Firefox privacy patches

Wilco · 2015-09-22 19:13:18

Firefox implements some new features which might not be desirable for everyone:

Suggested tiles, advertisements on the new tab page
Firefox Hello, a chat plugin
Pocket, a plugin which is bundled with the browser since version 40 which can save webpages for later viewing on another device

The problem with these features is that disabling them in about.config does not prevent them from gathering data or sending it to (mxr.)mozilla.org. For users who do not like this I've created two patches that disable these features from being build into the browser and completely removes any reference to it (as far as possible). I also add "ac_add_options --disable-webrtc" to mozbuild to prevent Firefox from building the webrtc code. The patches can be found here for anyone interested. To build Firefox with these patches simply download the PKGBUILD and add one or both patches to the prepare() function.

https://github.com/williex/firefox-privacy

Last edited by Wilco (2015-09-22 19:15:59)

windozupdate · 2015-09-28 08:35:45

Recommend this extension
Privacy-Settings

Alad · 2015-09-29 10:10:12

As far as I understand, that addon is an abstraction to about:config ... which according to OP doesn't prevent the browser from sending out data.

SubS0 · 2015-10-03 14:32:46

Thank you for sharing Wilco.
I was wondering if it was possible to do something like that and how, since « Hello » has been implemented.
So, I block some mozilla's URLs on my router with privoxy, but it's not satisfaying.

As I'm not a programmer, it's difficult for me to understand how to achieve that.
I'll try your patch soon, and take it as an interesting exemple to study.

Wilco · 2016-03-09 09:13:50

Added an AUR package for Firefox ESR with improved privacy patches:

https://aur.archlinux.org/packages/firefox-esr-privacy/

Features:

Disable contacting Mozilla on new tab page, frequent visited tiles still work.
Removed Firefox Hello chatapp. This also prevents FF from contacting Mozilla every time you start Firefox
No pocket integration (because it's not yet in the ESR version of FF)
Disable contacting Mozilla on first run to detect geo location
Disable middle mouse click registering as paste URL
Disable leaking plugin data
Disabled webrtc, FF healhreport

timofonic · 2016-03-10 09:49:04

Wilco wrote:

Added an AUR package for Firefox ESR with improved privacy patches:
https://aur.archlinux.org/packages/firefox-esr-privacy/
Features:
Disable contacting Mozilla on new tab page, frequent visited tiles still work.
Removed Firefox Hello chatapp. This also prevents FF from contacting Mozilla every time you start Firefox
No pocket integration (because it's not yet in the ESR version of FF)
Disable contacting Mozilla on first run to detect geo location
Disable middle mouse click registering as paste URL
Disable leaking plugin data
Disabled webrtc, FF healhreport

Your patches look very similar to Pale Moon, in fact

Alad · 2016-03-10 19:20:00

Probably because Firefox 24 (!) didn't have those features at the time ...

Last edited by Alad (2016-03-10 19:20:08)

Perfect Gentleman · 2016-03-11 22:14:33

updates for FF 45 ?

Wilco · 2016-03-12 09:18:47

Update to FF45 will take about a week because it needs more patches to disable pocket and reader view and to update the other patches for the new sources.

The current AUR package will work fine with 38.7.0 though (the latest stable ESR)

Wilco · 2016-03-15 10:07:38

New version is up!

NEW: based on Firefox 45 ESR
NEW: disabled and completely removed Pocket and Firefox hello/Loop, this prevents contacting Mozilla on startup
NEW: disable import wizard on first run
NEW: start a new profile with about:blank instead of three mozilla pages
NEW: most telemetry and health reports are now disabled at compile time
Disable contacting Mozilla on (enhanced) new tab page, frequent visited tiles still work
Disable contacting Mozilla on first run to detect geo location
Disable middle mouse click registering as paste URL
Disabled webrtc, FF healhreport

Wilco · 2016-03-26 09:30:38

New version:

Updated to FF 45.0.1
Added patch to disable sharing notification. That's the bar that pop ups on a new profile about sharing data with Mozilla, which is disabled in this build
Removed reader view, even less clutter on your screen!
Disable first time download window popup

Perfect Gentleman · 2016-04-27 14:53:04

are there patches for 46 ?

Wilco · 2016-04-27 20:22:50

No, only for the latest ESR version. You can try the patches with FF 46, it might work. However, updating the patches can be a lot of work between regular versions, so that's why the patches are made for the latest ESR only.

Wilco · 2016-11-08 21:05:48

New version is up, FF 45.4.0

Fixes segfaults which happens with ICU 58.1 (when it arrives in stable)

Disable middle mouse button again

Last edited by Wilco (2016-11-08 21:33:57)

bstaletic · 2016-11-08 22:26:04

First, thanks for the work you've put in those patches. Would it be possible for you to make a -bin version of the package? Firefox takes very long to build so I'd like to be able to just download -bin variant.

teateawhy · 2016-11-09 16:23:59

Are you aware of the Tor browser? It also aims to provide better privacy than the default firefox browser it is based on, might be able to learn something from it (or vice versa).

bstaletic · 2016-11-10 10:09:02

teateawhy,
Tor browser has a completely different idea of how to achieve privacy. It uses the Tor network, which, today, contains a backdoor. So if you're really paranoid about privacy you should avoid Tor completely. As for where have I heard about the backdoor? I have heard about it on a few places around the internet and I'm fairly sure that one of the places was slashdot.

Prickle · 2016-11-10 14:20:32

Nice patches but I cannot build it, build error:

make[3]: *** [/tmp/yaourt-tmp-pri/aur-firefox-esr-privacy/src/firefox-45.4.0esr/config/recurse.mk:33: compile] Error 2
make[3]: Leaving directory '/tmp/yaourt-tmp-pri/aur-firefox-esr-privacy/src/firefox-45.4.0esr/firefox-build-dir'
make[2]: *** [/tmp/yaourt-tmp-pri/aur-firefox-esr-privacy/src/firefox-45.4.0esr/config/rules.mk:547: default] Error 2
make[2]: Leaving directory '/tmp/yaourt-tmp-pri/aur-firefox-esr-privacy/src/firefox-45.4.0esr/firefox-build-dir'
make[1]: *** [/tmp/yaourt-tmp-pri/aur-firefox-esr-privacy/src/firefox-45.4.0esr/client.mk:396: realbuild] Error 2
make[1]: Leaving directory '/tmp/yaourt-tmp-pri/aur-firefox-esr-privacy/src/firefox-45.4.0esr'
make: *** [client.mk:171: build] Error 2
==> ERROR: A failure occurred in build().
    Aborting...
==> ERROR: Makepkg was unable to build firefox-esr-privacy.

Any help plz?

UPD: Full output here http://codepad.org/UMOjnwTl

Last edited by Prickle (2016-11-11 15:16:35)

WorMzy · 2016-11-10 14:36:41

That's not the actual error that caused the build to stop, but I imagine the problem is that you're using /tmp to build in and your /tmp isn't big enough.

Prickle · 2016-11-10 14:42:51

Nope. /tmp on hdd and about 100 Gb is free. What you mean "not the actual error"? Where is actual?

WorMzy · 2016-11-10 14:54:40

Fair enough. The actual error is what caused make to fail, it will likely be a compiler or linker error and will be further up the output. To find it, I usually search through the output to find the first instance of "error" that isn't from make and isn't part of a file path.

EDIT: Of course, if you need help with understanding the error, posting the full output is best.

Last edited by WorMzy (2016-11-10 14:57:39)

Prickle · 2016-11-10 16:04:12

OK, I just retried and here is full output: http://codepad.org/UMOjnwTl

Last edited by Prickle (2016-11-11 15:17:09)

bstaletic · 2016-11-10 16:27:23

That's the same error I got when I tried compiling it. Have not yet found a way to get passed that error.

teateawhy · 2016-11-10 20:00:38

bstaletic wrote:

teateawhy,
Tor browser has a completely different idea of how to achieve privacy. It uses the Tor network, which, today, contains a backdoor. So if you're really paranoid about privacy you should avoid Tor completely. As for where have I heard about the backdoor? I have heard about it on a few places around the internet and I'm fairly sure that one of the places was slashdot.

I will leave the alleged backdoor uncommented, since it would derail the thread. The Tor browser also does other things apart from connecting with the Tor network, see "browser fingerprinting". I don't know much about the subject, but it might be worth looking into.

https://www.torproject.org/projects/torbrowser/design/
https://gitweb.torproject.org/builders/ … =maint-6.0

Wilco · 2016-11-12 21:25:15

Build problems might be fixed by using these patches: mozilla-1245076-1.patch and harfbuzz-1.1.3.patch.gz

These patches can be found here: https://aur.archlinux.org/packages/firefox-esr/

Arch Linux

#1 2015-09-22 19:13:18

Firefox privacy patches

#2 2015-09-28 08:35:45

Re: Firefox privacy patches

#3 2015-09-29 10:10:12

Re: Firefox privacy patches

#4 2015-10-03 14:32:46

Re: Firefox privacy patches

#5 2016-03-09 09:13:50

Re: Firefox privacy patches

#6 2016-03-10 09:49:04

Re: Firefox privacy patches

#7 2016-03-10 19:20:00

Re: Firefox privacy patches

#8 2016-03-11 22:14:33

Re: Firefox privacy patches

#9 2016-03-12 09:18:47

Re: Firefox privacy patches

#10 2016-03-15 10:07:38

Re: Firefox privacy patches

#11 2016-03-26 09:30:38

Re: Firefox privacy patches

#12 2016-04-27 14:53:04

Re: Firefox privacy patches

#13 2016-04-27 20:22:50

Re: Firefox privacy patches

#14 2016-11-08 21:05:48

Re: Firefox privacy patches

#15 2016-11-08 22:26:04

Re: Firefox privacy patches

#16 2016-11-09 16:23:59

Re: Firefox privacy patches

#17 2016-11-10 10:09:02

Re: Firefox privacy patches

#18 2016-11-10 14:20:32

Re: Firefox privacy patches

#19 2016-11-10 14:36:41

Re: Firefox privacy patches

#20 2016-11-10 14:42:51

Re: Firefox privacy patches

#21 2016-11-10 14:54:40

Re: Firefox privacy patches

#22 2016-11-10 16:04:12

Re: Firefox privacy patches

#23 2016-11-10 16:27:23

Re: Firefox privacy patches

#24 2016-11-10 20:00:38

Re: Firefox privacy patches

#25 2016-11-12 21:25:15

Re: Firefox privacy patches

Board footer