This is Saj's guide, taken from https://files.slack.com/files-pri/T4Y3623FD-F025LCJ53CJ/firefox-hardening.asciidoc
This is a list of things I do when installing Firefox on a new machine.
Contents
First launch
Navigate to about:profiles and create a new profile with a sensible name. Delete the default profile.
Preferences
General
- Restore previous session: enabled
- Warn you when quitting the browser: enabled
- Ctrl+Tab cycles through tabs in recently used order: disabled
- Set a minimum font size
- Allow pages to choose their own fonts: disabled
- Set languages: fuckoff en-US; replace with actual English
- Do not open PDFs with Firefox
- Recommend extensions as you browse: disabled
- Recommend features as you browse: disabled
Home
- Web Search: disabled
- Sponsored Top Sites: disabled
Search
- Provide search suggestions: disabled
- Remove Amazon, Bing, eBay
Privacy and Security
- Enhanced Tracking Protection: Strict
- Do Not Track: Always
- Ask to save logins and passwords: disabled
- Permissions: disable everything
- Allow Firefox to send technical and interaction data to Mozilla: enabled... for now
- Allow Firefox to make personalised extension recommendations: disabled
- Allow Firefox to install and run studies: disabled
- Allow Firefox to send backlogged crash reports on your behalf: disabled
- Query OCSP responder servers: disabled
- Don't enable HTTPS-Only mode
about:config
See link:macos.asciidoc[macos notes] for _High-DPI_ workarounds.
accessibility.force_disabled: 1
beacon.enabled: false
browser.send_pings: false
browser.tabs.warnOnClose: false
browser.urlbar.trimURLs: false
dom.serviceWorkers.enabled: false
extensions.pocket.enabled: false
geo.enabled: false
identity.fxaccounts.enabled: false
network.IDN_show_punycode: true
network.predictor.enabled: false
network.prefetch-next: false
ui.contextMenuOffsetHorizontal: 5 (must be created)
ui.contextMenuOffsetVertical: 5 (must be created)
webgl.disabled: true
If you do not intend to use WebRTC crap (Google Meet et. al.):
media.navigator.enabled: false
media.peerconnection.enabled: false
Extensions
- Enable automatic cleaning: enabled
- Set 30s delay before automatic cleaning
- Enable cleanup on domain change: enabled
- Enable greylist cleanup on browser restart: enabled
- Enable IndexedDB cleanup: enabled
Enable LocalStorage cleanup: enabled
- Enable Plugin Data cleanup: enabled
- Enable Service Workers cleanup: enabled
- Enable support for Container Tabs: enabled
- Show notification after automatic cleanup: disabled
Decentraleyes (defaults are fine)
- I am an advanced user: enabled
- Prevent WebRTC from leaking local IP addresses: enabled
- Enable all _Built-in_, _Ads_, _Privacy_, and _Annoyances_ filters. Enable _Dan Pollock's hosts file_ filter.