I consider myself a Firefox power user: I love it and I take full advantage of its features. Here’s how I do it.

Add-ons || Extensions

Three different add-ons configurations can be found in my Firefox Collections:

  • minimal configuration, must-have add-ons for a safe and optimized browsing experience
  • main configuration, the main extensions I use + integrated tools to take advantage of the services I use in the best way possible. The main configuration extensions are noted in more detail below, too, but the collection is always up to date
  • super configuration, extra add-ons to enjoy all the bells and whistles extensions can offer



about:config

A record of all the tweaks I made in Firefox about:config page

  • privacy.trackingprotection.fingerprinting.enabled = true - [FF67+] Blocks Fingerprinting
  • privacy.trackingprotection.cryptomining.enabled = true - [FF67+] Blocks CryptoMining
  • privacy.resistFingerprinting = true - A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
  • privacy.resistFingerprinting.letterboxing = true so letterboxing is used to hide real browser size.
  • privacy.trackingprotection.enabled = true - This is Mozilla’s new built-in tracking protection. One of it’s benefits is blocking tracking (i.e. Google Analytics) on privileged pages where add-ons that usually do that are disabled.
  • dom.event.clipboardevents.enabled = false - Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
  • media.eme.enabled = false - Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. Details
    • media.gmp-widevinecdm.enabled = false - Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content.
  • media.navigator.enabled = false - Websites can track the microphone and camera status of your device.
  • network.cookie.cookieBehavior = 1 - Disable cookies
    • 0 = Accept all cookies by default
    • 1 = Only accept from the originating site (block third-party cookies)
    • 2 = Block all cookies by default
  • privacy.firstparty.isolate = true - or preventing domains from accessing each other’s data. If something breaks, it’s most likely related to this.
  • extensions.pocket.enabled - false - make Pocket integration go away
  • geo.wifi.uri = https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY% in order to send nearby WiFi networks to Mozilla instead of Google. See also MLS Software.
  • network.IDN_show_punycode = true to see punycode instead of UTF-8 in case of spoofing attempt.
  • ui.systemUsesDarkTheme = true allow websites to know you’re using dark theme
  • network.http.referer.XOriginPolicy = 1 - Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.) Source
    • 0 = Send Referer in all cases
    • 1 = Send Referer to same eTLD sites
    • 2 = Send Referer only when the full hostnames match
  • network.http.referer.XOriginTrimmingPolicy = 2 - When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests. Source
    • 0 = Send full url in Referer
    • 1 = Send url without query string in Referer
    • 2 = Only send scheme, host, and port in Referer
  • beacon.enabled = false - Disables sending additional analytics to web servers. Details
  • browser.safebrowsing.downloads.remote.enabled = false - Prevents Firefox from sending information about downloaded executable files to Google Safe Browsing to determine whether it should be blocked for safety reasons. Details
  • network.IDN_show_punycode = true - Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks that can be very difficult to notice. Source
  • network.trr.early-AAAA = true to hopefully prefer IPv6
  • network.trr.bootstrapAddress = 149.112.112.112 (Resolver 2 of Quad9) - DNS server to use for resolving the DoH name.
  • media.peerconnection.enabled = false - While software like NoScript prevents this, it’s probably a good idea to block this protocol directly as well, just to be safe. Note: This disables browser-based call functionality that is used for webapps
  • services.sync.prefs.sync.privacy.trackingprotection.enabled = true
  • apz.allow_zooming = true
  • dom.gamepad.extensions.lightindicator = true - seems like a cool thing to do
  • dom.gamepad.extensions.multitouch = true - seems like another cool thing to do
  • extensions.experiments.enabled = true - seems like another cool thing to do
  • extensions.formautofill.creditCards.enabled = false



Sources


Written by

suggest edit

Share

Comments