Firefox Hardening technique for you guys based on personal experience and insights from other experts in OPSEC
Firefox Settings
Download latest arkenfox user.js from the official github: https://github.com/arkenfox/user.js 28
In the address field, search for “about:profiles”, find your default profile Root Directory and press “Open Folder”
Drag & Drop the arkenfox user.js file into the Firefox Root Directory
Launch Firefox and enter “Settings”, in the “Home” tab. Uncheck all options under “Firefox Home Content”
In the “Search” options Tab → Change the default search engine to DuckDuckGo & Uncheck all options under “Search Suggestions” & “Address Bar”
In the Privacy & Security Tab → Check boxes “Tell websites not to sell or share my data” & “Send websites a “Do Not Track” request”
Uncheck the box titled “Suggest strong passwords”
Uncheck the box titled “Suggest Firefox Relay…”
Uncheck the box titled “Show alerts about passwords for breached websites”
Uncheck the box titled “Ask to save passwords”
Uncheck the box titled “Save and fill addresses”
Uncheck the box titled “Save and fill payment methods”
Uncheck the option “Remember browsing and download history”
Press the “Settings” button next to “Clear history when Firefox closes” and Check “Site settings”, then Press the “Save Changes” button
Do not check the box titled “Always use private browsing mode” — This will break Firefox Containers
In the “Permissions” menu, Click the “Settings” button next to “Location”, “Camera”, “Microphone”, “Notifications”, and “Virtual Reality”. Check the box titled “Block new requests…” on each of these options.
Uncheck all options under “Deceptive Content and Dangerous Software Protection” — This will prevent Firefox from sharing potential malicious site visits with third-party services.
Type in “about:config” in the address field and Copy & paste the following variables into “Search preference name” and follow the instructions below:
geo.enabled = FALSE — This disables Firefox from sharing your location
browser.safebrowsing.malware.enabled = FALSE — This disables Google’s malware monitoring.
dom.battery.enabled = FALSE — This setting blocks sending battery level information.
extensions.pocket.enabled = FALSE — This disables the proprietary Pocket service.
browser.newtabpage.activity-stream.section.highlights.includePocket = FALSE — Disables ‘Pocket’.
media.peerconnection.enabled = FALSE — Disables WebRTC.
media.peerconnection.turn.disable = TRUE — Disables TURN.
media.peerconnection.use_document_iceservers = FALSE — Disables ICE servers.
media.peerconnection.video.vp9_enabled = FALSE — Disables WebRTC video.
media.navigator.enabled = FALSE — Disables WebRTC navigator.
identity.fxaccounts.enabled = FALSE — Disables any embedded Firefox accounts.
network.http.sendRefererHeader = 0 — Disables referring website notifications.
webgl.disabled = TRUE — Disables some fingerprinting.
dom.webnotifications.enabled = FALSE — Disables embedded notifications.
media.autoplay.default = 5 — Disables audio and video from playing automatically.
→ These are generally the settings arkenfox doesn’t touch upon which I change individually ←
Extensions
Extensions → uBlock Origin → Referer of choice → Skip redirect (You don’t really need other extentions… Why? uMatrix e.g. is no longer maintained + covered by uBlock Origin. Ghostery, Disconnect, Privacy Badger, DuckDuckGo Privacy Essentials & any tracker blockers aren’t needed with stuff we already have done.
Neat Urls & Clear URLS can easily be replaced with uBlock Origin’s unique features, HTTPS Everywhere is replaced with Firefox settings, LocalCDN & Decentraleyes may just work against you!
uBlock Origin is vital, it blocks many ads and tracking scripts but also malicious code execution, location sharing, and a bunch of other stuff.
Install uBlock Origin here: https://addons.mozilla.org/en-US/firefox…ck-origin/ 2
Click on the uBlock Origin icon in the top-right menu and press the “Cogwheel button” to open up the Dashboard
Click the “Settings” Tab and check the option “I am an advanced user” - This will let you block scripts individually on sites
Click on the filter list and enable “Block Outsider Intrusion to LAN” under “Privacy” & The entire “EasyList” under “Annoyances”. Click the “Update Now” button
Use DNS-Filtering
I recommend NextDNS since your ISP knows about every domain you visit, regardless of SSL encryption, they also know about your billing details. Your DNS queries are not properly encrypted, if you did not purchase internet anonymously
they also know your identity & can associate your traffic immediatly, they also often sell these details for marketing purposes. A DNS is also good for multi-layering your privacy while using a VPN. Would you rather
place your entire trust on your VPN provider by using its VPN & DNS server or would you add multiple layers while also gaining the benefit of DNS-Filtering?
By SrMadagascar
Happy learning!