+ A Guide to Bettering Firefox +
++ Web browsers are kind of awful. They do too much + (why + would I want a combination image viewer/pdf reader/media + player/html renderer?), and as a result, + + they are bloated beyond belief. They strain developer + resources, require sandboxing because of the insane default that + JavaScript is arbitrarily executed, and yet, they're the most + prolific method of application distribution in the modern day. + Web browsers have become the most convenient place for many to + do their computing, so with this page, I'm trying to define a + more sane functionality for the browser I use—Firefox. +
+Why Firefox?
++ I use Firefox because it is the easiest web browser from which + the kinds of modifications I need are available. If there were a + web browser that implemented these modifications as sane + defaults (and + I do plan on creating my own that does), I would + immediately switch to it; but until there is a satisfactory + browser, which can do what I want out of Firefox, I will stick + either with it or a fork of it like + + LibreWolf. +
++ If you don't want to use Firefox, then at least + + choose your browser carefully. +
+
+ In addition to the modifications and extensions listed here, my
+ script,
+ xdg-sanity, can be used to prevent your web
+ browser from being used to open remote content that has a MIME
+ type other than text/html.
+
+
+ Modifications to about:config
+
+
+ Read more about about:config
+
+ here.
+
+ + These settings are advanced user settings, and I'm not + responsible for misconfigured browsers, broken web pages, or + thermonuclear war. +
++ Make any entries that do not have anything written for their + values blank. +
+ ++ Performance +
+-
+
gfx.webrender.all = true
+
+ Disable or Enable Features +
+-
+
widget.use-xdg-desktop-portal = true
+ dom.event.contextmenu.enabled = false
+ extensions.screenshots.disabled = true
+ browser.quitShortcut.disabled = true
+ reader.parse-on-load.enabled = false
+ -
+
+ services.sync.prefs.sync.extensions.activeThemeID = + false ++
+
Allows Firefox to use KDE Plasma filechooser on + GNU/Linux.
+ +Prevents site from blocking the context menu from being + opened.
+ +Disables redundant in-app screenshots.
+ +Disables ctrl+q quit shortcut.
+ +Disables reader mode.
+ +Prevents automatic application of themes on new + devices.
++ Disable DRM +
+-
+
-
+
media.gmp-widevinecdm.enabled = false+
+
+ -
+
media.gmp-widevinecdm.visible = false
+
+ Disable Pocket +
++ + Read more here + +
+-
+
-
+
+ browser.newtabpage.activity-stream.section.highlights.includePocket + = false ++
+
+ -
+
extensions.pocket.enabled = false+
+
+ extensions.pocket.site
+
+ -
+
extensions.pocket.oAuthConsumerKey+
+
+ extensions.pocket.api
+
+ -
+
+ services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket + = false ++
+
+ Privacy +
+-
+
privacy.resistFingerprinting = true
+ privacy.firstparty.isolate = true
+ media.navigator.enabled = false
+
+ geo.enabled = false
+ browser.send_pings = false
+ dom.netinfo.enabled = false
+
+ beacon.enabled = false
+
+ dom.enable_resource_timing = false
+
+ -
+
dom.event.clipboardevents.enabled = false+
+
+ + Disables quality-of-life features such as automatic site + dark mode detection. +
+Restrict cache, storage, and cookies to the domain that + issued the data in them.
+ +
+ + Disables location tracking. +
+Disables browsers sending POST requests when you click a + link.
+ +Prevents sites from being able to see what text you + copied or cut and when you did it.
++ Peripherals +
+-
+
-
+
+ camera.control.face_detection.enabled = false ++
+
+ -
+
+ camera.control.face_detection.enabled = false ++
+
+ -
+
dom.battery.enabled = false+
+
+ Webpage Prefetching & Caching +
+-
+
-
+
+ browser.urlbar.speculativeConnect.enabled = false ++
+
+ -
+
browser.cache.offline.enable = false+
+
+ network.prefetch-next = false
+
+ -
+
browser.cache.check_doc_frequency = 0+
+
+ Mozilla Telemetry +
+-
+
-
+
toolkit.telemetry.cachedClientID+
+
+ -
+
browser.aboutHomeSnippets.updateUrL+
+
+ -
+
+ browser.startup.homepage_override.mstone = ignore ++
+
+ -
+
+ browser.startup.homepage_override.buildID ++
+
+ -
+
startup.homepage_welcome_url+
+
+ -
+
startup.homepage_welcome_url.additional+
+
+ startup.homepage_override_url
+
+ User-Agent Spoofing +
+-
+
general.platform.override = Win32
+ -
+
+ general.useragent.override = "" ++
+
+ Returns Win32 when the
+
+ navigator.platform object is utilized
+ in JavaScript.
+
+ Set this equal to the + + latest Chrome user-agent string. +
++ + DNS-over-HTTPS + +
+-
+
-
+
network.trr.uri = ""+
+ network.trr.mode = 3
+
+ Select a DNS-over-HTTPS server to use—I use the + + dnswarden adblocking one, but if your polity censors + your internet access, you should use the uncensored one. + There is a list of alternatives available on GitHub + here. +
+ +This sets HTTPS over DNS to be on all the time
++ + Header Sanitization + +
+-
+
-
+
network.http.referer.spoofSource = true+
+
+ -
+
+ network.http.referer.hideOnionSource = true ++
+
+ Disable Google Safe Browsing +
+
+ This is an exhaustive list of all the settings you need to
+ change. Typing only browser.safebrowsing into the
+ about:config search box will return all of them, but
+ make sure to apply the correct value to each.
+
-
+
-
+
browser.safebrowsing.allowOverride = true+
+
+ -
+
+ browser.safebrowsing.malware.enabled = false ++
+
+ -
+
+ browser.safebrowsing.phishing.enabled = false ++
+
+ -
+
+ browser.safebrowsing.downloads.enabled = false ++
+
+ -
+
+ browser.safebrowsing.blockedURIs.enabled = false ++
+
+ -
+
+ browser.safebrowsing.downloads.remote.block_dangerous_host + = false ++
+
+ -
+
+ browser.safebrowsing.downloads.remote.block_dangerous + = false ++
+
+ -
+
+ browser.safebrowsing.downloads.remote.block_potentially_unwanted + = false ++
+
+ -
+
+ browser.safebrowsing.downloads.remote.enabled = false ++
+
+ -
+
browser.safebrowsing.downloads.remote.url+
+
+ browser.safebrowsing.id
+
+ -
+
+ browser.safebrowsing.provider.google4.updateURL ++
+
+ -
+
+ browser.safebrowsing.provider.google4.reportURL ++
+
+ -
+
+ browser.safebrowsing.provider.google4.reportPhishMistakeURL ++
+
+ -
+
+ browser.safebrowsing.provider.google4.reportMalwareMistakeURL ++
+
+ -
+
browser.safebrowsing.provider.google4.lists+
+
+ -
+
+ browser.safebrowsing.provider.google4.gethashURL ++
+
+ -
+
+ browser.safebrowsing.provider.google4.dataSharingURL ++
+
+ -
+
+ browser.safebrowsing.provider.google4.dataSharing.enabled + = false ++
+
+ -
+
+ browser.safebrowsing.provider.google4.advisoryURL ++
+
+ -
+
+ browser.safebrowsing.provider.google4.advisoryName ++
+
+ -
+
browser.safebrowsing.provider.google4.pver+
+
+ -
+
+ browser.safebrowsing.provider.google4.lastupdatetime ++
+
+ -
+
+ browser.safebrowsing.provider.google4.nextupdatetime ++
+
+ -
+
+ browser.safebrowsing.provider.google.advisoryName ++
+
+ -
+
+ browser.safebrowsing.provider.google.advisoryURL ++
+
+ -
+
+ browser.safebrowsing.provider.google.updateURL ++
+
+ -
+
+ browser.safebrowsing.provider.google.reportURL ++
+
+ -
+
+ browser.safebrowsing.provider.google.gethashURL ++
+
+ -
+
+ browser.safebrowsing.provider.google.reportPhishMistakeURL ++
+
+ -
+
+ browser.safebrowsing.provider.google.reportMalwareMistakeURL ++
+
+ -
+
browser.safebrowsing.provider.google.pver+
+
+ -
+
browser.safebrowsing.provider.google.lists+
+
+ -
+
+ browser.safebrowsing.provider.mozilla.gethashURL ++
+
+ -
+
+ browser.safebrowsing.provider.mozilla.lastupdatetime ++
+
+ -
+
browser.safebrowsing.provider.mozilla.pver+
+
+ -
+
+ browser.safebrowsing.provider.mozilla.updateURL ++
+
+ -
+
browser.safebrowsing.provider.mozilla.lists+
+
+ -
+
+ browser.safebrowsing.provider.mozilla.lists.base ++
+
+ -
+
+ browser.safebrowsing.provider.mozilla.lists.content ++
+
+ Extensions +
++ Note: Containerization extensions like Facebook Container or + Google Container are redundant with + + Total + Cookie Protection + and + + Enhanced Cookie Clearing. +
++ If there is any extension you feel is missing from this list, + feel free to send me a git + patch through e-mail adding it along with a description as + to why you believe it should be included. Before contacting me, please read through the + whole list, + + this, and + + this. +
+ ++ Standard Privacy Extensions +
+-
+
-
+
+ + Privacy Pass + – Stores tokens to bypass captchas. +
+
+
+ -
+
+ + uBlock Origin + – Ad blocking, cosmetic filtering, malicious script + protection, and tracker blocking; all in one package. + Add + + this blocklist to implement + ClearURLs + functionality with + + removeparam and + + this blocklist and turn on the "EasyList Cookie" + blocklist for GDPR consent popup-blocking functionality. +
+
+
+ + Advanced Privacy Extensions + +
+
+ + These extensions may hinder or break certain functionality on + websites using heavy amounts of JavaScript. +
+-
+
-
+
+ + CanvasBlocker + + – Fakes fingerprint readout for some JavaScript APIs + (blocking the canvas can break some functions of image + rendering). +
+
+
+ -
+
+ + GNU LibreJS + + – Extension that blocks all but + + freely licensed JavaScript. +
+
+
+ -
+
+ + JShelter + + – Restricts access to JavaScript APIs to prevent fingerprinting. +
+
+
+ Tools +
+-
+
-
+
+ + Bypass Paywalls + – Bypasses paywalls for some sites. +
+
+
+ -
+
+ + FireMonkey + – Lightweight user script and style manager + utilizing native Firefox APIs to support userscripts + from sources like + GreasyFork and + OpenUserJS as well + as Stylish themes from + + Userstyles. +
+
+
+ -
+
+ + Flagfox + – Displays information about a website's physical + location and IP address in the address bar. +
+
+
+ -
+
FoxyProxy + + Standard + / + + Basic + – Advanced proxy manager which replaces Firefox's + lacking settings. +
+
+
+ -
+
+ + LibRedirect + – Redirects services like Twitter and YouTube to + their privacy-respecting front-ends or alternatives. +
+
+
+ Further Reading +
++
-
+
- + + arkenfox/user.js Wiki + + + +
- + + Farbling-based wrappers to hinder browser fingerprinting + + + +
- + + Firefox — Spyware Watchdog + + + +
- + + PrivacyTests.org + + + +
- + + Revocation is Broken + + + +
- + + Add a pref to disable Do Not Track in Firefox + + + +
- + + Sync custom preferences + + + +
- + + Tor font fingerprinting defenses roadmap + + +
+ Fingerprinting Tests +
++
-
+
- + + AmIUnique + + + +
- + + BrowserLeaks + + + +
- + + canvas rfp + + + +
- + + CreepJS + + + +
- + + Cover Your Tracks + + + +
- + + Test pages for CanvasBlocker + + +