4.5 KiB
Executable file
Firefox
Make using the web more safe by disabling commonly used techniques and mechanism without sacrificing usability.
Why Firefox? It provides high configurability, is open source and thus better to be reviewed by external security advisories.
Based on https://www.privacy-handbuch.de/handbuch_21.htm.
Recommended extensions
Besides Firefox integrated anti-tracking mechanisms, it's still advised to install additional plugins to further enhance this.
uBlock Origin
: blocks ads and unwanted trackersNeat url
: removes common parameters from pages (e.g. to identify you with something like?os=windows&browser=chrome&version=86
)Skip Redirect
: skips not needed redirects of pagesCanvasBlocker
: disallows canvas fingerprinting which would be able to identify your unique browser, heavily used in some JavaScript (web) APIs- (optional and might lead to disfunction):
Cookie AutoDelete
: automatically deletes cookies during a session
More:
- Use a password manager and don't store or synchronize your passwords within internal browser functionality, e.g.
KeePassXC
- Use
Invidious
instances for a liberated YouTube experience (a proxy to YouTube)
Hint: All extensions, especially extensions interferring in redirects and cookies like Skip Redirect
or Cookie Autodelete
might lead to malfunctioning of some websites, e.g. websites not redirecting correctly or not being able to store cookies. It's recommended to disable them per page if you notice something's not working as expected!
You can hide extension icons in the overflow menu if you like. Just right click the icon in the top right in the menu bar and "pin to overflow".
uBlock settings
- Import the
ublock-config-1.txt
in the "My Filter" menu for proper settings. - Import
https://raw.githubusercontent.com/gwarser/filter-lists/master/lan-block.txt
in "Filter lists" (Custom)
Recommended search engines
If not possible in another way, you can add them via Add custom search engine. Just follow instructions after installing and opening the extension.
https://www.qwant.com/?q=%s&r=DE&sr=de&l=en_gb&h=1&s=0&a=1&b=1&vt=0&hc=0&smartNews=0&smartSocial=0&theme=0&i=1&donation=0&qoz=0&shb=0&shl=0
https://duckduckgo.com/?q=%s&ks=l&kav=1&kn=1&kp=-2&kak=-1&kax=-1&kaq=-1&kao=-1&kau=-1&kaj=m&kam=google-maps&k1=-1&kae=c
Be sure to add shortcuts to be used in your navigation bar, e.g. @ddg
refers to DuckDuckGo search engine and directly issues searches to DuckDuckGo from the navigation bar.
Recommended settings
How to do it?
-
Use the provided
user.js
file and copy it into your Firefox profile folder while application is not running.To find your profile folder, click on the menu top right, on
Help -> Troubleshooting Information
. You can directly open your Profile Directory from there or see it, typically it's something like$HOME/.mozilla/firefox/...
or in Windows%APPDATA%\Mozilla\Firefox\Profiles\...
-
Adjust values by browsing
about:config
in the address bar.""
means empty, just delete the characters and press ENTER. -
Create your own profile and copy it into the application data folder while application is not running. See https://ffprofile.com.
Some settings might break website behavior although this is not very likely. Be aware of that!
Use an external password manager like KeepassXC, at least AutoFill is advised to be disabled). See https://www.privacy-handbuch.de/handbuch_21j2.htm#08_07_18.
Common User Preferences
Optional, but commonly used to ease browsing. Not security-related.
general.smoothScroll = false
general.smoothScroll.pages = false
mousewheel.min_line_scroll_amount = 40
browser.newtabpage.activity-stream.feeds.topsites = true
Optional and potentially dangerous in terms of website behavior, for GNU/Linux only.
image.mem.max_decoded_image_kb = 512000
media.getusermedia.aec_enabled = false
media.getusermedia.agc_enabled = false
media.getusermedia.noise_enabled = false
Additional hints
Besides securing Firefox, you should consider not using the DNS servers of your Internet provider and instead install system-wide DNS alternatives or a local DNS server which directly queries root DNS servers. There's really no downside of this.