Team LiB
Previous Section Next Section

Hack 13. Stop All Secret Network Activity

Send packets across the Internet only when they come from user actions.

Firefox has a mind of its own. It sometimes connects to other computers across the Internet without asking you first. Not only is this a privacy issue, but it can also be awkward. For example, the browser might be installed on test equipment that is network-enabled only intermittently. If you are performing network diagnostics, that's another time when you don't want any unexpected chatter on the line. Finally, if you configuration-control all of your installed software, then you probably prefer that Firefox not upgrade itself automatically either. Here's how to stop all of that stuff.

2.4.1. Stop Secret Updates

Firefox periodically (daily) checks the Mozilla Update web site (http://update.mozilla.org) to see what's new. If there are critical patches, the home page displayed at startup is replaced with a warning page. If there are any patches at all, an icon appears on the menu bar. To turn off that functionality, set these preferences:

app.update.enabled             /* default is false */
app.update.autoUpdateEnabled   /* set to false. default = true */

The second preference stops Firefox from polling the web server to see if there's anything new to report to the user.

These two additional preferences do the same job as the previous preferences, but they control update checks for extensions, plug-ins, and themes rather than checks for the core Firefox product:

extensions.update.enabled             /* default is false */
extensions.update.autoUpdateEnabled   /* set to false. default = true */

Firefox also performs trivial updates of site icons, the small icons that appear next to URLs. Generally, they provide brand marks for web sites. Figure 2-1 shows a browser window with three site icons marked out.

Figure 2-1. Site icons displayed in the browser window


The Google site icon (the rightmost one) is retrieved from a local copy. The other two are drawn from their original web sites. That's fine for the URL that the user typed into the Location bar, but if the Bookmarks toolbar contains a lot of bookmarks that have site icons, Firefox will download them from all over the place in order to make the toolbar look pretty. Site icons can also be downloaded if the sidebar is displayed. To turn off icon retrieval, set these preferences:

browser.chrome.site_icons /* set to false. default = true */
browser.chrome.favicons   /* set to false. default = true */

Configuration updates are another class of updates that Firefox might perform, if the browser is run under the following conditions. None of these occur in the standard install, but they're all configurable options:

  • If web proxies are in place [Hack #15]

  • If there are custom configuration files [Hack #29]

  • If Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol (OSCP) is configured [Hack #17]

There are also update issues that are separate from the main Firefox installation. You can never be sure what update behavior an extension or plug-in might introduce of its own accord. Extensions are free to contact any web site. If the extension comes from a trusted source, then a consumer review of the extension's intent should suffice. If that's not enough, the extension source code itself must be reviewed for use of any Mozilla XPCOM objects that are network-oriented.

Be particularly careful if an extension adds compiled libraries to the Firefox install. Such code can't be trusted as is; you need to inspect its original source as well. If the compiled source is supplied with the extension, that is still not enough for trust, because the compiled files could have originated from other source. Trust only the provider, not the files.

Finally, the following preference has nothing to do with Firefox. It is used only by the Mozilla Application Suite's Smart Browsing feature. If you see it, ignore it:

browser.related.autoload /* 0 = always, 1 = after first use, 2 = never */

2.4.2. Stop Secret Submissions

In all quality web browsers, an unsigned web page cannot submit an HTML form to a web site without the user being involved. There are many special cases that need to be avoided if this rule is to be enforced, and there's no way to toggle checking for these cases on or off for an unsigned page.

Firefox, however, also supports submission to web sites using SOAP, WSDL, and XML-RPC. A rule called the Same Origin policy allows web pages to "phone home" to their server of origin without asking the user. The only way to stop this activity is to disable JavaScript access to the web page objects that provide these services, and the only way to do that is to use capability-based permissions [Hack #20] . Here's an example that disables the invoke() and asyncInvoke() methods of the SOAPCall object:

capability.policy.default.SOAPCall.invoke      /* set to "NoAccess" */
capability.policy.default.SOAPCall.invokeAsync /* set to "NoAccess" */

Such capability settings are required for each object that offers a network-enabled call interface. So, as another example, WebServiceProxyFactory.createProxy() and its equivalents also require capability preferences.

A further, trivial example of secret submission is the use of cookies by a web site. If being tracked by a cookie bothers you, you can turn cookie support off this way:

network.cookie.cookieBehaviour         /* set to 2 (none), default = 0 (all) */

Finally, there is the case of Java applets. Applets can "phone home" just as web services can. There's no way to stop this, short of disabling Java entirely. You can disable specific ports [Hack #16] if you want.

As for the update case, you can never be sure what submission behavior an extension or plug-in might introduce.

2.4.3. Stop Not-So-Secret Background Downloads

If you've become addicted to tabbed browsing, you might spend a lot of time looking at one web page, while lots of other web pages are loaded into the tabs that are behind the current tab. The most convenient arrangement is to have those tabs load their pages while they're still hidden. When you change tabs, it's likely that the web page in the tab will be ready to view. This convenience is the default arrangement.

The convenience comes at a cost, though. If you maintain, say, five tabs, your demand for web page data is up to five times the demand of a single browser page. If all of those tabs are busy loading, then the front page will get only one-fifth of the share of the connection. So you might have to wait longer to view it. Furthermore, just by opening tabs, you demand more web page data from your ISPthe same amount as if you were opening five separate windows. In the case of tabs, though, people often open tabs just in case. That means extra download activity for content that's not actually a high priority for the user. Some call that waste.

There are two preferences that will reduce the tab download burden on your Internet connection at the cost of convenience:

browser.tabs.loadInBackground            /* Set to false, default = true */
browser.tabs.loadBookmarksInBackground   /* false = default */

The first preference turns off URL loading for tabs that aren't in front. If you change tabs, so that the current one is no longer displayed, the matching page for the new front tab will then start to load. The second preference has to do with bookmark groups. If you store a set of tabs as a bookmark group, you can recall all of those tabs with a single click. By default, those tabs won't start to download, which is what you probably prefer.

There is currently no way to make the Download Manager back off and use only a smaller chunk of your Internet connection. So far, it will always grab all the bandwidth it can get. That means downloads are reasonably fast, but it also means that viewing web pages is always slowed down if downloading is going on.

    Team LiB
    Previous Section Next Section