{{{#!wiki tip
This is Saj's guide, taken from https://files.slack.com/files-pri/T4Y3623FD-F025LCJ53CJ/firefox-hardening.asciidoc
}}}
This is a list of things I do when installing Firefox on a new machine.
<<TableOfContents>>
= First launch =
Navigate to `about:profiles` and create a new profile with a sensible name. Delete the default profile.
= Preferences =
=== General ===
* Restore previous session: enabled
* Warn you when quitting the browser: enabled
* Ctrl+Tab cycles through tabs in recently used order: disabled
* Set a minimum font size
* Allow pages to choose their own fonts: disabled
* Set languages: fuckoff en-US; replace with actual English
* Do not open PDFs with Firefox
* Recommend extensions as you browse: disabled
* Recommend features as you browse: disabled
=== Home ===
* Web Search: disabled
* Sponsored Top Sites: disabled
=== Search ===
* Provide search suggestions: disabled
* Remove Amazon, Bing, eBay
=== Privacy and Security ===
* Enhanced Tracking Protection: Strict
* Do Not Track: Always
* Ask to save logins and passwords: disabled
* Permissions: disable everything
* Allow Firefox to send technical and interaction data to Mozilla: enabled... for now
* Allow Firefox to make personalised extension recommendations: disabled
* Allow Firefox to install and run studies: disabled
* Allow Firefox to send backlogged crash reports on your behalf: disabled
* Query OCSP responder servers: disabled
* Don't enable HTTPS-Only mode
= about:config =
See link:macos.asciidoc[macos notes] for _High-DPI_ workarounds.
* `accessibility.force_disabled`: 1
* `beacon.enabled`: false
* `browser.send_pings`: false
* `browser.tabs.warnOnClose`: false
* `browser.urlbar.trimURLs`: false
* `dom.serviceWorkers.enabled`: false
* `extensions.pocket.enabled`: false
* `geo.enabled`: false
* `identity.fxaccounts.enabled`: false
* `network.IDN_show_punycode`: true
* `network.predictor.enabled`: false
* `network.prefetch-next`: false
* `ui.contextMenuOffsetHorizontal`: 5 (must be created)
* `ui.contextMenuOffsetVertical`: 5 (must be created)
* `webgl.disabled`: true
If you do not intend to use WebRTC crap (Google Meet et. al.):
* `media.navigator.enabled`: false
* `media.peerconnection.enabled`: false
= Extensions =
[[https://addons.mozilla.org/en-GB/firefox/addon/cookie-autodelete/| Cookie AutoDelete]]
* Enable automatic cleaning: enabled
* Set 30s delay before automatic cleaning
* Enable cleanup on domain change: enabled
* Enable greylist cleanup on browser restart: enabled
* Enable IndexedDB cleanup: enabled
* Enable LocalStorage cleanup: enabled
* Enable Plugin Data cleanup: enabled
* Enable Service Workers cleanup: enabled
* Enable support for Container Tabs: enabled
* Show notification after automatic cleanup: disabled
[[https://addons.mozilla.org/en-GB/firefox/addon/decentraleyes/| Decentraleyes]] (defaults are fine)
[[https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin/| uBlock Origin]]
* I am an advanced user: enabled
* Prevent WebRTC from leaking local IP addresses: enabled
* Enable all _Built-in_, _Ads_, _Privacy_, and _Annoyances_ filters. Enable _Dan Pollock's hosts file_ filter.
= References =
* http://sciops.net/information/technology/firefox
* https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/