Tommi Space

Firefox

Add-ons and Extensions

Three different add-ons configurations can be found in my Firefox Collections:

  • minimal configuration: must-have add-ons for a safe and optimized browsing experience
  • main configuration: the main extensions I use + integrated tools to take advantage of the services I use in the best way possible.
  • super configuration, extra add-ons to enjoy all the bells and whistles extensions can offer


Shortcuts

Standard shortcuts are in Firefox shortcuts, while my custom shortcuts are Here

Developer toolbox shortcuts



Missing

Even though Firefox is my go-to browser and I absolutely love it, it lacks some features which I really miss. I keep track of them below:

  • Easy and quick site-specific tracking, fingerprinting and cookies settings (Like in Brave)


userChrome.css

userChrome.css is the CSS file which can be used to modify the appearance of Firefox. Below there are my little modifications.

/* Hide the back and forward buttons */
#back-button, #forward-button { display:none!important; }


about:config

A record of all the tweaks I made in Firefox about:config page

  • privacy.resistFingerprinting = true - A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
  • privacy.resistFingerprinting.letterboxing = true so letterboxing is used to hide real browser size.
  • privacy.trackingprotection.enabled = true - This is Mozilla's new built-in tracking protection. One of it’s benefits is blocking tracking (i.e. Google Analytics) on privileged pages where add-ons that usually do that are disabled.
  • dom.event.clipboardevents.enabled = false - Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
  • media.eme.enabled = false - Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. Details
    • media.gmp-widevinecdm.enabled = false - Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content.
  • media.navigator.enabled = false - Websites can track the microphone and camera status of your device.
  • network.cookie.cookieBehavior = 1 - Disable cookies
    • 0 = Accept all cookies by default
    • 1 = Only accept from the originating site (block third-party cookies)
    • 2 = Block all cookies by default
  • privacy.firstparty.isolate = true - or preventing domains from accessing each other’s data. If something breaks, it is most likely related to this.
  • extensions.pocket.enabled - false - make Pocket integration go away
  • geo.wifi.uri = https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY% in order to send nearby WiFi networks to Mozilla instead of Google. In order to request an API Key and to find out more about the project, visit Mozilla Location Services.
  • network.IDN_show_punycode = true to see punycode instead of UTF-8 in case of spoofing attempt.
  • ui.systemUsesDarkTheme = true allow websites to know you're using dark theme
  • network.http.referer.XOriginPolicy = 1 - Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.) Source
    • 0 = Send Referer in all cases
    • 1 = Send Referer to same eTLD sites
    • 2 = Send Referer only when the full hostnames match
  • network.http.referer.XOriginTrimmingPolicy = 2 - When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests. Source
    • 0 = Send full url in Referer
    • 1 = Send url without query string in Referer
    • 2 = Only send scheme, host, and port in Referer
  • beacon.enabled = false - Disables sending additional analytics to web servers. Details
  • browser.safebrowsing.downloads.remote.enabled = false - Prevents Firefox from sending information about downloaded executable files to Google Safe Browsing to determine whether it should be blocked for safety reasons. Details
  • network.IDN_show_punycode = true - Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks that can be very difficult to notice. Source
  • network.trr.bootstrapAddress = 149.112.112.112 (Resolver 2 of Quad9) - DNS server to use for resolving the DoH name.
  • media.peerconnection.enabled = false - While software like NoScript prevents this, it’s probably a good idea to block this protocol directly as well, just to be safe. Note: This disables browser-based call functionality that is used for webapps
  • services.sync.prefs.sync.privacy.trackingprotection.enabled = true
  • dom.gamepad.extensions.lightindicator = true - seems like a cool thing to do
  • dom.gamepad.extensions.multitouch = true - seems like another cool thing to do
  • extensions.experiments.enabled = true - seems like another cool thing to do
  • extensions.formautofill.creditCards.enabled = false


Resources

Share

Comments