Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Firefox telemetry and spy removal

Firefox telemetry and data collection denial

This is a fork of haasn "Firefox bullshit removal" Also heavily based off pyllyukko "Firefox hardening" https://github.com/pyllyukko/user.js/

This guide is for 63.0.3 and may work with other versions

Instead of manually editing about:config, make changes to the user.js file

###How to use the user.js file

Copy user.js in your current user profile, or (recommended) to a fresh, newly created Firefox profile directory.

The file should be located at:

OS Path
Windows 7 %APPDATA%\Mozilla\Firefox\Profiles\XXXXXXXX.your_profile_name\user.js
Linux ~/.mozilla/firefox/XXXXXXXX.your_profile_name/user.js
OS X ~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile_name
Android /data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name and see issue #14
Sailfish OS + Alien Dalvik /opt/alien/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name
Windows (portable) [firefox directory]\Data\profile\

Do note that these settings alter your browser behaviour quite a bit, so it is recommended to either create a completely new profile for Firefox or backup your existing profile directory before putting the user.js file in place.

// Turn off "Sends data to servers when leaving pages"
user_pref("beacon.enabled", false);

// Prevention of some telemetry related to the newtab
user_pref("browser.newtabpage.directory.ping", "");
user_pref("browser.newtabpage.directory.source", "");
user_pref("browser.newtabpage.enhanced", false);

// "In the release channels the Mozilla location service is used to help in figuring out regional search defaults."
// Which means sending collectable data
user_pref("browser.search.geoip.url", "");
user_pref("browser.search.region", "US");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.update", false);

// Selfsupport sends a heartbeat
user_pref("browser.selfsupport.url", "");

// Datareporting is telemetry
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.sessions.current.clean", true);

// Disables web browser access of HAL sensors
user_pref("device.sensors.enabled", false);

// Prevention of an android ADB Helper Add-on auto installer and other dev tools user_pref("devtools.webide.autoinstallADBHelper", false);
user_pref("devtools.webide.autoinstallFxdtAdapters", false);
user_pref("devtools.webide.enabled", false);
user_pref("devtools.debugger.remote-enabled", false);
user_pref("devtools.chrome.enabled", false);
user_pref("devtools.debugger.force-local", true);

// See https://www.reddit.com/r/privacytoolsIO/comments/3fzbgy/you_may_be_tracked_by_your_battery_status_of_your/
user_pref("dom.battery.enabled", false);

// See https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
user_pref("dom.enable_performance", false);

// If enabled, your list of installed addons are sent once a day to mozilla
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
user_pref("extensions.getAddons.cache.enabled", false);

// Disable pocket for obvious reasons
user_pref("extensions.pocket.enabled", false);

// Geo location sends location data
user_pref("geo.enabled", false);
user_pref("geo.wifi.uri", "");

// If you mistype the keyword, then Firefox will leak the content of your address bar to
// the default search engine instead of displaying some "The address wasn't understood" local error page
user_pref("keyword.enabled", false);

// Disable screensharing framework
user_pref("media.getusermedia.screensharing.enabled", false);

// Turn off WebRTC // see https://tinyurl.com/yc3yqnyv
user_pref("media.navigator.enabled", false);
user_pref("media.peerconnection.enabled", false);
user_pref("media.peerconnection.ice.default_address_only", true);

// Disable stat collection
user_pref("media.video_stats.enabled", false);

// Disable DNS prefetching
user_pref("network.dns.disablePrefetch", true);

// Disable speculative loading
user_pref("network.http.speculative-parallel-limit", 0);

// Disable prefetching and predicting
user_pref("network.predictor.cleaned-up", true);
user_pref("network.predictor.enabled", false);
user_pref("network.prefetch-next", false);

// Tracking protection. Though almost always ignored and useless...
user_pref("privacy.donottrackheader.enabled", true);
user_pref("privacy.trackingprotection.enabled", true);
user_pref("privacy.trackingprotection.introCount", 20);

// Overt telemetry disabling
user_pref("devtools.onboarding.telemetry.logged", false);
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.ping-centre.telemetry", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.hybridContent.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("toolkit.telemetry.server", "");
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("devtools.onboarding.telemetry.logged", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);

// Disable developer experiments and onboarding
user_pref("browser.onboarding.enabled", false);
user_pref("experiments.enabled", false);
user_pref("network.allow-experiments", false);

// Disable social networking site info exchange
user_pref("social.directories", "");
user_pref("social.remote-install.enabled", false);
user_pref("social.toast-notifications.enabled", false);
user_pref("social.whitelist", "");

// Disable retrieval of safebrowsing lists
user_pref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false);
user_pref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false);

// Disable reporting of crash information
user_pref("dom.ipc.plugins.reportCrashURL", false);
user_pref("breakpad.reportURL", "");

// Safebrowsing sends a hash of your url to retrieve a list of partial matches.
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);

// Disable Firefox Screenshots
user_pref("extensions.screenshots.disabled", true);
user_pref("extensions.screenshots.system-disabled", true);
user_pref("extensions.screenshots.upload-disabled", true);

// ---
// --- Protective but not telemetry or data collection related
// ---

// Disable javascript takeover of mouse menu
user_pref("dom.event.contextmenu.enabled", false);

// Stops leave-page warning
user_pref("dom.disable_beforeunload", true);

// Disable automatic upgrading to newest version. Program will still ask you if you want to upgrade.
user_pref("app.update.auto", false);
user_pref("app.update.enabled", false);

// Not sure why these are disabled
user_pref("user_pref.privacy.disable_button.cookie_exceptions", false);
user_pref("user_pref.privacy.disable_button.view_cookies", false);

// Don't constantly check if its the default browser
user_pref("browser.shell.checkDefaultBrowser", false);

// Keep the full url to see which sites are still http and not https
user_pref("browser.urlbar.trimURLs", false);

// No need to warn us
user_pref("general.warnOnAboutConfig", false);

// Disable automatically updating your extensions (may wish to change this)
user_pref("extensions.update.autoUpdateDefault", false);
user_pref("extensions.update.enabled", false);

@benaisc

This comment has been minimized.

Copy link

commented Feb 13, 2017

Nice ! Although I needed to add "user_" to every pref setting for it to work.
(As pointed out here : http://kb.mozillazine.org/User.js_file)

edit: Also a ';' is missing on line 47 @datareporting.healthreport.uploadEnabled
edit2: Setting to false 'dom.event.clipboardevents.enabled' (line 56) prevent you from copy-paste in/from webservices (which will likely annoy most of us)

@MrYar

This comment has been minimized.

Copy link
Owner Author

commented Mar 10, 2017

I corrected the mistakes and implemented the suggestions. Thank you!

@MrYar

This comment has been minimized.

Copy link
Owner Author

commented Apr 7, 2017

added user_pref("toolkit.telemetry.archive.enabled", false);

Even though datareporting is turned off, it still seems to save two days of telemetry pings unless this value is set (saves the pings in linux ./mozilla/firefox/profileid/datareporting/archived)

@benaisc

This comment has been minimized.

Copy link

commented May 17, 2017

Hello there, thanks for upkeeping this ! :)
I also re-setted "keyword.enabled" to true, even if it is said that it "does mean that information will be sent to a third party" (cf.here) to improve my usage over time ^^

@benaisc

This comment has been minimized.

Copy link

commented May 17, 2017

I just saw that all your "pref" has been query-replaced into "user_pref" and it broke some lines of your code ^^ (60, 123, 136 & 137)

@MrYar

This comment has been minimized.

Copy link
Owner Author

commented Sep 9, 2017

Corrections made, thank you gurujam!
(better late then never I suppose)

@inoas

This comment has been minimized.

Copy link

commented Sep 11, 2017

It would be very helpful to have ini comments one per line so you really know what you are disabling.

@jawz101

This comment has been minimized.

Copy link

commented Oct 4, 2017

Ones starting with services.sync.prefs.sync.xxxx are if you want that preference to sync across your devices if you use Firefox Sync. That way, if you do sync bookmarks, for example, your setting browser.safebrowsing.malware.enabled = false would also be set to false on your other computers. Like, you're just making it extra work to have to set all of these prefs up on every computer. If anything, I'd create services.sync.prefs.sync booleans for more of your settings to sync so you don't have to always configure extra computers.

@tiagoapimenta

This comment has been minimized.

Copy link

commented May 27, 2018

Have you tried to place two spaces on the end of each line of user_pref??? It is the way markdown understand breaking lines without breaking paragraph (which is with one blank line separator).

@MrYar

This comment has been minimized.

Copy link
Owner Author

commented Dec 19, 2018

Added a few new entries to go along with Firefox 63.0.3

@MrYar

This comment has been minimized.

Copy link
Owner Author

commented Jan 1, 2019

Added comments/rationale for the preference changes.
Also removed unneeded ones that were outdated.

@gitter2741

This comment has been minimized.

Copy link

commented Jan 3, 2019

// If you mistype the keyword, then Firefox will leak the content of your address bar to // Google instead of displaying some "The address wasn't understood" local error page user_pref("keyword.enabled", false);

Curious if the 'Google' part of this comment is accurate?

When I change the pref to 'false' it kills the 'search from the url bar' function... but my default search engine is DDG. So if I leave the pref at 'true' and type in a phrase, it's sent to DDG as a search request.

@MrYar

This comment has been minimized.

Copy link
Owner Author

commented Jan 19, 2019

Thank you gitter2741. I changed it to read "the default search engine" instead of Google.

@MrYar

This comment has been minimized.

Copy link
Owner Author

commented Jan 19, 2019

Moved the non-telemetry items to a separate section for better organization.

@Atavic

This comment has been minimized.

Copy link

commented Apr 24, 2019

// Not sure why these are disabled

This is the windows prompt that appears when you close firefox if privacy.sanitize.sanitizeOnShutdown is set to true and privacy.sanitize.promptOnSanitize is also true. But most about:config tweaks just delete all the cookies on close and change privacy.sanitize.promptOnSanitize to false, so the option to keep some of the cookies doesn't even appear.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.