My Firefox Settings: Difference between revisions
No edit summary |
|||
| Line 64: | Line 64: | ||
* '''Block Pop-Ups''': [https://support.mozilla.org/bm/questions/1369602 Mozilla Support thread on native pop-up blocking]. | * '''Block Pop-Ups''': [https://support.mozilla.org/bm/questions/1369602 Mozilla Support thread on native pop-up blocking]. | ||
* '''GeckoView Config''': You can access deeper settings via [chrome://geckoview/content/config.xhtml chrome://geckoview/content/config.xhtml]. | * '''GeckoView Config''': You can access deeper settings via [chrome://geckoview/content/config.xhtml chrome://geckoview/content/config.xhtml]. | ||
TODO update this part with my settings | TODO update this part with my settings My settings are | ||
Going to settings and. | |||
General: | |||
Open links in tabs instead of new windows -> enabled | |||
Show an image preview when you hover on a tab -> disabled | |||
Fonts -> Allow pages to choose their own fonts instead of your selections above -> disabled | |||
Language -> English US | |||
Webpage language -> Request English versions of web pages for enhanced privacy -> True | |||
Enable full page translations -> disabled | |||
Check spelling as you type -> false | |||
Enable PiP video controls -> false | |||
control media via keyboard headset or virtual interface -> false | |||
enable link previews -> disabled | |||
Home: | |||
Homepage and new windows -> blank page | |||
new tabs -> blank page | |||
Search: | |||
Switch to a better search engine (lite.duckduckgo.com or my own searxng and 4get instances) | |||
Show search suggestions -> disabled | |||
Privacy and Security: | |||
Strict tracking protection -> fix major site issues -> disabled | |||
Tell websites to not to sell or share my data -> enabled (enabled DNT too by using the secret about config entry) | |||
Clear cookies and site data every time you close firefox -> true | |||
do not save passwords, payment, address | |||
clear history when firefox closes -> true | |||
permissions -> disallow everything | |||
block popups and 3rd party redirect -> true | |||
warn if websites install extensions -> true | |||
data collection -> disallow everything | |||
https only mode -> enable | |||
dns over https -> max protection with a privacy friendly provider | |||
== Comprehensive Hardening Guides & Reading == | == Comprehensive Hardening Guides & Reading == | ||
Revision as of 10:54, 18 May 2026
Note: This article is imported from an old note-taking app and may be outdated.
Core Modifications & Bloatware Removal
Some guides, such as the Spyware Watchdog Mitigation Guide, recommend deleting default plugins bundled within the Firefox directory that may introduce privacy concerns or act as bloatware.
Navigate to your Firefox features directory and remove unnecessary add-ons:
cd /usr/lib/firefox/browser/features
doas rm *.xpi
List of bundled plugins commonly removed:
firefox@getpocket.com.xpi— Pocketfollowonsearch@mozilla.com.xpi— Follow-On Searchactivity-stream@mozilla.org.xpi— Activity Streamscreenshots@mozilla.org.xpi— Screenshotsonboarding@mozilla.org.xpi— Onboardingformautofill@mozilla.org.xpi— Autofillwebcompat@mozilla.org.xpi— Web Compatibility Reporter
Configuration Tweaks (about:config) (if user.js does not cover them)
Privacy, Security & Networking
accessibility.blockautorefresh- Set to
trueto disable forced redirections. Combining this with disabled CSS and JS yields raw, unmangled result links. (via Pedantic Software) browser.sessionstore.interval- Set to a very high value to reduce disk writes and SessionStore tracking.
Additional Hardening Actions
- Disable Firefox SessionStore: Search for
browser.sessionstoreinabout:configand disable relevant telemetry/saving mechanisms. - Disable CSS Visited Links: Mitigates history-sniffing vulnerabilities. Read the Reddit discussion here.
User.js Templates & Generators
Instead of manually configuring about:config, you can use pre-configured user.js files.
TODO: Add information about how to set up user.js here.
Generators:
- ffprofile.com — Interactive
user.jsgenerator.- Note on User-Agent Spoofing: While you can spoof your user-agent to a more common one (e.g., Chrome), doing so on Firefox can actually make your browser fingerprint more unique (alternative tools list). Because Firefox's engine behaves differently than Chromium, mismatched engine/user-agent data is easily detectable. For common agents, see Willhouse or WhatIsMyBrowser.
Popular Pre-configured Templates:
- Arkenfox (Highly recommended, well-known)
- Pyllyukko (Security focused)
- Narsil's user.js (Privacy focused) (I use this one)
- Vulpes
- Narsil's user.js for Pale Moon (Privacy focused)
- krathalan config
- simeononsec FireFox Script
- vermaden's Sensible Setup
Extensions & Add-ons
- ximatrix: A Firefox extension similar to uMatrix capable of blocking inline scripts and advanced requests. Source code available here.
- Alternative: paraMatrix (a fork of ximatrix).
- Chrome Extensions on Firefox: Firefox has introduced capabilities for importing Chrome extensions. Read the Slashdot coverage.
- Extension Restrictions: Mozilla occasionally restricts add-ons on specific domains. To disable these restrictions and allow uBlock Origin to operate aggressively everywhere, read 12bytes' analysis and their uBlock suggested settings.
Browser UI & Maintenance Tweaks
- Verify Database Integrity: Navigate to
about:support-> Scroll down to Places Database -> Click Verify Integrity. - Turn Off Firefox Sidebar: Guide to disabling the PDF viewer sidebar.
- Disable Firefox Translator: Guide to disabling built-in local translation.
- Block Pop-Ups: Mozilla Support thread on native pop-up blocking.
- GeckoView Config: You can access deeper settings via [chrome://geckoview/content/config.xhtml chrome://geckoview/content/config.xhtml].
TODO update this part with my settings My settings are
Going to settings and.
General:
Open links in tabs instead of new windows -> enabled
Show an image preview when you hover on a tab -> disabled
Fonts -> Allow pages to choose their own fonts instead of your selections above -> disabled
Language -> English US
Webpage language -> Request English versions of web pages for enhanced privacy -> True
Enable full page translations -> disabled
Check spelling as you type -> false
Enable PiP video controls -> false
control media via keyboard headset or virtual interface -> false
enable link previews -> disabled
Home:
Homepage and new windows -> blank page
new tabs -> blank page
Search:
Switch to a better search engine (lite.duckduckgo.com or my own searxng and 4get instances)
Show search suggestions -> disabled
Privacy and Security:
Strict tracking protection -> fix major site issues -> disabled
Tell websites to not to sell or share my data -> enabled (enabled DNT too by using the secret about config entry)
Clear cookies and site data every time you close firefox -> true
do not save passwords, payment, address
clear history when firefox closes -> true
permissions -> disallow everything
block popups and 3rd party redirect -> true
warn if websites install extensions -> true
data collection -> disallow everything
https only mode -> enable
dns over https -> max protection with a privacy friendly provider
Comprehensive Hardening Guides & Reading
- Awesome Firefox
- JArmandoG's Firefox Hardening Guide
- drduh's macOS Browser Privacy Guide
- sunknudsen's Privacy Guides
- Wrongthink: Hardened Web Browser
- Unixsheikh: Tweaking Firefox
- Spyware Watchdog: Firefox Mitigation
- Fingerprint.com: Browser Anti-Fingerprinting Techniques
- atcuno's Privacy Guide (Outdated but helpful concepts)
- CISOfy Browser Security Guide
- MozillaZine Firefox Wiki