The other day @rose@503junk.house posted this thread about Firefox and how she likes to set it up. It got me thinking that I should share my Firefox setup in full, for those looking for a privacy respecting, simple, comfy browser experience. Some of my opinions will differ from hers, and honestly she's smarter than me so maybe listen to her, I'm just old and set in my ways. But if you're curious, join me on a journey into about:config
.
A Tale of Two Browsers
To start, I tend to run two copies of Firefox at a time. Not two profiles, two copies. One is vanilla Firefox as it comes from Mozilla's website. I do the bare minimum to it to ensure it will work on any website no matter how terrible. Most of the time that's to buy Amtrak tickets.
Then, I install Firefox Developer Edition. This is my daily driver. This one will be set as strict as possible, and I'll jump into about:config to fully disable features that are just clutter to me like recommendations, pocket, Firefox accounts, sync, etc.
This same setup could be done with standard Firefox as a daily driver and Firefox ESR (extended support release) whenever I need to buy a train ticket. I prefer dev edition for the most superficial of reasons, some slightly shinier developer tools and a blue icon.
Firefox Developer Edition - My daily driver
Miscellanea
Before I get into settings, I clean up some things. Right click on the "Firefox View" icon in the top left that looks like a pinned tab, and Remove from Toolbar. Then delete "Import Bookmarks" and "Getting Started" from the bookmarks toolbar. Open Bookmarks Manager (hamburger menu -> Bookmarks -> Manage Bookmarks, or Ctrl-Shift-O), click on Bookmarks Menu, and delete the "Mozilla Firefox" folder.
Settings
General
Browsing
- Uncheck "Recommend extensions as you browse."
- Uncheck "Recommend features as you browse."
Home
Firefox Home Content
- Uncheck everything but "Web Search."
Search
Default Search Engine
- Change to DuckDuckGo.
Search Suggestions
- Uncheck everything.
Search Shortcuts
- Remove every entry that you can.
Privacy & Security
Enhanced Tracking Protection
- Set to strict.
- Do not Track - leave default as there's a strong argument that websites ignore it and can use it for fingerprinting.
- Logins and Passwords
- Uncheck everything and use a password manager.
Forms and Autofill
- Uncheck everything.
Address Bar
- Uncheck everything but Bookmarks.
- Untoggle Suggestions from the web.
- Untoggle Suggestions from sponsors.
Permissions
- Make sure "Block pop-up windows" and "Warn you when websites try to install add-ons" are both checked.
Firefox Developer Edition Data Collection and Use
- Uncheck everything.
Deceptive Content and Dangerous Software Protection
- Make sure everything is checked.
HTTPS-Only Mode
- Enable in all windows.
DNS over HTTPS
- Max protection. I have a DNS sinkhole on my network so I choose custom for my provider and do all of that. If you don't have that going on, just use NextDNS.
Add-ons
- uBlock Origin - the best light-weight ad and tracker blocker.
- KeepassXC-Browser - I use KeepassXC as my password manager and this is how I access it.
- Multi-Account Containers - cookie isolation into containers, useful both for keeping cookies away from invasive websites, and managing multiple accounts on websites that don't support account switching
- Progressive Web Apps for Firefox - I found out about this from @rose@503junk.house and PWAs are a big improvement over electron apps.
Intermission
You could stop right here and have a pretty good privacy respecting browser. I like to go into about:config
and do more, and also disable some features in Firefox that annoy me. That said, sometimes more settings is not better, as everything you customize could be used for additional fingerprinting. Some of these settings may cause unexpected issues with certain websites. Continue down the rabbit hole with me at your own risk.
About:Config
Now it's time to dive under the hood. enter about:config
in the address bar and click the big scary button that says "Accept the Risk and Continue."
To change these settings, enter the setting in the search box and then use the toggle on the right to change the value.
Disabling Annoying Parts of Firefox (I don't want my web browser to upsell anything)
identity.fxaccounts.enabled
false - this will remove/disable "sign in to sync" and all other firefox account stuff. I want a web browser, not an account.extensions.pocket.enabled
false - this will make pocket go away entirely.browser.preferences.moreFromMozilla
false - Removes the "More from Mozilla" section of settings.extensions.getAddons.showPane
false - Removes recommended addons pane on the addons page. This preference will have to be created as a boolean and then set to false.extensions.htmlaboutaddons.recommendations.enabled
false - Removes recommended addons on the extensions pane.
Privacy Settings
privacy.firstparty.isolate
true - isolate cookies to the first party domain, thereby disabling tracking across multiple domains.network.dns.disablePrefetch
true - yes DNS prefetching can offer a slight speed increase, but it carries risks.network.prefetch-next
false - stop firefox fetching pages it thinks you'll visit next.dom.event.clipboardevents.enabled
false - don't let websites know when you copy, paste, or cut.
Other Things I Just Think Are Neat
browser.compactmode.show
true - add a compact view to the customize panel. more info.browser.urlbar.suggest.calculator
true - make your url bar a calculator.browser.tabs.tabmanager.enabled
false - only show the tab list when there is overflow.
A Note on privacy.resistFingerprinting
I don't enable this one, though many recommend it. It causes two issues with me for sites that I use daily. On Nextcloud, some apps cannot determine my timezone and at this time there is no workaround or way to set it manually. On mastodon, the favicon ends up messed up, as does any website with a favicon that updates when I get a notification. Since most of my internet time is spent in these two web apps, I choose to keep it disabled.
Vanilla Firefox
I could write all of it out like I did above, but I tend to just change the search engine to DuckDuckGo, turn off recommendations, and disable Firefox Data Collection. And since I don't use this browser for much or often, I set it to delete cookies and site data when Firefox is closed.
Conclusion
With this setup, I have a mostly-private browser and a backup browser to buy train tickets. My mostly-private Browser is just a web browser. It doesn't try to sell me anything, or get me to create accounts I don't need. I handle syncing my bookmarks myself, and I manage my passwords myself.
If your threat model calls for even more protection, add Tor Browser to your list of browsers. Oh hey, it's also based on Firefox.
Further Reading
If you want do more research on configuring Firefox for privacy, here are a few guides that have helped me: