Installation

macOS: brew install --cask firefox

Arch/Artix: yay -S firefox

Settings

General

Language and Appearance

• Check spelling as you type --> Disabled

Browsing

• Recommend extensions as you browse --> Disabled
• Recommend features as you browse --> Disabled

Home

• Homepage and new windows --> Blank Page
• New tabs --> Blank Page
• Uncheck all Firefox Home Content

Search

• Default Search Engine --> DuckDuckGo

Browser Privacy

Enhanced Tracking Protection

• Tracking Prtection --> Custom
  • Cookies --> Cross-site cookies
  • Tracking content --> In all windows
  • Cryptominers --> Enabled
  • Fingerprinters --> Enabled
• "Do Not Track" --> Always

Cookies and Site Data

• Delete cookies and site data when Firefox is closed --> Enabled

Logins and Passwords

• Ask to save logins and passwords for websites --> Disabled
• Show alerts about passwords for breached websites --> Disabled

Forms and Autofill

• Autofill addresses --> Disabled
• Autofill credit cards --> Disabled

History

• Use custom settings for history
• Alwaays use private browsing mode --> Enabled

Address Bar

• Uncheck all

Security

• Deceptive Content and Dangerous Software Protection --> Uncheck all
• HTTPS-Only --> Enable (Optional)

Advanced configuration

Notes from PTIO/Chris Xiao

about:config

Telemetry

• browser.newtabpage.activity-stream.feeds.telementry --> false
• browser.ping-centre.telemetry --> false
• browser.tabs.crashReporting.sendReport --> false
• devtools.onboarding.telemetry.logged --> false
• toolkit.telemetry.enabled --> false
• toolikt.telemetry.server --> blank
• toolkit.telemetry.unified --> false

Pocket

• browser.newtabpage.activity-stream.feeds.discoverystreamfeed --> false
• browser.newtabpage.activity-stream.feeds.section.topstories --> false
• browser.newtabpage.activity-stream.section.highlights.includePocket --> false
• browser.newtabpage.activity-stream.showSponsored --> false
• extensions.pocket.enabled --> false

Prefetching

• network.dns.disablePrefetch --> true
• network.prefetch-next --> false

JS in PDF

• pdfjs.enableScripting --> false

SSL

• security.ssl3.rsa_des_ede3_sha --> false
• security.ssl.require_safe_negotiation --> true

Account

• identity.fxaccounts.enabled --> false

Geolocation

• geo.enabled --> false

WebRTC

• media.peerconnection.enabled --> false
• media.navigator.enabled --> false

WebGL

• webgl.disabled --> true

Fingerprinting

• privacy.resistFingerprinting --> true

Referrer headers

• network.http.sendRefererHeader --> 0

Cookies

• privacy.firstparty.isolate --> true
• network.cookie.lifetimePolicy --> 2

Extensions

• Bitwarden - password manager
• ClearURLs - cleans long "tracking" URLs
• Decentraleyes - local CDN
• DF YouTube - blocks YouTube dark patterns and garbage front page
• uBlock Origin - content blocker

To-Do

• bookmark sync