83 lines
4.7 KiB
Markdown
Executable file
83 lines
4.7 KiB
Markdown
Executable file
# Firefox
|
|
|
|
Make using the web more safe by disabling commonly used techniques and mechanism _without_ sacrificing usability.
|
|
|
|
Why Firefox? It provides high configurability, is open source and thus better to be reviewed by external security advisories.
|
|
|
|
Based on [https://www.privacy-handbuch.de/handbuch_21.htm](https://www.privacy-handbuch.de/handbuch_21.htm).
|
|
|
|
## Recommended extensions
|
|
|
|
Besides Firefox integrated anti-tracking mechanisms, it's still advised to install additional plugins to further enhance this.
|
|
|
|
* `Https Everywhere`: redirects to SSL version of a website automatically if it's available, [currently preferred over Firefox's built-in mode because of feature richness](https://www.eff.org/https-everywhere/faq#https-only-mode)
|
|
* `uBlock Origin`: blocks ads and unwanted trackers
|
|
* `ClearURLs` or `Neat url`: removes common parameters from pages (e.g. to identify you with something like `?os=windows&browser=chrome&version=86`)
|
|
* `Skip Redirect`: skips not needed redirects of pages
|
|
* `CanvasBlocker`: disallows canvas fingerprinting which would be able to identify your unique browser, heavily used in some JavaScript (web) APIs
|
|
* (optional and might lead to disfunction): `Cookie AutoDelete`: automatically deletes cookies during a session
|
|
|
|
**More**:
|
|
* Use a password manager and don't store or synchronize your passwords within internal browser functionality, e.g. `KeePassXC`
|
|
* Use `Invidious` instances for a liberated YouTube experience (a proxy to YouTube)
|
|
|
|
**Hint**: All extensions, especially extensions interferring in redirects and cookies like `Skip Redirect` or `Cookie Autodelete` _might_ lead to malfunctioning of some websites, e.g. websites not redirecting correctly or not being able to store cookies. _It's recommended to disable them per page if you notice something's not working as expected_!
|
|
|
|
You can **hide extension icons** in the overflow menu if you like. Just right click the icon in the top right in the menu bar and "pin to overflow".
|
|
|
|
### uBlock settings
|
|
|
|
* Import the `ublock-config-1.txt` in the "My Filter" menu for proper settings.
|
|
* Import `https://raw.githubusercontent.com/gwarser/filter-lists/master/lan-block.txt` in "Filter lists" (Custom)
|
|
|
|
## Recommended search engines
|
|
|
|
If not possible in another way, you can add them via [Add custom search engine](https://addons.mozilla.org/en-US/firefox/addon/add-custom-search-engine/). Just follow instructions after installing and opening the extension.
|
|
|
|
```
|
|
https://www.qwant.com/?q=%s&r=DE&sr=de&l=en_gb&h=1&s=0&a=1&b=1&vt=0&hc=0&smartNews=0&smartSocial=0&theme=0&i=1&donation=0&qoz=0&shb=0&shl=0
|
|
```
|
|
|
|
```
|
|
https://duckduckgo.com/?q=%s&ks=l&kav=1&kn=1&kp=-2&kak=-1&kax=-1&kaq=-1&kao=-1&kau=-1&kaj=m&kam=google-maps&k1=-1&kae=c
|
|
```
|
|
|
|
Be sure to add shortcuts to be used in your navigation bar, e.g. `@ddg` refers to DuckDuckGo search engine and directly issues searches to DuckDuckGo from the navigation bar.
|
|
|
|
## Recommended settings
|
|
|
|
How to do it?
|
|
|
|
* Use the provided `user.js` file and copy it into your Firefox profile folder while application is _not_ running.
|
|
|
|
To find your profile folder, click on the menu top right, on `Help -> Troubleshooting Information`. You can directly open your **Profile Directory** from there or see it, typically it's something like `$HOME/.mozilla/firefox/...` or in Windows `%APPDATA%\Mozilla\Firefox\Profiles\...`
|
|
|
|
* Adjust values by browsing `about:config` in the address bar. `""` means empty, just delete the characters and press ENTER.
|
|
* Create your own profile and copy it into the application data folder while application is _not_ running. See [https://ffprofile.com](https://ffprofile.com).
|
|
|
|
Some settings _might_ break website behavior although this is not very likely. Be aware of that!
|
|
|
|
Use an external password manager like KeepassXC, at least AutoFill is advised to be disabled). See [https://www.privacy-handbuch.de/handbuch_21j2.htm#08_07_18](https://www.privacy-handbuch.de/handbuch_21j2.htm#08_07_18).
|
|
|
|
### Common User Preferences
|
|
Optional, but commonly used to ease browsing. Not security-related.
|
|
|
|
```
|
|
general.smoothScroll = false
|
|
general.smoothScroll.pages = false
|
|
mousewheel.min_line_scroll_amount = 40
|
|
browser.newtabpage.activity-stream.feeds.topsites = true
|
|
```
|
|
|
|
Optional and **potentially dangerous in terms of website behavior**, for _GNU/Linux only_.
|
|
|
|
```
|
|
image.mem.max_decoded_image_kb = 512000
|
|
media.getusermedia.aec_enabled = false
|
|
media.getusermedia.agc_enabled = false
|
|
media.getusermedia.noise_enabled = false
|
|
```
|
|
|
|
## Additional hints
|
|
|
|
Besides securing Firefox, you should consider not using the DNS servers of your Internet provider and instead install system-wide [DNS alternatives](https://www.kuketz-blog.de/empfehlungsecke/#dns) or a [local DNS server](https://wiki.archlinux.org/index.php/Unbound) which directly queries root DNS servers. There's really no downside of this.
|