Using the Tor Browser is widely considered to be the most secure and anonymous way to surf the internet. This is, of course, largely due to the fact that the Tor Browser routes all its connections through the Tor network. Being a privacy-oriented piece of software, however, the Tor browser is also especially “hardened” to improve its security. The Tor Browser is a modified version of the open source Firefox browser by Mozilla, but many of the Tor Browser’s additional privacy settings are not suitable for mainstream Firefox users, as they can “break” websites.
Mozilla, however, in clear acknowledgment of the privacy and security benefits that Tor Browser settings bring, has started to integrate some of the these features into its mainstream Firefox browser.
Firefox 50 Nightly
Firefox Nightly builds are experimental releases of the browser that allow fans to test new features before they are released as stable patches for mainstream users. Firefox 50 Nightly introduces the following features from the Tor Browser:
1. It blocks enumeration of plugins and MIME types
Websites can install scripts that ask for information such as a list of all installed fonts and plugins, supported data types (so-called MIME types), screen resolution, system colors and more. These are used to help fingerprint your browser. This is a technique that uses your browser’s attributes to uniquely identify you, and then track you as you surf the web.
By blocking requests for the plugins and MIME types used by your browser, Firefox will make fingerprinting it more difficult.
Without setting enabled
With this setting enabled.
I should note, though, that Panoptoclick still regards my browser fingerprint as being unique (one in 136,223, rather than the one in 136,184 it was before enabling the setting). Oh well. This may at least in part be due to the fact that Panoptoclick takes canvas fingerprinting into account while judging a browser’s uniqueness.
Because it is an experimental feature, this setting needs to be manually enabled. It does not exist by default, so you need to create it. To do this in Firefox 50 Nightly:
a. Open about:config.
b. Right-click anywhere in the about:config window -> New -> Boolean.
c. Enter privacy.resistFingerprinting as the preference name, and hit OK.
d. Select value = true, and hit OK.
2. It returns value of 0 for screen.orientation.angle, and “landscape-primary” for screen.orientation.type when requested by websites
Again, these are attributes used for browser fingerprinting.
3. It removes the “open with” option from the download dialog
Hands up! I’m not really sure why this is considered a vulnerability, but it is! To turn this feature on:
a. Open about:config (or stay on the page if it is already open) and search for browser.download.forbid_open_with .
b. Double-click anywhere on the parameter to change it to true.
Although the changes are fairly minor at present, it is great to see Firefox start to incorporate Tor Browser’s improved privacy settings into its mainstream offering. This is especially true as privacy is Firefox’s big advantage when compared to its commerce-led competition.
Although currently available only to Nightly users, we can expect these changes to appear in the stable build very soon. More Tor Browser patches are planned for future releases.