206 lines
8 KiB
Text
206 lines
8 KiB
Text
Maximize/"Harden" Firefox privacy settings
|
|
(via Mental Outlaw YT channel and Chris Xiao's Yet Another Firefox Hardening
|
|
article and Unix Sheikh's Choose your Browser Carefully article):
|
|
|
|
Install Ublock Origin
|
|
Install UBlacklist
|
|
Install LibRedirect
|
|
Install NoScript
|
|
Install Chameleon
|
|
Install LocalCDN
|
|
Install OneTab (set OneTab to not open up on startup)
|
|
Install DarkReader (in DarkReader menu under More, set to Static)
|
|
Install Vimium-FF
|
|
Set Default Search Engine to Duck Duck Go Lite
|
|
Install Always active Window - Always Visible
|
|
Install Classic mode for Wikipedia
|
|
Install Stack Overflow Prettifier
|
|
Install ClearURLs
|
|
Install Cookie AutoDelete
|
|
Install Don't Track Me Google
|
|
Install Measure-it
|
|
Install FastForward
|
|
Install Firefox Translations
|
|
Install User-Agent-Switcher and Manager
|
|
Install OverbiteWX
|
|
Install Return YouTube Dislike
|
|
Install SponsorBlock for Youtube-Skip Sponsorships (under Misc, enable invidious 3rd party)
|
|
Insall Vue.js devtools
|
|
Install WAVE Evaluation Tool
|
|
Install Wappalyzer
|
|
Install Manjaro Theme (matcha-dark-azul for blue, matcha-dark-sea for green)
|
|
Get Firefox to remember nothing through Preferences setting
|
|
Set Firefox to never visit non https websites
|
|
Disable smooth scrolling
|
|
|
|
about:config settings
|
|
(Optional): Turn off Javascript
|
|
media.peerconnection.enabled set to false #breaks real-time audio/video
|
|
media.navigator.enabled to false #breaks real-time audio/video
|
|
media.gmp
|
|
devtools.onboarding.telemetry.logged to false
|
|
datareporting.policy.dataSubmissionEnabled set to false
|
|
app.normandy.enabled set to false
|
|
extensions.pocket.enabled to false
|
|
extensions.formautofill.available set to blank
|
|
extensions.screenshots.disabled set to true
|
|
extensions.webcompat-reporter.enabled set to false
|
|
privacy.resistfingerprinting set to true #noticeable performance and stability impact, proceed with caution.
|
|
privacy.firstparty.isolate to true
|
|
network.dns.disablePrefetch to true
|
|
network.predictor.enabled set to false
|
|
network.prefetch-next to false
|
|
network.http.sendRefererHeader to 0 #sites with forms and logins may break
|
|
network.http.referer.XoriginPolicy to 1
|
|
network.cookie.lifetimePolicy to 2
|
|
network.trr.mode to 3
|
|
pdfjs.enableScripting to false
|
|
identity.fxaccounts.enabled to false
|
|
geo.enabled to false
|
|
dom.webnotifications.enabled to false
|
|
security.ssl3.rsa_des_ede3_sha set to false
|
|
security.ssl.require_safe_negotiation set to true
|
|
security.tls.version set to at least 3 (4 highest setting as of 2021, but not necessary according to Mental Outlaw)
|
|
security.tls.enable_Ortt_data set to false
|
|
browser.shell.checkDefaultBrowser = false
|
|
browser.formfill.enable set to false
|
|
browser.cache.disk.enable set to false
|
|
browser.cache.disk_cache_ssl set to false
|
|
browser.cache.memory.enable set to false
|
|
browser.cache.offline.enable set to false
|
|
browser.cache.insecure.enable set to false
|
|
browser.privatebrowsing.autostart set to true
|
|
browser.urlbar.speculativeConnect.enabled set to false
|
|
browser.urlbar.maxRichResults set to 0
|
|
browser.search.suggest.enabled set to false
|
|
plugin.scan.plid.all set to false (same, couldn't find)
|
|
browser.ping-centre.telemetry set to false
|
|
browser.newtabpage.activity-stream.feeds.telemetry set to false
|
|
browser.newtabpage.activity-stream.telemetry set to false
|
|
browser.newtabpage.activity-stream.section.highlights.includePocket to false
|
|
browser.tabs.crashReporting.sendReport to false
|
|
browser.tabs.tabmanager.enabled to false
|
|
browser.tabs.cardPreview.enabled to false
|
|
browser.tabs.cardPreview.showThumbnails to false
|
|
browser.uidensity to 1 (makes the browser's tabs not so huge for firefox 89+)
|
|
browser.chrome.site_icons to false (removes favicons)
|
|
browser.tabs.tabsmanager.enabled to false
|
|
accessibility.force_disabled to 1 (improves performance)
|
|
extensions.unifiedExtensions.enabled to false (to remove item visually, remove all extensions from list)
|
|
devtools.onboarding.telemetry.logged to false
|
|
toolkit.telemetry.enabled to false
|
|
toolkit.telemetry.server Delete the URL and leave it empty
|
|
toolkit.telemetry.archive.enabled set to false
|
|
toolkit.telemetry.bhrPing.enabled set to false
|
|
toolkit.telemetry.firstShutdownPing.enabled set to false
|
|
toolkit.telemetry.newProfilePing.enabled set to false
|
|
toolkit.telemetry.unified set to false
|
|
toolkit.telemetry.updatePing.enabled set to false
|
|
toolkit.telemetry.shutdownPingSender.enabled set to false
|
|
webgl.disabled set to true
|
|
privacy.firstparty.isolate set to true
|
|
security.ssl.enable_false_start set to false
|
|
browser.sessionstore.resume_from_crash to false
|
|
|
|
go into ublock origin and check the 'Prevent WebRTC from leaking local IP addresses' box.
|
|
go into usr/lib/firefox/distribution and open/create package.json and input the following:
|
|
|
|
{
|
|
"policies": {
|
|
"DisableAppUpdate": true,
|
|
"DisableFirefoxAccounts": true,
|
|
"DisableTelemetry": true,
|
|
"DNSOverHTTPS": {
|
|
"Enabled": false,
|
|
"Locked": true
|
|
},
|
|
"DontCheckDefaultBrowser": true,
|
|
"NetworkPrediction": false,
|
|
"PromptForDownloadLocation": true,
|
|
"SearchEngines": {
|
|
"PreventInstalls": true
|
|
},
|
|
"SearchSuggestEnabled": false,
|
|
"NetworkPrediction": false
|
|
}
|
|
}
|
|
|
|
The following isn't privacy related, but turns off proton in firefox, which makes better use of screenspace:
|
|
|
|
browser.proton.enabled set to false
|
|
browser.proton.modals.enabled set to false
|
|
browser.proton.doorhangers.enabled set to false
|
|
browser.proton.contextmenus.enabled set to false
|
|
browser.sessionstore.resume_from_crash false
|
|
|
|
Copy the chrome directory into the profile ($HOME/.librewolf/*.default-release)
|
|
This feature isn't officially supported anymore so enable it by heading to
|
|
about:config and find/set:
|
|
toolkit.legacyUserProfileCustomizations.stylesheets : true (enables userChrome)
|
|
|
|
Custom Caret Widths for Text Cursor:
|
|
In about:config, add these new custom properties (they don't exist by default):
|
|
ui.caretWidth (set to number, and set to 10)
|
|
ui.caretBlinkTime (set to number, and set to 0 to disable blink)
|
|
|
|
Disable "This Time Search With":
|
|
browser.urlbar.scotchBonnet.enableOverride to false
|
|
|
|
|
|
browser.urlbar.maxRichResults to 0 (removes annoying blue search suggestions)
|
|
Go into Ublock Origin, Under Filter List, open Annoyances and click all
|
|
checkboxes (blocks annoying cookie confirmation popups amongst others).
|
|
|
|
Disable JavaScript JIT Compiler:
|
|
javascript.options.baselinejit false
|
|
javascript.options.ion false
|
|
javascript.options.wasm false
|
|
javascript.options.asmjs false
|
|
|
|
In about:preferences#privacy:
|
|
|
|
Enable secure DNS using Default protection.
|
|
Use custom secure DNS, under Max Protection, input mullvad's DNS server:
|
|
https://base.dns.mullvad.net/dns-query
|
|
|
|
Disable Ads
|
|
browser.shopping.experience2023.active to false
|
|
browser.shopping.experience2023.ads.userEnabled to false
|
|
browser.shopping.experience2023.autoOpen.userEnabled to false
|
|
browser.shopping.experience2023.showKeepSidebarClosedMessage to false
|
|
browser.shopping.experience2023.suvey.enabled to false
|
|
|
|
In Ublock Origin:
|
|
Enable all filter lists in settings/filter lists
|
|
Add bypass filter list:
|
|
https://gitflic.ru/project/magnolia1234/bypass-paywalls-clean-filters/blob/raw?file=bpc-paywall-filter.txt
|
|
Add huge ai black list filter list
|
|
https://raw.githubusercontent.com/laylavish/uBlockOrigin-HUGE-AI-Blocklist/main/list_uBlacklist.txt
|
|
|
|
In UBlacklist, do the same for the huge ai blacklist, under options/subscriptions, click "Add a subscriptions", and place the filter list in the form:
|
|
https://raw.githubusercontent.com/laylavish/uBlockOrigin-HUGE-AI-Blocklist/main/list_uBlacklist.txt
|
|
|
|
For Android Only (Ironfox/Fennec):
|
|
about:config:
|
|
|
|
network.trr.mode to 0
|
|
|
|
(defaults to OS level DNS resolver, set in Android Network settings, Private DNS field, to https://base.dns.mullvad.net/dns-query)
|
|
|
|
Set zoom to only be specific to tab you are on:
|
|
browser.zoom.siteSpecific to false
|
|
|
|
Disable AI Features:
|
|
|
|
browser.ml.chat.enabled to false
|
|
browser.ml.enabled to false
|
|
browser.ml.linkPreview.enabled to false
|
|
browser.ml.pageAssist.enabled to false
|
|
browser.ml.smartAssist.enabled to false
|
|
extensions.ml.enabled to false
|
|
browser.tabs.groups.smart.enabled to false
|
|
browser.search.visualSearch.featureGate to false
|
|
browser.urlbar.quicksuggest.mlEnabled to false
|
|
pdfjs.enableAltText to false
|
|
places.semanticHistory.featureGate to false
|
|
sidebar.revamp to false
|