Posts Tagged ‘firefox’

Disabling Referer Headers in Firefox

Sunday, November 21st, 2010

Given the awesome work detailed by Bala from AT&T, and some recent privacy related measures I have been taking in my Firefox browser (see https-everywhere and adblocking fb), I have decided to instruct my browser to stop sending the Referrer Header (nb: incorrectly referred to as the ‘referer header’), when I am clicking around on the web.

The following example shows the Referrer header of the HTTP request telling facebook.com, that I have just been looking at a page about HIV on the NHS choices website.

GET /
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-gb) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Referer: http://www.nhs.uk/conditions/HIV/Pages/Introduction.aspx
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
Cookie: presence=DJ290173073BchADhA_22112.channelH1L60X...

I followed instructions on the following blog post http://cafe.elharo.com/privacy/privacy-tip-3-block-referer-headers-in-firefox/ to configure my Firefox instance to not send the “referer header”.

In short, the steps needed are as follows:

  • Type about:config into your firefox awesome bar, to bring up your settings
  • find the setting network.http.sendRefererHeader. This is probably set to 2.
  • Choose one of the following values:
    • 0: Completely disables the referer header (mischa’s setting)
    • 1: Sends a referer header when following a link to another page, but not when loading images on the page
    • 2: Always sends the referer header (default)

I am going to experiment with setting it to 0, disabling the referer header all the time, I will post back here to say if it causes me any problems.

Tags:, , ,
Posted in Firefox, Privacy | 2 Comments »

HTTPS: Making more use of SSL

Tuesday, October 26th, 2010

There has been a lot of talk about how more and more people are using their laptops on public wifi connections, and with the advent of the Firesheep plugin, there has been a number of scares around session hijacking, and unencrypted login details being sent through the ether.

As a result, I thought I would describe the steps I have taken in securing my Firefox instance on my laptop. These are :

  • Installing the HTTPS Everywhere plugin from the eff, which attempts to select https if available when accessing a site. I have tested it with Facebook, Google, Hotmail, LinkedIn and a few other sites
  • I have set my homepage to be encrypted.google.com
  • I have changed the search engine in top right hand of my Firefox instance to use the encrypted google service, by installing their plugin
  • I have set a master password on my Firefox keychain, which gives my stored passwords some level of protection
  • And I run Adblocking software, (with a custom Facebook Like Button blocking extension) as per an earlier blog post

Furthmore, I use Firefox as my main browser, I have chrome installed, but I hardly ever use it, and I have a locked down, stateless Safari instance which I wrote about earlier.

Tags:, , ,
Posted in Firefox, OSX, Privacy | 3 Comments »

Firefox 3.5 and W3C Geo API

Wednesday, July 8th, 2009

I have made a simple webpage which makes use of the W3C Geo API. The page will prompt you for your location, given you are using FF3.5, and will subsequently ask you for a WebID and some text to describe what you are up to.

The service then generates a call to another endpoint I bashed together, that takes the following cgi arguements.

webid - lat - long with an OPTIONAL alt - datetime - doing(what I am doing now field)

e.g.,

http://mmt.me.uk/services/FOAFEvent?lat=51.4583494&long=-0.1186444&webid=http://foo.com/foaf.rdf%23bar&datetime=2009-07-08T13:02:46+01:00&doing=writing+a+blog+article


That in turn generates a FOAF person scrobble, or a FOAF Event. I have made us of the Event, Timeline, FOAF, dc, and the Geo ontologies.

So this service can be found on my site, http://mmt.me.uk/geo. It should be noted that I DO NOT store any of the information which I output on this site. I will make it HTTPS at some point, and then I will replace using Plazes.com with my own service. I would rather a world where I was running all of my own social networking from my own machine.

The code to do this is so simple. In order to do the W3C geo stuff all you need to do is write some html and javascript, like so (sorry about the indentation)

<script src="http://maps.google.com/maps?file=api&v=2&key=YOUR_API_KEY_HERE" type="text/javascript"></script>
<script type="text/javascript">
function load() {
navigator.geolocation.getCurrentPosition(showMap);
}
function showMap(position.coords) {
// (position.coords.latitude, position.coords.longitude).
if (GBrowserIsCompatible()) {
var map = new GMap2(document.getElementById("map"));
map.setCenter(new GLatLng(position.coords.latitude, position.coords.longitude), 13);
var point = new GLatLng(position.coords.latitude, position.coords.longitude);
map.addOverlay(new GMarker(point));
}
}
</script>
<div id="map" style="width: 620px; height: 310px"></div>

and this :

<body onload="load()" onunload="GUnload()">

Here are a bunch of links which I used to find out how to do this :

Tags:, , , , , ,
Posted in FOAF, Lifelogging, SemanticWeb | No Comments »