Skip to content

Instantly share code, notes, and snippets.

@MrYar

MrYar/Firefox-68

Forked from haasn/about:config.md
Last active Oct 26, 2020
Embed
What would you like to do?
Firefox telemetry and spy removal
# Firefox telemetry and data collection denial
This is a fork of haasn "Firefox bullshit removal"
Also heavily based off pyllyukko "Firefox hardening" https://github.com/pyllyukko/user.js/
There are two versions, one for Firefox 68 Firefox and another for 70+. Thanks to Kein for the work on 70+
Instead of manually editing about:config, make changes to the user.js file
###How to use the user.js file
Copy `user.js` in your current user profile, or (recommended) to a fresh, newly created Firefox profile directory.
The file should be located at:
| OS | Path |
| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
| Windows 7 | `%APPDATA%\Mozilla\Firefox\Profiles\XXXXXXXX.your_profile_name\user.js` |
| Linux | `~/.mozilla/firefox/XXXXXXXX.your_profile_name/user.js` |
| OS X | `~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile_name` |
| Android | `/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name` and see [issue #14](https://github.com/pyllyukko/user.js/issues/14) |
| Sailfish OS + Alien Dalvik | `/opt/alien/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name` |
| Windows (portable) | `[firefox directory]\Data\profile\` |
If someone could post the location for Windows 10, that would be great!
// by Kein
///////////////////////////
// New in versions 78-79 //
///////////////////////////
// TOR Uplifts features:
// https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
user_pref("network.http.referer.XOriginPolicy", 2);
user_pref("network.http.referer.trimmingPolicy", 2);
user_pref("dom.event.clipboardevents.enabled", false);
user_pref("browser.urlbar.speculativeConnect.enabled", false);
// Cache tracking: https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache
// user_pref("browser.cache.offline.enable", false);
// Isolate cookies to 1st party domain. This WILL break logins/sessions
// user_pref("privacy.firstparty.isolate", true);
// Degrades performance of animations, like scrolling
// user_pref("privacy.resistFingerprinting", true);
// WebGL and DRM media
user_pref("webgl.disabled", true);
user_pref("media.eme.enabled", false);
// Addons suggestions features, Highlights on Home Tab and Snippets
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
user_pref("browser.newtabpage.activity-stream.feeds.section.highlights", false);
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
// Custom user preferences
user_pref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false);
user_pref("browser.newtabpage.activity-stream.showSearch", false);
user_pref("browser.cache.disk.parent_directory", "N:\FIREFOX");
user_pref("browser.urlbar.suggest.openpage", false);
user_pref("browser.urlbar.suggest.searches", false);
user_pref("media.videocontrols.picture-in-picture.video-toggle.enabled", false);
user_pref("signon.autofillForms", false);
user_pref("signon.generation.enabled", false);
user_pref("signon.management.page.breach-alerts.enabled", false);
user_pref("signon.rememberSignons", false);
user_pref("network.proxy.no_proxies_on", "192.168..1/24");
user_pref("network.proxy.socks_remote_dns", true);
// Enable DNS-over-HTTPS (DoH)
// See for details: https://support.mozilla.org/en-US/kb/firefox-dns-over-https
// user_pref("network.trr.mode", 2);
// user_pref("network.trr.uri", "https://mozilla.cloudflare-dns.com/dns-query");
// user_pref("network.trr.bootstrapAddress", 1.1.1.1);
// Enable Encrypted-SNI. Its a good idea to make sure its working by checking https://www.cloudflare.com/ssl/encrypted-sni/
// user_pref("network.security.esni.enabled", true);
// From: https://gist.github.com/MrYar/751e0e5f3f1430db7ec5a8c8aa237b72
// Cleaned up for 79+
// Turn off "Sends data to servers when leaving pages"
user_pref("beacon.enabled", false);
// Prevention of some telemetry related to the newtab
user_pref("browser.newtabpage.enhanced", false);
// "In the release channels the Mozilla location service is used to help in figuring out regional search defaults."
// Which means sending collectable data
user_pref("browser.search.region", "US");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.update", false);
// Datareporting is telemetry
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.sessions.current.clean", true);
// Disables web browser access of HAL sensors
user_pref("device.sensors.enabled", false);
// Prevention of an android ADB Helper Add-on auto installer and other dev tools
user_pref("devtools.webide.autoinstallFxdtAdapters", false);
// See https://www.reddit.com/r/privacytoolsIO/comments/3fzbgy/you_may_be_tracked_by_your_battery_status_of_your/
user_pref("dom.battery.enabled", false);
// See https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
user_pref("dom.enable_performance", false);
// If enabled, your list of installed addons are sent once a day to mozilla
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
user_pref("extensions.getAddons.cache.enabled", false);
// Disable pocket for obvious reasons
user_pref("extensions.pocket.enabled", false);
// Geo location sends location data
user_pref("geo.enabled", false);
// If you mistype the keyword, then Firefox will leak the content of your address bar to
// the default search engine instead of displaying some "The address wasn't understood" local error page
user_pref("keyword.enabled", false);
// Disable screensharing framework
user_pref("media.getusermedia.screensharing.enabled", false);
// Turn off WebRTC // see https://tinyurl.com/yc3yqnyv
user_pref("media.navigator.enabled", false);
user_pref("media.peerconnection.enabled", false);
user_pref("media.peerconnection.ice.default_address_only", true);
// Disable stat collection
user_pref("media.video_stats.enabled", false);
// Disable DNS prefetching
user_pref("network.dns.disablePrefetch", true);
// Disable speculative loading
user_pref("network.http.speculative-parallel-limit", 0);
// Disable prefetching and predicting
user_pref("network.predictor.cleaned-up", true);
user_pref("network.predictor.enabled", false);
user_pref("network.prefetch-next", false);
// Tracking protection. Though almost always ignored and useless...
user_pref("privacy.donottrackheader.enabled", true);
user_pref("privacy.trackingprotection.enabled", true);
user_pref("privacy.trackingprotection.introCount", 20);
// Overt telemetry disabling
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.ping-centre.telemetry", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.hybridContent.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.server", "");
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("devtools.onboarding.telemetry.logged", false);
// Disable developer experiments and onboarding
user_pref("browser.onboarding.enabled", false);
user_pref("experiments.enabled", false);
user_pref("network.allow-experiments", false);
// Disable social networking site info exchange
user_pref("social.directories", "");
user_pref("social.remote-install.enabled", false);
user_pref("social.toast-notifications.enabled", false);
user_pref("social.whitelist", "");
// Disable retrieval of safebrowsing lists
user_pref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false);
user_pref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false);
// Disable reporting of crash information
user_pref("dom.ipc.plugins.reportCrashURL", false);
user_pref("breakpad.reportURL", "");
// Safebrowsing sends a hash of your url to retrieve a list of partial matches.
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
// Disable Firefox Screenshots
user_pref("extensions.screenshots.disabled", true);
user_pref("extensions.screenshots.system-disabled", true);
user_pref("extensions.screenshots.upload-disabled", true);
// Stops leave-page warning
user_pref("dom.disable_beforeunload", true);
// Don't constantly check if its the default browser
user_pref("browser.shell.checkDefaultBrowser", false);
// Keep the full url to see which sites are still http and not https
user_pref("browser.urlbar.trimURLs", false);
// No need to warn us
user_pref("general.warnOnAboutConfig", false);
user_pref("browser.aboutConfig.showWarning", false);
// Turn off "Sends data to servers when leaving pages"
user_pref("beacon.enabled", false);
// Prevention of some telemetry related to the newtab
user_pref("browser.newtabpage.directory.ping", "");
user_pref("browser.newtabpage.directory.source", "");
user_pref("browser.newtabpage.enhanced", false);
// "In the release channels the Mozilla location service is used to help in figuring out regional search defaults."
// Which means sending collectable data
user_pref("browser.search.geoip.url", "");
user_pref("browser.search.region", "US");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.update", false);
// Selfsupport sends a heartbeat
user_pref("browser.selfsupport.url", "");
// Datareporting is telemetry
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.sessions.current.clean", true);
// Disables web browser access of HAL sensors
user_pref("device.sensors.enabled", false);
// Prevention of an android ADB Helper Add-on auto installer and other dev tools user_pref("devtools.webide.autoinstallADBHelper", false);
user_pref("devtools.webide.autoinstallFxdtAdapters", false);
user_pref("devtools.webide.enabled", false);
user_pref("devtools.debugger.remote-enabled", false);
user_pref("devtools.chrome.enabled", false);
user_pref("devtools.debugger.force-local", true);
// See https://www.reddit.com/r/privacytoolsIO/comments/3fzbgy/you_may_be_tracked_by_your_battery_status_of_your/
user_pref("dom.battery.enabled", false);
// See https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
user_pref("dom.enable_performance", false);
// If enabled, your list of installed addons are sent once a day to mozilla
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
user_pref("extensions.getAddons.cache.enabled", false);
// Disable pocket for obvious reasons
user_pref("extensions.pocket.enabled", false);
// Geo location sends location data
user_pref("geo.enabled", false);
// If you mistype the keyword, then Firefox will leak the content of your address bar to
// the default search engine instead of displaying some "The address wasn't understood" local error page
user_pref("keyword.enabled", false);
// Disable screensharing framework
user_pref("media.getusermedia.screensharing.enabled", false);
// Turn off WebRTC // see https://tinyurl.com/yc3yqnyv
user_pref("media.navigator.enabled", false);
user_pref("media.peerconnection.enabled", false);
user_pref("media.peerconnection.ice.default_address_only", true);
// Disable stat collection
user_pref("media.video_stats.enabled", false);
// Disable DNS prefetching
user_pref("network.dns.disablePrefetch", true);
// Disable speculative loading
user_pref("network.http.speculative-parallel-limit", 0);
// Disable prefetching and predicting
user_pref("network.predictor.cleaned-up", true);
user_pref("network.predictor.enabled", false);
user_pref("network.prefetch-next", false);
// Tracking protection. Though almost always ignored and useless...
user_pref("privacy.donottrackheader.enabled", true);
user_pref("privacy.trackingprotection.enabled", true);
user_pref("privacy.trackingprotection.introCount", 20);
// Overt telemetry disabling
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.ping-centre.telemetry", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.hybridContent.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.server", "");
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("devtools.onboarding.telemetry.logged", false);
// Disable developer experiments and onboarding
user_pref("browser.onboarding.enabled", false);
user_pref("experiments.enabled", false);
user_pref("network.allow-experiments", false);
// Disable social networking site info exchange
user_pref("social.directories", "");
user_pref("social.remote-install.enabled", false);
user_pref("social.toast-notifications.enabled", false);
user_pref("social.whitelist", "");
// Disable retrieval of safebrowsing lists
user_pref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false);
user_pref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false);
// Disable reporting of crash information
user_pref("dom.ipc.plugins.reportCrashURL", false);
user_pref("breakpad.reportURL", "");
// Safebrowsing sends a hash of your url to retrieve a list of partial matches.
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
// Disable Firefox Screenshots
user_pref("extensions.screenshots.disabled", true);
user_pref("extensions.screenshots.system-disabled", true);
user_pref("extensions.screenshots.upload-disabled", true);
// Enable DNS-over-HTTPS (DoH)
// network.trr.mode turns on DoH. It takes the following values
// 0 - Default value in standard Firefox installations (currently is 5, which means DoH is disabled)
// 1 - DoH is enabled, but Firefox picks if it uses DoH or regular DNS based o which returns faster query responses
// 2 - DoH is enabled, and regular DNS works as a backup
// 3 - DoH is enabled, and regular DNS is disabled
// 5 - DoH is disabled
// Users may want to set to 3 temporarily to verify DoH is working
user_pref("network.trr.mode", 2);
// users can use their own DoH server URL https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers
user_pref("network.trr.uri", "https://mozilla.cloudflare-dns.com/dns-query");
// If DoH doesn't work, try uncommenting the line below (1.1.1.1 is cloudflare, can use google's 8.8.8.8 also)
// user_pref("network.trr.bootstrapAddress", 1.1.1.1);
// Enable Encrypted-SNI. Its a good idea to make sure its working by checking https://www.cloudflare.com/ssl/encrypted-sni/
user_pref("network.security.esni.enabled", true);
// ---
// --- Protective but not telemetry or data collection related
// ---
// Disable javascript takeover of mouse menu
user_pref("dom.event.contextmenu.enabled", false);
// Stops leave-page warning
user_pref("dom.disable_beforeunload", true);
// Don't constantly check if its the default browser
user_pref("browser.shell.checkDefaultBrowser", false);
// Keep the full url to see which sites are still http and not https
user_pref("browser.urlbar.trimURLs", false);
// No need to warn us
user_pref("general.warnOnAboutConfig", false);
// Disable automatically updating your extensions (uncomment for settings to take effect)
//user_pref("extensions.update.autoUpdateDefault", false);
//user_pref("extensions.update.enabled", false);
// Disable automatic upgrading to newest version. Program will still ask you if you want to upgrade. (uncomment to activate setting)
//user_pref("app.update.auto", false);
//user_pref("app.update.enabled", false);
@benaisc

This comment has been minimized.

Copy link

@benaisc benaisc commented Feb 13, 2017

Nice ! Although I needed to add "user_" to every pref setting for it to work.
(As pointed out here : http://kb.mozillazine.org/User.js_file)

edit: Also a ';' is missing on line 47 @datareporting.healthreport.uploadEnabled
edit2: Setting to false 'dom.event.clipboardevents.enabled' (line 56) prevent you from copy-paste in/from webservices (which will likely annoy most of us)

@MrYar

This comment has been minimized.

Copy link
Owner Author

@MrYar MrYar commented Mar 10, 2017

I corrected the mistakes and implemented the suggestions. Thank you!

@MrYar

This comment has been minimized.

Copy link
Owner Author

@MrYar MrYar commented Apr 7, 2017

added user_pref("toolkit.telemetry.archive.enabled", false);

Even though datareporting is turned off, it still seems to save two days of telemetry pings unless this value is set (saves the pings in linux ./mozilla/firefox/profileid/datareporting/archived)

@benaisc

This comment has been minimized.

Copy link

@benaisc benaisc commented May 17, 2017

Hello there, thanks for upkeeping this ! :)
I also re-setted "keyword.enabled" to true, even if it is said that it "does mean that information will be sent to a third party" (cf.here) to improve my usage over time ^^

@benaisc

This comment has been minimized.

Copy link

@benaisc benaisc commented May 17, 2017

I just saw that all your "pref" has been query-replaced into "user_pref" and it broke some lines of your code ^^ (60, 123, 136 & 137)

@MrYar

This comment has been minimized.

Copy link
Owner Author

@MrYar MrYar commented Sep 9, 2017

Corrections made, thank you gurujam!
(better late then never I suppose)

@inoas

This comment has been minimized.

Copy link

@inoas inoas commented Sep 11, 2017

It would be very helpful to have ini comments one per line so you really know what you are disabling.

@jawz101

This comment has been minimized.

Copy link

@jawz101 jawz101 commented Oct 4, 2017

Ones starting with services.sync.prefs.sync.xxxx are if you want that preference to sync across your devices if you use Firefox Sync. That way, if you do sync bookmarks, for example, your setting browser.safebrowsing.malware.enabled = false would also be set to false on your other computers. Like, you're just making it extra work to have to set all of these prefs up on every computer. If anything, I'd create services.sync.prefs.sync booleans for more of your settings to sync so you don't have to always configure extra computers.

@tiagoapimenta

This comment has been minimized.

Copy link

@tiagoapimenta tiagoapimenta commented May 27, 2018

Have you tried to place two spaces on the end of each line of user_pref??? It is the way markdown understand breaking lines without breaking paragraph (which is with one blank line separator).

@MrYar

This comment has been minimized.

Copy link
Owner Author

@MrYar MrYar commented Dec 19, 2018

Added a few new entries to go along with Firefox 63.0.3

@MrYar

This comment has been minimized.

Copy link
Owner Author

@MrYar MrYar commented Jan 1, 2019

Added comments/rationale for the preference changes.
Also removed unneeded ones that were outdated.

@gitter2741

This comment has been minimized.

Copy link

@gitter2741 gitter2741 commented Jan 3, 2019

// If you mistype the keyword, then Firefox will leak the content of your address bar to // Google instead of displaying some "The address wasn't understood" local error page user_pref("keyword.enabled", false);

Curious if the 'Google' part of this comment is accurate?

When I change the pref to 'false' it kills the 'search from the url bar' function... but my default search engine is DDG. So if I leave the pref at 'true' and type in a phrase, it's sent to DDG as a search request.

@MrYar

This comment has been minimized.

Copy link
Owner Author

@MrYar MrYar commented Jan 19, 2019

Thank you gitter2741. I changed it to read "the default search engine" instead of Google.

@MrYar

This comment has been minimized.

Copy link
Owner Author

@MrYar MrYar commented Jan 19, 2019

Moved the non-telemetry items to a separate section for better organization.

@Atavic

This comment has been minimized.

Copy link

@Atavic Atavic commented Apr 24, 2019

// Not sure why these are disabled

This is the windows prompt that appears when you close firefox if privacy.sanitize.sanitizeOnShutdown is set to true and privacy.sanitize.promptOnSanitize is also true. But most about:config tweaks just delete all the cookies on close and change privacy.sanitize.promptOnSanitize to false, so the option to keep some of the cookies doesn't even appear.

@LOuroboros

This comment has been minimized.

Copy link

@LOuroboros LOuroboros commented Aug 4, 2019

user_pref("user_pref.privacy.disable_button.cookie_exceptions", false);
user_pref("user_pref.privacy.disable_button.view_cookies", false);

I think those prefs' names might be incorrect, @MrYar. They're written as pref.privacy.disable_button.cookie_exceptions and pref.privacy.disable_button.view_cookies in this Support Mozilla page, at least.

Anyway, I wanted to ask if these Tracking Protection related prefs are worth looking into or what's their purpose.
privacy.trackingprotection.fingerprinting.annotate.enabled
privacy.trackingprotection.cryptomining.annotate.enabled
privacy.trackingprotection.annotate_channels

@MrYar

This comment has been minimized.

Copy link
Owner Author

@MrYar MrYar commented Sep 10, 2019

LOuroboros, Those prefs names appear to be duplicated, probably as some sort of compatibility. In any case, they are not very important as they just hide the mentioned buttons in the preferences menu. Doesn't do anything beyond change the UI of the prefs menu. I am going to remove them

@MrYar

This comment has been minimized.

Copy link
Owner Author

@MrYar MrYar commented Sep 10, 2019

Added enabling of DNS over HTTPS. The default setting of 2 will work well for most users, but users may want to test that DoH works by setting that variable to 3 first.

@MrYar

This comment has been minimized.

Copy link
Owner Author

@MrYar MrYar commented Oct 7, 2019

Enabled Encrypted-SNI. Check if its working with https://www.cloudflare.com/ssl/encrypted-sni/

@Meriipu

This comment has been minimized.

Copy link

@Meriipu Meriipu commented Jul 28, 2020

Quite a few duplicate entries.

@MrYar

This comment has been minimized.

Copy link
Owner Author

@MrYar MrYar commented Jul 28, 2020

Quite a few duplicate entries.

Thank you, they have been removed.

@Meriipu

This comment has been minimized.

Copy link

@Meriipu Meriipu commented Jul 28, 2020

I am also not able to find these prefs in the sources for firefox-79, but perhaps they are still relevant for 68 and might be desirable to keep around.

user_pref("datareporting.sessions.current.clean", true);
user_pref("network.predictor.cleaned-up", true);
user_pref("devtools.onboarding.telemetry.logged", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("toolkit.telemetry.hybridContent.enabled", false);

user_pref("network.allow-experiments", false);
user_pref("browser.onboarding.enabled", false);

user_pref("social.directories", "");
user_pref("social.remote-install.enabled", false);
user_pref("social.toast-notifications.enabled", false);
user_pref("social.whitelist", "");
@Meriipu

This comment has been minimized.

Copy link

@Meriipu Meriipu commented Jul 28, 2020

This does not appear to exist either

user_pref("devtools.webide.enabled", false);

And these are very useful (Tools>Web Developer>Browser Toolbox [ctrl+alt+shift+i]) while not being part of telemetry or logging from what I know (but if I am wrong I would like to know).

user_pref("devtools.debugger.remote-enabled", false);
user_pref("devtools.chrome.enabled", false);
@MrYar

This comment has been minimized.

Copy link
Owner Author

@MrYar MrYar commented Jul 28, 2020

I'm still currently using 68 ESR as that's what Slackware comes with. I do see the need for a version of this script that works for the latest, as that's what most people will be using. I'm hesitant to remove them as it provides protection for older versions. I could fork this project and remove them for firefox 7x, though I'm not sure I'm the best to maintain it as I don't use it. Any interest in taking on new versions in your own fork, Meriipu?

@Meriipu

This comment has been minimized.

Copy link

@Meriipu Meriipu commented Jul 28, 2020

I do not think I am familiar enough with all the various privacy options to take responsibility for that, unfortunately.

@Kein

This comment has been minimized.

Copy link

@Kein Kein commented Aug 9, 2020

Updated for 79:

  ///////////////////////////
 // New in versions 78-79 //
///////////////////////////

// TOR Uplifts features: 
// https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
user_pref("network.http.referer.XOriginPolicy", 2);
user_pref("network.http.referer.trimmingPolicy", 2);
user_pref("dom.event.clipboardevents.enabled", false);
user_pref("browser.urlbar.speculativeConnect.enabled", false);
// Cache tracking: https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache
// user_pref("browser.cache.offline.enable", false);
// Isolate cookies to 1st party domain. This WILL break logins/sessions
// user_pref("privacy.firstparty.isolate", true);
// Degrades performance of animations, like scrolling
// user_pref("privacy.resistFingerprinting", true);

// WebGL and DRM media
user_pref("webgl.disabled", true);
user_pref("media.eme.enabled", false);

// Addons suggestions features, Highlights on Home Tab and Snippets
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
user_pref("browser.newtabpage.activity-stream.feeds.section.highlights", false);
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);

// Custom user preferences
user_pref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false);
user_pref("browser.newtabpage.activity-stream.showSearch", false);
user_pref("browser.cache.disk.parent_directory", "N:\FIREFOX");
user_pref("browser.urlbar.suggest.openpage", false);
user_pref("browser.urlbar.suggest.searches", false);
user_pref("media.videocontrols.picture-in-picture.video-toggle.enabled", false);
user_pref("signon.autofillForms", false);
user_pref("signon.generation.enabled", false);
user_pref("signon.management.page.breach-alerts.enabled", false);
user_pref("signon.rememberSignons", false);
user_pref("network.proxy.no_proxies_on", "192.168..1/24");
user_pref("network.proxy.socks_remote_dns", true);

// Enable DNS-over-HTTPS (DoH)
// See for details: https://support.mozilla.org/en-US/kb/firefox-dns-over-https
// user_pref("network.trr.mode", 2);
// user_pref("network.trr.uri", "https://mozilla.cloudflare-dns.com/dns-query");
// user_pref("network.trr.bootstrapAddress", 1.1.1.1);
// Enable Encrypted-SNI. Its a good idea to make sure its working by checking https://www.cloudflare.com/ssl/encrypted-sni/
// user_pref("network.security.esni.enabled", true);



// From: https://gist.github.com/MrYar/751e0e5f3f1430db7ec5a8c8aa237b72
// Cleaned up for 79+

// Turn off "Sends data to servers when leaving pages"
user_pref("beacon.enabled", false);

// Prevention of some telemetry related to the newtab
user_pref("browser.newtabpage.enhanced", false);

// "In the release channels the Mozilla location service is used to help in figuring out regional search defaults."
// Which means sending collectable data
user_pref("browser.search.region", "US");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.update", false);

// Datareporting is telemetry
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.sessions.current.clean", true);

// Disables web browser access of HAL sensors
user_pref("device.sensors.enabled", false);

// Prevention of an android ADB Helper Add-on auto installer and other dev tools 
user_pref("devtools.webide.autoinstallFxdtAdapters", false);

// See https://www.reddit.com/r/privacytoolsIO/comments/3fzbgy/you_may_be_tracked_by_your_battery_status_of_your/
user_pref("dom.battery.enabled", false);

// See https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
user_pref("dom.enable_performance", false);

// If enabled, your list of installed addons are sent once a day to mozilla
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
user_pref("extensions.getAddons.cache.enabled", false);

// Disable pocket for obvious reasons
user_pref("extensions.pocket.enabled", false);

// Geo location sends location data
user_pref("geo.enabled", false);

// If you mistype the keyword, then Firefox will leak the content of your address bar to
// the default search engine instead of displaying some "The address wasn't understood" local error page
user_pref("keyword.enabled", false);

// Disable screensharing framework
user_pref("media.getusermedia.screensharing.enabled", false);

// Turn off WebRTC // see https://tinyurl.com/yc3yqnyv
user_pref("media.navigator.enabled", false);
user_pref("media.peerconnection.enabled", false);
user_pref("media.peerconnection.ice.default_address_only", true);

// Disable stat collection
user_pref("media.video_stats.enabled", false);

// Disable DNS prefetching
user_pref("network.dns.disablePrefetch", true);

// Disable speculative loading
user_pref("network.http.speculative-parallel-limit", 0);

// Disable prefetching and predicting
user_pref("network.predictor.cleaned-up", true);
user_pref("network.predictor.enabled", false);
user_pref("network.prefetch-next", false);

// Tracking protection. Though almost always ignored and useless...
user_pref("privacy.donottrackheader.enabled", true);
user_pref("privacy.trackingprotection.enabled", true);
user_pref("privacy.trackingprotection.introCount", 20);

// Overt telemetry disabling
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.ping-centre.telemetry", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.hybridContent.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.server", "");
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("devtools.onboarding.telemetry.logged", false);

// Disable developer experiments and onboarding
user_pref("browser.onboarding.enabled", false);
user_pref("experiments.enabled", false);
user_pref("network.allow-experiments", false);

// Disable social networking site info exchange
user_pref("social.directories", "");
user_pref("social.remote-install.enabled", false);
user_pref("social.toast-notifications.enabled", false);
user_pref("social.whitelist", "");

// Disable retrieval of safebrowsing lists
user_pref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false);
user_pref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false);

// Disable reporting of crash information
user_pref("dom.ipc.plugins.reportCrashURL", false);
user_pref("breakpad.reportURL", "");

// Safebrowsing sends a hash of your url to retrieve a list of partial matches.
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);


// Disable Firefox Screenshots
user_pref("extensions.screenshots.disabled", true);
user_pref("extensions.screenshots.system-disabled", true);
user_pref("extensions.screenshots.upload-disabled", true);

// Stops leave-page warning
user_pref("dom.disable_beforeunload", true);

// Don't constantly check if its the default browser
user_pref("browser.shell.checkDefaultBrowser", false);

// Keep the full url to see which sites are still http and not https
user_pref("browser.urlbar.trimURLs", false);

// No need to warn us
user_pref("general.warnOnAboutConfig", false);
user_pref("browser.aboutConfig.showWarning", false);
@MrYar

This comment has been minimized.

Copy link
Owner Author

@MrYar MrYar commented Aug 9, 2020

Thanks Kein! I split it into versions 68 and 79 and put yours in the 79.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.