How To Harden Firefox | All About Privacy | In-Depth Guide


1. About:Config:

These changes are made in about:config and deal with things such as cookie isolation, disabling telemety, preventing urls from autoloading (less risk of contact with malicious websites) and more.

privacy.firstparty.isolate = true

privacy.resistFingerprinting = true

privacy.trackingprotection.enabled = true

browser.cache.offline.enable = false

browser.safebrowsing.malware.enabled = false [More privacy but less security. Decide if this one is right for you.]

browser.safebrowsing.phishing.enabled = false [Same as above]

browser.sessionstore.max_tabs_undo = 0

browser.urlbar.speculativeConnect.enabled = false

dom.battery.enabled = false [Prevents websites for seeing your battery level, less information for fingerprinting]

dom.event.clipboardevents.enabled = false

geo.enabled = false

security.ssl.enable_false_start = false

media.eme.enabled = false
-Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc.DRM-controlled content that requires the Adobe Flash or Microsoft Silverlight NPAPI plugins will still play, if installed and enabled in Firefox.

media.gmp-widevinecdm.enabled = false
-Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content.

media.navigator.enabled = false

network.cookie.cookieBehavior = 1
Disable cookies
0 = Accept all cookies by default
1 = Only accept from the originating site (block third-party cookies)
2 = Block all cookies by default

network.cookie.lifetimePolicy = 2
cookies are deleted at the end of the session
0 = Accept cookies normally
1 = Prompt for each cookie
2 = Accept for current session only
3 = Accept for N days

network.http.referer.trimmingPolicy = 2
Send only the scheme, host, and port in the Referer header
0 = Send the full URL in the Referer header
1 = Send the URL without its query string in the Referer header
2 = Send only the scheme, host, and port in the Referer header

network.http.referer.XOriginPolicy = 2
Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.)
0 = Send Referer in all cases
1 = Send Referer to same eTLD sites
2 = Send Referer only when the full hostnames match

network.http.referer.XOriginTrimmingPolicy = 2
0 = Send full url in Referer
1 = Send url without query string in Referer
2 = Only send scheme, host, and port in Referer

webgl.disabled = true
WebGL is a potential security risk.

browser.sessionstore.privacy_level = 2
0 = Store extra session data for any site. (Default starting with Firefox 4.)
1 = Store extra session data for unencrypted (non-HTTPS) sites only. (Default before Firefox 4.)
2 = Never store extra session data.

network.IDN_show_punycode = true

media.peerconnection.turn.disable = true

media.peerconnection.use_document_iceservers = false = false

media.peerconnection.identity.timeout = 1

media.webRTC - all options disabled, set media.webrtc.debug.aec_dump_max_size to 1

security.ssl3.rsa_des_ede3_sha = false

security.ssl.require_safe_negotiation = true

security.tls.enable_0rtt_data = false

browser.formfill.enable = false

browser.cache.disk.enable = false

browser.cache.disk_cache_ssl = false

browser.cache.memory.enable = false

browser.newtabpage.activity-stream.telemetry = false

browser.newtabpage.activity-stream.feeds.telemetry = false = false

toolkit.telemetry.archive.enabled = false

toolkit.telemetry.bhrping.enabled = false

toolkit.telemetry.firstshutdownping.enabled = false

toolkit.telemetry.newprofileping.enabled = false

toolkit.telemetry.unified = false

toolkit.telemetry.updateping.enabled = false

toolkit.telemetry.shutdownPingSender.enabled = false

network.http.sendRefererHeader = 0

dom.serviceWorkers.enabled = false

about:memory -> check anonymize box

2. Firefox Preferences

Preferences -> Privacy & Security -> Enhanced Tracking Protection -> Strict

Preferences -> Privacy & Security -> Remember history -> Never

Preferences -> Privacy & Security -> Firefox Data Collection and Use -> make sure all of the boxes are unchecked

Preferences -> General -> Network Settings -> Enable DNS over HTTPS [Do not do this if you filter DNS requests locally through your router or something else]

3. Extensions

Ublock Origin- great for blocking ads and malicious connections from malvertising. If you enable "I am an advanced user" then the addon can be used to block scripts as well. I highly recommend enabling this to block third party scripts and frames. An instructional video can be found here

User Agent Switcher- Allows you to change your user agent string to something more generic. Only about 3% of internet users use Firefox with about 96% of the web are using Chrome. Make your hostname show a different browser and operating system to blend in a bit more.

Cookie Auto Delete- Cookies follow you around the web, and some of them even mine crypto with your browser. One of the best ways to stop this is with Cookie Autodelete. Whenever you close a Tab all of the cookies from that tab will be deleted.

Privacy Badger- blocks trackers from around the web

Privacy Possum- Similar to Privacy Badger but blocks different types of content

NOTE: You can also use a pre-made user.js file such as this:

Source: dready

Post a Comment

Previous Post Next Post