FCG is a guide for changing various settings in Firefox to make it better for privacy, disabling annoying stuff, and security.

Firefox Configuration Guide.md

Firefox Configuration Guide (FCG)

FCG is a guide for changing various settings in Firefox to make it better for privacy, disabling annoying stuff, and security.

Note: anything shown as preference = value is something that needs to be changed in about:config.

Table of Contents

• Addons
• Annoyances
• Essentials

Addons

• uBlock Origin (a FOSS, fast, and lightweight content blocker (including ads, trackers, web page elements, and more))
• uMatrix (a FOSS and extremely powerful firewall which can block or allow; cookies, css, images, scripts, XHR, frames, and "other". It is VERY recommended.)
• CanvasBlocker (a FOSS addon that allows users to block or fake data that websites get through JavaScript APIs.)
• ClearURLs (a FOSS addons for cleaning URLs of tracking parameters another things)
• Decentraleyes (a FOSS addon for caching and serving CDNs locally, to increase privacy)

Annoyances

• Disable giant URL bar (note that this will disable other things such as extra animations added to the UI, however this is currently the only way to disable it without dabbling in userChrome.css)
  • ui.prefersReducedMotion = 1
• Disable Pocket (server-side code is not open source)
  • extensions.pocket.enabled = false
• Disable search suggesstions
  • browser.search.suggest.enabled = false
• Disable WebP (terrible codec by terrible company)
  • image.webp.enabled = false

Enhancements

• Clear browser data when Firefox exits, go to:
  • Prefences
  • Privacy & Security
  • Scroll down to History
  • Select "Use custom settings for history"
  • Uncheck the remember settings and check the clear history option
• Disable firefox account functionality
  • identity.fxaccounts.enabled = false
• Disable Normandy, a service which can push new settings or even addons remotely
  • app.normandy.enabled = false
• Enable AVIF (AV1 image codec)
  • image.avif.enabled = true
• Enable dark theme
  • widget.content.allow-gtk-dark-theme = true
  • ui.systemUsesDarkTheme = 1
• Enable Fission (experimental sandboxing / site isolation)
  • fission.autostart = true
• Enable UI modification via user{Chrome,Content}.css*
  • toolkit.legacyUserProfileCustomizations.stylesheets = true
• Enable Warp (experimental JIT Javascript (up to 30% faster Javascript))
  • javascript.options.warp = true

* For anyone wondering, here is my current userChrome.css.

Essentials

• Block requests to un-needed permissions, go to:
  • Preferences
  • Privacy & Security
  • Scroll down to Permissions
  • View the settings of each permission and block as needed
• Disable additional analytics
  • beacon.enabled = false
• Disable all Firefox Home content (contains tracking and telemetry), go to:
  • Preferences
  • Home
• Disable Cisco's OpenH264 plugin
  • media.gmp-gmpopenh264.enabled = false
• Disable Clipboard tracking
  • dom.event.clipboardevents.enabled = false
• Disable deceptive/dangerous software protections (connects to Google's servers), go to:
  • Preferences
  • Privacy & Security
  • Scroll down to "Deceptive Content and Dangerous Software Protection"
  • Disable all options
• Disable or change the DOH settings (DO NOT USE CLOUDFLARE!), go to:
  • Prefences
  • General
  • Scroll down to Network Settings
  • Bottom of Connection Settings
• Disable playback of DRM content
  • media.eme.enabled = false
  • media.gmp-widevinecdm.enabled = false
• Disable recommended extensions and features (tracks you across the web), go to:
  • Preferences
  • Scroll down to the bottom of the Browsing section
• Disable sending browser pings (used for tracking)
  • browser.send_pings = false
• Disable WebGL (this is a major risk for security, especially if you don't even use WebGL)
  • webgl.disabled = true
• Disable WebRTC (this can leak your real IPs even with a VPN)
  • media.peerconnection.enabled = false
• Enable Do Not Track (DNT), go to:
  • Preferences
  • Privacy & Security
  • Right under the tracking protection settings, change DNT settings to Always
• Enable First Party Isolation
  • privacy.firstparty.isolate = true
• Enable HTTPS Only Mode (which will block HTTP by default but will allow you to view them by asking), go to:
  • Preferences
  • Privacy & Security
  • Scroll all the way down
  • Enable in all windows
• Enable Resist Fingerprinting
  • privacy.resistFingerprinting = true

Some additions:

• app.normandy.enabled = false. To quote Gentoo's post-install message for Firefox:

Upstream operates a service named Normandy which allows Mozilla to push changes for default settings or even install new add-ons remotely. While this can be useful to address problems like 'Armagadd-on 2.0' or revert previous decisions to disable TLS 1.0/1.1, privacy and security concerns prevail, which is why we have switched off the use of this service by default.

• browser.search.suggest.enabled = false. This controls search suggestions. While it is rather obvious, it should be here for completeness. Can also be disabled through Preferences -> Search.
• identity.fxaccounts.enabled = false if you don't use Firefox Accounts.

You should probably search telemetry in about:config and go through each option for more additions.
Also, for me, fission.autostart is locked to false. Is there anything special I have to do to enable this?

Ah shoot sorry didn't see this comment.

Definitely adding normandy for the guide.

I'm adding various telemetry stuff in a bit, I haven't yet because there's a LOT.

As for Fission, I think you have to be on Nightly. But I'm not sure. I've only ever gotten it unlock on Nightly.

And yeah I'll add the account and search suggestion parts.

@TheAlcanian