Advice Request Firefox - A helpful Privacy Set-Up Guide

[17410742]

Install the following Add-ons:

HTTPS Everywhere
uBlock Origin
uMatrix
Privacy Badger

Options > Home

Set HomePage & New Windows AND tabs to 'Blank Page'

Options > Search

Set Search Engine to DuckDuckGO & disable search suggestions.

Options > Privacy & Security

Enable Always use Private Browsing mode
Set tracking & do not track to 'Always'
untick all options in 'Firefox Data Collection & use'

Options > Firefox Account

Do Not Use One!

---------

Advanced Privacy Settings:

Type about:config into your navigation bar & accept the warning.

Disable WebRTC: Search for 'media.peerconnection.enabled' > Double Click it to change it to FALSE
Enable Fingerprint Resistance: Search for 'privacy.resistfingerprinting' > Double Click it to change it to TRUE
Disable the 3DES cipher: Search for 'security.ssl3.rsa_des_ede3_sha' > Double Click it to change it to FALSE
Require Safe Negotiation: Search for 'security.ssl.require_safe_negotiation' > Double Click it to change it to TRUE
Disable TLS 1.0 & 1.1: Search for 'security.tls.version.min' > Double Click it & change setting to 3
Disable 0-RTT: Search for 'security.tls.enable_0rtt_data' > Double Click it to change it to FALSE
Disable Formfill: Search for 'browser.formfill.enable' > Double Click it to change it to FALSE

Disable All Disk Caching: > Set all these to FALSE:

'browser.cache.disk.enable'
'browser.cache.disk_cache_ssl'
'browser.cache.memory.enable'
'browser.cache.offline.enable'
'browser.cache.insecure.enable'

Disable Geo Location: Search for 'geo.enabled' > Double Click it to change it to FALSE
Disable Plugin Scanning: Search for 'plugin.scan.plid.all' > Double Click it to change it to FALSE
Disable Pocket: Search for 'pocket.enabled' > Double Click it to change it to FALSE

Disable ALL Telemetry: Search 'telemetry' > Set all these to FALSE:

'browser.newtabpage.activity-stream.feeds.telemetry'
'browser.newtabpage.activity-stream.telemetry'
'browser.ping-centre.telemetry'
'devtools.onboarding.telemetry-logged'
'media.wmf.deblacklisting-for-telemetry-in-gpu-process'
'toolkit.telemetry.archive.enabled'
'toolkit.telemetry.bhrping.enabled'
'toolkit.telemetry.firstshutdownping.enabled'
'toolkit.telemetry.hybridcontent.enabled'
'toolkit.telemetry.newprofileping.enabled'
'toolkit.telemetry.unified'
'toolkit.telemetry.updateping.enabled'

 

[In2an3_PpG]

uBlock Origin
uMatrix
Privacy Badger

All you need is uMatrix in this picture. By far the most powerful extension. If you set up uMatrix for default deny everything except images. There would be need for uBlock or Badger.

You could also add to your list.

Phoning home: "network.captive-portal-service.enabled" False
Pocket: "pocket.enabled" False

 

[17410742]

All you need is uMatrix in this picture. By far the most powerful extension. If you set up uMatrix for default deny everything except images. There would be need for uBlock or Badger.

You could also add to your list.

Phoning home: "network.captive-portal-service.enabled" False
Pocket: "pocket.enabled" False

oops. i meant to add the pocket one too.

That other, is one i dont know myself - I'll look into it.

Privacy Badger can block cookies based on Behaviour, ie. New Threats - It can block even with no frame of reference to use.

Also there are other options that are not included purposedly because the addons do a better job with them, i stand by those addon choices.

 

[RoboMan]

Great guide! Thank you!

 

[amico81]

Thx for this guide i love tweaks

 

[17410742]

Thx for this guide i love tweaks

lol yep,

Add a No logs VPN & SBIE too - Then you're golden!

 

[Decopi]

With all due respect, there is no reason to reinvent the wheel, for years the best Firefox' privacy + security guide always has been: ghacksuserjs/ghacks-user.js

This guide has a Wiki explaining how to install etc.
Also, inside the script, every change is explained.
Also, it is frequently updated with each new FF' version.

There is no need to install all the script.
By reading the script, users can chose what to change or not.
Just remember that a paranoid approach will break most of the websites, ruining the internet experience. And even blocking everything... this is not a guarantee that privacy/security is protected.

Default Firefox' settings are enough for average users. And most of the add-ons don't add privacy/security.
In this case, changing habits users is better than changing Firefox' settings.

For "advanced" users, paranoids or looking for additional privacy/security, Tor (Firefox' fork) is better than changing default Firefox' settings.

Nothing against tweaking Firefox' settings. I'm just trying to say that most of the tweaks or add-ons are not adding privacy/security.

 

[Sophia Jan]

Firefox Privacy Set-Up
Great guide thanks

 

[LDogg]

I only think that uBlock or uMatrix is only needed, the rest I don't think add much. Privacy Possum is more powerful then Badger, as an ex developer on the original badger project is coding the backbone of Possum. Plus I believe HTTPS Everywhere is fairly redundant in 2018 with most common websites that people visit are already rolling out HTTPS by default.

~LDogg

 

[HarborFront]

All you need is uMatrix in this picture. By far the most powerful extension. If you set up uMatrix for default deny everything except images. There would be need for uBlock or Badger.

You could also add to your list.

Phoning home: "network.captive-portal-service.enabled" False
Pocket: "pocket.enabled" False

uMatrix is great for granular control on per site basis and you can use it with uBO (purely as a static filter). Can combo the 2 with no issue.

I'm using uBO in Advanced Mode so its enough for me. I want to see images and videos on sites. Control too much will limit my surfing experience and will break sites too not to mention wasting too much time to do that

 

[HarborFront]

@17410742

Are you using FF? If yes, I would suggest you disable its Tracking Protection as well not only on the Options page but in the preferences settings too.

The link provided below by @Decopi is great for it has over 300+ tweaks. Unless you are really paranoid in privacy I would not recommend using it for some may not work on your system and some may break sites. Too much of a hassle I would say. I have about 50 tweaks and that's enough.

ghacksuserjs/ghacks-user.js

Also, use DNS over HTTPS in FF with Cleanbrowsing DNS

Q&A - Phishing Protection — Comparing DNS Security Filters

In my search SearX.me search engine has better privacy than DDG

 

[LDogg]

@17410742

Are you using FF? If yes, I would suggest you disable its Tracking Protection as well not only on the Options page but in the preferences settings too.

The link provided below by @Decopi is great for it has over 300+ tweaks. Unless you are really paranoid in privacy I would not recommend using it for some may not work on your system and some may break sites. Too much of a hassle I would say. I have about 50 tweaks and that's enough.

ghacksuserjs/ghacks-user.js

Also, use DNS over HTTPS in FF with Cleanbrowsing DNS

Q&A - Phishing Protection — Comparing DNS Security Filters

In my search SearX.me search engine has better privacy than DDG

Think searx could be little buggy when using as default sometimes. It is a good search engine though!

~LDogg

 

[Windows_Security]

I want don't want to be mean, but what about the transparent (tracking) 1x1 pixel tags?

 

[HarborFront]

I want don't want to be mean, but what about the transparent (tracking) 1x1 pixel tags?

These are trackers and analytics. Aka web beacon or web bug.

Web beacon - Wikipedia

You can remove them using Ghostery

“Ghostery looks for third-party page elements (or “trackers”) on the web pages you visit.

These can be items like social network widgets, advertisements, invisible pixels used for tracking and analytics, and so on. Ghostery notifies you that these things are present, and which companies operate them. You can learn more about these companies, and if you wish, choose to block the trackers they operate.”

Ghostery: A Tool that Stops Trackers - Malwarebytes Labs

uBO , by default, also removes them

 

[Windows_Security]

uBO , by default, also removes them

Info, link ?

 

[HarborFront]

Info, link ?

Here blocking FB 1x1 pixel



EasyPrivacy List also blocks them and it's in uBO by default

https://easylist.to/easylist/easyprivacy.txt.

Below are extracts from EasyPrivacy List

/0pixel.php?
/1px.gif?
/1px.php?
/1x1.a?
/1x1.dyn?
/1x1.gif?
/1x1.png?
/1x1_akamai.gif
/1x1_imp.gif?
/1x1p.gif?
/1x1tracker.

 

[Windows_Security]

@HarborFront

Ok, by default, you mean that the Easy Privacy list is included in the default lists of uBlock, but the examples you included are on name not on the attributes or script analysis (e.g. sanatize scripts which write a 1x1 transparent pixel). Easylist blocking works as long as the names of these trackers remain 1x1. At some point those add networks will stop revealing themselves by using other names for these pixel trackers.

Tanks for clarifying

 

[LDogg]

@HarborFront

Ok, by default, you mean that the Easy Privacy list is included in the default lists of uBlock, but the examples you included are on name not on the attributes or script analysis (e.g. sanatize scripts which write a 1x1 transparent pixel). Easylist blocking works as long as the names of these trackers remain 1x1. At some point those add networks will stop revealing themselves by using other names for these pixel trackers.

Tanks for clarifying

You maybe even able to do this with ScriptSafe by blocking unwanted content or by leaving <img> ticked in settings. [1] This could be done to stop the browser making the img tag request hopefully stopping the tracking. Below screenshot should help. [2]

Sources:
[1] https://www.quora.com/How-does-a-tracking-pixel-work
[2]

~LDogg

 

[HarborFront]

You maybe even able to do this with ScriptSafe by blocking unwanted content or by leaving <img> ticked in settings. [1] This could be done to stop the browser making the img tag request hopefully stopping the tracking. Below screenshot should help. [2]

Sources:
[1] https://www.quora.com/How-does-a-tracking-pixel-work
[2]
View attachment 198210

~LDogg

If you block <img> many images will not be shown and that will limit your surfing experience

 

[HarborFront]

@HarborFront

Ok, by default, you mean that the Easy Privacy list is included in the default lists of uBlock, but the examples you included are on name not on the attributes or script analysis (e.g. sanatize scripts which write a 1x1 transparent pixel). Easylist blocking works as long as the names of these trackers remain 1x1. At some point those add networks will stop revealing themselves by using other names for these pixel trackers.

Tanks for clarifying

uBO and a bunch of other trackers do block those tracking pixels but they work rather by URLs than by element sizes