Table of contents

Add-ons and Extensions #

Three different add-ons configurations can be found in my Firefox Collections:

  • minimal configuration: must-have add-ons for a safe and optimized browsing experience
  • main configuration: the main extensions I use + integrated tools to take advantage of the services I use in the best way possible.
  • super configuration, extra add-ons to enjoy all the bells and whistles extensions can offer



Shortcuts #

Standard shortcuts are in Firefox shortcuts, while my custom shortcuts are Here

Developer toolbox shortcuts



Missing #

Even though Firefox is my go-to browser and I absolutely love it, it lacks some features which I really miss. I keep track of them below:

  • Easy and quick site-specific tracking, fingerprinting and cookies settings (Like in brave)



userChrome.css #

userChrome.css is the CSS file which can be used to modify the appearance of Firefox. Below there are my little modifications.

/* Hide the back and forward buttons */
#back-button, #forward-button { display:none!important; }



about:config #

A record of all the tweaks I made in Firefox about:config page

  • privacy.resistFingerprinting = true - A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
  • privacy.resistFingerprinting.letterboxing = true so letterboxing is used to hide real browser size.
  • privacy.trackingprotection.enabled = true - This is Mozilla’s new built-in tracking protection. One of it’s benefits is blocking tracking (i.e. Google Analytics) on privileged pages where add-ons that usually do that are disabled.
  • dom.event.clipboardevents.enabled = false - Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
  • media.eme.enabled = false - Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. Details
    • media.gmp-widevinecdm.enabled = false - Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content.
  • media.navigator.enabled = false - Websites can track the microphone and camera status of your device.
  • network.cookie.cookieBehavior = 1 - Disable cookies
    • 0 = Accept all cookies by default
    • 1 = Only accept from the originating site (block third-party cookies)
    • 2 = Block all cookies by default
  • privacy.firstparty.isolate = true - or preventing domains from accessing each other’s data. If something breaks, it is most likely related to this.
  • extensions.pocket.enabled - false - make Pocket integration go away
  • geo.wifi.uri = https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY% in order to send nearby WiFi networks to Mozilla instead of Google. In order to request an API Key and to find out more about the project, visit Mozilla Location Services.
  • network.IDN_show_punycode = true to see punycode instead of UTF-8 in case of spoofing attempt.
  • ui.systemUsesDarkTheme = true allow websites to know you’re using dark theme
  • network.http.referer.XOriginPolicy = 1 - Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.) Source
    • 0 = Send Referer in all cases
    • 1 = Send Referer to same eTLD sites
    • 2 = Send Referer only when the full hostnames match
  • network.http.referer.XOriginTrimmingPolicy = 2 - When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests. Source
    • 0 = Send full url in Referer
    • 1 = Send url without query string in Referer
    • 2 = Only send scheme, host, and port in Referer
  • beacon.enabled = false - Disables sending additional analytics to web servers. Details
  • browser.safebrowsing.downloads.remote.enabled = false - Prevents Firefox from sending information about downloaded executable files to Google Safe Browsing to determine whether it should be blocked for safety reasons. Details
  • network.IDN_show_punycode = true - Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks that can be very difficult to notice. Source
  • network.trr.bootstrapAddress = 149.112.112.112 (Resolver 2 of Quad9) - DNS server to use for resolving the DoH name.
  • media.peerconnection.enabled = false - While software like NoScript prevents this, it’s probably a good idea to block this protocol directly as well, just to be safe. Note: This disables browser-based call functionality that is used for webapps
  • services.sync.prefs.sync.privacy.trackingprotection.enabled = true
  • dom.gamepad.extensions.lightindicator = true - seems like a cool thing to do
  • dom.gamepad.extensions.multitouch = true - seems like another cool thing to do
  • extensions.experiments.enabled = true - seems like another cool thing to do
  • extensions.formautofill.creditCards.enabled = false



Resources #

🏗 WIP section 🛠

This section should contain a beautifull graph displaying the relations among this note and all of the others on tommi.space. Unfortunately, showing it requires great coding skills and I am still working on it.

Share

Commenti