Firefox

This page contains firefox configuration notes, it's based on firefox hardning guide and firefox config privacy tweeks but lacks some information and adds other configuration not covered on those documents. Read stop firefox making automatic connections to get less noise.

For better implementation (protection) use a file such as; user.js.


Extensions

clearcache
clear the browser cache (DISK AND RAM) by pressing a single button or easy shortcuts.
lightbeam
let you know who connects with browser.
umatrix
allows to restrict features per website.
privacy-badger
blocks cookies based on how they behave.
https-everywhere
enforces https over http.
foxyproxy-standard
proxy plugin to configure proxy settings by domain patterns.
brief
Brief makes reading RSS feeds as easy and intuitive as it gets. Designed to have exactly the right set of features, it is powerful and simple at the same time.
wayback-machine
Archive web pages, detects dead pages, 404s, DNS failures & other web breakdowns, offering archived versions via the Internet Archive's Wayback Machine.

Hardened config

Disable firefox home or any other option when opening new window or tab, other else third party get notification each time you open a tab or start the browser.

Open about:config on firefox, privacy-settings add-on can help set some or add others.

Disable pocket, system compares browser history and serves ads;

     extensions.pocket.enabled = false

Disabling 0-RTT enhances security and privacy;

     security.tls.enable_0rtt_data = false

TLS version 1.0 and 1.1 (1.0 esecially) have some known flaws;

     security.tls.version.min = 3

Forces only safe encryption negotiation between clients and servers, prevent code injection attack;

     security.ssl.require_safe_negotiation = true

3DES cipher, which has multiple known security weaknesses;

     security.ssl3.rsa_des_ede3_sha = false

disable TLS false start;

     security.ssl.enable_false_start = false

WebRTC is a protocol related to digital rights management that helps content websites track users. It has the capability to give up your real IP address even while connected to a VPN or Tor;

     media.peerconnection.enabled = false
     media.peerconnection.video.vp9_enabled = false

A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains;

     privacy.firstparty.isolate = true

A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting;

    privacy.resistFingerprinting = true

Disables offline cache;

    browser.cache.offline.enable = false 

The attribute would be useful for letting websites track visitors’ clicks;

    browser.send_pings = false 

Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -> History -> Recently Closed Tabs.

    browser.sessionstore.max_tabs_undo = 0 

Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect to;

    browser.urlbar.speculativeConnect.enabled = false 

Website owners can track the battery status of your device;

    dom.battery.enabled = false 

Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected;

    dom.event.clipboardevents.enabled = false 

Disables geolocation;

    geo.enabled = false 

Websites can track the microphone and camera status of your device;

    media.navigator.enabled = false 

Disable cookies;

       0 = Accept all cookies by default
       1 = Only accept from the originating site (block third party cookies)
       2 = Block all cookies by default

    network.cookie.cookieBehavior = 1 

cookies are deleted at the end of the session;

       0 = Accept cookies normally
       1 = Prompt for each cookie
       2 = Accept for current session only
       3 = Accept for N days

    network.cookie.lifetimePolicy = 2 

Send only the scheme, host, and port in the Referer header;

       0 = Send the full URL in the Referer header
       1 = Send the URL without its query string in the Referer header
       2 = Send only the scheme, host, and port in the Referer header

    network.http.referer.trimmingPolicy = 2 

Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.)

       0 = Send Referer in all cases
       1 = Send Referer to same eTLD sites
       2 = Send Referer only when the full hostnames match

    network.http.referer.XOriginPolicy = 2 

When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests;

       0 = Send full url in Referer
       1 = Send url without query string in Referer
       2 = Only send scheme, host, and port in Referer

    network.http.referer.XOriginTrimmingPolicy = 2 

WebGL is a potential security risk;

    webgl.disabled = true 

Requires that information be cached in the browser, this can include valuable information like usernames and passwords;

    browser.formfill.enable = false

Network pre-fetch broadcast habits;

    network.prefetch-next = false
    network.dns.disablePrefetch = true

Disable cache, let websites write to disk is a privacy and security risk;

    browser.cache.disk.enable = false
    browser.cache.disk_cache_ssl = false
    browser.cache.memory.enable = false
    browser.cache.offline.enable = false
    browser.cache.insecure.enable = false

Disable plugin scanning what extensions and plugins installed on Firefox. Disabling this feature improves both privacy and functionality while browsing privately;

    plugin.scan.plid.all = false

Disable telemetry, features that explicitly collect data; (search telemetry and disable any other enabled feature that seems appropriate to disable that's not listed bellow)

    browser.newtabpage.activity-stream.feeds.telemetry = false
    devtools.onboarding.telemetry-logged = false
    toolkit.telemetry.archive.enabled
    toolkit.telemetry.bhrping.enabled
    toolkit.telemetry.firstshutdownping.enabled
    toolkit.telemetry.hybridcontent.enabled
    toolkit.telemetry.newprofileping.enabled
    toolkit.telemetry.unified
    toolkit.telemetry.updateping.enabled
    toolkit.telemetry.shutdownpingsender.enabled

Disable tracking surface. Data usage grows since the TLS certificate chains need to be downloaded on each connection. right click on a blank area of the page and select new -> boolean and then paste;

     security.ssl.disable_session_identifiers

Next form choose false, so it becomes; security.ssl.disable_session_identifiers = false

"Compared to regular unprotected DNS lookups done over UDP or TCP, DOH increases privacy, security and sometimes even performance. It also makes it easy to use a name server of your choice for a particular application instead of the one configured globally (often by someone else) for your entire system." Daniel.

Firefox provides (leaks) an optional resolver mechanism using a dedicated DNS-over-HTTPS server. Force disable set mode to 5 and uri to "", or set your own preferences;

     network.trr.mode = 5
     network.trr.uri = ""

Disable resolving and connecting to captive portal, this is used on retarded hot-spots;

     network.captive-portal-service.enabled = false
     network.connectivity-service.enabled = false

Push notifications system uses servers, maintained by Google or Mozilla depending on platform that interact with these sites and the user's browser;

     dom.push.enabled = false

Disable leaking each download. This feature checks signatures of software before download remotely;

     browser.safebrowsing.downloads.remote.enabled = false

Certificates

Remove "authorities" as much as possible from trusted "state".


add/view comments