privacy/firefox/README.md

4.5 KiB
Executable file

Firefox

Make using the web more safe by disabling commonly used techniques and mechanism without sacrificing usability.

Why Firefox? It provides high configurability, is open source and thus better to be reviewed by external security advisories.

Based on https://www.privacy-handbuch.de/handbuch_21.htm.

Besides Firefox integrated anti-tracking mechanisms, it's still advised to install additional plugins to further enhance this.

  • uBlock Origin: blocks ads and unwanted trackers
  • Neat url: removes common parameters from pages (e.g. to identify you with something like ?os=windows&browser=chrome&version=86)
  • Skip Redirect: skips not needed redirects of pages
  • CanvasBlocker: disallows canvas fingerprinting which would be able to identify your unique browser, heavily used in some JavaScript (web) APIs
  • (optional and might lead to disfunction): Cookie AutoDelete: automatically deletes cookies during a session

More:

  • Use a password manager and don't store or synchronize your passwords within internal browser functionality, e.g. KeePassXC
  • Use Invidious instances for a liberated YouTube experience (a proxy to YouTube)

Hint: All extensions, especially extensions interferring in redirects and cookies like Skip Redirect or Cookie Autodelete might lead to malfunctioning of some websites, e.g. websites not redirecting correctly or not being able to store cookies. It's recommended to disable them per page if you notice something's not working as expected!

You can hide extension icons in the overflow menu if you like. Just right click the icon in the top right in the menu bar and "pin to overflow".

uBlock settings

  • Import the ublock-config-1.txt in the "My Filter" menu for proper settings.
  • Import https://raw.githubusercontent.com/gwarser/filter-lists/master/lan-block.txt in "Filter lists" (Custom)

If not possible in another way, you can add them via Add custom search engine. Just follow instructions after installing and opening the extension.

https://www.qwant.com/?q=%s&r=DE&sr=de&l=en_gb&h=1&s=0&a=1&b=1&vt=0&hc=0&smartNews=0&smartSocial=0&theme=0&i=1&donation=0&qoz=0&shb=0&shl=0
https://duckduckgo.com/?q=%s&ks=l&kav=1&kn=1&kp=-2&kak=-1&kax=-1&kaq=-1&kao=-1&kau=-1&kaj=m&kam=google-maps&k1=-1&kae=c

Be sure to add shortcuts to be used in your navigation bar, e.g. @ddg refers to DuckDuckGo search engine and directly issues searches to DuckDuckGo from the navigation bar.

How to do it?

  • Use the provided user.js file and copy it into your Firefox profile folder while application is not running.

    To find your profile folder, click on the menu top right, on Help -> Troubleshooting Information. You can directly open your Profile Directory from there or see it, typically it's something like $HOME/.mozilla/firefox/... or in Windows %APPDATA%\Mozilla\Firefox\Profiles\...

  • Adjust values by browsing about:config in the address bar. "" means empty, just delete the characters and press ENTER.

  • Create your own profile and copy it into the application data folder while application is not running. See https://ffprofile.com.

Some settings might break website behavior although this is not very likely. Be aware of that!

Use an external password manager like KeepassXC, at least AutoFill is advised to be disabled). See https://www.privacy-handbuch.de/handbuch_21j2.htm#08_07_18.

Common User Preferences

Optional, but commonly used to ease browsing. Not security-related.

general.smoothScroll = false
general.smoothScroll.pages = false
mousewheel.min_line_scroll_amount = 40
browser.newtabpage.activity-stream.feeds.topsites = true

Optional and potentially dangerous in terms of website behavior, for GNU/Linux only.

image.mem.max_decoded_image_kb = 512000
media.getusermedia.aec_enabled = false
media.getusermedia.agc_enabled = false
media.getusermedia.noise_enabled = false

Additional hints

Besides securing Firefox, you should consider not using the DNS servers of your Internet provider and instead install system-wide DNS alternatives or a local DNS server which directly queries root DNS servers. There's really no downside of this.