Jump to content

My Firefox Settings: Difference between revisions

From Copper9 Wiki
No edit summary
No edit summary
Line 38: Line 38:
* <code>media.autoplay.blocking_policy</code> = <code>1</code>
* <code>media.autoplay.blocking_policy</code> = <code>1</code>
* <code>media.autoplay.allow-muted</code> = <code>false</code>
* <code>media.autoplay.allow-muted</code> = <code>false</code>
=== Experimental Social Settings ===
''Note: These disable legacy social integrations. May not be necessary on modern versions.''
* <code>social.whitelist</code> = (leave empty)
* <code>social.toast-notifications.enabled</code> = <code>false</code>
* <code>social.shareDirectory</code> = (leave empty)
* <code>social.remote-install.enabled</code> = <code>false</code>
* <code>social.directories</code> = (leave empty)
* <code>social.share.activationPanelEnabled</code> = <code>false</code>


=== Additional Hardening Actions ===
=== Additional Hardening Actions ===

Revision as of 20:50, 17 May 2026

Note: This article is imported from an old note-taking app and may be outdated.

Core Modifications & Bloatware Removal

Some guides, such as the Spyware Watchdog Mitigation Guide, recommend deleting default plugins bundled within the Firefox directory that may introduce privacy concerns or act as bloatware.

Navigate to your Firefox features directory and remove unnecessary add-ons:

cd /usr/lib/firefox/browser/features
doas rm *.xpi

List of bundled plugins commonly removed:

  • firefox@getpocket.com.xpi — Pocket
  • followonsearch@mozilla.com.xpi — Follow-On Search
  • activity-stream@mozilla.org.xpi — Activity Stream
  • screenshots@mozilla.org.xpi — Screenshots
  • onboarding@mozilla.org.xpi — Onboarding
  • formautofill@mozilla.org.xpi — Autofill
  • webcompat@mozilla.org.xpi — Web Compatibility Reporter

Configuration Tweaks (about:config)

Privacy, Security & Networking

network.trr.mode
Set to 3 to force DNS over HTTPS (DoH) every time you make a DNS request, even if your DNS server doesn't respond. (Alternatively, change the "DNS protection" preference in Settings).
security.tls.version.min
Set to 3 to enforce strict TLS standards.
network.http.referrer.spoofSource
Set to true.
browser.display.use_document_fonts
Set to 0 to mitigate font fingerprinting.
browser.urlbar.maxRichResults
Set to 0 (or desired low number) to limit URL bar suggestions.
accessibility.blockautorefresh
Set to true to disable forced redirections. Combining this with disabled CSS and JS yields raw, unmangled result links. (via Pedantic Software)
browser.sessionstore.interval
Set to a very high value to reduce disk writes and SessionStore tracking.

Media & Autoplay Limitations

To disable autoplay and drastically reduce background video caching, apply the following:

  • media.autoplay.enabled = false
  • media.cache_readahead_limit = 0
  • media.cache_resume_threshold = 10
  • media.autoplay.blocking_policy = 1
  • media.autoplay.allow-muted = false

Additional Hardening Actions

  • Disable Firefox SessionStore: Search for browser.sessionstore in about:config and disable relevant telemetry/saving mechanisms.
  • Disable CSS Visited Links: Mitigates history-sniffing vulnerabilities. Read the Reddit discussion here.

User.js Templates & Generators

Instead of manually configuring about:config, you can use pre-configured user.js files.

Generators:

  • ffprofile.com — Interactive user.js generator.
    • Note on User-Agent Spoofing: While you can spoof your user-agent to a more common one (e.g., Chrome), doing so on Firefox can actually make your browser fingerprint more unique (alternative tools list). Because Firefox's engine behaves differently than Chromium, mismatched engine/user-agent data is easily detectable. For common agents, see Willhouse or WhatIsMyBrowser.

Popular Pre-configured Templates:

  1. Arkenfox (Highly recommended, well-known)
  2. Pyllyukko (Security focused)
  3. Narsil's user.js (Privacy focused)
  4. Vulpes
  5. Narsil's user.js for Pale Moon (Privacy focused)
  6. krathalan config
  7. simeononsec FireFox Script
  8. vermaden's Sensible Setup

Extensions & Add-ons

  • ximatrix: A Firefox extension similar to uMatrix capable of blocking inline scripts and advanced requests. Source code available here.
  • Chrome Extensions on Firefox: Firefox has introduced capabilities for importing Chrome extensions. Read the Slashdot coverage.
  • Extension Restrictions: Mozilla occasionally restricts add-ons on specific domains. To disable these restrictions and allow uBlock Origin to operate aggressively everywhere, read 12bytes' analysis and their uBlock suggested settings.

Browser UI & Maintenance Tweaks

Comprehensive Hardening Guides & Reading