Firefox Configuration

12-25-21

Installation

macOS: brew install --cask firefox

Arch/Artix: yay -S firefox

Settings

General

Language and Appearance

• Check spelling as you type –> Disabled

Browsing

• Recommend extensions as you browse –> Disabled
• Recommend features as you browse –> Disabled

Home

• Homepage and new windows –> Blank Page
• New tabs –> Blank Page
• Uncheck all Firefox Home Content

Search

• Default Search Engine –> DuckDuckGo

Browser Privacy

Enhanced Tracking Protection

• Tracking Prtection –> Custom
  • Cookies –> Cross-site cookies
  • Tracking content –> In all windows
  • Cryptominers –> Enabled
  • Fingerprinters –> Enabled
• “Do Not Track” –> Always

Cookies and Site Data

• Delete cookies and site data when Firefox is closed –> Enabled

Logins and Passwords

• Ask to save logins and passwords for websites –> Disabled
• Show alerts about passwords for breached websites –> Disabled

Forms and Autofill

• Autofill addresses –> Disabled
• Autofill credit cards –> Disabled

History

• Use custom settings for history
• Alwaays use private browsing mode –> Enabled

Address Bar

• Uncheck all

Security

• Deceptive Content and Dangerous Software Protection –> Uncheck all
• HTTPS-Only –> Enable (Optional)

Advanced configuration

Notes from PTIO/Chris Xiao

about:config

Telemetry

• browser.newtabpage.activity-stream.feeds.telementry –> false
• browser.ping-centre.telemetry –> false
• browser.tabs.crashReporting.sendReport –> false
• devtools.onboarding.telemetry.logged –> false
• toolkit.telemetry.enabled –> false
• toolikt.telemetry.server –> blank
• toolkit.telemetry.unified –> false

Pocket

• browser.newtabpage.activity-stream.feeds.discoverystreamfeed –> false
• browser.newtabpage.activity-stream.feeds.section.topstories –> false
• browser.newtabpage.activity-stream.section.highlights.includePocket –> false
• browser.newtabpage.activity-stream.showSponsored –> false
• extensions.pocket.enabled –> false

Prefetching

• network.dns.disablePrefetch –> true
• network.prefetch-next –> false

JS in PDF

• pdfjs.enableScripting –> false

SSL

• security.ssl3.rsa_des_ede3_sha –> false
• security.ssl.require_safe_negotiation –> true

Account

• identity.fxaccounts.enabled –> false

Geolocation

• geo.enabled –> false

WebRTC

• media.peerconnection.enabled –> false
• media.navigator.enabled –> false

WebGL

• webgl.disabled –> true

Fingerprinting

• privacy.resistFingerprinting –> true

Referrer headers

• network.http.sendRefererHeader –> 0

Cookies

• privacy.firstparty.isolate –> true
• network.cookie.lifetimePolicy –> 2

Extensions

• Bitwarden - password manager
• ClearURLs - cleans long “tracking” URLs
• Decentraleyes - local CDN
• DF YouTube - blocks YouTube dark patterns and garbage front page
• uBlock Origin - content blocker

To-Do

• bookmark sync