FIREFOX - Setup and Hardening
This is a checklist of the minimal settings of Firefox to get a basic privacy on internet.
- Firefox Account
- Synchronizing your account across multiple devices is a risk
- Do not sign in to a Firefox account.
- Password manager
- use KeePass or a similar software.
- Bookmarks
- Use the Firefox native backup function
- In Firefox, go to Bookmarks -> Show All Bookmarks
- Then, backup your bookmarks as a text file. Enjoy.
- Verification
- https://amiunique.org/
Addons
HTTPS Everywhere
Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.
The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.
Indicate TLS
This Add-on uses the new SecurityInfo-API in Firefox to display information about the transport security used on the sites you visit.
The TLS protocol version is displayed by an icon in the address bar. More detailed information can be viewed by clicking on that icon, particularly to display the TLS protocol version of 3rd party servers that the website you are visiting fetches resources from.
KeePassHTTP-Connector
KeePassHttp-Connector is a WebExtension for browsers to send and receive credentials from KeePass(XC).
NoScript
NoScript gives you the best available protection on the web. It allows JavaScript, Flash, and other executable content to run only from trusted domains of your choice (e.g. your banking site), thus mitigating remotely exploitable vulnerabilities, such as Spectre and Meltdown.
It protects your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology.
Such a preemptive approach prevents exploitation of security vulnerabilities (known and unknown!) with no loss of functionality where you need it. Experts do agree: Firefox is really safer with NoScript ;-)
Privacy Badger
Privacy Badger automatically learns to block invisible trackers. Instead of keeping lists of what to block, Privacy Badger learns by watching which domains appear to be tracking you as you browse the Web.
Privacy Badger sends the Do Not Track signal with your browsing. If trackers ignore your wishes, your Badger will learn to block them. Privacy Badger starts blocking once it sees the same tracker on three different websites.
Besides automatic tracker blocking, Privacy Badger removes outgoing link click tracking on Facebook, Google and Twitter, with more privacy protections on the way.
Random User Agent
Automatically change the user agent after specified period of time to a randomly selected one, thus hiding your real user agent
uBlock Origin
An efficient blocker: easy on memory and CPU footprint, and yet can load and enforce thousands more filters than other popular blockers out there.
Settings
Automatic Formfill
Disable Automatic Formfill in preferences.
Formfilling requires that information be cached in the browser, this can include valuable information like usernames and passwords and the information can reference visited sites even with history disabled.
Battery API
The Mozilla API can allow a site to track the current battery life of a device, which can be used in conjunction with other methods to identify and track users.
Go in about:config and set the Battery API value dom.battery.enabled to false.
Content Blocking
In the preferences (about:preferences#privacy), choose "custom options" and set:
- Trackers -> In all windows
- Cookies -> Third-Parties
- Cryptominers checked
- Fingerprinters checked
Cookies
In the preferences, check the box "Delete cookies and site data when Firefox is closed".
Geolocalization
In the last Firefox versions:
- Go to security and privaty section of preferences (about:preferences#privacy)
- Set Location Permissions to block all
In the old versions:
- Go in about:config
- Put geo.enabled value to false.
Logins and Passwords
In the preferences, disable "ask logins and password".
Media Autoplay
In the last Firefox versions:
- Set "Block websites from automatically playing sound" option
More options are present in about:config.
In the old versions:
- Go in about:config
- Put media.autoplay value to false
privacy.resistfingerprinting
This setting actually manages many behaviors in Firefox, it is a group of settings that are used by the Uplift project (a sub-project of Tor) to make the browser ignore most types of fingerprinting requests.
In about:config:
- Put privacy.resistfingerprinting to true
Telemetry
In the preferences (about:preferences#privacy), disable all "Firefox data collection and use" options
Non-essential but Usefull Extras
ContextSearch web-ext
Select text and search from the context menu or a tiled popup using any of your installed search engines. Add new search engines with a right-click, edit favicons and query strings. POST compatible, simple UI, highly configurable. For FF 57+
Flash and Video Download
Download videos and flash games very easily, with one click.
Video Downloader Professional
Download videos from web sites or just collect them in your video list without downloading them.