Choose your advice carefully!
I have not read all of the linked doc yet but in reading through I see a number of red flags that indicate that this might not be sincere advice for securing your web browser.
Example: They have an entire section titled "Tweaking Firefox - the best solution" which advocates using FireFox with a number of tweeks to enhance privacy... but the tweeks that are recommended are... suspect. The recommendation is to "Controlling Firefox's DNS over HTTPS" by using a "policies.json" file and helpfully provides a sample JSON... but look at the JSON! The JSON does do some good things like turning off search suggestions and turning off telemetry... but it also TURNS OFF DNS OVER HTTPS! ... I know that a lot of people don't like DoH and DoT because it exposes your DNS quesriers to tracking byt whoever is running the DoH server... but it is still a million times better than running clear text DNS queries... And then the second piece of advice is blocking all known DoH servers at the firewall? This is not "Controlling Firefox's DNS over HTTPS" but rather disabling it is completely...
I know that some security conscious users do not like DoH, but most recommend using it and consider it better than letting your ISP track everything. With DNS over HTTP you are at least segmenting the data; Your ISP has your real name mapped to IP address and the DoH provider has the IP to DNS queries but neither has it all. The recommendations here seem intentionally misleading and indicate that the JSON configures DoH rather than disabling it... This is making me cast the entire article in a critical light.
Since you sound like you know what you're talking about, what browser do you use? I did some tweaks to Firefox config from another article.
I use Tor often but smaller screen size and no way to import bookmarks becomes a nuisance. Tor is in the table of contents but not the article itself, maybe he took it out...
Since you sound like you know what you're talking about, what browser do you use?
Unfortunately there is no good answer these days. Any browser that really tries to protect your privacy will have problems on some websites. If you really want to maintain your privacy then you have to resign yourself to the fact that occasionally you will go to a website and find things that do not work. If this is fine for you then I recommend IceCat, ungoogled-chromium and TOR. If you want a web browser that actually works on most if not all websites than I think the only real option is FireFox with a number of customization to lock it down. For me IceCat works fine for about 85% of the sites I visit and I have to admit that the effort of switching back and forth between browsers to be a pain and I often just end up browsing with FF.
My issue with the advice on the page linked by OP is not that they recomend running FF with special configs... That is a reasonable position. The problem is the specific suggestion that it is claiming to show a user how to configure DNS over HTTPS while what it is really doing is disabling the feature al together... again this might be excusable but not when the text implies the opposite. And even then the advice is suspect/debatable. I personally run FF in DNS over TLS because I think two companies having half the info is better than one company having all the info.
For real anonymity, not just privacy, TOR through a VPN is the only option.
For me IceCat works fine for about 85% of the sites I visit and I have to admit that the effort of switching back and forth between browsers to be a pain and I often just end up browsing with FF.
Same for me with Tor. The captcha problem doesn't seem like it will get fixed anytime soon either.
I use Tor alone since a few articles from argues against VPNs with Tor. Seems it could work if done right but since many setup incorrectly it causes problems.
Yeah, it is entirely possible to be too 1337... most people simply don't have the know-how to get that deep in the weeds. Brave is a good example: sure, it has some problems, but it's good enough for most normal users who don't want to or can't figure out NoScript or TPRB.
most people simply don't have the know-how to get that deep in the weeds
...Which is why the advice about DoH set off alarm bells. "Just copy and paste this example JSON file and put it in the right place and boom! you have configured DoH!" and I look at the JSON and it does not configure DoH at all but rather turns it off? And I think turning it off is LESS secure? Seemed like they did not expect people to get that deep into the weeds and actually read the JSON.
In a security context the second you catch someone in a lie or trying to mislead is the moment that they loose ALL credibility.
DoH isn't to be avoided at all costs because you're handing over all of your requests to a third party (which you end up doing anyways regardless of if you use DoH or not). The real threat is that companies like Firefox are attempting to take control over which portions of the internet you are allowed access to. When your browser is choosing your DNS provider they can now effectively remove websites from the internet without having to interfere with their web hosting, or registrar. They simply block DNS requests to your website and now no one running their implementation of DoH (Which I think was through CloudFlare(!) the last time I looked) can access your site and they've effectively removed you from the internet.
If you have a DNS provider that you trust, and that you set yourself than DoH is fine and dandy, but that's now how 99% of humanity will end up using it.
(post is archived)