Mozilla works on uplifting privacy settings of the Tor browser project to the Firefox web browser to provide privacy conscious users with additional privacy-related options.
While the Tor browser is based on Firefox ESR, it is modified with additional privacy and security settings to protect users of the browser while using the program.
Considering that Tor browser is used by some in critical situations, whistleblowing, publishing news or communication, it is only natural that a stronger focus on privacy and security is necessary.
Mozilla acknowledges these modifications, and plans to integrate some of them in Firefox natively. In fact, the company has already begun to integrate some in Firefox, and plans to integrate others in the future.
Tor Privacy settings coming to Firefox
Three Tor-specific options landed in Firefox 50 already. Firefox 50 is currently available on the Nightly channel, and it looks as if it is the target milestone right now. As is the case with these improvements, they may be postponed.
- The first patch blocks enumeration of plugins and mimeTypes. Sites may retrieve the information from the browser, and use it in fingerprinting. With the patch in place, Firefox returns no information to the site blocking the requests effectively.
- The second patch works in a similar manner. Firefox returns 0 for screen.orientation.angle and "landscape-primary" for screen.orientation.type when sites or applications request the information.
- The third and final patch removes the "open with" option in the download dialog.
Tor-specific privacy settings are often not suitable for Firefox's mainstream audience. That's why you need to enable these settings manually in Firefox before they become available.
A core preference is privacy.resistFingerprinting. Originally introduced in Firefox 41, it is the central preference for Tor-related settings. While it covers most Tor settings that are implemented in the Firefox browser, some are available under other preferences.
Enable Tor-related privacy settings in Firefox
Instructions below are for Firefox 50 Nightly.
- Type about:config in the Firefox address bar.
- Confirm you will be careful.
- The privacy.resistFingerprinting preference does not exist by default.
- Right-click in the main area, and select New > Boolean from the context menu.
- Name the preference privacy.resistFingerprinting.
- Set its value to True to enable it.
To block the "open with" option when downloading files, do the following instead
- While still on about:config, search for browser.download.forbid_open_with.
- Double-click the preference to set it to true and enable it.
The Tor Uplifting entry on Mozilla Wiki highlights some of the improvements that Mozilla plans to integrate in the future.
Many bugs are not assigned yet, but those that are will protect against system font enumeration or make WebGL fingerprint resistant.
The Tor meta bug lists eight patches that are currently being worked on, and four that are already integrated in Firefox.
Integration of Tor-specific privacy settings and features in Firefox is welcome. These features won't be enabled by default, but they provide privacy-conscious users with better options to harden the browser against browser fingerprinting and identification.