#+TITLE: Firefox profile setup for Windows 10/11 #+SUBTITLE: and for linux #+DATE: <2017-06-04 Tue> #+AUTHOR: Tuomas Pyyhtiä #+EMAIL: pyyhttu+firefox@pm.me #+DESCRIPTION: How to setup Firefox on Windows 10/11 #+KEYWORDS: Windows Firefox tutorial #+LANGUAGE: en # Don't show table of contents, export underscore as underscore instead of # highlight in HTML (was: ^:nil), include priority cookies: #+OPTIONS: toc:t ':t pri:t # Rest of options (as explained here: https://orgmode.org/manual/Export-Settings.html): #+OPTIONS: num:nil p:nil stat:t tags:t tasks:t tex:t timestamp:t #+BEGIN_COMMENT #+PROPERTY: header-args :eval never-export :exports both :results replace #+END_COMMENT # Include usable macros from https://github.com/fniessen/org-macros: #+INCLUDE: ../org-mode/macros/org-macros.setup #+BEGIN_COMMENT #+INFOJS_OPT: view:content ltoc:nil path:../org-mode/js/org-info.js # for more info see: https://orgmode.org/worg/code/org-info-js #+END_COMMENT #+HTML_HEAD: #+HTML_LINK_HOME: https://pyyhttu.kapsi.fi #+HTML_LINK_UP: https://pyyhttu.kapsi.fi/debian/ * DONE Installation - Get 64-bit version here: https://www.mozilla.org/en-US/firefox/developer/ - Install without "maintenance service" (automatic updates) - Launch Firefox. Sign in to your [[https://www.mozilla.org/en-US/firefox/accounts/][Firefox Account]]. - Profile will be created. Visible with ~about:profiles~ #+begin_note Install [[https://librewolf.net/][LibreWolf fork]] as an alternative, as it seems to have rather sane settings for privacy and [[https://privacytests.org/][scores high]] on them. Moveover, it is compiled from the same sources and is kept up-to-date with latest Firefox security updates without compromising too much on features. Also, its user agent stays as Mozilla/Gecko/Firefox so using it doesn't fragment Firefox market share further. The same =about:policies= are honored as with Firefox, so the browser can continue to operate in corporate environments. Install LibreWolf exceptionally from Windows Store, then set that executable as the default browser app. Reason is that the corporate security settings with Windows Defender prevent non-signed applications from opening email links from Outlook (opening mail fails with popup "you may not have appropriate permissions to access the item"). #+end_note If you install from store, the profile is at =c:\Users\TPyyhtia\AppData\Local\Packages\31856maltejur.LibreWolf_ssmwz6s360tct\LocalCache\Roaming\librewolf\Profiles\xkroxlaa.default-default\= * DONE =about:addons= (Active) Install [[https://addons.mozilla.org/en-US/firefox/addon/sidebery/][Sidebery]] for vertical tabs. Create =userChrome.css= at =%APPDATA%\Mozilla\Firefox\Profiles\...\chrome\= *Edit [2025-02-07 Fri]:* Windows Store sandboxed Librewolf, the path for =userChrome.css= is: =c:\Users\TPyyhtia\AppData\Local\Packages\31856maltejur.LibreWolf_ssmwz6s360tct\LocalCache\Roaming\librewolf\Profiles\xkroxlaa.default-default\chrome\= Then edit it to contain: #+BEGIN_SRC css /* After Firefox 69 for userChrome.css to work, about:config toolkit.legacyUserProfileCustomizations.stylesheets --> True https://github.com/mbnuqw/sidebery/wiki/Firefox-Styles-Snippets-(via-userChrome.css)*/ /* hide titlebar: https://www.reddit.com/r/FirefoxCSS/comments/f9hnt3/how_to_disable_or_hide_the_title_barminimizeclose/*/ #titlebar { visibility: collapse !important; } /* hides the native tabs, needed in addition to 'hide titlebar:' after Firefox 133 to hide top bar tabs and titlebar */ #TabsToolbar { visibility: collapse; } /* Hide back/forward buttons: https://www.reddit.com/r/FirefoxCSS/comments/8nogqc/can_i_hide_backforward_buttons_next_to_the/ */ #forward-button, #back-button { display: none !important; } /* remove 'Tree Style Tab' header from sidebar https://www.reddit.com/r/firefox/comments/72kt5x/tree_style_tab_its_finally_here/*/ #sidebar-header { display: none; } #+END_SRC #+BEGIN_note ~toolkit.legacyUserProfileCustomizations.stylesheets~ must be ~True~ for above =userChrome.css= changes to take effect. #+END_note Do rest of the Sidebery UI-changes in its options, compare values from old setup if need be: #+begin_src Configure panel - Settings - Menu - Navigation bar - Layout:hidden Configure panel - Settings - Menu - Navigation bar - Hide empty tabs panel:off Configure panel - Settings - Menu - Navigation bar - Recently closed tabs sub panel:off Configure panel - Settings - Menu - Navigation bar - Bookmarks sub panel:off Configure panel - Settings - Menu - Navigation bar - History sub panel:off Configure panel - Settings - Menu - Navigation bar - Tabs - Show close button: off Configure panel - Settings - Menu - Navigation bar - Tabs - Show new tab button: off Configure panel - Settings - Menu - Navigation bar - Appearance - Animations:off #+end_src [[https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/][uBlock Origin]]\\ 1. Enable and update all built-in filter lists except for =Regions= and =Languages=. 2. Under =Trusted Sites= add your local IP range (e.g. =10.0.0.0/24=) and local hostnames if you run any local web servers (e.g. =https://my-home-server.local=). 3. Enable [[https://github.com/gorhill/uBlock/wiki/Cloud-storage][Cloud Storage]] (if you use Firefox Sync) and upload your config tabs. Disable annoying [[https://old.reddit.com/r/uBlockOrigin/comments/ivqysi/block_the_new_before_you_continue_popup_from/g5t4pwz/][Google "Before you continue..." cookie popup]] GDPR-popup by defining under "My Filters": #+BEGIN_SRC bash ||consent.google.com^ google.*##+js(aeld, DOMContentLoaded, CONSENT) ! 5/10/2020 https://blogi.nordnet.fi blogi.nordnet.fi##.c-1.a-5.g-dyn > .gofollow > div > [src="about:blank"] ! 2020-12-24 https://mtgstocks.com ||mtgstocks.com/assets/images/cardconduit-1.png$image ! 2021-03-04 https://deckstats.net ||deckstats.net/img/bl_square.png$image #+END_SRC *Note*: May cause site breakage. Also take ublock origin medium level to use, as noted [[https://www.reddit.com/r/pihole/comments/kwd0hc/why_is_pihole_blocking_less_queries_using_firefox/][here]]. [[https://addons.mozilla.org/en/firefox/addon/awesome-rss/][Awesome RSS]]\\ Puts the RSS-icon back at the end of the address bar. [[https://addons.mozilla.org/en-US/firefox/addon/gesturefy/][Gesturefy]]\\ Enables mouse gestures. Compare setup values from old computer if need be. [[https://addons.mozilla.org/en-US/firefox/addon/url-in-title-keepass/][URL in title]]\\ So that KeepassXC is usable. Not sure if this is needed if I install the KeepassXC browser extension. Edit: it is, as extension gives me the necessary granulanity to match auto-type, and I've already defined the entries in its database using this. [[https://addons.mozilla.org/en-US/firefox/addon/wayback-machine_new/][Wayback Machine]]\\ Archive web pages. [[https://addons.mozilla.org/en-US/firefox/addon/save-page-we/][Save Page WE]]\\ Save a complete web page (as currently displayed) as a single HTML file [[https://github.com/cavi-au/Consent-O-Matic][Consent-O-Matic]]\\ Automatic handling of GDPR consent forms. [[https://addons.mozilla.org/en-US/firefox/addon/ghosttext/][GhostText]]\\ Use text editor to write in your browser. [[https://addons.mozilla.org/en-US/firefox/addon/link-cleaner-plus/][Link Cleaner+]]\\ Clean URLs before opening a link. [[https://addons.mozilla.org/en-US/firefox/addon/font-fingerprint-defender/][Font Fingerprint Defender]]\\ Feed fake font value to avoid font fingerprinting. * DONE =about:addons= (Disabled) [[https://addons.mozilla.org/en-US/firefox/addon/violentmonkey/][Violentmonkey]]. [[https://addons.mozilla.org/en-US/firefox/addon/undoclosetabbutton/][Undo Close Tab]]\\ Not needed as handled by Sidebery. [[https://addons.mozilla.org/fi/firefox/addon/skip-redirect/][Skip Redirect]]\\ Extracts the final url from the intermediary url and goes there straight away if successful. [[https://addons.mozilla.org/en-US/firefox/addon/tab-mix-plus-webextension/][Tab Mix - Links]]\\ Not needed as Sidebery installed. [[https://addons.mozilla.org/en-US/firefox/addon/terms-of-service-didnt-read/][Terms of Service; Didn't Read]]\\ Not needed as Consent-O-Matic handles this. [[https://addons.mozilla.org/en-US/firefox/addon/dont-track-me-google1/][Don't track me Google]]\\ Removes the annoying link-conversion at Google Search.\\ Uninstalled as the default search engine is duckduckgo where this is not needed. [[https://addons.mozilla.org/en-US/firefox/addon/select-after-closing-current/][Select After Closing Current]]\\ Configure which tab to select after closing the current tab.\\ Not needed as this functionality is pretty sane by default. [[https://addons.mozilla.org/en-US/firefox/addon/searchonymous2/][Searchonymous2]]\\ Search anonymously on Google while staying logged in on services such as Youtube, Gmail, etc.\\ Not needed anymore as not using google login anymore (Gmail, Youtube etc.) [[https://addons.mozilla.org/en-US/firefox/addon/neat-url/][Neat URL]]\\ Remove garbage from URLs.\\ Not needed as functionality is duplicate with Link Cleaner+. [[https://addons.mozilla.org/en/firefox/addon/cookie-autodelete/][Cookie AutoDelete]]:\\ Deletes cookies on browsing closing, except those whitelisted. This limits tracking. Not needed. +[[https://addons.mozilla.org/en-US/firefox/addon/i-dont-care-about-cookies/][I don't care about cookies]]+\\ Disabled as [[https://lobste.rs/s/xdgfwq/i_don_t_care_about_cookies][fanboy's easylist cookie list]] can already block these cookie popups. And easylist cookie list is already included in its Fanboy's Annoyance List, which in turn is included in [[https://oisd.nl/includedlists][oisd.nl list]]. Also, Firefox may start to [[https://lobste.rs/s/igqvhd/firefox_may_soon_reject_cookie_prompts][reject]] these cookie banners automatically. Until then, consider using [[https://github.com/cavi-au/Consent-O-Matic][Consent-O-Matic]]. CanvasBlocker\\ Disabled as broke websites and not needed with LibreWolf which already has this [[https://librewolf.net/docs/faq/#should-i-allow-canvas-access-how-do-i-do-it][built in]]. Google search link fix\\ This was never working, now [[https://twitter.com/WPalant/status/1303706621504368640][unmaintained.]]) Replaced by [[https://addons.mozilla.org/en-US/firefox/addon/dont-track-me-google1/][Don't track me Google]]. MySessions\\ Not needed, Firefox handles sessions now. [[https://addons.mozilla.org/en-US/firefox/addon/dont-touch-my-tabs][Don't touch my tabs! (rel=noopener)]]\\ Not needed, as [[https://www.reddit.com/r/privacytoolsIO/comments/m4tsju/reminder_to_delete_dont_touch_my_tabs_relnoopener/][integrated]] into Firefox now. Zen Fox (Good theme for eye, but makes my browser look more weird than it already is, not needed)\\ [[https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/][HTTPS Everywhere]]\\ Not needed anymore as obsoleted by browser's native [[https://github.com/EFForg/https-everywhere/issues/19905][HTTPS-only Mode]]. [[https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/][Decentraleyes]]\\ No longer useful as Firefox's Strict Tracking Protection has been enabled. [[https://addons.mozilla.org/en-US/firefox/addon/save-to-the-wayback-machine/][Save To The Wayback Machine]]\\ Addon support will be disabled on January 1st 2023. Recommended replacement is the official [[https://addons.mozilla.org/en-US/firefox/addon/wayback-machine_new/?utm_source=addons.mozilla.org][Wayback Machine]] addon. * DONE =about:config= Rest of the UI-tweaks can be done in =about:config=. When using the address bar, don't suggest open tabs, or search history:\\ ~browser.urlbar.suggest.openpage = False~\\ ~browser.urlbar.suggest.history = False~ To disable "Allow Firefox to make personalized extension recommendations":\\ ~extensions.htmlaboutaddons.recommendations.enabled = false~ To disable recommended extensions:\\ ~browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features = false~ For more info, see: [[https://www.askvg.com/tip-disable-recommended-features-suggestions-in-mozilla-firefox/][Disable Recommended Extensions in Mozilla Firefox]]. Show max amount of entries in urlbar I can fit to screen:\\ ~browser.urlbar.maxRichResults = 29~ Show always https in url bar:\\ ~browser.urlbar.trimURLs = False~ Disable Firefox from showing "Frequent" sites when right clicking the task bar firefox icon:\\ ~browser.taskbar.lists.frequent.enabled = False~ Startpage of browser:\\ ~browser.startup.homepage = about:newtab~ Remove url-bar "This time, search with":\\ +~browser.urlbar.oneOffSearches = False~+ Setting deprecated. Instead, go to =about:preferences#search= and Search Suggestions: untick/remove every search engine then in =about:config= set:\\ ~browser.urlbar.scotchBonnet.enableOverride = False~ Toggle between two tabs:\\ ~browser.ctrlTab.sortByRecentlyUsed = True~ Prevent hyperlinks from hijacking previous tab:\\ ~dom.targetBlankNoOpener.enabled = True~ By default, LibreWolf deletes your browsing and download history on shutdown. Override this behavior:\\ ~privacy.clearOnShutdown.history = false~ Do not close window when closing last tab:\\ ~browser.tabs.closeWindowWithLastTab = False~ Disable media autoplay so that e.g. youtube videos don't autoplay to next:\\ ~media.autoplay.blocking_policy = 2~ Enable [[https://fingerprint.com/blog/can-letterboxing-prevent-browser-fingerprinting/][letterboxing]].\\ ~privacy.resistFingerprinting.letterboxing = True~\\ #+begin_note This will add a white gray retangle around your browser window. #+end_note Disable OCSP enforcement. Otherwise I get =SEC_ERROR_OCSP_SERVER_ERROR=. Reasoning in LibreWolf [[https://librewolf.net/docs/faq/#im-getting-sec_error_ocsp_server_error-what-can-i-do][FAQ.]]\\ ~security.OCSP.require = False~ [[https://github.com/arkenfox/user.js/issues/895][Enable GlobalConnect VPN]] to connect. Otherwise I get =SSL_ERROR_UNSAFE_NEGOTIATION=.\\ ~security.ssl.treat_unsafe_negotiation_as_broken = False~\\ ~security.ssl.require_safe_negotiation = False~ Restore previous session's tabs after restarting browser\\ ~browser.sessionstore.resume_session_once = True~ Disable "Your browser is being managed by your organization" to keep up with latest critical updates.\\ ~DisableAppUpdate = False~ Alternatively: 1. win-r: Regedit 2. =HKEY_LOCAL_MACHINE\Software\Policies\Mozilla\Firefox= 3. Change =DisableAppUpdate= (DWORD 32-bit value) 4. To Decimal value =0= For more info, see: [[https://www.ghacks.net/2018/07/28/mozilla-makes-it-more-difficult-to-block-firefox-updates/][ghacks.net: Mozilla makes it more difficult to block Firefox updates]] Disable "Use a background service to install updates".\\ ~app.update.service.enabled = False~ Turn off Firefox address bar auto-selection on focus when doing {{{kbd(alt-tab)}}}.\\ +~browser.urlbar.clickSelectsAll = False~+ Setting deprecated. To fasten browsing on top alexa200 sites and to disable suggested tiles.\\ ~privacy.trackingprotection.enabled = True~ Enable GPU acceleration.\\ See: [[https://tlhp.cf/firefox-tuning/][Firefox tuning]] for moreinformation. ~layers.acceleration.force-enabled = True~ Disable browser's inline pdf viewer, and download the document instead.\\ ~pdfjs.disabled = True~ So that links don't open to new tab\\ ~browser.link.open_newwindow = 1~ Make sure links from external applications open to new tabs\\ ~browser.link.open_newwindow.override.external = 3~ Force a link to open in a non-active tab, instead of changing to that tab\\ ~browser.tabs.loadDivertedInBackground = True~ Note: Leave this false for now, as this breaks opening links in Jira from issue's linked tasks (opens *two* tabs in background). This is because [[https://jira.atlassian.com/browse/JRACLOUD-78419][JRACLOUD-78419.]] Open bookmarks to new tabs As per the [[https://www.reddit.com/r/firefox/comments/6xvys8/new_pref_in_nightly_browsertabsloadbookmarksintabs/][instructions here]].\\ ~browser.tabs.loadBookmarksInTabs = True~ Disable so that firefox does not constantly remind on saving passwords on logins\\ ~signon.rememberSignons = False~ Disable pocket\\ ~extensions.pocket.enabled = False~ To disable DNS Over HTTPS\\ https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-firefox/ ~network.trr.mode = 5~ *Edit:* Left to default =0= now Enable ESNI to prevent attackers from learning browsing history\\ +~network.security.esni.enabled = True~+ Setting deprecated. To be replaced by ECH, [[https://blog.mozilla.org/security/2021/01/07/encrypted-client-hello-the-future-of-esni-in-firefox/][Encrypted Client Hello]]: ~network.dns.echconfig.enabled = True~ ~network.dns.use_https_rr_as_altsvc = True~ GPU based rendering:\\ See [[https://mozillagfx.wordpress.com/2019/05/21/graphics-team-ships-webrender-mvp/][Mozilla Gfx Team Blog]] for more info. ~gfx.webrender.all = True~ Prefetch links also under https. See: [[https://support.mozilla.org/fi/kb/how-stop-firefox-making-automatic-connections][How to stop Firefox from making automatic connections]]\\ ~network.dns.disablePrefetchFromHTTPS = False~ Disable HTML5 video fullscreen transition fade animation (to speedup FF)\\ ~full-screen-api.transition-duration.leave = 0~ Enable OffscreenCanvas, potential performance boost\\ See: [[https://newinweb.com/2018/09/10/offscreen-canvas/][Improved Performance with OffscreenCanvas]]. ~gfx.offscreencanvas.enabled = True~ Enable =userChrome.css= changes to take effect\\ ~toolkit.legacyUserProfileCustomizations.stylesheets = True~ Disable "You must log in to this network before you can access the Internet"\\ ~network.captive-portal-service.enabled = False~ For Tridactyl to be able to capture key presses before pages has loaded\\ ~browser.sessionstore.restore_tabs_lazily = False~ Enable AVIF picture support. For more info, see [[https://libre-software.net/avif-test/][AVIF browser test page]].\\ ~image.avif.enabled = True~ Disable embedded JavaScript in built-in PDF viewer. For more info, see [[https://news.slashdot.org/story/21/04/22/1754258/firefox-88-enables-javascript-embedded-in-pdfs-by-default][this article]].\\ ~pdfjs.enableScripting = False~ Disable proton UI introduced in FF 89\\ ~browser.proton.enabled = false~ Disable Accessibility Service As per [[https://support.mozilla.org/en-US/kb/accessibility-services][Mozilla's accessibility services]]\\ ~accessibility.force_disabled = 1~ Disable download button animations\\ ~browser.download.animateNotifications = False~ Disable security dialog delay\\ ~security.dialog_enable_delay = 0~ Disable WebRTC\\ ~media.peerconnection.enabled = False~ *Note*: May break some web based [[https://www.reddit.com/r/firefox/comments/aexell/disabling_webrtc/][audio and video services]]. Stop webpages known which part of the page had been selected\\ ~dom.event.clipboardevents.enabled = False~. Also see [[https://superuser.com/questions/1595994/dont-let-websites-overwrite-clipboard-in-firefox-without-explicitly-giving-perm][this for more info.]] Enable experimental fingerprinting protection\\ ~privacy.resistFingerprinting = True~. For more info see [[https://support.mozilla.org/fi/kb/firefox-protection-against-fingerprinting][this.]] Enable Query Parameter Stripping also in private tabs smooth scrolling\\ ~general.smoothScroll.currentVelocityWeighting: 0~ ~general.smoothScroll.mouseWheel.durationMaxMS: 250~ ~general.smoothScroll.stopDecelerationWeighting; 0.82~ ~mousewheel.min_line_scroll_amount: 25~ ~general.smoothScroll.msdPhysics.enabled~ For normal browsing\\ ~privacy.query_stripping.enabled = True~ For private browsing\\ ~privacy.query_stripping.enabled.pbmode = True~ Disable monitoring of add-ons, as per [[https://support.mozilla.org/en-US/kb/quarantined-domains][this article.]]\\ ~extensions.quarantinedDomains.enabled = false~ * DONE =about:policies= Firefox in corporate environment is controlled by group policies. Most important setting is: ~WindowsSSO = True~ Otherwise you will get error when trying to open in browser corporate documents for editing. [[https://support.mozilla.org/en-US/kb/windows-sso][Enable the setting in settings]]. * DONE =about:plugins= Disable Shockwave Flash, Shockwave Director, Silverlight plugin and Java Deployment Toolkit, and Java Platform SE 8 (Never Activate). Also Microsoft Office 2013 (but you may experience issues with Firefox not triggering Microsoft SharePoint. Enable experimental features.\\ ~browser.preferences.experimental = true~ Experimental features are then accessible at =about:preferences#experimental= * DONE =about:preferences#privacy= - Enable Enhanced Tracking Protection in Strict mode (already on by default in LibreWolf). * DONE Arkenfox.js template for hardening of Firefox - Template mentioned [[https://unixsheikh.com/articles/choose-your-browser-carefully.html#tweaking-firefox][here]]. - Do this after new installation. - Consider just using Firefox with arkenfox.ja or plain LibreWolf over on your own maintained =about:config= because of [[https://www.reddit.com/r/PrivacyGuides/comments/urzqg3/comment/i926bpw/][fingerprinting]]. * DONE "For quick access, place your bookmarks here..." Right click on toolbar and uncheck the "bookmarks toolbar" [[file:images/1.png]] * FOLLOWUP Enable WebGL support As per [[https://stackoverflow.com/questions/18727396/webgl-and-three-js-running-great-on-chrome-but-horrible-on-firefox/18737475#18737475/][this]] and [[https://otechworld.com/webgl-in-firefox/][this]]. =about:config=, set: =webgl.force-enabled= to =true=\\ =layers.acceleration.force-enabled= to =true=\\ =gfx.direct2d.force-enabled= to =true=\\ Test with e.g. with [[https://www.firstpersontetris.com/][first-person Tetris]]. * FOLLOWUP Userstyle changes For example [[https://userstyles.org/styles/83431/minimal-floating-scrollbars-for-firefox-windows][Minimal floating scrollbars]], but none implemented yet. * FOLLOWUP Userscripts For Violentmonkey. No scripts yet. * NEXT Mullvad VPN - Under browser's =Proxy= settings, select =Manual Proxy configuration=. For the SOCKS Host, use =10.64.0.1= port =1080=, and select =SOCKS v5= as your protocol. With Firefox, select =Proxy DNS when using Socks v5= to use Mullvad's DNS server. Also in Firefox, make absolutely sure you disable =Enable DNS over HTTPS=, or you'll be scratching your head on why you don't seem to be able to connect to the internet. *Edit*: This breaks access to my local =10.0.0.0/24= network. Disabled for now. * NEXT Future direction / to experiment [[https://lobste.rs/s/v80mya/my_favorite_firefox_extensions][Addons to try]]