Firefox profile setup for Windows 10/11
and for linux
Table of Contents
Installation
- Get 64-bit version here: https://www.mozilla.org/en-US/firefox/developer/
- Install without “maintenance service” (automatic updates)
- Launch Firefox. Sign in to your Firefox Account.
- Profile will be created. Visible with
about:profiles
Install LibreWolf fork as an alternative, as it seems to have rather sane settings for privacy and scores high on them. Moveover, it is compiled from the same sources and is kept up-to-date with latest Firefox security updates without compromising too much on features. Also, its user agent stays as Mozilla/Gecko/Firefox so using it doesn’t fragment Firefox market share further. Finally, the same about:policies are honored as with Firefox, so the browser can continue to operate in corporate environments.
Post-installation tasks
Start with look and feel. UI is tweaked through userChrome.css.
DONE UI
The “look” and what/where the browser displays various elements.
about:addons
Install Sidebery for vertical tabs.
Create userChrome.css at %APPDATA%\Mozilla\Firefox\Profiles\...\chrome\ with content:
/* After Firefox 69 for userChrome.css to work, about:config toolkit.legacyUserProfileCustomizations.stylesheets --> True https://github.com/mbnuqw/sidebery/wiki/Firefox-Styles-Snippets-(via-userChrome.css)*/ /* hide titlebar: https://www.reddit.com/r/FirefoxCSS/comments/f9hnt3/how_to_disable_or_hide_the_title_barminimizeclose/ */ #titlebar { visibility: collapse !important; } /* Hide back/forward buttons: https://www.reddit.com/r/FirefoxCSS/comments/8nogqc/can_i_hide_backforward_buttons_next_to_the/ */ #forward-button, #back-button { display: none !important; } /* remove 'Tree Style Tab' header from sidebar https://www.reddit.com/r/firefox/comments/72kt5x/tree_style_tab_its_finally_here/*/ #sidebar-header { display: none; }
toolkit.legacyUserProfileCustomizations.stylesheets
must be True
for
userChrome.css changes to take effect.
Do rest of the Sidebery UI-changes in its options.
about:config
Rest of the UI-tweaks can be done in about:config.
When using the address bar, don’t suggest open tabs, or search history:
browser.urlbar.suggest.openpage = False
browser.urlbar.suggest.history = False
To disable “Allow Firefox to make personalized extension recommendations”:
extensions.htmlaboutaddons.recommendations.enabled = false
To disable recommended extensions:
browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features = false
For more info, see:
Disable Recommended Extensions in Mozilla Firefox.
Show max amount of entries in urlbar I can fit to screen:
browser.urlbar.maxRichResults = 29
Show always https in url bar:
browser.urlbar.trimURLs = False
Disable Firefox from showing “Frequent” sites when right clicking the task bar firefox icon :UI:
browser.taskbar.lists.frequent.enabled = False
Startpage of browser:
browser.startup.homepage = about:newtab
Remove url-bar “This time, search with”:
Setting deprecated. Instead, go
to about:preferences#search and Search Suggestions: untick/remove every search engine.
browser.urlbar.oneOffSearches = False
DONE Usability
The “feel” and how the browser behaves.
DONE about:config
Toggle between two tabs:
browser.ctrlTab.sortByRecentlyUsed = True
Prevent hyperlinks from hijacking previous tab:
dom.targetBlankNoOpener.enabled = True
By default, LibreWolf deletes your browsing and download history on shutdown.
Override this behavior:
privacy.clearOnShutdown.history = false
Do not close window when closing last tab:
browser.tabs.closeWindowWithLastTab = False
DONE about:addons
Puts the RSS-icon back at the end of the address bar.
Enables mouse gestures.
So that KeepassXC is usable. Not sure if this is needed if I install the KeepassXC browser extension. Edit: it is, as extension gives me the necessary granulanity to match auto-type, and I’ve already defined the entries in its database using this.
Archive web pages.
DONE Privacy and security
DONE about:config
Enable letterboxing: :privacy:
privacy.resistFingerprinting.letterboxing = True
Disable OCSP enforcement :privacy:
Otherwise I get SEC_ERROR_OCSP_SERVER_ERROR. Reasoning in LibreWolf FAQ.
security.OCSP.require = False
NEXT about:addons (Active)
Rest of the addons are installed after signing in to Firefox accounts, but they must be configured. Most of the addons are privacy and usability related.
Cookie AutoDelete :privacy:
Don’t track me Google :privacy:
I don’t care about cookies :usability:
Disabled as experimenting if
fanboy’s
easylist cookie list can already block these cookie popups. And easylist
cookie list is already included in its Fanboy’s Annoyance List, which in
turn is included in oisd.nl list. Also,
Firefox may start to
reject
these cookie banners automatically. Until then, consider using
Consent-O-Matic.
Link Cleaner+ :privacy:
Neat URL :privacy:
Never-Consent :usability:
Save Page WE :usability:
Searchonymous2 :privacy:
Select After Closing Current :usability:
Skip Redirect :privacy:
Tab Mix - Links :usability:
Terms of Service; Didn’t Read :privacy:
uBlock Origin :privacy:
- Enable and update all built-in filter lists except for Regions and
Languages.
- Under Trusted Sites add your local IP range (e.g. 10.0.0.0/24) and
local hostnames if you run any local web servers (e.g. https://my-home-server.local). 3 Enable Cloud Storage (if you use Firefox Sync) and upload your config tabs.
Disable annoying Google “Before you continue…” cookie popup GDPR-popup by defining under “My Filters”:
||consent.google.com^ google.*##+js(aeld, DOMContentLoaded, CONSENT) ! 5/10/2020 https://blogi.nordnet.fi blogi.nordnet.fi##.c-1.a-5.g-dyn > .gofollow > div > [src="about:blank"] ! 2020-12-24 https://mtgstocks.com ||mtgstocks.com/assets/images/cardconduit-1.png$image ! 2021-03-04 https://deckstats.net ||deckstats.net/img/bl_square.png$image
Note: May cause site breakage.
Also take ublock origin medium level to use, as linked to in here: https://www.reddit.com/r/pihole/comments/kwd0hc/why_is_pihole_blocking_less_queries_using_firefox/
Undo Close Tab :usability:
Violentmonkey :usability:
Tridactyl :usability:
…or Vim Vixen (both may break site compatibility, experiment more), Or
Vimium-C, OR Surfing Keys. Check
this reddit
thread for more.
To be able to use C-f again to search for things, use :unbind <C-f>
DONE about:addons (Disabled)
DONE CanvasBlocker (broke websites) :privacy: DONE Google search link fix :privacy: This was never working, now unmaintained.) Replaced by Don’t track me Google. DONE MySessions (Not needed, Firefox handles sessions now) :usability: DONE Don’t touch my tabs! (rel=noopener) :usability: Not needed, integrated as into Firefox now. DONE Zen Fox (Good theme for eye, but makes my browser look more weird than it already is, not needed) :usability: DONE HTTPS Everywhere :privacy: Not needed anymore as obsoleted by browser’s native HTTPS-only Mode. DONE Decentraleyes :privacy: No longer useful as Firefox’s Strict Tracking Protection has been enabled. Save To The Wayback Machine :usability: Addon support will be disabled on January 1st 2023. Recommended replacement is the official Wayback Machine addon.
DONE about:plugins
Disable Shockwave Flash, Shockwave Director, Silverlight plugin and Java Deployment Toolkit, and Java Platform SE 8 (Never Activate). Also Microsoft Office 2013 (but you may experience issues with Firefox not triggering Microsoft SharePoint.
DONE about:config
Restore previous session’s tabs after restarting browser :usability:
browser.sessionstore.resume_session_once = True
Disable “Your browser is being managed by your organization” to keep up with latest critical updates :security:
DisableAppUpdate = False
Alternatively:
- win-r: Regedit
- HKEY_LOCAL_MACHINE\Software\Policies\Mozilla\Firefox
- Change DisableAppUpdate (DWORD 32-bit value)
- To Decimal value 0
For more info, see: ghacks.net: Mozilla makes it more difficult to block Firefox updates
Disable “Use a background service to install updates” :usability:
app.update.service.enabled = False
Turn off Firefox address bar auto-selection on focus when doing alt-tab :usability:
Setting deprecated.
browser.urlbar.clickSelectsAll = False
To fasten browsing on top alexa200 sites and to disable suggested tiles :performance:
privacy.trackingprotection.enabled = True
Enable GPU acceleration :performance:
See: Firefox tuning for moreinformation.
layers.acceleration.force-enabled = True
Disable browser’s inline pdf viewer, and download the document instead :usability:
pdfjs.disabled = True
So that at mtgsuomi.fi links don’t open to new tab… :usability:
browser.link.open_newwindow = 1
…but make sure links from external applications open to new tabs :usability:
browser.link.open_newwindow.override.external = 3
Force a link to open in a non-active tab, instead of changing to that tab :usability:
browser.tabs.loadDivertedInBackground = True
Note: Leave this false for
now, as this breaks opening links in Jira from issue’s linked tasks (opens
two tabs in background). This is because JRACLOUD-78419.
Open bookmarks to new tabs :usability:
As per the
instructions
here.
browser.tabs.loadBookmarksInTabs = True
Disable so that firefox does not constantly remind on saving passwords on logins :usability:
signon.rememberSignons = False
Disable pocket :security:
extensions.pocket.enabled = False
To disable DNS Over HTTPS :security:
https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-firefox/
network.trr.mode = 5
Edit: Left to default 0 now
Enable ESNI to prevent attackers from learning browsing history :security:
Setting deprecated.
To be replaced by ECH, Encrypted Client Hello:
network.security.esni.enabled = True
network.dns.echconfig.enabled = True
network.dns.use_https_rr_as_altsvc = True
GPU based rendering :performance:
See:
Mozilla
Gfx Team Blog for more info.
gfx.webrender.all = True
Prefetch links also under https :performance: See: How to stop Firefox from making automatic connections:
network.dns.disablePrefetchFromHTTPS = False
Disable HTML5 video fullscreen transition fade animation (to speedup ff): :perfromance:
full-screen-api.transition-duration.leave = 0
Enable OffscreenCanvas, potential performance boost :performance:
See: Improved Performance
with OffscreenCanvas.
gfx.offscreencanvas.enabled = True
Enable userChrome.css changes to take effect :usability:
toolkit.legacyUserProfileCustomizations.stylesheets = True
Disable “You must log in to this network before you can access the Internet” :usability:
network.captive-portal-service.enabled = False
For Tridactyl to be able to capture key presses before pages has loaded :usability:
browser.sessionstore.restore_tabs_lazily = False
Disable automatic address list drop down on address bar focus :usability:
browser.urlbar.suggest.topsites = False
This will also disable Top Sites at about:preferences
Enable AVIF picture support :performance:
For more info, see AVIF browser test
page.
image.avif.enabled = True
Disable embedded JavaScript in built-in PDF viewer :security: For more info, see this article.
pdfjs.enableScripting = False
Disable proton UI introduced in FF 89 :usability:
browser.proton.enabled = false
Disable media autoplay :usability:
media.autoplay.blocking_policy = 2
Disable Accessibility Service :performance:
As per Mozilla’s accessibility services
accessibility.force_disabled = 1
Disable download button animations :performance:
browser.download.animateNotifications = False
Disable security dialog delay :performance:
security.dialog_enable_delay = 0
Disable WebRTC :security:
media.peerconnection.enabled = False
Note: May break some web based audio and video services.
Stop webpages known which part of the page had been selected :privacy:
dom.event.clipboardevents.enabled = False
. Also see this for more info.
Enable experimental fingerprinting protection :privacy:
privacy.resistFingerprinting = True
. For more info see this.
Enable Query Parameter Stripping also in private tabs :privacy: Smooth scrolling general.smoothScroll.currentVelocityWeighting: 0 general.smoothScroll.mouseWheel.durationMaxMS: 250 general.smoothScroll.stopDecelerationWeighting; 0.82 mousewheel.minlinescrollamount: 25 general.smoothScroll.msdPhysics.enabled
For normal browsing: privacy.query_stripping.enabled = True
For private browsing: privacy.query_stripping.enabled.pbmode = True
Disable monitoring of add-ons :usability:
extensions.quarantinedDomains.enabled = false
. As per this article.
DONE about:preferences
- Firefox 79 stable let’s users to experiment unreleased features.
Enable experimental features
Requires in about:config setting browser.preferences.experimental = true
Experimental features are then accessible at about:preferences#experimental
Mullvad VPN
- Under browser’s Proxy settings, select Manual Proxy configuration. For the SOCKS Host, use 10.64.0.1 port 1080, and select SOCKS v5 as your protocol. With Firefox, select Proxy DNS when using Socks v5 to use Mullvad’s DNS server. Also in Firefox, make absolutely sure you disable Enable DNS over HTTPS, or you’ll be scratching your head on why you don’t seem to be able to connect to the internet.
Edit: This breaks access to my local 10.0.0.0/24 network. Disabled for now.
DONE about:preferences#privacy
- Enable Enhanced Tracking Protection in Strict mode (already on by default in LibreWolf).
DONE userChrome.js
Location: %APPDATA%\Mozilla\Firefox\Profiles\...\chrome\
No changes so far.
FOLLOWUP Userstyle changes
For example Minimal floating scrollbars, but none implemented yet.
DONE Userscripts
For Violentmonkey. No scripts yet.
Maintenance
Troubleshooting
Observations and future direction
DONE Arkenfox.js template for hardening of Firefox
- Template mentioned here.
- Do this after new installation.
- Consider just using Firefox with arkenfox.ja or plain LibreWolf over on your own maintained about:config because of fingerprinting.