Hacker
Professional
- Messages
- 1,044
- Reaction score
- 834
- Points
- 113
The content of the article
INFO
Quantum, the new Firefox engine, will gradually update all browser components to improve performance and reduce memory consumption.
Creating "portable" settings
All interesting Firefox settings are done on the service page at about: config. It's easy and convenient to go here and change a couple of parameters. But if we talk about fine tuning, then changing the values one by one becomes a little tedious.
How to automate the process without resorting to third-party utilities? It's very simple: create a file user.jsand write all the settings there. Next, we place this file in the Firefox user profile directory, which is located in the path on Windows C:\Users\[username]\AppData\Roaming\Mozilla\Firefox\Profiles\[random].default. The format of the entries in this file is simple: for example, to enable WebP support, you must set the image.webp.enabled parameter to true. In the settings file, it will look like this:
In other words, the template contains user_pref("...", …);a parameter and its value. So, we figured out the settings file, now let's start dissecting the browser. All settings were applied to the latest browser version at the time of this writing.
WARNING
Keep in mind that security and privacy are always a compromise with convenience. Some settings can significantly limit the functionality of sites, but greatly increase the security and privacy of surfing. And what is more important - you choose.
Disable all unnecessary
WebRTC and Pocket
Mozilla has implemented WebRTC and Pocket services in Firefox and enabled them by default. Many people did not like this, and for a reason: they found vulnerabilities in Pocket, and WebRTC can leak an IP address under certain circumstances. Let's turn both off! Now and further, I provide ready-made settings lines that you can copy to the user.js file.
Geolocation
Disable access to geolocation.
Browser usage statistics and various metrics
We overlap the collection of various data.
Disable access to sensors
If you have a regular PC, and not a tablet, for example, then turn off access to sensors.
Stop fingerprinting
These settings tell the browser to resist authentication.
Overlapping network connection information
Disable device usage and media transfer
We disable the use of cameras, microphones, gamepads, virtual reality glasses through the browser and, together with devices, the transfer of various media content, such as screenshots and other things. We also turn off speech recognition
Disable telemetry and reporting
The browser collects telemetry data and alerts developers to component drops. This can be turned off to increase anonymity.
Setting up information for search
We bring the browser search to the "standard" state - without corrections for our location.
Understanding push notifications
Push notifications can work even when you have closed the page.
But now they cannot.
Removing DNS leaks
Here we remove possible DNS leak over IPv6, disable forward DNS sending and configure DoH - DNS over HTTPS.
Disable redirects
Preventing data flow to Google servers
With default settings, Google should protect you from viruses and phishing. This is often a useful feature, but if you know what you're doing and don't want Google watching, you can get rid of that scrutiny.
Disable DRM
... just because we can!
So, we looked at some basic settings of the Firefox browser that will help you not to share your data with anyone. As you can see, without these settings, the browser actually follows every step, collects a bunch of metrics and sends them here and there. Since all of this can be turned off, why not do it?
Of course, this guide cannot be called absolutely complete - I'm sure there is something else in the hundreds of browser settings that can be optimized and improved, but we still blocked the bulk of the collected data. You also need to remember that the names of the settings may change from version to version, some may leave, and others may come, so the file will need to be updated from time to time.
10 useful Firefox plugins
No matter how we configure the browser, some things can only be achieved with plugins. They can also be of great help in strengthening our security when surfing the Internet. Here are some of the ones that I use and find necessary.
1. Privacy Possum - blocks various tracking methods: referrers, ETag headers, third-party cookies, corrupts fingerprint data.
2. uBlock Origin is a great ad blocker and more. Contains extensive block lists, the only caveat is that the lion's share of block lists will need to be activated independently in the settings, because they are disabled by default.
3. uMatrix is an extension developed by the author of uBlock Origin. It is a powerful blocker of browser requests, and in conjunction with uBlock it becomes a powerful tool against ads and other tinsel. However, it requires customization for almost every site.
4. Nano Defender is a good addition to the ad blocker - the plugin counteracts anti-adblockers.
5. Decentraleyes is a useful plugin that prevents CDN (Content Delivery Network) tracking.
6. Facebook Container is a plugin developed by Mozilla. Tries to stop Facebook surveillance.
7. Google search link fix - an extension that cleans Yandex and Google search results, preventing the search engine from collecting statistics on clicks on links in the search results.
8. NoScript is a popular extension that blocks scripts on websites. Very useful because it is scripts that often break anonymity.
9. HTTPS Everywhere - automatically switches the connection to HTTPS, even when it was not explicitly indicated in the address bar.
10. Privacy Badger - Another extension from the Electronic Frontier Foundation that discourages site surveillance.
- Creation of "portable" settings
- Disable all unnecessary
- WebRTC and Pocket
- Geolocation
- Browser usage statistics and various metrics
- Disable access to sensors
- Stop fingerprinting
- Overlap network connection information
- Disable device use and media transfer
- Disable telemetry and sending reports
- Configuring search information Dealing
- with push notifications
- Remove DNS leaks
- Disable redirects
- Prevent data leaks to Google servers
- Disable DRM
- 10 useful Firefox plugins
INFO
Quantum, the new Firefox engine, will gradually update all browser components to improve performance and reduce memory consumption.
Creating "portable" settings
All interesting Firefox settings are done on the service page at about: config. It's easy and convenient to go here and change a couple of parameters. But if we talk about fine tuning, then changing the values one by one becomes a little tedious.
How to automate the process without resorting to third-party utilities? It's very simple: create a file user.jsand write all the settings there. Next, we place this file in the Firefox user profile directory, which is located in the path on Windows C:\Users\[username]\AppData\Roaming\Mozilla\Firefox\Profiles\[random].default. The format of the entries in this file is simple: for example, to enable WebP support, you must set the image.webp.enabled parameter to true. In the settings file, it will look like this:
Code:
user_pref ("image.webp.enabled", true);In other words, the template contains user_pref("...", …);a parameter and its value. So, we figured out the settings file, now let's start dissecting the browser. All settings were applied to the latest browser version at the time of this writing.
WARNING
Keep in mind that security and privacy are always a compromise with convenience. Some settings can significantly limit the functionality of sites, but greatly increase the security and privacy of surfing. And what is more important - you choose.
Disable all unnecessary
WebRTC and Pocket
Mozilla has implemented WebRTC and Pocket services in Firefox and enabled them by default. Many people did not like this, and for a reason: they found vulnerabilities in Pocket, and WebRTC can leak an IP address under certain circumstances. Let's turn both off! Now and further, I provide ready-made settings lines that you can copy to the user.js file.
Code:
// Disable Pocket
user_pref ("extensions.pocket.api", "");
user_pref ("extensions.pocket.enabled", false);
user_pref ("extensions.pocket.site", "");
user_pref ("extensions.pocket.oAuthConsumerKey", "");
// Disable WebRTC
user_pref ("media.peerconnection.enabled", false);
user_pref ("media.peerconnection.ice.default_address_only", true);
user_pref ("media.peerconnection.ice.no_host", true);
user_pref ("media.peerconnection.ice.relay_only", true);
user_pref ("media.peerconnection.ice.tcp", false);
user_pref ("media.peerconnection.identity.enabled", false);
user_pref ("media.peerconnection.turn.disable", true);
user_pref ("media.peerconnection.use_document_iceservers", false);
user_pref ("media.peerconnection.video.enabled", false);
user_pref ("media.peerconnection.default_iceservers", "[]");Geolocation
Disable access to geolocation.
Code:
user_pref ("geo.enabled", false);
user_pref ("geo.provider.ms-windows-location", false);
user_pref ("geo.wifi.uri", "");Browser usage statistics and various metrics
We overlap the collection of various data.
Code:
// Disable asynchronous requests used for analytics
user_pref ("beacon.enabled", false);
user_pref ("browser.send_pings", false);
user_pref ("browser.send_pings.require_same_host", false);
// Disable performance metrics
user_pref ("dom.enable_performance", false);
user_pref ("dom.enable_performance_observer", false);
user_pref ("dom.enable_performance_navigation_timing", false);
user_pref ("browser.slowStartup.notificationDisabled", false);
user_pref ("network.predictor.enabled", false);
user_pref ("network.predictor.enable-hover-on-ssl", false);
user_pref ("network.prefetch-next", false);
user_pref ("network.http.speculative-parallel-limit", 0);
// Information about installed add-ons
user_pref ("extensions.getAddons.cache.enabled", false);Disable access to sensors
If you have a regular PC, and not a tablet, for example, then turn off access to sensors.
Code:
user_pref ("device.sensors.enabled", false);
user_pref ("device.sensors.orientation.enabled", false);
user_pref ("device.sensors.motion.enabled", false);
user_pref ("device.sensors.proximity.enabled", false);
user_pref ("device.sensors.ambientLight.enabled", false);Stop fingerprinting
These settings tell the browser to resist authentication.
Code:
user_pref ("dom.webaudio.enabled", false);
user_pref ("privacy.resistFingerprinting", true);Overlapping network connection information
Code:
user_pref ("dom.netinfo.enabled", false);
user_pref ("dom.network.enabled", false);Disable device usage and media transfer
We disable the use of cameras, microphones, gamepads, virtual reality glasses through the browser and, together with devices, the transfer of various media content, such as screenshots and other things. We also turn off speech recognition
Code:
user_pref ("dom.gamepad.enabled", false);
user_pref ("dom.gamepad.non_standard_events.enabled", false);
user_pref ("dom.imagecapture.enabled", false);
user_pref ("dom.presentation.discoverable", false);
user_pref ("dom.presentation.discovery.enabled", false);
user_pref ("dom.presentation.enabled", false);
user_pref ("dom.presentation.tcp_server.debug", false);
user_pref ("media.getusermedia.aec_enabled", false);
user_pref ("media.getusermedia.audiocapture.enabled", false);
user_pref ("media.getusermedia.browser.enabled", false);
user_pref ("media.getusermedia.noise_enabled", false);
user_pref ("media.getusermedia.screensharing.enabled", false);
user_pref ("media.navigator.enabled", false);
user_pref ("media.navigator.video.enabled", false);
user_pref ("media.navigator.permission.disabled", true);
user_pref ("media.video_stats.enabled", false);
user_pref ("dom.battery.enabled", false);
user_pref ("dom.vibrator.enabled", false);
user_pref ("dom.vr.require-gesture", false);
user_pref ("dom.vr.poseprediction.enabled", false);
user_pref ("dom.vr.openvr.enabled", false);
user_pref ("dom.vr.oculus.enabled", false);
user_pref ("dom.vr.oculus.invisible.enabled", false);
user_pref ("dom.vr.enabled", false);
user_pref ("dom.vr.test.enabled", false);
user_pref ("dom.vr.puppet.enabled", false);
user_pref ("dom.vr.osvr.enabled", false);
user_pref ("dom.vr.external.enabled", false);
user_pref ("dom.vr.autoactivate.enabled", false);
user_pref ("media.webspeech.synth.enabled", false);
user_pref ("media.webspeech.test.enable", false);
user_pref ("media.webspeech.synth.force_global_queue", false);
user_pref ("media.webspeech.recognition.force_enable", false);
user_pref ("media.webspeech.recognition.enable", false);Disable telemetry and reporting
The browser collects telemetry data and alerts developers to component drops. This can be turned off to increase anonymity.
Code:
user_pref ("toolkit.telemetry.archive.enabled", false);
user_pref ("toolkit.telemetry.bhrPing.enabled", false);
user_pref ("toolkit.telemetry.cachedClientID", "");
user_pref ("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref ("toolkit.telemetry.hybridContent.enabled", false);
user_pref ("toolkit.telemetry.newProfilePing.enabled", false);
user_pref ("toolkit.telemetry.previousBuildID", "");
user_pref ("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref ("toolkit.telemetry.server", "");
user_pref ("toolkit.telemetry.server_owner", "");
user_pref ("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref ("toolkit.telemetry.unified", false);
user_pref ("toolkit.telemetry.updatePing.enabled", false);
user_pref ("datareporting.healthreport.infoURL", "");
user_pref ("datareporting.healthreport.uploadEnabled", false);
user_pref ("datareporting.policy.dataSubmissionEnabled", false);
user_pref ("datareporting.policy.firstRunURL", "");
user_pref ("browser.tabs.crashReporting.sendReport", false);
user_pref ("browser.tabs.crashReporting.email", false);
user_pref ("browser.tabs.crashReporting.emailMe", false);
user_pref ("breakpad.reportURL", "");
user_pref ("security.ssl.errorReporting.automatic", false);
user_pref ("toolkit.crashreporter.infoURL", "");
user_pref ("network.allow-experiments", false);
user_pref ("dom.ipc.plugins.reportCrashUR", false);
user_pref ("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);Setting up information for search
We bring the browser search to the "standard" state - without corrections for our location.
Code:
user_pref ("browser.search.geoSpecificDefaults", false);
user_pref ("browser.search.geoSpecificDefaults.url", "");
user_pref ("browser.search.geoip.url", "");
user_pref ("browser.search.region", "US");
user_pref ("browser.search.suggest.enabled", false);
user_pref ("browser.search.update", false);Understanding push notifications
Push notifications can work even when you have closed the page.
Code:
user_pref ("dom.push.enabled", false);
user_pref ("dom.push.connection.enabled", false);
user_pref ("dom.push.serverURL", "");But now they cannot.
Removing DNS leaks
Here we remove possible DNS leak over IPv6, disable forward DNS sending and configure DoH - DNS over HTTPS.
Code:
user_pref ("network.dns.disablePrefetch", true);
user_pref ("network.dns.disableIPv6", true);
user_pref ("network.security.esni.enabled", true);
user_pref ("network.trr.mode", 2);
user_pref ("network.trr.uri", "https://cloudflare-dns.com/dns-query");Disable redirects
Code:
user_pref ("network.captive-portal-service.enabled", false);
user_pref ("network.captive-portal-service.maxInterval", 0);
user_pref ("captivedetect.canonicalURL", "");Preventing data flow to Google servers
With default settings, Google should protect you from viruses and phishing. This is often a useful feature, but if you know what you're doing and don't want Google watching, you can get rid of that scrutiny.
Code:
user_pref ("browser.safebrowsing.allowOverride", false);
user_pref ("browser.safebrowsing.blockedURIs.enabled", false);
user_pref ("browser.safebrowsing.downloads.enabled", false);
user_pref ("browser.safebrowsing.downloads.remote.block_dangerous", false);
user_pref ("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
user_pref ("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
user_pref ("browser.safebrowsing.downloads.remote.block_uncommon", false);
user_pref ("browser.safebrowsing.downloads.remote.enabled", false);
user_pref ("browser.safebrowsing.malware.enabled", false);
user_pref ("browser.safebrowsing.phishing.enabled", false);
user_pref ("browser.safebrowsing.downloads.remote.url", "");
user_pref ("browser.safebrowsing.provider.google.advisoryName", "");
user_pref ("browser.safebrowsing.provider.google.advisoryURL", "");
user_pref ("browser.safebrowsing.provider.google.gethashURL", "");
user_pref ("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "");
user_pref ("browser.safebrowsing.provider.google.reportPhishMistakeURL", "");
user_pref ("browser.safebrowsing.provider.google.reportURL", "");
user_pref ("browser.safebrowsing.provider.google.updateURL", "");
user_pref ("browser.safebrowsing.provider.google4.advisoryName", "");
user_pref ("browser.safebrowsing.provider.google4.advisoryURL", "");
user_pref ("browser.safebrowsing.provider.google4.dataSharingURL", "");
user_pref ("browser.safebrowsing.provider.google4.gethashURL", "");
user_pref ("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "");Disable DRM
... just because we can!
Code:
user_pref ("browser.eme.ui.enabled", false);
user_pref ("media.eme.enabled", false);So, we looked at some basic settings of the Firefox browser that will help you not to share your data with anyone. As you can see, without these settings, the browser actually follows every step, collects a bunch of metrics and sends them here and there. Since all of this can be turned off, why not do it?
Of course, this guide cannot be called absolutely complete - I'm sure there is something else in the hundreds of browser settings that can be optimized and improved, but we still blocked the bulk of the collected data. You also need to remember that the names of the settings may change from version to version, some may leave, and others may come, so the file will need to be updated from time to time.
10 useful Firefox plugins
No matter how we configure the browser, some things can only be achieved with plugins. They can also be of great help in strengthening our security when surfing the Internet. Here are some of the ones that I use and find necessary.
1. Privacy Possum - blocks various tracking methods: referrers, ETag headers, third-party cookies, corrupts fingerprint data.
2. uBlock Origin is a great ad blocker and more. Contains extensive block lists, the only caveat is that the lion's share of block lists will need to be activated independently in the settings, because they are disabled by default.
3. uMatrix is an extension developed by the author of uBlock Origin. It is a powerful blocker of browser requests, and in conjunction with uBlock it becomes a powerful tool against ads and other tinsel. However, it requires customization for almost every site.
4. Nano Defender is a good addition to the ad blocker - the plugin counteracts anti-adblockers.
5. Decentraleyes is a useful plugin that prevents CDN (Content Delivery Network) tracking.
6. Facebook Container is a plugin developed by Mozilla. Tries to stop Facebook surveillance.
7. Google search link fix - an extension that cleans Yandex and Google search results, preventing the search engine from collecting statistics on clicks on links in the search results.
8. NoScript is a popular extension that blocks scripts on websites. Very useful because it is scripts that often break anonymity.
9. HTTPS Everywhere - automatically switches the connection to HTTPS, even when it was not explicitly indicated in the address bar.
10. Privacy Badger - Another extension from the Electronic Frontier Foundation that discourages site surveillance.
