privacy/firefox/README.md

4.1 KiB
Executable file

README

Make using the web more safe by disabling commonly used techniques and mechanism without sacrificing usability.

Why Firefox? It provides high configurability, is open source and thus better to be reviewed by external security advisories.

Mainly based on arkenfox with some custom overrides.

Install

To find your profile folder, click on the menu top right, on Help -> Troubleshooting Information. You can directly open your Profile Directory from there or see it, typically it's something like $HOME/.mozilla/firefox/... or in Windows %APPDATA%\Mozilla\Firefox\Profiles\...

  • Install arkenfox (copy to your Firefox profile)
  • Copy user-overrides.js also into your Firefox profile folder
    • Change any setting if needed, e.g. not clean history?
  • Apply the user-overrides.js by running ./updater.sh or the .bat file on Windows in the Firefox profile folder
  • Remove unnecessary search engines and apply your own or use DuckDuckGo/Startpage
  • Install necessary plugins
    • uBlock
    • Canvas Blocker
    • Skip Redirect
  • Import provides settings file for uBlock and Canvas Blocker
  • Customize toolbar
    • add home button
    • remove separator spaces
  • Disallow saving logins and use a password manager, e.g. KeePassXC
  • Login to Firefox sync

Custom overrides

Look into user-overrides.js which custom overrides are enabled and maybe adapt to your needs. In general they're applied to ease browsing without sacrificing too much security or are just preferences, e.g. scroll speed.

Besides Firefox integrated anti-tracking mechanisms, it's still advised to install additional plugins to further enhance this.

  • uBlock Origin (import provided .txt in the extension):
    • blocks ads and unwanted trackers
    • removes certain url parameters ()
  • Skip Redirect: skips not needed redirects of pages
  • CanvasBlocker (import provided config in the extension): disallows canvas fingerprinting which would be able to identify your unique browser, heavily used in some JavaScript (web) APIs

More:

  • Use a password manager and don't store or synchronize your passwords within internal browser functionality, e.g. KeePassXC

Hint: All extensions, especially extensions interferring in redirects and cookies like Skip Redirect might lead to malfunctioning of some websites, e.g. websites not redirecting correctly or not being able to store cookies. It's recommended to disable them per page if you notice something's not working as expected!

You can hide extension icons in the overflow menu if you like. Just right click the icon in the top right in the menu bar and "pin to overflow".

uBlock settings

  • Import the ublock-config-1.txt in the "My Filter" menu for proper settings.
  • Import https://raw.githubusercontent.com/gwarser/filter-lists/master/lan-block.txt in "Filter lists" (Custom)

Canvas Blocker

Import the provided Canvas settings json file.

If not possible in another way, you can add them via Add custom search engine. Just follow instructions after installing and opening the extension.

https://www.qwant.com/?q=%s&r=DE&sr=de&l=en_gb&h=1&s=0&a=1&b=1&vt=0&hc=0&smartNews=0&smartSocial=0&theme=0&i=1&donation=0&qoz=0&shb=0&shl=0
https://duckduckgo.com/?q=%s&ks=l&kav=1&kn=1&kp=-2&kak=-1&kax=-1&kaq=-1&kao=-1&kau=-1&kaj=m&kam=google-maps&k1=-1&kae=c

Be sure to add shortcuts to be used in your navigation bar, e.g. @ddg refers to DuckDuckGo search engine and directly issues searches to DuckDuckGo from the navigation bar.

Additional hints

Besides securing Firefox, you should consider not using the DNS servers of your Internet provider and instead install system-wide DNS alternatives or a local DNS server which directly queries root DNS servers. There's really no downside of this.