2020 Guide to Hardening Firefox – Digitalmunition




Videos 1585860444_maxresdefault.jpg

Published on November 10th, 2019 📆 | 6217 Views ⚑

40

2020 Guide to Hardening Firefox



This is a simple guide and video on how to harden your #Firefox browser. While this tutorial is displayed on Linux, it also works for #Windows and #Mac

Notes on Firefox Hardening:

Plugins:
uBlock Origin (Raymond Hill)
Privacy Badger
HTTPS Everywhere

Options:
New Windows and Tabs should be blank to prevent a site from knowing the pages and tabs you open

(Privacy and Security)
Do not save passwords and autofill
Do Not store history
Do not allow 3rd party cookies (only use first party)
Do not allow search suggestions in search bar
Block Popups
Warn when installing addons
Do not share telemetry with firefox
Do not use Firefox Account

about:config
WebRTC is DRM, allows netflix, and others, but can show real IP if you are on a VPN
media.peerconnection.enabled

Fingerprint resistence – why is this not enabled by defaults?!?!
privacy.resistfingerprinting
(set to true)

Disable 3DES Cipher – many security vuln and is depriciated
security.ssl3.rsa_des_ede3_sha

Safe negotiating requires only the safest negotiation with servers
security.ssl.require_safe_negotiation

Disable TLS version 1.0 and 1.1
security.tls.version.min
(enter value 3)

Disabling Automatic Form Filling (extra step to not remembing history)
browser.formfill.enable
(set to false)

Disable Geolocation
geo.enabled
(set to false)

Disable all telemetry – there are a lot of these, they are all under toolkit.telemetry
browser.newtabpage.activity-stream.feeds.telemetry browser.newtabpage.activity-stream.telemetry
browser.pingcentre.telemetry
devtools.onboarding.telemetry-logged
toolkit.telemetry.archive.enabled
toolkit.telemetry.bhrping.enabled
toolkit.telemetry.firstshutdownping.enabled
toolkit.telemetry.hybridcontent.enabled
toolkit.telemetry.newprofileping.enabled
toolkit.telemetry.unified
toolkit.telemetry.updateping.enabled
toolkit.telemetry.shutdownpingsender.enabled

Disable Prefetching – firefox will preload links you might click on, thus using more bandwidth and calling content you have not requested.
network.dns.disableprefetch
(set to true)

network.prefetch-next
(set to false)

Disable all notifications
dom.webnotifications.enabled
(set to false)

———–
Support Switched to Linux!
👕 Merch: https://shop.switchedtolinux.com
🛒 Amazon: http://tlm.li/amazon
💰 Support: https://switchedtolinux.com/support
🛒 Affiliates: https://switchedtolinux.com/affiliates
👥 Multichannel Support: https://thinklifemedia.com
💰 Patreon: /TomM
———–
Social Media:
🐦 Twitter: @switchedtolinux
🐸 Gab: @switchedtolinux
💡 Minds: @switchedtolinux
Reddit: /r/switchedtolinux
Mastodon: https://fosstodon.org/@switchedtolinux
———–

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.

source

Tagged with:



40 Responses to 2020 Guide to Hardening Firefox

  1. Jon D'oh says:

    total noob here, did your tweaks, and now Firefox resets all my preferences. i know i can hit refresh Firefox, but i don't want to go and tweak it again, and run into this proble. any help is appreciated…

  2. Thanks for this, i'm trying all this out in Fedora31 xfce.

  3. where tested site , after changing?

  4. Mohan Ram says:

    I don't want to block ads, as that's how good websites make money. I just don't want to be tracked and targeted. So I use uBlock Origin only to block tracking.

  5. Better to remove that Soros infested crap.

  6. AK suited says:

    Congrats on 40.000 subs!
    One question about add-ons. I'm running Firefox with uBlock and uMatrix. Does it make sense to add Privacy Badger, or is it redundant in this setup?

  7. can i ask how can i get shockwave flash in firefox?

  8. Slow Poke says:

    Germany has chosen Firefox as the best and most secure browser. They had tested all of them.

  9. Joshua says:

    I switched to startpage because duckduckgo just gives you very bad suggestions based on what you're typing and i hate that. I want to just type 3 words, click a suggestion and get on with my life, not type the whole search.

  10. Great video! one question: what about the value on the network.http.sendreferHeader? should we leave it on 2 or change it to 0? thansk a lot in advance

  11. PkPrince Q says:

    what about the permission we are allowing with these extensions?

  12. Thank you for this video. If I were religious I would say that you are doing God's work.

  13. Thanks so much for these tips, this sort of content delivery is much appreciated – I consider myself a tech-savvy-enough sort of person, not a tech professional; I wouldn't have the time plus then the know-how that comes from said time to be able to be knowledgeable & able to suss all these (big) and little things out on my own!

    My Firefox now has a much harder shell indeed — according to Panopticlick anyway — and according to my own ux after said tweaks.

  14. Mike says:

    Dude, what an incredible video, My Firefox is fire now and so awesome, I also caught you mention you talking about some filters in your router and so I downloaded some scripts from a safe source to filter out some adds and am running it on my DDWRT router and its fire, no adds are coming through and no more ads on Youtube either. Sweet as *uck. My whole network is getting sfaer and running top notch, f in a. How do we do this to Chrome My father uses Chrome and I need to get that cleaned up?

  15. Mike says:

    hey and how would you do the exact same thing with chrome, it has to be possible no? Lets do it

  16. Mike says:

    Can I take the config file and plug this in to a new install and have all the settings follow rather than using a sync account?

  17. John Doe says:

    Nice topic , can you ad a printable list please , thanks

  18. Do a hardening for chromium aswell. Thx Tom

  19. John Kunai says:

    Hey Switched to Linux (Tom), should I do the about:config tweaks on Privacytools.io as well?

  20. Spüdley says:

    I also modified my hosts file with a copy and paste from someonewhocares(DOT)org(SLASH)hosts(SLASH). There are instructions to put it in your system.

  21. Lussor says:

    Nice video! Do you think Decentraleyes extension is necessary?

  22. TangoAlpha says:

    Loved your video tips on Firefox! What would you suggest as "reading list" without google/firefox accounts (privacy oriented)?

  23. Ed MacLane says:

    You can do all of this on Firefox on Android too. 👍

  24. marc lili says:

    These are really good ideas.Thank's Tom.

  25. I followed along and I copied the notes for future reference. Thanks STL! you are a big help!

  26. I have an one old entry in my personal book of tweaks and work arounds about Firefox. It was a bug about 4 or 5 years ago where FF couldn't load a lot of different pages, I don't remember the cause (maybe start of https sites or IPv6?). Nevertheless, the work around was to disable the dns-prefetching.

  27. Marc S says:

    You forgot about NoScript plugin

  28. merkin3k says:

    Great video. The Firefox Multi-Account Containers add-on is useful for keeping some of your browsing sessions separate from each other. You can even go nuts (like me) and set up separate containers for each site for which you have a login ID. 🤓

  29. This works on the mobile version too.

  30. you forgot setting doh, will be rolled out by default eventually, however the user can customize it now by going to network.trr or going into network settings within the main settings page.

  31. panks103 says:

    Wow!! Thank you for all these configuration settings and putting in time and effort.

  32. Thank you for videos like this. They can/do really helpl those looking to be as private as they can.

  33. network.http.sendRefererHeader
    Value 0 – completely disables the Referer Header.
    This is probably what you want, but it does break some websites (most
    notably WordPress)

    Value 1 – Sends a Referer
    header when clicking on a link, but not when loading images on a page.
    This should prevent most cross-site tracking using cookies, whilst also
    allowing sites that rely on Referer Headers (such as WP) to function
    properly

    Value 2 – This is the default setting, and sends the Referrer Header.

  34. John Mal says:

    Wow that is a lot. When my system updates to a new version of Firefox do I have to do this again?

  35. Good video. I would follow all of those steps and the ones included in privacytools.io. Firefox is still generally the best browser for privacy although they're pretty shady about it. The fact that we have to go through all of this just to get it somewhat private is annoying. Also, just so you know, Startpage was bought by an advertising company.

  36. IP flags, ublock origins, noscript, privacy badger :') and setting DoH. these are my recommended addons… ooo and i'm going to checkout some of the ones you've mentioned 🙂

  37. dwbsovran says:

    Great info. Thanks! You never recommend NoScript – why? You could also mention placing the cursor over the shield in the address bar for security activity. By clicking on the shield you can exempt your trusted sites from security so they will work properly. How about a vid for installing ICE on Linux Mint? Or would dual booting with Peppermint be much more secure exclusively for banking and commercial transactions?

Leave a Reply to Lloyd Compton Cancel reply

Your email address will not be published. Required fields are marked *


loading...