Skip to content

Instantly share code, notes, and snippets.

@MrYar
Forked from haasn/about:config.md
Last active September 8, 2024 12:38
Show Gist options
  • Save MrYar/751e0e5f3f1430db7ec5a8c8aa237b72 to your computer and use it in GitHub Desktop.
Save MrYar/751e0e5f3f1430db7ec5a8c8aa237b72 to your computer and use it in GitHub Desktop.
Firefox telemetry and spy removal
# AUTHOR WARNING- recommend not using this script as it does not guard against the variety of tracking methods used by databrokers.
# Please see https://www.iccl.ie/wp-content/uploads/2022/08/File-Stamped-2022-08-19-Oracle-Complaint.pdf
#
# Firefox telemetry and data collection denial
This is a fork of haasn "Firefox bullshit removal"
Also heavily based off pyllyukko "Firefox hardening" https://github.com/pyllyukko/user.js/
There are two versions, one for Firefox 68 Firefox and another for 70+. Thanks to Kein for the work on 70+
Instead of manually editing about:config, make changes to the user.js file
###How to use the user.js file
Copy `user.js` in your current user profile, or (recommended) to a fresh, newly created Firefox profile directory.
The file should be located at:
| OS | Path |
| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
| Windows 10 | %APPDATA%\Roaming\Mozilla\Firefox\Profiles\XXXXXXXX.your_profile_name\user.js |
| Windows 7 | `%APPDATA%\Mozilla\Firefox\Profiles\XXXXXXXX.your_profile_name\user.js` |
| Linux | `~/.mozilla/firefox/XXXXXXXX.your_profile_name/user.js` |
| OS X | `~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile_name` |
| Android | `/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name` and see [issue #14](https://github.com/pyllyukko/user.js/issues/14) |
| Sailfish OS + Alien Dalvik | `/opt/alien/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name` |
| Windows (portable) | `[firefox directory]\Data\profile\` |
// by Kein
///////////////////////////
// New since 68ESR //
///////////////////////////
// TOR Uplifts features:
// https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
user_pref("network.http.referer.XOriginPolicy", 2);
user_pref("network.http.referer.trimmingPolicy", 2);
user_pref("dom.event.clipboardevents.enabled", false);
user_pref("browser.urlbar.speculativeConnect.enabled", false);
// Cache tracking: https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache
// user_pref("browser.cache.offline.enable", false);
// Isolate cookies to 1st party domain. This WILL break logins/sessions
// user_pref("privacy.firstparty.isolate", true);
// Degrades performance of animations, like scrolling
// user_pref("privacy.resistFingerprinting", true);
// WebGL and DRM media
user_pref("webgl.disabled", true);
user_pref("media.eme.enabled", false);
// Addons suggestions features, Highlights on Home Tab and Snippets
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
user_pref("browser.newtabpage.activity-stream.feeds.section.highlights", false);
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
// Custom user preferences
user_pref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false);
user_pref("browser.newtabpage.activity-stream.showSearch", false);
user_pref("browser.cache.disk.parent_directory", "N:\FIREFOX");
user_pref("browser.urlbar.suggest.openpage", false);
user_pref("browser.urlbar.suggest.searches", false);
user_pref("media.videocontrols.picture-in-picture.video-toggle.enabled", false);
user_pref("signon.autofillForms", false);
user_pref("signon.generation.enabled", false);
user_pref("signon.management.page.breach-alerts.enabled", false);
user_pref("signon.rememberSignons", false);
user_pref("network.proxy.no_proxies_on", "192.168..1/24");
user_pref("network.proxy.socks_remote_dns", true);
// Enable DNS-over-HTTPS (DoH)
// See for details: https://support.mozilla.org/en-US/kb/firefox-dns-over-http
// lets enable this by default. Set to 0 to disable DoH, 2 set TRR/DoH as priority but falls back to native, 3 only use DoH
user_pref("network.trr.mode", 2);
// ECH replaces ESNI
// https://blog.mozilla.org/security/2021/01/07/encrypted-client-hello-the-future-of-esni-in-firefox/
user_pref("network.dns.echconfig.enabled", true)
user_pref("network.dns.use_https_rr_as_altsvc", true)
// From: https://gist.github.com/MrYar/751e0e5f3f1430db7ec5a8c8aa237b72
// Cleaned up for 79+
// Turn off "Sends data to servers when leaving pages"
user_pref("beacon.enabled", false);
// Prevention of some telemetry related to the newtab
user_pref("browser.newtabpage.enhanced", false);
// "In the release channels the Mozilla location service is used to help in figuring out regional search defaults."
// Which means sending collectable data
user_pref("browser.search.region", "US");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.update", false);
// Datareporting is telemetry
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.sessions.current.clean", true);
// Disables web browser access of HAL sensors
user_pref("device.sensors.enabled", false);
// Prevention of an android ADB Helper Add-on auto installer and other dev tools
user_pref("devtools.webide.autoinstallFxdtAdapters", false);
// See https://www.reddit.com/r/privacytoolsIO/comments/3fzbgy/you_may_be_tracked_by_your_battery_status_of_your/
user_pref("dom.battery.enabled", false);
// See https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
user_pref("dom.enable_performance", false);
// If enabled, your list of installed addons are sent once a day to mozilla
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
user_pref("extensions.getAddons.cache.enabled", false);
// Disable pocket for obvious reasons
user_pref("extensions.pocket.enabled", false);
// Geo location sends location data
user_pref("geo.enabled", false);
// If you mistype the keyword, then Firefox will leak the content of your address bar to
// the default search engine instead of displaying some "The address wasn't understood" local error page
user_pref("keyword.enabled", false);
// Disable screensharing framework
user_pref("media.getusermedia.screensharing.enabled", false);
// Turn off WebRTC // see https://tinyurl.com/yc3yqnyv
user_pref("media.navigator.enabled", false);
user_pref("media.peerconnection.enabled", false);
user_pref("media.peerconnection.ice.default_address_only", true);
// Disable stat collection
user_pref("media.video_stats.enabled", false);
// Disable DNS prefetching
user_pref("network.dns.disablePrefetch", true);
// Disable speculative loading
user_pref("network.http.speculative-parallel-limit", 0);
// Disable prefetching and predicting
user_pref("network.predictor.cleaned-up", true);
user_pref("network.predictor.enabled", false);
user_pref("network.prefetch-next", false);
// Tracking protection. Though almost always ignored and useless...
user_pref("privacy.donottrackheader.enabled", true);
user_pref("privacy.trackingprotection.enabled", true);
user_pref("privacy.trackingprotection.introCount", 20);
// Overt telemetry disabling
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.ping-centre.telemetry", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.hybridContent.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.server", "");
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("devtools.onboarding.telemetry.logged", false);
// Disable developer experiments and onboarding
user_pref("browser.onboarding.enabled", false);
user_pref("experiments.enabled", false);
user_pref("network.allow-experiments", false);
// Disable social networking site info exchange
user_pref("social.directories", "");
user_pref("social.remote-install.enabled", false);
user_pref("social.toast-notifications.enabled", false);
user_pref("social.whitelist", "");
// Disable retrieval of safebrowsing lists
user_pref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false);
user_pref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false);
// Disable reporting of crash information
user_pref("dom.ipc.plugins.reportCrashURL", false);
user_pref("breakpad.reportURL", "");
// Safebrowsing sends a hash of your url to retrieve a list of partial matches.
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
// Disable Firefox Screenshots
user_pref("extensions.screenshots.disabled", true);
user_pref("extensions.screenshots.system-disabled", true);
user_pref("extensions.screenshots.upload-disabled", true);
// Stops leave-page warning
user_pref("dom.disable_beforeunload", true);
// Don't constantly check if its the default browser
user_pref("browser.shell.checkDefaultBrowser", false);
// Keep the full url to see which sites are still http and not https
user_pref("browser.urlbar.trimURLs", false);
// No need to warn us
user_pref("general.warnOnAboutConfig", false);
user_pref("browser.aboutConfig.showWarning", false);
// Turn off "Sends data to servers when leaving pages"
user_pref("beacon.enabled", false);
// Prevention of some telemetry related to the newtab
user_pref("browser.newtabpage.directory.ping", "");
user_pref("browser.newtabpage.directory.source", "");
user_pref("browser.newtabpage.enhanced", false);
// "In the release channels the Mozilla location service is used to help in figuring out regional search defaults."
// Which means sending collectable data
user_pref("browser.search.geoip.url", "");
user_pref("browser.search.region", "US");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.update", false);
// Selfsupport sends a heartbeat
user_pref("browser.selfsupport.url", "");
// Datareporting is telemetry
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.sessions.current.clean", true);
// Disables web browser access of HAL sensors
user_pref("device.sensors.enabled", false);
// Prevention of an android ADB Helper Add-on auto installer and other dev tools user_pref("devtools.webide.autoinstallADBHelper", false);
user_pref("devtools.webide.autoinstallFxdtAdapters", false);
user_pref("devtools.webide.enabled", false);
user_pref("devtools.debugger.remote-enabled", false);
user_pref("devtools.chrome.enabled", false);
user_pref("devtools.debugger.force-local", true);
// See https://www.reddit.com/r/privacytoolsIO/comments/3fzbgy/you_may_be_tracked_by_your_battery_status_of_your/
user_pref("dom.battery.enabled", false);
// See https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
user_pref("dom.enable_performance", false);
// If enabled, your list of installed addons are sent once a day to mozilla
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
user_pref("extensions.getAddons.cache.enabled", false);
// Disable pocket for obvious reasons
user_pref("extensions.pocket.enabled", false);
// Geo location sends location data
user_pref("geo.enabled", false);
// If you mistype the keyword, then Firefox will leak the content of your address bar to
// the default search engine instead of displaying some "The address wasn't understood" local error page
user_pref("keyword.enabled", false);
// Disable screensharing framework
user_pref("media.getusermedia.screensharing.enabled", false);
// Turn off WebRTC // see https://tinyurl.com/yc3yqnyv
user_pref("media.navigator.enabled", false);
user_pref("media.peerconnection.enabled", false);
user_pref("media.peerconnection.ice.default_address_only", true);
// Disable stat collection
user_pref("media.video_stats.enabled", false);
// Disable DNS prefetching
user_pref("network.dns.disablePrefetch", true);
// Disable speculative loading
user_pref("network.http.speculative-parallel-limit", 0);
// Disable prefetching and predicting
user_pref("network.predictor.cleaned-up", true);
user_pref("network.predictor.enabled", false);
user_pref("network.prefetch-next", false);
// Tracking protection. Though almost always ignored and useless...
user_pref("privacy.donottrackheader.enabled", true);
user_pref("privacy.trackingprotection.enabled", true);
user_pref("privacy.trackingprotection.introCount", 20);
// Overt telemetry disabling
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.ping-centre.telemetry", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.hybridContent.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.server", "");
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("devtools.onboarding.telemetry.logged", false);
// Disable developer experiments and onboarding
user_pref("browser.onboarding.enabled", false);
user_pref("experiments.enabled", false);
user_pref("network.allow-experiments", false);
// Disable social networking site info exchange
user_pref("social.directories", "");
user_pref("social.remote-install.enabled", false);
user_pref("social.toast-notifications.enabled", false);
user_pref("social.whitelist", "");
// Disable retrieval of safebrowsing lists
user_pref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false);
user_pref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false);
// Disable reporting of crash information
user_pref("dom.ipc.plugins.reportCrashURL", false);
user_pref("breakpad.reportURL", "");
// Safebrowsing sends a hash of your url to retrieve a list of partial matches.
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
// Disable Firefox Screenshots
user_pref("extensions.screenshots.disabled", true);
user_pref("extensions.screenshots.system-disabled", true);
user_pref("extensions.screenshots.upload-disabled", true);
// Enable DNS-over-HTTPS (DoH)
// network.trr.mode turns on DoH. It takes the following values
// 0 - Default value in standard Firefox installations (currently is 5, which means DoH is disabled)
// 1 - DoH is enabled, but Firefox picks if it uses DoH or regular DNS based o which returns faster query responses
// 2 - DoH is enabled, and regular DNS works as a backup
// 3 - DoH is enabled, and regular DNS is disabled
// 5 - DoH is disabled
// Users may want to set to 3 temporarily to verify DoH is working
user_pref("network.trr.mode", 2);
// users can use their own DoH server URL https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers
user_pref("network.trr.uri", "https://mozilla.cloudflare-dns.com/dns-query");
// If DoH doesn't work, try uncommenting the line below (1.1.1.1 is cloudflare, can use google's 8.8.8.8 also)
// user_pref("network.trr.bootstrapAddress", 1.1.1.1);
// Enable Encrypted-SNI. Its a good idea to make sure its working by checking https://www.cloudflare.com/ssl/encrypted-sni/
user_pref("network.security.esni.enabled", true);
// ---
// --- Protective but not telemetry or data collection related
// ---
// Disable javascript takeover of mouse menu
user_pref("dom.event.contextmenu.enabled", false);
// Stops leave-page warning
user_pref("dom.disable_beforeunload", true);
// Don't constantly check if its the default browser
user_pref("browser.shell.checkDefaultBrowser", false);
// Keep the full url to see which sites are still http and not https
user_pref("browser.urlbar.trimURLs", false);
// No need to warn us
user_pref("general.warnOnAboutConfig", false);
// Disable automatically updating your extensions (uncomment for settings to take effect)
//user_pref("extensions.update.autoUpdateDefault", false);
//user_pref("extensions.update.enabled", false);
// Disable automatic upgrading to newest version. Program will still ask you if you want to upgrade. (uncomment to activate setting)
//user_pref("app.update.auto", false);
//user_pref("app.update.enabled", false);
@MrYar
Copy link
Author

MrYar commented Mar 10, 2017

I corrected the mistakes and implemented the suggestions. Thank you!

@MrYar
Copy link
Author

MrYar commented Apr 7, 2017

added user_pref("toolkit.telemetry.archive.enabled", false);

Even though datareporting is turned off, it still seems to save two days of telemetry pings unless this value is set (saves the pings in linux ./mozilla/firefox/profileid/datareporting/archived)

@benaisc
Copy link

benaisc commented May 17, 2017

Hello there, thanks for upkeeping this ! :)
I also re-setted "keyword.enabled" to true, even if it is said that it "does mean that information will be sent to a third party" (cf.here) to improve my usage over time ^^

@benaisc
Copy link

benaisc commented May 17, 2017

I just saw that all your "pref" has been query-replaced into "user_pref" and it broke some lines of your code ^^ (60, 123, 136 & 137)

@MrYar
Copy link
Author

MrYar commented Sep 9, 2017

Corrections made, thank you gurujam!
(better late then never I suppose)

@inoas
Copy link

inoas commented Sep 11, 2017

It would be very helpful to have ini comments one per line so you really know what you are disabling.

@jawz101
Copy link

jawz101 commented Oct 4, 2017

Ones starting with services.sync.prefs.sync.xxxx are if you want that preference to sync across your devices if you use Firefox Sync. That way, if you do sync bookmarks, for example, your setting browser.safebrowsing.malware.enabled = false would also be set to false on your other computers. Like, you're just making it extra work to have to set all of these prefs up on every computer. If anything, I'd create services.sync.prefs.sync booleans for more of your settings to sync so you don't have to always configure extra computers.

@tiagoapimenta
Copy link

Have you tried to place two spaces on the end of each line of user_pref??? It is the way markdown understand breaking lines without breaking paragraph (which is with one blank line separator).

@MrYar
Copy link
Author

MrYar commented Dec 19, 2018

Added a few new entries to go along with Firefox 63.0.3

@MrYar
Copy link
Author

MrYar commented Jan 1, 2019

Added comments/rationale for the preference changes.
Also removed unneeded ones that were outdated.

@gitter2741
Copy link

// If you mistype the keyword, then Firefox will leak the content of your address bar to // Google instead of displaying some "The address wasn't understood" local error page user_pref("keyword.enabled", false);

Curious if the 'Google' part of this comment is accurate?

When I change the pref to 'false' it kills the 'search from the url bar' function... but my default search engine is DDG. So if I leave the pref at 'true' and type in a phrase, it's sent to DDG as a search request.

@MrYar
Copy link
Author

MrYar commented Jan 19, 2019

Thank you gitter2741. I changed it to read "the default search engine" instead of Google.

@MrYar
Copy link
Author

MrYar commented Jan 19, 2019

Moved the non-telemetry items to a separate section for better organization.

@Atavic
Copy link

Atavic commented Apr 24, 2019

// Not sure why these are disabled

This is the windows prompt that appears when you close firefox if privacy.sanitize.sanitizeOnShutdown is set to true and privacy.sanitize.promptOnSanitize is also true. But most about:config tweaks just delete all the cookies on close and change privacy.sanitize.promptOnSanitize to false, so the option to keep some of the cookies doesn't even appear.

@LOuroboros
Copy link

user_pref("user_pref.privacy.disable_button.cookie_exceptions", false);
user_pref("user_pref.privacy.disable_button.view_cookies", false);

I think those prefs' names might be incorrect, @MrYar. They're written as pref.privacy.disable_button.cookie_exceptions and pref.privacy.disable_button.view_cookies in this Support Mozilla page, at least.

Anyway, I wanted to ask if these Tracking Protection related prefs are worth looking into or what's their purpose.
privacy.trackingprotection.fingerprinting.annotate.enabled
privacy.trackingprotection.cryptomining.annotate.enabled
privacy.trackingprotection.annotate_channels

@MrYar
Copy link
Author

MrYar commented Sep 10, 2019

LOuroboros, Those prefs names appear to be duplicated, probably as some sort of compatibility. In any case, they are not very important as they just hide the mentioned buttons in the preferences menu. Doesn't do anything beyond change the UI of the prefs menu. I am going to remove them

@MrYar
Copy link
Author

MrYar commented Sep 10, 2019

Added enabling of DNS over HTTPS. The default setting of 2 will work well for most users, but users may want to test that DoH works by setting that variable to 3 first.

@MrYar
Copy link
Author

MrYar commented Oct 7, 2019

Enabled Encrypted-SNI. Check if its working with https://www.cloudflare.com/ssl/encrypted-sni/

@Meriipu
Copy link

Meriipu commented Jul 28, 2020

Quite a few duplicate entries.

@MrYar
Copy link
Author

MrYar commented Jul 28, 2020

Quite a few duplicate entries.

Thank you, they have been removed.

@Meriipu
Copy link

Meriipu commented Jul 28, 2020

I am also not able to find these prefs in the sources for firefox-79, but perhaps they are still relevant for 68 and might be desirable to keep around.

user_pref("datareporting.sessions.current.clean", true);
user_pref("network.predictor.cleaned-up", true);
user_pref("devtools.onboarding.telemetry.logged", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("toolkit.telemetry.hybridContent.enabled", false);

user_pref("network.allow-experiments", false);
user_pref("browser.onboarding.enabled", false);

user_pref("social.directories", "");
user_pref("social.remote-install.enabled", false);
user_pref("social.toast-notifications.enabled", false);
user_pref("social.whitelist", "");

@Meriipu
Copy link

Meriipu commented Jul 28, 2020

This does not appear to exist either

user_pref("devtools.webide.enabled", false);

And these are very useful (Tools>Web Developer>Browser Toolbox [ctrl+alt+shift+i]) while not being part of telemetry or logging from what I know (but if I am wrong I would like to know).

user_pref("devtools.debugger.remote-enabled", false);
user_pref("devtools.chrome.enabled", false);

@MrYar
Copy link
Author

MrYar commented Jul 28, 2020

I'm still currently using 68 ESR as that's what Slackware comes with. I do see the need for a version of this script that works for the latest, as that's what most people will be using. I'm hesitant to remove them as it provides protection for older versions. I could fork this project and remove them for firefox 7x, though I'm not sure I'm the best to maintain it as I don't use it. Any interest in taking on new versions in your own fork, Meriipu?

@Meriipu
Copy link

Meriipu commented Jul 28, 2020

I do not think I am familiar enough with all the various privacy options to take responsibility for that, unfortunately.

@Kein
Copy link

Kein commented Aug 9, 2020

Updated for 79:

  ///////////////////////////
 // New in versions 78-79 //
///////////////////////////

// TOR Uplifts features: 
// https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
user_pref("network.http.referer.XOriginPolicy", 2);
user_pref("network.http.referer.trimmingPolicy", 2);
user_pref("dom.event.clipboardevents.enabled", false);
user_pref("browser.urlbar.speculativeConnect.enabled", false);
// Cache tracking: https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache
// user_pref("browser.cache.offline.enable", false);
// Isolate cookies to 1st party domain. This WILL break logins/sessions
// user_pref("privacy.firstparty.isolate", true);
// Degrades performance of animations, like scrolling
// user_pref("privacy.resistFingerprinting", true);

// WebGL and DRM media
user_pref("webgl.disabled", true);
user_pref("media.eme.enabled", false);

// Addons suggestions features, Highlights on Home Tab and Snippets
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
user_pref("browser.newtabpage.activity-stream.feeds.section.highlights", false);
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);

// Custom user preferences
user_pref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false);
user_pref("browser.newtabpage.activity-stream.showSearch", false);
user_pref("browser.cache.disk.parent_directory", "N:\FIREFOX");
user_pref("browser.urlbar.suggest.openpage", false);
user_pref("browser.urlbar.suggest.searches", false);
user_pref("media.videocontrols.picture-in-picture.video-toggle.enabled", false);
user_pref("signon.autofillForms", false);
user_pref("signon.generation.enabled", false);
user_pref("signon.management.page.breach-alerts.enabled", false);
user_pref("signon.rememberSignons", false);
user_pref("network.proxy.no_proxies_on", "192.168..1/24");
user_pref("network.proxy.socks_remote_dns", true);

// Enable DNS-over-HTTPS (DoH)
// See for details: https://support.mozilla.org/en-US/kb/firefox-dns-over-https
// user_pref("network.trr.mode", 2);
// user_pref("network.trr.uri", "https://mozilla.cloudflare-dns.com/dns-query");
// user_pref("network.trr.bootstrapAddress", 1.1.1.1);
// Enable Encrypted-SNI. Its a good idea to make sure its working by checking https://www.cloudflare.com/ssl/encrypted-sni/
// user_pref("network.security.esni.enabled", true);



// From: https://gist.github.com/MrYar/751e0e5f3f1430db7ec5a8c8aa237b72
// Cleaned up for 79+

// Turn off "Sends data to servers when leaving pages"
user_pref("beacon.enabled", false);

// Prevention of some telemetry related to the newtab
user_pref("browser.newtabpage.enhanced", false);

// "In the release channels the Mozilla location service is used to help in figuring out regional search defaults."
// Which means sending collectable data
user_pref("browser.search.region", "US");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.update", false);

// Datareporting is telemetry
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.sessions.current.clean", true);

// Disables web browser access of HAL sensors
user_pref("device.sensors.enabled", false);

// Prevention of an android ADB Helper Add-on auto installer and other dev tools 
user_pref("devtools.webide.autoinstallFxdtAdapters", false);

// See https://www.reddit.com/r/privacytoolsIO/comments/3fzbgy/you_may_be_tracked_by_your_battery_status_of_your/
user_pref("dom.battery.enabled", false);

// See https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
user_pref("dom.enable_performance", false);

// If enabled, your list of installed addons are sent once a day to mozilla
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
user_pref("extensions.getAddons.cache.enabled", false);

// Disable pocket for obvious reasons
user_pref("extensions.pocket.enabled", false);

// Geo location sends location data
user_pref("geo.enabled", false);

// If you mistype the keyword, then Firefox will leak the content of your address bar to
// the default search engine instead of displaying some "The address wasn't understood" local error page
user_pref("keyword.enabled", false);

// Disable screensharing framework
user_pref("media.getusermedia.screensharing.enabled", false);

// Turn off WebRTC // see https://tinyurl.com/yc3yqnyv
user_pref("media.navigator.enabled", false);
user_pref("media.peerconnection.enabled", false);
user_pref("media.peerconnection.ice.default_address_only", true);

// Disable stat collection
user_pref("media.video_stats.enabled", false);

// Disable DNS prefetching
user_pref("network.dns.disablePrefetch", true);

// Disable speculative loading
user_pref("network.http.speculative-parallel-limit", 0);

// Disable prefetching and predicting
user_pref("network.predictor.cleaned-up", true);
user_pref("network.predictor.enabled", false);
user_pref("network.prefetch-next", false);

// Tracking protection. Though almost always ignored and useless...
user_pref("privacy.donottrackheader.enabled", true);
user_pref("privacy.trackingprotection.enabled", true);
user_pref("privacy.trackingprotection.introCount", 20);

// Overt telemetry disabling
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.ping-centre.telemetry", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.hybridContent.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.server", "");
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("devtools.onboarding.telemetry.logged", false);

// Disable developer experiments and onboarding
user_pref("browser.onboarding.enabled", false);
user_pref("experiments.enabled", false);
user_pref("network.allow-experiments", false);

// Disable social networking site info exchange
user_pref("social.directories", "");
user_pref("social.remote-install.enabled", false);
user_pref("social.toast-notifications.enabled", false);
user_pref("social.whitelist", "");

// Disable retrieval of safebrowsing lists
user_pref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false);
user_pref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false);

// Disable reporting of crash information
user_pref("dom.ipc.plugins.reportCrashURL", false);
user_pref("breakpad.reportURL", "");

// Safebrowsing sends a hash of your url to retrieve a list of partial matches.
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);


// Disable Firefox Screenshots
user_pref("extensions.screenshots.disabled", true);
user_pref("extensions.screenshots.system-disabled", true);
user_pref("extensions.screenshots.upload-disabled", true);

// Stops leave-page warning
user_pref("dom.disable_beforeunload", true);

// Don't constantly check if its the default browser
user_pref("browser.shell.checkDefaultBrowser", false);

// Keep the full url to see which sites are still http and not https
user_pref("browser.urlbar.trimURLs", false);

// No need to warn us
user_pref("general.warnOnAboutConfig", false);
user_pref("browser.aboutConfig.showWarning", false);

@MrYar
Copy link
Author

MrYar commented Aug 9, 2020

Thanks Kein! I split it into versions 68 and 79 and put yours in the 79.

@Piers-P
Copy link

Piers-P commented Feb 19, 2021

#file-_about (per request)
| Windows 10 | %APPDATA%\Roaming\Mozilla\Firefox\Profiles\XXXXXXXX.your_profile_name\user.js |

@MrYar
Copy link
Author

MrYar commented Apr 2, 2021

Thanks Piers-P, changes adopted

@MrYar
Copy link
Author

MrYar commented May 14, 2021

ECH replaces ESNI in Firefox 85+
Also enabled DoH by default (mode 2).

@MrYar
Copy link
Author

MrYar commented Aug 23, 2022

It appears as though this script does not effectively guard against data tracking methods detailed in this lawsuit. Recommend not using this script anymore as it may provide a false sense of privacy. https://www.iccl.ie/wp-content/uploads/2022/08/File-Stamped-2022-08-19-Oracle-Complaint.pdf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment