Mozilla Firefox allows a lot of configurations, the heaven for tweakers!
Today i’d like to share my personal configurations, focused on privacy.
This settings can be configured from about:config page, but i’ve also developed a small user.js file that can be installed on your Firefox profile.
Configure from about:config
- Enter “about:config” in the firefox address bar and press enter.
- Press the button “I’ll be careful, I promise!”
- Search and modify the following settings.
privacy.firstparty.isolate = trueIsolates all browser identifier sources (e.g. cookies) to the first party domain, preventing tracking across different domains.
This setting is a result of the Tor Uplift , a project born to port all Tor Browser patches in the Firefox main branch.
privacy.resistFingerprinting = trueMakes Firefox more resistant to browser fingerprinting. (another setting from Tor Uplift)
privacy.trackingprotection.enabled = trueEnables Mozilla’s built-in tracking protection using Disconnect.me filter list.
browser.cache.offline.enable = falseDisables offline cache: less performance, but more privacy.
browser.safebrowsing.malware.enabled = falseDisable Google Safe Browsing malware checks and phishing protection: it could be a security risk, but avoids sending data to Google servers.
browser.safebrowsing.phishing.enabled = false
browser.send_pings = falseAvoids websites track visitors’ clicks.
browser.urlbar.speculativeConnect.enabled = falseDisable preloading of autocomplete URLs, in order to avoid connections to be made before you actually connect to sites.
browser.sessionstore.privacy_level = 2Never store extra information about a session: contents of forms, scrollbar positions, cookies, and POST data. (less usability but more privacy)
dom.battery.enabled = falseAvoid webpages to track the battery status of your device.
dom.event.clipboardevents.enabled = falseDisallow sites to get notifications if you copy, paste, or cut something from a web page.
media.eme.enabled = falseDisables playback of DRM-controlled HTML5 content using the Google’s Widevine Content Decryption Module or Adobe Flash.
media.gmp-widevinecdm.enabled = false
media.navigator.enabled = falseAvoid websites to track the microphone and camera status of your device.
network.cookie.cookieBehavior = 1Only accept from the originating site (block third-party cookies)
network.cookie.lifetimePolicy = 2Cookies are deleted at the end of the session. (less usability but more privacy)
network.http.referer.trimmingPolicy = 2Send only the scheme, host, and port in the
network.http.referer.XOriginPolicy = 2Only send
Refererheader when the full hostnames match.
network.http.referer.XOriginTrimmingPolicy = 2When sending
Refererheader across origins, only send scheme, host, and port.
network.IDN_show_punycode = trueNot rendering IDNs as their Punycode equivalent in order to avoid phishing attacks that can be very difficult to notice.
webgl.disabled = trueWebGL provides, by virtue of its functional requirements, access to the graphics hardware, and this can expose security risks.
geo.enabled = falseDisables geolocation.
extensions.blocklist.enabled = falseDisable the Mozilla blocklist, reducing data sent to Mozilla servers.
All configuration in a single user.js file
I’ve collected all tweaks in a single configuration file, that can be installed on your Firefox profile with few simple steps.
Simply download the user.js file and copy it in your current user profile directory, or to a newly created Firefox profile directory.
The file should be located at:
Finally, restart Firefox to enable new settings.
- Phishing with Unicode Domains, an attack almost impossible to detect
- A website could track your smartphone location using the battery status data?
- Security/Tor Uplift – MozillaWiki
- WebGL – A New Dimension for Browser Exploitation
- andreafortuna/FirefoxPrivacyEnhancements: Customized user.js with privacy enhancements for Mozilla Firefox