I consider myself a Firefox power user: I love it and I take full advantage of its features. Here’s how I do it.

Add-ons || Extensions

Three different add-ons configurations can be found in myFirefox Collections:

  • minimalconfiguration, must-have add-ons for a safe and optimized browsing experience
  • mainconfiguration, the main extensions I use + integrated tools to take advantage of the services I use in the best way possible. The main configuration extensions are noted in more detail below, too, but the collection is always up to date
  • superconfiguration, extra add-ons to enjoy all the bells and whistles extensions can offer



about:config

A record of all the tweaks I made in Firefoxabout:configpage

  • privacy.trackingprotection.fingerprinting.enabled=true- [FF67+] Blocks Fingerprinting
  • privacy.trackingprotection.cryptomining.enabled=true- [FF67+] Blocks CryptoMining
  • privacy.resistFingerprinting=true- A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
  • privacy.resistFingerprinting.letterboxing=trueso letterboxing is used to hide real browser size.
  • privacy.trackingprotection.enabled=true- This is Mozilla’s new built-in tracking protection. One of it’s benefits is blocking tracking (i.e. Google Analytics) on privileged pages where add-ons that usually do that are disabled.
  • dom.event.clipboardevents.enabled=false- Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
  • media.eme.enabled=false- Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. Details
    • media.gmp-widevinecdm.enabled=false- Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content.
  • media.navigator.enabled=false- Websites can track the microphone and camera status of your device.
  • network.cookie.cookieBehavior=1- Disable cookies
    • 0= Accept all cookies by default
    • 1= Only accept from the originating site (block third-party cookies)
    • 2= Block all cookies by default
  • privacy.firstparty.isolate=true- or preventing domains from accessing each other’s data. If something breaks, it’s most likely related tothis.
  • extensions.pocket.enabled-false- make Pocket integration go away
  • geo.wifi.uri=https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%in order to send nearby WiFi networks to Mozilla instead of Google. See alsoMLS Software.
  • network.IDN_show_punycode=trueto see punycode instead of UTF-8 in case of spoofing attempt.
  • ui.systemUsesDarkTheme=trueallow websites to know you’re using dark theme
  • network.http.referer.XOriginPolicy=1- Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.)Source
    • 0= Send Referer in all cases
    • 1= Send Referer to same eTLD sites
    • 2= Send Referer only when the full hostnames match
  • network.http.referer.XOriginTrimmingPolicy=2- When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests.Source
    • 0= Send full url in Referer
    • 1= Send url without query string in Referer
    • 2= Only send scheme, host, and port in Referer
  • beacon.enabled=false- Disables sending additional analytics to web servers. Details
  • browser.safebrowsing.downloads.remote.enabled=false- Prevents Firefox from sending information about downloaded executable files to Google Safe Browsing to determine whether it should be blocked for safety reasons.Details
  • network.IDN_show_punycode=true- Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks that can be very difficult to notice.Source
  • network.trr.early-AAAA=trueto hopefully prefer IPv6
  • network.trr.bootstrapAddress=149.112.112.112(Resolver 2 ofQuad9) - DNS server to use for resolving the DoH name.
  • media.peerconnection.enabled=false- While software like NoScript prevents this, it’s probably a good idea to block this protocol directly as well, just to be safe. Note: Thisdisables browser-based call functionality that is used for webapps
  • services.sync.prefs.sync.privacy.trackingprotection.enabled=true
  • apz.allow_zooming=true
  • dom.gamepad.extensions.lightindicator=true- seems like a cool thing to do
  • dom.gamepad.extensions.multitouch=true- seems like another cool thing to do
  • extensions.experiments.enabled=true- seems like another cool thing to do
  • extensions.formautofill.creditCards.enabled=false



Sources


Written by

suggest edit

Share

Comments