emma
/
site
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
site/firefox/index.html

861 lines
33 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html>
<head>
<title>Recommended Firefox Modifications</title>
<link rel="stylesheet" href="../assets/style.css">
<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<meta charset="UTF-8">
<meta content="Emma Tebibyte" name="author" />
<meta content="Emma Tebibyte's personal web page." name="description" />
<meta content="width=device-width, initial-scale=1" name="viewport" />
<meta content="interest-cohort=()" http-equiv="Permissions-Policy" /> <!-- FUCK GOOGLE -->
</head>
<body>
<div class="back">
<h5 class="pill"><a href="../">Return to my page</a></h5>
</div>
<main>
<section class="full">
<h1 class="full">
A Guide to Bettering Firefox
</h1>
<p>
Web browsers are kind of awful. They do too much
(<a href="https://web.archive.org/web/20220609080931/https://homepage.cs.uri.edu/~thenry/resources/unix_art/ch01s06.html">why
would I want a combination image viewer/pdf reader/media
player/html renderer?</a>), and as a result,
<a href="https://today.uic.edu/bloated-browser-functionality-presents-unnecessary-security-privacy-risks/">
they are bloated beyond belief</a>. They strain developer
resources, require sandboxing because of the insane default that
JavaScript is arbitrarily executed, and yet, they're the most
prolific method of application distribution in the modern day.
Web browsers have become the most convenient place for many to
do their computing, so, with this page, I'm trying to define a
more sane functionality for the browser I use—Firefox.
</p>
<h3>Why Firefox?</h3>
<p>
I use Firefox because it is the easiest web browser from which
the kinds of modifications I need are available. If there were a
web browser that implemented these modifications as sane
defaults (<a href="https://git.tebibyte.media/emma/browser/">and
I <i>do</i> plan on creating my own that does</a>), I would
immediately switch to it; but until there is a satisfactory
browser, which can do what I want from Firefox, I will stick
either with it or a fork of it like
<a href="https://librewolf.net/">
LibreWolf</a>.
</p>
<p>
If you don't want to use Firefox, then at least
<a href="https://www.unixsheikh.com/articles/choose-your-browser-carefully.html">
choose your browser carefully</a>.
</p>
<p>
In addition to the modifications and extensions listed here, my
script, <a href="https://git.tebibyte.media/emma/xdg-sanity">
<code>xdg-sanity</code></a>, can be used to prevent your web
browser from being used to open remote content that has a MIME
type other than <code>text/html</code>.
</p>
</section>
<section class="full">
<h2 id="about-config">
<a href="#about-config">
Modifications to <code class="header">about:config</code>
</a>
</h2>
<h4>Read more about <code>about:config</code>
<a href="https://support.mozilla.org/en-US/kb/about-config-editor-firefox">
here</a>.
</h4>
<p>
These settings are advanced user settings, and I'm not
responsible for misconfigured browsers, broken web pages, or
thermonuclear war.
</p>
<p>
Make any entries that do not have anything written for their
values blank.
</p>
<h3 id="performance">
<a href="#performance">Performance</a>
</h3>
<ul>
<li><code>gfx.webrender.all = true</code></li>
</ul>
<h3 id="features">
<a href="#features">Disable or Enable Features</a>
</h3>
<ul>
<li><code>widget.use-xdg-desktop-portal = true</code></li>
<p>Allows Firefox to use KDE Plasma filechooser on
GNU/Linux.</p>
<li><code>dom.event.contextmenu.enabled = false</code></li>
<p>Prevents site from blocking the context menu from being
opened.</p>
<li><code>extensions.screenshots.disabled = true</code></li>
<p>Disables redundant in-app screenshots.</p>
<li><code>browser.quitShortcut.disabled = true</code></li>
<p>Disables ctrl+q quit shortcut.</p>
<li><code>reader.parse-on-load.enabled = false</code></li>
<p>Disables reader mode.</p>
<li>
<code>
services.sync.prefs.sync.extensions.activeThemeID =
false
</code>
</li>
<p>Prevents automatic application of themes on new
devices.</p>
</ul>
<h3 id="drm">
<a href="#drm">Disable DRM</a>
</h3>
<ul>
<li>
<code>media.gmp-widevinecdm.enabled = false</code>
</li>
<li>
<code>media.gmp-widevinecdm.visible = false</code></li>
</ul>
<h3 id="pocket">
<a href="#pocket">Disable Pocket</a>
</h3>
<h4>
<a
href="https://www.ghacks.net/2015/06/23/pro-and-con-of-mozillas-pocket-integration-in-firefox/">
Read more here
</a>
</h4>
<ul>
<li>
<code>
browser.newtabpage.activity-stream.section.highlights.includePocket
= false
</code>
</li>
<li>
<code>extensions.pocket.enabled = false</code>
</li>
<li><code>extensions.pocket.site</code></li>
<li>
<code>extensions.pocket.oAuthConsumerKey</code>
</li>
<li><code>extensions.pocket.api</code></li>
<li>
<code>
services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket
= false
</code>
</li>
</ul>
<h2 id="privacy">
<a href="#privacy">Privacy</a>
</h2>
<ul>
<li><code>privacy.resistFingerprinting = true</code></li>
<div class="warn">
<img class="sym" src="../assets/img/warn.svg" />
<p>
Disables quality-of-life features such as automatic site
dark mode detection.
</p>
</div>
<li><code>privacy.firstparty.isolate = true</code></li>
<p>Restricts cache, storage, and cookies to the domain that
issued the data in them.</p>
<li><code>media.navigator.enabled = false</code></li>
<li><code>geo.enabled = false</code></li>
<div class="warn">
<img class="sym" src="../assets/img/warn.svg" />
<p>
Disables location tracking.
</p>
</div>
<li><code>browser.send_pings = false</code></li>
<p>Disables browsers sending POST requests when you click a
link.</p>
<li><code>dom.netinfo.enabled = false</code></li>
<li><code>beacon.enabled = false</code></li>
<li><code>dom.enable_resource_timing = false</code></li>
<li>
<code>dom.event.clipboardevents.enabled = false</code>
</li>
<p>Prevents sites from being able to see what text you
copied or cut and when you did it.</p>
</ul>
<h3 id="peripherals">
<a href="#peripherals">Peripherals</a>
</h3>
<ul>
<li>
<code>
camera.control.face_detection.enabled = false
</code>
</li>
<li>
<code>
camera.control.face_detection.enabled = false
</code>
</li>
<li>
<code>dom.battery.enabled = false</code>
</li>
</ul>
<h3 id="caching">
<a href="#caching">Webpage Prefetching &amp; Caching</a>
</h3>
<ul>
<li>
<code>
browser.urlbar.speculativeConnect.enabled = false
</code>
</li>
<li>
<code>browser.cache.offline.enable = false</code>
</li>
<li><code>network.prefetch-next = false</code></li>
<li>
<code>browser.cache.check_doc_frequency = 0</code>
</li>
</ul>
<h3 id="telemetry">
<a href="#telemetry">Mozilla Telemetry</a>
</h3>
<ul>
<li>
<code>toolkit.telemetry.cachedClientID</code>
</li>
<li>
<code>browser.aboutHomeSnippets.updateUrL</code>
</li>
<li>
<code>
browser.startup.homepage_override.mstone = ignore
</code>
</li>
<li>
<code>
browser.startup.homepage_override.buildID
</code>
</li>
<li>
<code>startup.homepage_welcome_url</code>
</li>
<li>
<code>startup.homepage_welcome_url.additional</code>
</li>
<li><code>startup.homepage_override_url</code></li>
</ul>
<h3 id="ua-spoofing">
<a href="#ua-spoofing">User-Agent Spoofing</a>
</h3>
<ul>
<li><code>general.platform.override = Win32</code></li>
<p>
Returns <code>Win32</code> when the
<a href="https://developer.mozilla.org/en-US/docs/Web/API/Navigator/platform">
<code>navigator.platform</code> object </a> is utilized
in JavaScript.
</p>
<li>
<code>
general.useragent.override = &quot;&quot;
</code>
</li>
<p>
Set this equal to the
<a href="https://jnrbsn.github.io/user-agents/user-agents.json">
latest Chrome user-agent string</a>.
</p>
</ul>
<h3 id="doh">
<a href="#doh">
DNS over HTTPS
</a>
</h3>
<p>
Read about DOH
<a href="https://support.mozilla.org/en-US/kb/dns-over-https-doh-faqs">
here</a>.
</p>
<ul>
<li>
<code>network.trr.uri = &quot;&quot;</code>
</li>
<p>
Select a DNS-over-HTTPS server to use—I use the
<a href="https://dnswarden.com#doh">dnswarden adblocking
one</a>, but if your polity censors your internet
access, you should use the uncensored one. There is a
list of alternatives available
<a href="https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers">
on GitHub</a>.
</p>
<li><code>network.trr.mode = 2</code></li>
<p>This sets HTTPS over DNS to be on unless the DNS
server cannot be reached.</p>
</ul>
<h3 id="header-sanitize">
<a href="#header-sanitize">
Header Sanitization
</a>
</h3>
<ul>
<li>
<code>network.http.referer.spoofSource = true</code>
</li>
<li>
<code>
network.http.referer.hideOnionSource = true
</code>
</li>
</ul>
</ul>
<h3 id="safe-browsing">
<a href="#safe-browsing">Disable Google Safe Browsing</a>
</h3>
<p>
This is an exhaustive list of all the settings you need to
change. Typing only <code>browser.safebrowsing</code> into the
<code>about:config</code> search box will return all of them,
but make sure to apply the correct value to each.
</p>
<ul>
<li>
<code>browser.safebrowsing.allowOverride = true</code>
</li>
<li>
<code>
browser.safebrowsing.malware.enabled = false
</code>
</li>
<li>
<code>
browser.safebrowsing.phishing.enabled = false
</code>
</li>
<li>
<code>
browser.safebrowsing.downloads.enabled = false
</code>
</li>
<li>
<code>
browser.safebrowsing.blockedURIs.enabled = false
</code>
</li>
<li>
<code>
browser.safebrowsing.downloads.remote.block_dangerous_host
= false
</code>
</li>
<li>
<code>
browser.safebrowsing.downloads.remote.block_dangerous
= false
</code>
</li>
<li>
<code>
browser.safebrowsing.downloads.remote.block_potentially_unwanted
= false
</code>
</li>
<li>
<code>
browser.safebrowsing.downloads.remote.enabled = false
</code>
</li>
<li>
<code>browser.safebrowsing.downloads.remote.url</code>
</li>
<li><code>browser.safebrowsing.id</code></li>
<li>
<code>
browser.safebrowsing.provider.google4.updateURL
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google4.reportURL
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google4.reportPhishMistakeURL
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google4.reportMalwareMistakeURL
</code>
</li>
<li>
<code>browser.safebrowsing.provider.google4.lists</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google4.gethashURL
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google4.dataSharingURL
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google4.dataSharing.enabled
= false
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google4.advisoryURL
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google4.advisoryName
</code>
</li>
<li>
<code>browser.safebrowsing.provider.google4.pver</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google4.lastupdatetime
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google4.nextupdatetime
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google.advisoryName
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google.advisoryURL
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google.updateURL
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google.reportURL
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google.gethashURL
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google.reportPhishMistakeURL
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.google.reportMalwareMistakeURL
</code>
</li>
<li>
<code>browser.safebrowsing.provider.google.pver</code>
</li>
<li>
<code>browser.safebrowsing.provider.google.lists</code>
</li>
<li>
<code>
browser.safebrowsing.provider.mozilla.gethashURL
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.mozilla.lastupdatetime
</code>
</li>
<li>
<code>browser.safebrowsing.provider.mozilla.pver</code>
</li>
<li>
<code>
browser.safebrowsing.provider.mozilla.updateURL
</code>
</li>
<li>
<code>browser.safebrowsing.provider.mozilla.lists</code>
</li>
<li>
<code>
browser.safebrowsing.provider.mozilla.lists.base
</code>
</li>
<li>
<code>
browser.safebrowsing.provider.mozilla.lists.content
</code>
</li>
</ul>
</div>
<div class="section">
<h1 class="header" id="extensions">
<a href="#extensions">Extensions</a>
</h1>
<p>
Note: Containerization extensions like Facebook Container or
Google Container are redundant with
<a href="https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/">
Total
Cookie Protection
</a> and
<a href="https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/">
Enhanced Cookie Clearing</a>.
</p>
<p>
If there is any extension you feel is missing from this list,
feel free to <a href="https://git-send-email.io/">send me a git
patch through e-mail</a> adding it along with a description as
to why you believe it should be included. Before <a
href="../#contact">contacting me</a>, please read through the
whole list,
<a href="https://github.com/arkenfox/user.js/wiki/4.1-Extensions#-dont-bother">
this</a>, and
<a href="https://desuarchive.org/g/thread/83169287/#q83170117">
this</a>.
</p>
<h2 id="privacy-extensions">
<a href="#privacy-extensions">Standard Privacy Extensions</a>
</h2>
<ul>
<li>
<p>
<a href="https://addons.mozilla.org/en-US/firefox/addon/privacy-pass">
Privacy Pass
</a> Stores tokens to bypass captchas.
</p>
</li>
<li>
<p>
<a href="https://addons.mozilla.org/en-US/firefox/addon/ublock-origin">
uBlock Origin
</a> Ad blocking, cosmetic filtering, malicious script
protection, and tracker blocking; all in one package.
Add
<a href="https://github.com/DandelionSprout/adfilt/">
this blocklist</a> to implement
<a href="https://clearurls.xyz/">ClearURLs</a>
functionality with
<a href="https://github.com/gorhill/uBlock/wiki/Static-filter-syntax#removeparam">
removeparam</a> and
<a href="https://github.com/yourduskquibbles/webannoyances">
this blocklist</a> and turn on the "EasyList Cookie"
blocklist for GDPR consent popup-blocking functionality.
</p>
</li>
</ul>
<h2 id="advanced-extensions">
<a href="#advanced-extensions">
Advanced Privacy Extensions
</a>
</h2>
<div class="warn">
<img class="sym" src="../assets/img/warn.svg" />
<p>
These extensions may hinder or break certain functionality on
websites using heavy amounts of JavaScript.
</p>
</div>
<ul>
<li>
<p>
<a href="https://addons.mozilla.org/en-US/firefox/addon/canvasblocker">
CanvasBlocker
</a>
Fakes fingerprint readout for some JavaScript APIs
(blocking the canvas can break some functions of image
rendering).
</p>
</li>
<li>
<p>
<a href="https://addons.mozilla.org/en-US/firefox/addon/librejs">
GNU LibreJS
</a>
Extension that blocks all but
<a href="https://www.gnu.org/philosophy/javascript-trap.html">
freely licensed JavaScript</a>.
</p>
</li>
<li>
<p>
<a href="https://addons.mozilla.org/en-US/firefox/addon/javascript-restrictor">
JShelter
</a> Restricts access to JavaScript APIs to prevent
fingerprinting.
</p>
</li>
</ul>
<h2 id="tools-extensions">
<a href="tools-extensions">Tools</a>
</h2>
<ul>
<li>
<p>
<a href="https://github.com/iamadamdev/bypass-paywalls-chrome">
Bypass Paywalls
</a> Bypasses paywalls for some sites.
</p>
</li>
<li>
<p>
<a href="https://addons.mozilla.org/en-CA/firefox/addon/firemonkey/">
FireMonkey
</a> Lightweight user script and style manager
utilizing native Firefox APIs to support userscripts
from sources like <a href="https://greasyfork.org/">
GreasyFork</a> and
<a href="https://openuserjs.org/">OpenUserJS</a> as well
as Stylish themes from
<a href="https://userstyles.org/">
Userstyles</a>.
</p>
</li>
<li>
<p>
<a href="https://addons.mozilla.org/en-US/firefox/addon/flagfox">
Flagfox
</a> Displays information about a website's physical
location and IP address in the address bar.
</p>
</li>
<li>
<p>FoxyProxy
<a href="https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/">
Standard
</a>/
<a href="https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-basic/">
Basic
</a> Advanced proxy manager which replaces Firefox's
lacking settings.
</p>
</li>
<li>
<p>
<a href="https://addons.mozilla.org/en-US/firefox/addon/libredirect/">
LibRedirect
</a> Redirects services like Twitter and YouTube to
their privacy-respecting front-ends or alternatives.
</p>
</li>
</ul>
</div>
<div class="section-full">
<h1 class="header" id="reading">
<a href="#reading">Further Reading</a>
</h1>
<p>
<ul>
<li>
<a href="https://github.com/arkenfox/user.js/wiki">
arkenfox/user.js Wiki
</a>
</li>
<li>
<a href="https://jshelter.org/farbling/">
Farbling-based wrappers to hinder browser fingerprinting
</a>
</li>
<li>
<a href="https://spyware.neocities.org/articles/firefox.html">
Firefox — Spyware Watchdog
</a>
</li>
<li>
<a href="https://privacytests.org/">
PrivacyTests.org
</a>
</li>
<li>
<a href="https://scotthelme.co.uk/revocation-is-broken">
Revocation is Broken
</a>
</li>
<li>
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1495192">
Add a pref to disable Do Not Track in Firefox
</a>
</li>
<li>
<a href="https://support.mozilla.org/en-US/kb/sync-custom-preferences#w_sync-custom-preferences">
Sync custom preferences
</a>
</li>
<li>
<a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18097">
Tor font fingerprinting defenses roadmap
</a>
</li>
</ul>
</p>
<h2 id="figerprinting">
<a href="#fingerprinting">Fingerprinting Tests</a>
</h2>
<p>
<ul>
<li>
<a href="https://amiunique.org/fp">
AmIUnique
</a>
</li>
<li>
<a href="https://browserleaks.com">
BrowserLeaks
</a>
</li>
<li>
<a href="https://arkenfox.github.io/TZP/tests/canvasrfp.html">
canvas rfp
</a>
</li>
<li>
<a href="https://abrahamjuliot.github.io/creepjs">
CreepJS
</a>
</li>
<li>
<a href="https://coveryourtracks.eff.org">
Cover Your Tracks
</a>
</li>
<li>
<a href="https://canvasblocker.kkapsner.de/test">
Test pages for CanvasBlocker
</a>
</li>
</ul>
</p>
</div>
</div> <!-- content -->
<footer>
<div class="copyleft">
<h5>This site is licensed under the <a
href="agpl-3.0.txt">AGPLv3</a> or later. Its content is covered
under the <a href="legalcode.txt">CC BY-NC-SA</a> license.</h5>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink