The following settings is the best i could get at panoptclick without breaking several sites:
If you run the test: To me it seems obvious that the remaining problem are the system fonts
(Or at least that it is the biggest problem).
add-ons
-------------------------------------------------------------------------
apt-get install xul-ext-adblock-plus
apt-get install xul-ext-noscript
menu -> tools -> addons -> search for cookiemonster, install it
menu -> edits -> preferences -> privacy: use custom setting for history:
enable: do not track
don't remember history
don't remember search form history
don't accept cookies
enable: do not track
clear when iceweasel closes: clear everything (perhaps leave preferences)
now enable cookies by cookiemonster
install https-everywhere
https://www.eff.org/https-everywheregeneral settings:
----------------------------------------------------------------------------
menu -> edit -> preferences -> security
disable block reported attack sites
disable block reported web forgeries
disable remember passwords
menu -> edit -> preferences -> general
when iceweasel starts show a blank page
set home page to:
http://3g2upl4pq6kufc4m.onion/searchengines toolbox:
----------------------------------------------------------------------------
replace google with
https://duckduckgo.com/htmlor:
https://www.ixquick.com/index.htmlremove the searchengines: google, yahoo, bing
about:config
----------------------------------------------------------------------------
bidi.support to 0
browser.xul.error_pages.expert_bad_cert to true
network.prefetch-next to false
network.http.sendRefererHeader to 0
network.proxy.socks_remote_dns to true
right click in about:config, new -> string and
general.useragent.override Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0
more useragent:
Variable: Value:
general.useragent.override Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0
general.appname.override Netscape
general.appversion.override 5.0 (Windows)
general.oscpu.override Windows NT 6.1
general.platform.override Win32
general.productSub.override 20100101
general.buildID.override 0
general.useragent.vendor [enter variable - but leave value blank]
general.useragent.vendorSub [enter variable - but leave value blank]
intl.accept_languages en-us,en;q=0.5
network.http.accept.default text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
network.http.accept-encoding gzip, deflate
more about:config
---------------------------------
---disable browser cache:
browser.cache.disk.enable:false
browser.cache.disk_cache_ssl:false
browser.cache.offline.enable:false
browser.cache.memory.enable:false
browser.cache.disk.capacity:0
browser.cache.disk.smart_size.enabled:false
browser.cache.disk.smart_size.first_run:false
browser.cache.offline.capacity:0
dom.storage.default_quota:0
dom.storage.enabled:false
dom.indexedDB.enabled:false
dom.battery.enabled:false
---disable history & localization
browser.search.suggest.enabled:false
browser.sessionstore.resume_from_crash:false
geo.enabled:false
---misc other tweaks:
keyword.enabled:false
network.dns.disablePrefetch:true
network.dns.disablePrefetchFromHTTPS:true
dom.disable_window_open_feature.menubar:true
dom.disable_window_open_feature.personalbar:true
dom.disable_window_open_feature.scrollbars:true
dom.disable_window_open_feature.toolbar:true
browser.identity.ssl_domain_display:1
browser.urlbar.autocomplete.enabled:false
browser.urlbar.trimURL:false
privacy.sanitize.sanitizeOnShutdown:true
network.http.sendSecureXSiteReferrer:false
network.http.spdy.enabled:false ---> use http instead of google's spdy
plugins.click_to_play:true ---> also check each drop-down-menu under "preferences"->"content"
security.enable_tls_session_tickets:false ---> disable https-tracking
security.ssl.enable_false_start:true ---> disable https-tracking
extensions.blocklist.enabled:false ---> disble Mozilla's option to block/disable your addons remotely
webgl.disabled:true ---> disable WebGL (
http://security.stackexchange.com/quest ... ty-concern)
tor
----------------------------------------------------------------------------
/etc/privoxy/config
# tor, onion and i2p
forward-socks5 / 127.0.0.1:9050 .
forward-socks5 .onion 127.0.0.1:9050 .
forward .i2p localhost:4444
iceweael -> menu -> edit ->preferences -> advanced -> network -> settings:
manual proxy configuration: host 127.0.0.1 port 8118
use for all protocols (important)