My Firefox Settings
THIS ARTICLE IS IMPORTED FROM MY OLD NOTE-TAKING APP AND MAY BE OUTDATED
Remove Add-ons
cd /usr/lib/firefox/browser/features
doas rm *.xpi
Firefox Settings for Hardening
Disable Firefox SessionStore in about:config
Disable browser.urlbar.maxRichResults
about:support -> Places Database -> Verify Integrity
Turn Off Firefox Sidebar
Look here.
Disable Firefox Translator here
Disable Firefox Restricted Domains and Make uBlock more Agressive
Fingerprint.com's Blog Post
Disable CSS Visited Links
Look here.
Firefox user.js generators
How to Block Pop-Ups in Firefox
Look here
Chrome Extensions on Firefox
Look here
Outdated but helpful guide
Oh, one more
My Notes From ffprofile.com (with my opinions)
You can change your user-agent to more common than Firefox's default user-agent.
This website shows most common user-agents.
Or you can use this or this website.
But because of Firefox isn't Chromium-based, it can make you more unique (list of alternative tools) (because of some engine differences) instead less unique.
Templates
- Arkenfox (well-known)
- Pyllyukko
- Narsil's user.js (privacy focused not security)
- Vulpes
- Narsil's user.js for Pale Moon (for Pale Moon) (privacy focused not security)
- krathalan config
- simeononsec FireFox Script
- vermaden
Guides for Firefox Hardening
Spyware Watchdog Mitigation Guide
My Notes From JArmandoG's Guide
These are some about:config options to consider changing after applied user.js settings.
- security.tls.version.min -> 3
- network.http.referrer.spoofSource -> true
- browser.display.use_document_fonts -> 0
My Notes From Spyware Watchdog Guide
You need to delete several default plugins in Firefox directory at /path/to/Firefox/browser/features
(I.e. /usr/lib/Firefox/browser/features/) that can violate privacy:
- firefox@getpocket.com.xpi — Pocket
- followonsearch@mozilla.com.xpi — Follow-On Search
- activity-stream@mozilla.org.xpi — Activity Stream
- screenshots@mozilla.org.xpi — Screenshots
- onboarding@mozilla.org.xpi — Onboarding
- formautofill@mozilla.org.xpi — Autofill
- webcompat@mozilla.org.xpi — Web Compatibility Reporter
My Notes From Mullvad DNS Blog
In about:config make this: network.trr.mode -> 3
Or change the “DNS protection” preference in Settings.
It will force DNS over HTTPS every time you make a DNS request. (even if your DNS server doesn't respond)
My Notes From Unixsheikh
Look here
My Notes From Pedantic Software Blog
“For Google, I take this even further: if redirections are disabled (in Firefox's about:config, set accessibility.blockautorefresh to true; this used to be available in the normal config dialog, in the good old days), in addition to both CSS and javascript being disabled, then you'll see a simple page with the unmangled results links.”
Config Page
[chrome://geckoview/content/config.xhtml Open it…] Wiki
One More Thing
In about config, do this:
- media.autoplay.enabled -> false
- media.cache_readahead_limit = 0
- media.cache_resume_threshold = 10
- media.autoplay.blocking_policy = 1
- media.autoplay.allow-muted -> false
This will disable autoplay and reduce video caching.
I don't know if it is necessary or not
about:config settings but haven't tried it yet (I temporarily switched to Chromium)
- social.whitelist -> nothing
- social.toast-notifications.enabled -> false
- social.shareDirectory -> nothing
- social.remote-install.enabled -> false
- social.directories -> nothing
- social.share.activationPanelEnabled -> false
- browser.sessionstore.interval -> set it too high
ximatrix extension
ximatrix is a Firefox extension similar to uMatrix. ximatrix can block anything that uMatrix can. It's also can block inline things. You can look the code with this link. Or you can use paraMatrix which is fork of ximatrix.