Maximize privacy in Firefox

10 Oct, 2022

Firefox is likely one of the more privacy respecting browsers out there. It's in my opinion also pretty good when it comes to security. Mozilla is normally very quick fixing CVE's and/or problems. Some people swear by a Fork like Pale Moon etc.

I'm ok with Firefox but there is still a lot to do if you want to get more out of it. I will keep in particular addons at a minimum, feel free to add more, but be aware of redundancies and also give you a more uniquie fingerprint.

Firefox Browser Addons

• Search Engine: https://metager.de/
• Adblocker: uBlock origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
• cookie Auto delete https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/
• Noscript https://addons.mozilla.org/en-US/firefox/addon/noscript/

Modifications in the about:config

In your URL bar type: about:config. I strongly suggest you to read and understand the warning.

We are now going to disable telemetry and in my opinion stuff nobody needs.

HIGHdpi fix linux

• layout.css.devPixelsPerPx (normal -1, 1.2 seems to work ok)

disable pocket

• about:config > extensions.pocket.enabled = set to false

TELEMETRY

devtools.onboarding.telemetry.logged = false
toolkit.telemetry.updatePing.enabled = false
browser.newtabpage.activity-stream.feeds.telemetry = false
browser.newtabpage.activity-stream.telemetry = false
browser.ping-centre.telemetry = false
toolkit.telemetry.bhrPing.enabled = false
toolkit.telemetry.enabled = false
toolkit.telemetry.firstShutdownPing.enabled = false
toolkit.telemetry.hybridContent.enabled = false
toolkit.telemetry.newProfilePing.enabled = false
toolkit.telemetry.reportingpolicy.firstRun = false
toolkit.telemetry.shutdownPingSender.enabled = false
toolkit.telemetry.unified = false
toolkit.telemetry.updatePing.enabled = false
toolkit.telemetry.reportingpolicy.firstRun = false
toolkit.telemetry.unified = false
toolkit.telemetry.archive.enabled = false
devtools.onboarding.telemetry.logged = false
toolkit.telemetry.bhrPing.enabled = false
datareporting.healthreport.uploadEnabled = false
datareporting.policy.dataSubmissionEnabled = false
datareporting.sessions.current.clean = true
datareporting.healthreport.uploadEnabled = false
datareporting.policy.dataSubmissionEnabled = false
datareporting.sessions.current.clean = true

more options

reader.parse-on-load.force-enabled

disable favicons

Now why would we do that? So far this does not seem to be too big of an issue, however it is possible to track users with the use of favicons. Some browsers are "leaking" information. If you want to know more about this; read: https://www.schneier.com/blog/archives/2021/02/browser-tracking-using-favicons.html

browser.chrome.favicons
browser.chrome.site_icons

even more tweaks

network.security.ports.banned.override, then add the ports required browser.download.alwaysOpenPanel, then disable (aka false)

#browser #firefox #privacy