Mozilla engineers are working on importing into Firefox some of the extra privacy settings found in the Tor Browser.
The Tor Browser is a modified version of Firefox ESR (Extended Support Release) that features many privacy-enhancing features.
The Tor Project added these extra tools to prevent malicious actors from fingerprinting Tor traffic and Tor users navigating the Web.
Fingerprinting attacks are a danger to non-Tor users alike
Some of the common ways through which a third-party can fingerprint the Tor users, even if they can’t detect their real IP address, is by collecting second-stage information such as supercookies, HTML5 canvas details, screen size, color depth, timezone settings, WebGL details, mouse movements, and so on.
This information is put together to create a very accurate fingerprint of the user when they access other websites, even if their real IP address is never revealed.
Online advertising agencies and crooks running exploit kits also employ fingerprinting for normal Web traffic in order to select and categorize users.
Preventing fingerprinting attacks is a priority for the Tor Project, along with other exploits law enforcement have tried against its users.
Firefox Nightly adds some of Tor’s anti-fingerprinting features
As first spotted by gHacks, Mozilla has created the Tor Uplift project in an attempt to bolster Firefox’s defenses against fingerprinting attacks. The Foundation plans to import some of Tor’s privacy and anti-fingerprinting features into Firefox.
Some of these have already made their way into Firefox Nightly (v50). These are tools to prevent attackers from listing what types of plugins and mimeTypes the user’s browser supports, and if the user’s browser is using a landscape or other orientation.
There’s also a feature that removes the “Open with…” menu option from Firefox, and more Mozilla plans to add more in the future.
New settings are not visible by default
These features aren’t visible in Firefox’s settings or the about:config page. A user needs to navigate to a new tab, type in about:config in the URL bar, right-click anywhere on the page background and select the New -> Boolean option.
Here they must type privacy.resistFingerprinting and set the default value to true. Now the hidden feature is active and can be turned off when not needed anymore.
To prevent new downloads from bringing up the “Open with…” option, while on the about:config page, users must search for the browser.download.forbid_open_with option and set it to true as well.