefox instance to not send the “referer header”.

In short, the steps needed are as follows:

  • Type about:config into your firefox awesome bar, to bring up your settings
  • find the setting network.http.sendRefererHeader. This is probably set to 2.
  • Choose one of the following values:
    • 0: Completely disables the referer header (mischa’s setting)
    • 1: Sends a referer header when following a link to another page, but not when loading images on the page
    • 2: Always sends the referer header (default)

I am going to experiment with setting it to 0, disabling the referer header all the time, I will post back here to say if it causes me any problems.

Tags:, , ,
Posted in Firefox, Privacy | 2 Comments »

HTTPS: Making more use of SSL

Tuesday, October 26th, 2010

There has been a lot of talk about how more and more people are using their laptops on public wifi connections, and with the advent of the Firesheep plugin, there has been a number of scares around session hijacking, and unencrypted login details being sent through the ether.

As a result, I thought I would describe the steps I have taken in securing my Firefox instance on my laptop. These are :

  • Installing the HTTPS Everywhere plugin from the eff, which attempts to select https if available when accessing a site. I have tested it with Facebook, Google, Hotmail, LinkedIn and a few other sites
  • I have set my homepage to be encrypted.google.com
  • I have changed the search engine in top right hand of my Firefox instance to use the encrypted google service, by installing their plugin
  • I have set a master password on my Firefox keychain, which gives my stored passwords some level of protection
  • And I run Adblocking software, (with a custom Facebook Like Button blocking extension) as per an earlier blog post

Furthmore, I use Firefox as my main browser, I have chrome installed, but I hardly ever use it, and I have a locked down, stateless Safari instance which I wrote about earlier.

Tags:, , ,
Posted in Firefox, OSX, Privacy | 3 Comments »