Mozilla Firefox tweaks for enhanced privacy

Mozilla Firefox allows a lot of configurations, the heaven for tweakers!

Today i’d like to share my personal configurations, focused on privacy.

This settings can be configured from about:config page, but i’ve also developed a small user.js file that can be installed on your Firefox profile.


Configure from about:config

  1. Enter “about:config” in the firefox address bar and press enter.
  2. Press the button “I’ll be careful, I promise!”
  3. Search and modify the following settings.

Privacy

privacy.firstparty.isolate = true

Isolates all browser identifier sources (e.g. cookies) to the first party domain, preventing tracking across different domains.
This setting is a result of the Tor Uplift , a project born to port all Tor Browser patches in the Firefox main branch.

privacy.resistFingerprinting = true

Makes Firefox more resistant to browser fingerprinting. (another setting from Tor Uplift)

privacy.trackingprotection.enabled = true

Enables Mozilla’s built-in tracking protection using Disconnect.me filter list.

Browser

browser.cache.offline.enable = false

Disables offline cache: less performance, but more privacy.

browser.safebrowsing.malware.enabled = false
browser.safebrowsing.phishing.enabled = false

Disable Google Safe Browsing malware checks and phishing protection: it could be a security risk, but avoids sending data to Google servers.

browser.send_pings = false

Avoids websites track visitors’ clicks.

browser.urlbar.speculativeConnect.enabled = false

Disable preloading of autocomplete URLs, in order to avoid connections to be made before you actually connect to sites.

browser.sessionstore.privacy_level = 2

Never store extra information about a session: contents of forms, scrollbar positions, cookies, and POST data. (less usability but more privacy)

DOM

dom.battery.enabled = false

Avoid webpages to track the battery status of your device.

dom.event.clipboardevents.enabled = false

Disallow sites to get notifications if you copy, paste, or cut something from a web page.

Media

media.eme.enabled = false
media.gmp-widevinecdm.enabled = false

Disables playback of DRM-controlled HTML5 content using the Google’s Widevine Content Decryption Module or Adobe Flash.

media.navigator.enabled = false

Avoid websites to track the microphone and camera status of your device.

Network

network.cookie.cookieBehavior = 1

Only accept from the originating site (block third-party cookies)

network.cookie.lifetimePolicy = 2

Cookies are deleted at the end of the session. (less usability but more privacy)

network.http.referer.trimmingPolicy = 2

Send only the scheme, host, and port in the Referer header.

network.http.referer.XOriginPolicy = 2

Only send Referer header when the full hostnames match.

network.http.referer.XOriginTrimmingPolicy = 2

When sending Referer header across origins, only send scheme, host, and port.

network.IDN_show_punycode = true

Not rendering IDNs as their Punycode equivalent in order to avoid phishing attacks that can be very difficult to notice.

Other settings

webgl.disabled = true

WebGL provides, by virtue of its functional requirements, access to the graphics hardware, and this can expose security risks.

geo.enabled = false

Disables geolocation.

extensions.blocklist.enabled = false

Disable the Mozilla blocklist, reducing data sent to Mozilla servers.

All configuration in a single user.js file

I’ve collected all tweaks in a single configuration file, that can be installed on your Firefox profile with few simple steps.

Simply download the user.js file and copy it in your current user profile directory, or to a newly created Firefox profile directory.

The file should be located at:

Operating SystemPath
Windows 7/8/10%APPDATA%\Mozilla\Firefox\Profiles\XXXXXXXX.profile_name\user.js
Linux~/.mozilla/firefox/XXXXXXXX.profile_name/user.js
OS X~/Library/Application Support/Firefox/Profiles/XXXXXXXX.profile_name
Android/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.profile_name

Finally, restart Firefox to enable new settings.


References


Related posts

1 Comment

Comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.