PUBLIC MARKS from decembre with tags security & firefox

ma petite contribution est d’utiliser des solutions respectueuses de la vie privée des utilisateurs et de les promouvoir. Dans l’idéal des solutions libres et Open Source. En plus de ça, j’essaie de préparer des sessions de sensibilisations, de répandre mes idées autour de moi (et ça fonctionne sur certaines personnes). J’essaie également d’héberger des services et de les proposer comme Nextcloud, un nœud Tor ou encore draw.io. Et pour finir, je réalise des dons à des services que je trouve important comme Wikipédia ou encore Framasoft.

l est malheureusement presque devenu récurrent d'apprendre qu'un service Web - qu'il soit confidentiel ou incontournable - s'est fait pirater et dérober une bonne partie de ses bases de données. Pour savoir s'il l'on fait partie des personnes dont les informations personnelles ont été dérobées, Mozilla vient de mettre en ligne un nouveau service de vérification appelé Firefox Monitor. Le fonctionnement de Firefox Monitor (lien en anglais) est très simple. Une fois sur le site, il suffit de rentrer son adresse électronique pour découvrir si celle-ci fait partie des données volées lors d'un piratage. Si c'est effectivement le cas, Firefox Monitor vous indiquera le service concerné, le nombre total de comptes compromis, la période du piratage mais surtout quelles données ont été dérobées (adresses mail, mots de passe, nom d'utilisateurs, etc).

I do a lot of work with Firefox, as its developer tools outshine all the other browsers, hands down. But recently I’ve been getting a lot of sites appearing without CSS. As it turns out, there’s actually “mixed content” on the page, and the default security setting is to block that content. Normally I agree with security settings in general, but I know what I’m doing, and this is just a massive annoyance. There are ways around this though. 1) You can add the toggle mixed content add-on from here https://addons.mozilla.org/en-us/firefox/addon/toggle-mixed-active-content/ 2) However, my preferred method is to disable the feature in the browser by doing the following. Enter about:config into the Firefox address bar (confirm the info message in case it shows up) & search for the preference named security.mixed_content.block_active_content. Double-click it and change its value to false. After this, you’ll be browsing without that annoying security blockage, and everything will feel back to normal.

- dom.allow_scripts_to_close_windows Defines whether scripts can close windows in the browser. True: Scripts may close any window. False: Scripts may only close windows opened by scripts. (default) - dom.disable_image_src_set Determines whether JavaScript is allowed to manipulate images displayed in the browser. True: Scripts are allowed to change images. False: Scripts are not allowed (default) _ dom.event.clipboardevents.enabled Determines whether websites are allowed to access clipboard contents (check out: Block websites from reading or modifying Clipboard contents in Firefox for additional information). True: Websites may read or modify clipboard events. (default) False: Blocks access. - dom.event.contextmenu.enabled Determines whether websites are allowed to block access to the right-click context menu. True: Websites may manipulate the context menu. (default) False: Web pages won't be allowed to manipulate or block the context menu. - dom.popup_allowed_events Defines the JavaScript events that are allowed to create popup windows. change click dblclick mouseup reset submit touchend - Determines if location aware browsing is enabled. True: Location Aware browsing is enabled. (default) False: The feature is disabled which means that you won't get prompts on websites using it. - geo.wifi.uri The data provider used to power Firefox's geolocation feature. (Check out how to switch to a Mozilla operated service) https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_API_KEY% - network.http.referer.XOriginPolicy Defines when to set the referrer (the page a visit originated from). 0: Never send it. 1: only send if the base domain matches. 2: only send if hosts match. - plugin.state.flash The default state of the Flash plugin. See How to make sure Firefox plugins never activate again for more information. 0: turns off the Flash plugin in Firefox. 1: sets the Flash plugin to ask to activate. 2: enables the Flash plugin.

How to enable Firefox WebExtensions on Mozilla websites (in https://www.ghacks.net/2017/10/27/how-to-enable-firefox-webextensions-on-mozilla-websites/): - Load about:config in the Firefox web browser. - You can run a search for just to make sure it does not exist: privacy.resistFingerprinting.block_mozAddonManager. It does not in the most recent Firefox Nightly builds at the time of writing. - Right-click in the part of the window that lists the preferences, and select New > Boolean from the context menu. - Name the new Boolean value: privacy.resistFingerprinting.block_mozAddonManager. - Set its value to true.