Firefox Configuration

Configuring Firefox for privacy and performance

08-24-24

Installation

macOS: brew install --cask firefox

Arch/Artix: yay -S firefox

Settings

General

Language and Appearance

• Check spelling as you type –> Disabled

Browsing

• Recommend extensions as you browse –> Disabled
• Recommend features as you browse –> Disabled

Home

• Homepage and new windows –> Blank Page
• New tabs –> Blank Page
• Uncheck all Firefox Home Content

Search

• Default Search Engine –> DuckDuckGo
• Search Suggestions –> Disabled
• Address Bar –> Uncheck all

Privacy & Security

Browser Privacy

• Tracking Prtection –> Strict
• “Tell webiste not to sell or share my data” –> Always
• “Do Not Track” –> Always

Cookies and Site Data

• Delete cookies and site data when Firefox is closed –> Enabled

Passwords

• Ask to save logins and passwords for websites –> Disabled
• Show alerts about passwords for breached websites –> Disabled

Forms and Autofill

• Autofill addresses –> Disabled
• Autofill credit cards –> Disabled

History

• Use custom settings for history
• Always use private browsing mode –> Enabled

Permissions

• Location/Camera/Microphone/Notifiactions/Virtual Reality –> “Block new requests”

Firefox Data Collection and Use

• Uncheck all

Security

• Deceptive Content and Dangerous Software Protection –> Uncheck all
• HTTPS-Only Mode –> Enable in all windows

Advanced configuration

about:config

Telemetry

• browser.newtabpage.activity-stream.feeds.telementry –> false
• browser.tabs.crashReporting.sendReport –> false
• toolkit.telemetry.enabled –> false
• toolikt.telemetry.server –> blank
• toolkit.telemetry.unified –> false

Pocket

• browser.newtabpage.activity-stream.feeds.discoverystreamfeed –> false
• browser.newtabpage.activity-stream.feeds.discoverystream.sendToPocket.enabled –> false
• browser.newtabpage.activity-stream.feeds.section.topstories –> false
• browser.newtabpage.activity-stream.section.highlights.includePocket –> false
• browser.newtabpage.activity-stream.showSponsored –> false
• browser.newtabpage.activity-stream.showSponsoredTopSites –> false
• browser.newtabpage.activity-stream.system.showSponsored –> false
• services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsored –> false
• services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsoredTopSites –> false
• extensions.pocket.enabled –> false

Prefetching

• network.dns.disablePrefetch –> true
• network.dns.disablePrefetchFromHTTPS –> true
• network.prefetch-next –> false

SSL

• security.ssl3.rsa_des_ede3_sha –> false
• security.ssl.require_safe_negotiation –> true

Account

• identity.fxaccounts.enabled –> false

Geolocation

• geo.enabled –> false

WebRTC

• media.peerconnection.enabled –> false
• media.navigator.enabled –> false

WebGL

• webgl.disabled –> true
• (2024 note: I probably recommend leaving this enabled)

Fingerprinting

• privacy.resistFingerprinting –> true

Referrer headers

• network.http.sendRefererHeader –> 0

Cookies

• privacy.firstparty.isolate –> true

Extensions

• Bitwarden - password manager
• ClearURLs - cleans long “tracking” URLs
• Decentraleyes - local CDN
• DF YouTube - blocks YouTube dark patterns and garbage front page
• dotepub - epub conversion
• EpubPress - epub conversion
• SingleFile - HTML generator
• uBlock Origin - content blocker

Tagged: Configuration Privacy Security