Theo de Raadt:
> Claus Assmann <openbsd+po...@esmtp.org> wrote:
>
>> Can someone point in me in the right direction how to prevent firefox
>> from making lots of unwanted network connections, e.g., to
>> amazonaws.com
>> cloudfront.net
>> even if I didn't open any website yet?
>>
>> I disabled "pingsender" and all "telemetry" options I could find,
>> and in OpenBSD 6.5 I simply used tcpdrop on all web connections a
>> bit after startup, but now I updated to OpenBSD 6.6 and those
>> connections come back again and again even if just let it "sit"
>> idle.
>>
>> I strongly prefer that firefox only makes network connections which
>> I initiated instead of possibly giving away my data to some places...
>
> No kidding. But you are telling the wrong people.
>
Claus:
For a long time there has been an apparent struggle between those at
Mozilla who are pro-user privacy, and those who pretend to be.
Look back in the ports@ archive with the Firefox DoH implementation,
which is one of the more recent outcomes of this battle. Otto provided
the fix with network.trr.mode set to 5 by default, instead of all DNS
requests going to Cloudflare.
https://wiki.mozilla.org/Trusted_Recursive_Resolver
Whether that change was due to a tranche of money going from Cloudflare
to Mozilla is anyone's guess. Ha.
The telemetry knobs in the about:config are worth looking at, but
there's a lot more.
Tor Brower's js changes to FF are worth reviewing, but remember some may
be directly tied to Tor Browser:
https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-browser-68.2.0esr-9.0-1
There are some other OpenBSD specific overrides IIRC. Incorporating more
overrides might be desireable, but also a maintenance headache, plus you
may end up breaking web browsing for some.
g