I consider myself a Firefox power user: I love it and I take full advantage of its features. Here’s how I do it.


Addons || Extensions

  • Tabs containers, to avoid tracking, privacy intrusion, etc.
  • Decentraleyes emulates CDNs to improve your online privacy. It intercepts traffic, finds supported resources locally, and injects them into the environment.
  • Disconnect, another thing to avoid tracking
  • DownThemAll!, to download all the links or images on a website
  • DuckDuckGo Privacy Essentials, personal data protection
  • Feed Preview, to quickly and easily get the RSS feed links of a website
  • Firefox Voice, something like a more open, private and secure Siri or Google Assistant
  • Gitpod, ready-to-code development environments for any GitLab, GitHub, and Bitbucket project.
  • HTTPS Everywhere, to encrypt communications with many major websites, making the browsing experience more secure.
  • Invidition, to redirect YouTube and Twitter requests to their counterparts (invidio.us and nitter) before loading them. Invidition has the purpose to not let any YouTube or Twitter requests pass.
  • Joplin Web Clipper, a Joplin integration with the browser, to save links but also whole web pages
  • KeePassXC-Browser, a KeePassXC browser integration, to auto-fill password fields and get a seamless auto-completion experience
  • Kutt, to quickly shorten links of the visited page
  • Markdown Here, to convert and stylize Markdown text just by clicking a button
  • Midnight Lizard, to show a dark interface even in websites which don’t support it by default
  • Mind the Time, to be aware of how much time has been spent online, and in which specific website
  • Pontoon Add-on, for Mozilla l10n volounteers, to check the translation status of a Mozilla page with ease
  • Privacy Badger, the most famous privacy-aware extension
  • Search by Image, to quickly search for an image on several different search engines
  • uBlock Origin, the most famous (and effective) ad-blocker
  • Wappalyzer, for self-hosting enthusiasts like me, to check which framework, web server, OS, plugin, analytics service, etc. the visited website uses
  • Watch on LBRY, automatic redirection when a YouTube video can be found also on LBRY. It works exactly as Invidition.

Interesting, but not in use

  • PrivacySpy
  • Polisis, to get a glimpse of what websites actually say in their privacy policies
  • Gesturefy, a pure mouse gesture extension, which means it’s only suited for mice and not touchpads.
  • Tridactyl
  • Firefox Multi-Account Containers, a Firefox add-on that allows separate work, shopping or personal browsing without having to clear your history, log in and out, or use multiple browsers.



Tweaks

A record of all the tweaks I made in about:config

  • privacy.trackingprotection.fingerprinting.enabled = true - [FF67+] Blocks Fingerprinting
  • privacy.trackingprotection.cryptomining.enabled = true - [FF67+] Blocks CryptoMining
  • privacy.resistFingerprinting = true - A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
  • privacy.resistFingerprinting.letterboxing = true so letterboxing is used to hide real browser size.
  • privacy.trackingprotection.enabled = true - This is Mozilla’s new built-in tracking protection. One of it’s benefits is blocking tracking (i.e. Google Analytics) on privileged pages where add-ons that usually do that are disabled.
  • dom.event.clipboardevents.enabled = false - Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
  • media.eme.enabled = false - Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. Details
    • media.gmp-widevinecdm.enabled = false - Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content.
  • media.navigator.enabled = false - Websites can track the microphone and camera status of your device.
  • network.cookie.cookieBehavior = 1 - Disable cookies
    • 0 = Accept all cookies by default
    • 1 = Only accept from the originating site (block third-party cookies)
    • 2 = Block all cookies by default
  • privacy.firstparty.isolate = true - or preventing domains from accessing each other’s data. If something breaks, it’s most likely related to this.
  • extensions.pocket.enabled - false - make Pocket integration go away
  • geo.wifi.uri = https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY% in order to send nearby WiFi networks to Mozilla instead of Google. See also MLS Software.
  • network.IDN_show_punycode = true to see punycode instead of UTF-8 in case of spoofing attempt.
  • ui.systemUsesDarkTheme = true allow websites to know you’re using dark theme
  • network.http.referer.XOriginPolicy = 1 - Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.) Source
    • 0 = Send Referer in all cases
    • 1 = Send Referer to same eTLD sites
    • 2 = Send Referer only when the full hostnames match
  • network.http.referer.XOriginTrimmingPolicy = 2 - When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests. Source
    • 0 = Send full url in Referer
    • 1 = Send url without query string in Referer
    • 2 = Only send scheme, host, and port in Referer
  • beacon.enabled = false - Disables sending additional analytics to web servers. Details
  • browser.safebrowsing.downloads.remote.enabled = false - Prevents Firefox from sending information about downloaded executable files to Google Safe Browsing to determine whether it should be blocked for safety reasons. Details
  • network.IDN_show_punycode = true - Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks that can be very difficult to notice. Source
  • network.trr.early-AAAA = true to hopefully prefer IPv6
  • network.trr.bootstrapAddress = 149.112.112.112 (Resolver 2 of Quad9) - DNS server to use for resolving the DoH name.
  • media.peerconnection.enabled = false - While software like NoScript prevents this, it’s probably a good idea to block this protocol directly as well, just to be safe. Note: This disables browser-based call functionality that is used for webapps
  • services.sync.prefs.sync.privacy.trackingprotection.enabled = true
  • apz.allow_zooming = true
  • dom.gamepad.extensions.lightindicator = true - seems like a cool thing to do
  • dom.gamepad.extensions.multitouch = true - seems like another cool thing to do
  • extensions.experiments.enabled = true - seems like another cool thing to do
  • extensions.formautofill.creditCards.enabled = false

suggest edit

share this post