Man
Professional
- Messages
- 3,051
- Reaction score
- 577
- Points
- 113
You can find various guides on how to configure Firefox on the Internet, but in fact, most of these guides were incomplete, so I wrote my own.
Salute to all, dear friends!
There are various guides on the Internet on how to configure Firefox for maximum privacy, but in reality, most of these guides were incomplete, so I wrote my own.
DDG Lite (clickable) is Duckduckgo without JavaScript. There is no particular point in using the Lite version, just disable JavaScript in uBlock Origin or install NoScript and you can use duckduckgo.com . But personally, I don't trust DDG much.
Quant (clickable) - a search engine that claims not to track users (non-free). I didn't notice that I filtered the search results, but when I searched for "buy %prohibited substances% in Moscow", it returned a bunch of links. It doesn't use Cookies/Local storage, I checked.
Mojeek (clickable) is an independent search engine based in the UK that claims to not track its users (non-free). Not tested.
YaCy (clickable) is a free decentralized peer-to-peer search engine. It's a unique and great idea, although it doesn't work very well.
I suggest you enable the advanced mode. It is highly recommended to disable JavaScript by default. You can enable it for specific sites when you need it. Blocking JavaScript is probably the best thing we can do to preserve privacy.
LocalCDN (clickable) is a fork of the well-known Decentraleyes. It is better than Decentraleyes in the sense that it provides custom rules for use inside uBlock Origin, so these addons work better together . It intercepts requests to the CDN and serves the content locally, which eliminates tracking from CloudFlare and other CDNs.
The advantage is that your passwords are stored only in a local, securely encrypted database, so they never leave your computer unless you want them to. You can use Syncthing to sync them between your different machines without any server.
The second option (for terminal Jedi only) is GNU Pass (clickable), a simple password manager that follows the Unix philosophy. Passwords are stored in , encrypted with your GPG key.~/.password-store
Keep in mind that some of these add-ons may overlap and that when you have JavaScript enabled, they can track you across the add-ons you use, so I would recommend using as few add-ons as possible without sacrificing important privacy features. So find your balance between the number of add-ons and the benefits they provide.
Cookie AutoDelete (clickable) - This addon deletes cookies every time you close a tab or exit the browser. But it can do much more, such as clearing local storage, clearing on domain change, deleting cache, whitelists and graylists, clearing on domain change, etc.
It's such a powerful tool that it can also be configured for use with containers (you have to enable a setting for this), and is especially useful if you don't use either containers or FPI (later in the article).
ClearURLs (clickable) - The addon automatically removes tracking elements from URLs (this is a commonly used strategy to track you) and is very easy to use.
Temporary Containers (clickable) - containers in Firefox are one of the coolest features, in my opinion. They isolate website data storage (cookies, storage, etc.) from each other. You only need to enable automatic mode, and the addon will do wonders for you.
I also actively use Multi-Account Containers (clickable). These are the same isolated containers, but with permanent storage of website data. It is possible to set up automatic opening of the site in the desired container.
ETag Stoppa (clickable) - Prevents your browser from storing entity tags by removing ETag response headers without exception.
CanvasBlocker (clickable) is the perfect addon for those who need to enable JavaScript. It prevents websites from using some JavaScript APIs to track you. It has different levels and is really useful if you want to fake your fingerprint.
xBrowserSync (clickable) - your personal synchronization server.
AdNauseam (clickable) - Not only blocks ads, but also hides browsing data to combat tracking by the online advertising industry. To get rid of ad networks, AdNauseam "clicks" on blocked and hidden ads, polluting your digital profile and creating noise in the ecosystem that governs online surveillance. It uses uBlock as a base, so you also get everything uBlock can do.
Privacy Redirect (clickable) - redirects Twitter, YouTube, Instagram, Reddit and Google Maps requests to secure and free alternatives (Nitter, Invidious, OpenStreetMap, Libreddit).
You will need to log in to yours about:config (in a new profile, of course!).
In the `network.dns.disablePrefetch` parameter change the value to `true` and in `network.prefetch-next` to `false`.
Disabling JavaScript in PDF
Switch pdfjs.enableScriptingto `lsefa`
Completely disabling Pocket
Change `browser.newtabpage.activity-stream.section.highlights.includePocket` to `false` and `extensions.pocket.enabled` to `false`.
Disable WebRTC: `media.peerconnection.enabled` and `media.navigator.enabled` to `false`. (WARNING: Setting this to false may break some sites, especially some popular video calling programs.)
Disabling DRM: `media.gmp-widevinecdm.enabled` and `media.eme.enabled` to `false`
FPI: Change `privacy.firstparty.isolate` to `true`. This is an important setting because it isolates cookies and blocks cross-site tracking.
Anti-fingerprinting: Change `privacy.resistFingerprinting` to `true`. This may cause some performance issues, but I like to have it enabled. Been using it for a while now and have never had any issues.
Disabling the referer header: `network.http.referer.XOriginPolicy` to `2`. This will break some sites, especially those with forms and logins.
Salute to all, dear friends!
There are various guides on the Internet on how to configure Firefox for maximum privacy, but in reality, most of these guides were incomplete, so I wrote my own.
Let's begin!
Loading configuration
So, the easiest and fastest way to get a ready-made configuration for Firefox is to use the file user.jsfrom Arkenfox (clickable) .Create a new profile with settings from Arkenfox.
- Let's move on toabout
rofiles - At the top left, click " Create a New Profile"
- In the window that appears, click Continue, specify the name of the new profile (optionally, the directory where the new profile is located) and click Finish.
- Scroll down the page, find our new profile and remember the location of the directory.
- In the terminal, go to this directory: cd ~/.mozilla/firefox/a2bmu1ne.qwerty(your name will be different from mine)
- Download the user.js file to this directory:wget -q https://github.com/arkenfox/user.js/raw/master/user.js
- Now we open the page `aboutrofiles` again, scroll to our new profile and click "Launch profile in new browser".
- You can optionally set this profile as the default "Set as default profile".
Search engines that care about your privacy
SearX (clickable) is a free, open-source metasearch engine. You can choose from the searx.space list or install it on your server.To add to Firefox, select one of searx.space and right-click on the address bar -> "Add searx".
Other search engines
Metager (clickable) is another free metasearch engine, run by a non-profit organization in Germany. DDG is preferable, but not SearX.DDG Lite (clickable) is Duckduckgo without JavaScript. There is no particular point in using the Lite version, just disable JavaScript in uBlock Origin or install NoScript and you can use duckduckgo.com . But personally, I don't trust DDG much.
Quant (clickable) - a search engine that claims not to track users (non-free). I didn't notice that I filtered the search results, but when I searched for "buy %prohibited substances% in Moscow", it returned a bunch of links. It doesn't use Cookies/Local storage, I checked.
Mojeek (clickable) is an independent search engine based in the UK that claims to not track its users (non-free). Not tested.
YaCy (clickable) is a free decentralized peer-to-peer search engine. It's a unique and great idea, although it doesn't work very well.
Must have add-ons
uBlock Origin (clickable) - needs no introduction. But for those who don't know, I'll write it anyway - the best open source ad blocker, combining the capabilities of NoScript and uMatrix. Consumes little memory. Properly configured uBlock Origin will be your best friend against ads, trackers and analytics.I suggest you enable the advanced mode. It is highly recommended to disable JavaScript by default. You can enable it for specific sites when you need it. Blocking JavaScript is probably the best thing we can do to preserve privacy.
LocalCDN (clickable) is a fork of the well-known Decentraleyes. It is better than Decentraleyes in the sense that it provides custom rules for use inside uBlock Origin, so these addons work better together . It intercepts requests to the CDN and serves the content locally, which eliminates tracking from CloudFlare and other CDNs.
- How it works:
- After installing LocalCDN, go to its settings, tab Advanced, select uBlock at the bottom and copy the contents.
- We close the tab, we won’t come back here again.
- Go to uBlock settings, check the box "I am an advanced user"
- We go to the "My rules" tab and insert our rules from LocalCDN into the right window.
- Press "Save", press "Commit". That's all.
Password manager
I recommend you a great manager - KeePassXC (clickable), it is free and open source.The advantage is that your passwords are stored only in a local, securely encrypted database, so they never leave your computer unless you want them to. You can use Syncthing to sync them between your different machines without any server.
The second option (for terminal Jedi only) is GNU Pass (clickable), a simple password manager that follows the Unix philosophy. Passwords are stored in , encrypted with your GPG key.~/.password-store
Recommended add-ons
These are addons that are generally recommended, but unlike uBlock or LocalCDN, they require some action from you (not much, really).Keep in mind that some of these add-ons may overlap and that when you have JavaScript enabled, they can track you across the add-ons you use, so I would recommend using as few add-ons as possible without sacrificing important privacy features. So find your balance between the number of add-ons and the benefits they provide.
Cookie AutoDelete (clickable) - This addon deletes cookies every time you close a tab or exit the browser. But it can do much more, such as clearing local storage, clearing on domain change, deleting cache, whitelists and graylists, clearing on domain change, etc.
It's such a powerful tool that it can also be configured for use with containers (you have to enable a setting for this), and is especially useful if you don't use either containers or FPI (later in the article).
ClearURLs (clickable) - The addon automatically removes tracking elements from URLs (this is a commonly used strategy to track you) and is very easy to use.
Temporary Containers (clickable) - containers in Firefox are one of the coolest features, in my opinion. They isolate website data storage (cookies, storage, etc.) from each other. You only need to enable automatic mode, and the addon will do wonders for you.
I also actively use Multi-Account Containers (clickable). These are the same isolated containers, but with permanent storage of website data. It is possible to set up automatic opening of the site in the desired container.
ETag Stoppa (clickable) - Prevents your browser from storing entity tags by removing ETag response headers without exception.
CanvasBlocker (clickable) is the perfect addon for those who need to enable JavaScript. It prevents websites from using some JavaScript APIs to track you. It has different levels and is really useful if you want to fake your fingerprint.
xBrowserSync (clickable) - your personal synchronization server.
AdNauseam (clickable) - Not only blocks ads, but also hides browsing data to combat tracking by the online advertising industry. To get rid of ad networks, AdNauseam "clicks" on blocked and hidden ads, polluting your digital profile and creating noise in the ecosystem that governs online surveillance. It uses uBlock as a base, so you also get everything uBlock can do.
Privacy Redirect (clickable) - redirects Twitter, YouTube, Instagram, Reddit and Google Maps requests to secure and free alternatives (Nitter, Invidious, OpenStreetMap, Libreddit).
Additional settings
While Arkenfox provided us with a great template, I found that there are a few other settings that can further enhance our privacy.You will need to log in to yours about:config (in a new profile, of course!).
I will list you some of my recommended settings, you can judge for yourself whether you need one of the features we disable.
- The following changes will be divided into three levels:
Basic level
PreloadingIn the `network.dns.disablePrefetch` parameter change the value to `true` and in `network.prefetch-next` to `false`.
Disabling JavaScript in PDF
Switch pdfjs.enableScriptingto `lsefa`
Completely disabling Pocket
Change `browser.newtabpage.activity-stream.section.highlights.includePocket` to `false` and `extensions.pocket.enabled` to `false`.
Intermediate level
Disabling geolocation support `geo.enabled`- `false`Disable WebRTC: `media.peerconnection.enabled` and `media.navigator.enabled` to `false`. (WARNING: Setting this to false may break some sites, especially some popular video calling programs.)
Disabling DRM: `media.gmp-widevinecdm.enabled` and `media.eme.enabled` to `false`
Advanced level
For advanced users, I highly recommend the Privacy Settings addon (clickable), which allows us to temporarily disable some settings so you can fix broken sites without disabling privacy settings permanently. It's very useful once you learn how to use it.FPI: Change `privacy.firstparty.isolate` to `true`. This is an important setting because it isolates cookies and blocks cross-site tracking.
Anti-fingerprinting: Change `privacy.resistFingerprinting` to `true`. This may cause some performance issues, but I like to have it enabled. Been using it for a while now and have never had any issues.
Disabling the referer header: `network.http.referer.XOriginPolicy` to `2`. This will break some sites, especially those with forms and logins.
