{{{#!wiki tip This is Saj's guide, taken from https://files.slack.com/files-pri/T4Y3623FD-F025LCJ53CJ/firefox-hardening.asciidoc }}} This is a list of things I do when installing Firefox on a new machine. <> = First launch = Navigate to `about:profiles` and create a new profile with a sensible name. Delete the default profile. = Preferences = === General === * Restore previous session: enabled * Warn you when quitting the browser: enabled * Ctrl+Tab cycles through tabs in recently used order: disabled * Set a minimum font size * Allow pages to choose their own fonts: disabled * Set languages: fuckoff en-US; replace with actual English * Do not open PDFs with Firefox * Recommend extensions as you browse: disabled * Recommend features as you browse: disabled === Home === * Web Search: disabled * Sponsored Top Sites: disabled === Search === * Provide search suggestions: disabled * Remove Amazon, Bing, eBay === Privacy and Security === * Enhanced Tracking Protection: Strict * Do Not Track: Always * Ask to save logins and passwords: disabled * Permissions: disable everything * Allow Firefox to send technical and interaction data to Mozilla: enabled... for now * Allow Firefox to make personalised extension recommendations: disabled * Allow Firefox to install and run studies: disabled * Allow Firefox to send backlogged crash reports on your behalf: disabled * Query OCSP responder servers: disabled * Don't enable HTTPS-Only mode = about:config = See link:macos.asciidoc[macos notes] for _High-DPI_ workarounds. * `accessibility.force_disabled`: 1 * `beacon.enabled`: false * `browser.send_pings`: false * `browser.tabs.warnOnClose`: false * `browser.urlbar.trimURLs`: false * `dom.serviceWorkers.enabled`: false * `extensions.pocket.enabled`: false * `geo.enabled`: false * `identity.fxaccounts.enabled`: false * `network.IDN_show_punycode`: true * `network.predictor.enabled`: false * `network.prefetch-next`: false * `ui.contextMenuOffsetHorizontal`: 5 (must be created) * `ui.contextMenuOffsetVertical`: 5 (must be created) * `webgl.disabled`: true If you do not intend to use WebRTC crap (Google Meet et. al.): * `media.navigator.enabled`: false * `media.peerconnection.enabled`: false = Extensions = [[https://addons.mozilla.org/en-GB/firefox/addon/cookie-autodelete/| Cookie AutoDelete]] * Enable automatic cleaning: enabled * Set 30s delay before automatic cleaning * Enable cleanup on domain change: enabled * Enable greylist cleanup on browser restart: enabled * Enable IndexedDB cleanup: enabled * Enable LocalStorage cleanup: enabled * Enable Plugin Data cleanup: enabled * Enable Service Workers cleanup: enabled * Enable support for Container Tabs: enabled * Show notification after automatic cleanup: disabled [[https://addons.mozilla.org/en-GB/firefox/addon/decentraleyes/| Decentraleyes]] (defaults are fine) [[https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin/| uBlock Origin]] * I am an advanced user: enabled * Prevent WebRTC from leaking local IP addresses: enabled * Enable all _Built-in_, _Ads_, _Privacy_, and _Annoyances_ filters. Enable _Dan Pollock's hosts file_ filter. = References = * http://sciops.net/information/technology/firefox * https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/