Spyware in tor browser and other mozilla-based products. Clean the crap out

Open about:config to find some spyware crap:
There is a built-in module in Firefox that improves your security, but steals your privacy and anonymity. The module reports what you download to Google servers to check if the file is infected with any kind of malware.

browser.safebrowsing.appRepURL (Blank)
browser.safebrowsing.downloads.enabled (False)
browser.safebrowsing.enabled (False)
browser.safebrowsing.gethashURL (Blank)
browser.safebrowsing.malware.enabled (False)
browser.safebrowsing.malware.reportURL (Blank)
browser.safebrowsing.reportErrorURL (Blank)
browser.safebrowsing.reportGenericURL (Blank)
browser.safebrowsing.reportMalwareErrorURL (Blank)
browser.safebrowsing.reportMalwareURL (Blank)
browser.safebrowsing.reportPhishURL (Blank)
browser.safebrowsing.reportURL (Blank)
browser.safebrowsing.updateURL (Blank)
services.sync.prefs.sync.browser.safebrowsing.enabled (False)
services.sync.prefs.sync.browser.safebrowsing.malware.enabled (False)

More things are reported here:

Gentoo recommend using xombrero. In order to compile it well you must compile webkit-gtk disabling all USE flags. Their good manual is here: Tor - Gentoo Wiki

Gentoo people also recommend against systemd and libvirt things.

They hardly need your ip…
Canvas is an HTML5 element which is used to draw graphics and animations on a web page via scripting in JavaScript.

But apart from this, canvas can be used as additional entropy in web-browser’s fingerprinting and used for online tracking purposes.

The technique is based on the fact that the same canvas image may be rendered differently in different computers. This happens for several reasons. At the image format level – web browsers uses different image processing engines, image export options, compression level, the final images may got different checksum even if they are pixel-identical. At the system level – operating systems have different fonts, they use different algorithms and settings for anti-aliasing and sub-pixel rendering.

This is the first live demo of the Canvas Fingerprinting. Below you can see if HTML5 Canvas is supported in your web browser and check whether this technique can keep track of you. In addition our little continuing research will show how realy unique and persistent canvas fingerprint in real life, and whether your signature in our database (we don’t collecting anything right here!).

This html5 pseudo-secure crap seems to be even more crappy than adobe flash crap. :slight_smile:

I did some research. Not (completely) true. If it were, there wouldn’t have been
attempts at building a Hardened Gentoo based Whonix-Gateway:


Here the links to some interesting talk elsewhere about it (the most recent,
to my knowledge… so there’s little hope that HardenedGentooTG will be

( esp. the links in this email of that short thread:
https://marc.info/?l=gentoo-user&m=145571818319135&w=2 )

And here the main Whonix developer sums it up why Gentoo can’t easily be used:

But I found the links you gave very insightful.

The CanvasBlocker is still being actively developed.

And the spies (old word for surveillors; ah, that one’s old too: it’s the
bulk-collectors :wink: ) versus poor users saga goes on.

In depth analyses of tracking today are to be found at:


1 Like