#+TITLE: Firefox profile setup for Windows 10/11
#+SUBTITLE: and for linux
#+DATE: <2017-06-04 Tue>
#+AUTHOR: Tuomas Pyyhtiä
#+EMAIL: pyyhttu+firefox@pm.me
#+DESCRIPTION: How to setup Firefox on Windows 10/11
#+KEYWORDS: Windows Firefox tutorial
#+LANGUAGE: en
# Don't show table of contents, export underscore as underscore instead of
# highlight in HTML (was: ^:nil), include priority cookies:
#+OPTIONS: toc:t ':t pri:t
# Rest of options (as explained here: https://orgmode.org/manual/Export-Settings.html):
#+OPTIONS: num:nil p:nil stat:t tags:t tasks:t tex:t timestamp:t
#+BEGIN_COMMENT
#+PROPERTY: header-args :eval never-export :exports both :results replace
#+END_COMMENT
# Include usable macros from https://github.com/fniessen/org-macros:
#+INCLUDE: ../org-mode/macros/org-macros.setup
#+BEGIN_COMMENT
#+INFOJS_OPT: view:content ltoc:nil path:../org-mode/js/org-info.js
# for more info see: https://orgmode.org/worg/code/org-info-js
#+END_COMMENT
#+HTML_HEAD:
#+HTML_LINK_HOME: https://pyyhttu.kapsi.fi
#+HTML_LINK_UP: https://pyyhttu.kapsi.fi/debian/
* Installation
- Get 64-bit version here: https://www.mozilla.org/en-US/firefox/developer/
- Install without "maintenance service" (automatic updates)
- Launch Firefox. Sign in to your [[https://www.mozilla.org/en-US/firefox/accounts/][Firefox Account]].
- Profile will be created. Visible with ~about:profiles~
#+begin_note
Install [[https://librewolf.net/][LibreWolf fork]] as an alternative, as it
seems to have rather sane settings for privacy and
[[https://privacytests.org/][scores high]] on them. Moveover, it is
compiled from the same sources and is kept up-to-date with latest Firefox security
updates without compromising too much on features. Also, its user agent stays as
Mozilla/Gecko/Firefox so using it doesn't fragment Firefox market share
further. Finally, the same =about:policies= are honored as with Firefox, so
the browser can continue to operate in corporate environments.
#+end_note
* Post-installation tasks
Start with look and feel. UI is tweaked through =userChrome.css=.
** DONE UI
The “look” and what/where the browser displays various elements.
*** =about:addons=
Install [[https://addons.mozilla.org/en-US/firefox/addon/sidebery/][Sidebery]] for vertical tabs.
Create =userChrome.css= at =%APPDATA%\Mozilla\Firefox\Profiles\...\chrome\= with content:
#+BEGIN_SRC css
/* After Firefox 69 for userChrome.css to work, about:config toolkit.legacyUserProfileCustomizations.stylesheets --> True
https://github.com/mbnuqw/sidebery/wiki/Firefox-Styles-Snippets-(via-userChrome.css)*/
/* hide titlebar: https://www.reddit.com/r/FirefoxCSS/comments/f9hnt3/how_to_disable_or_hide_the_title_barminimizeclose/ */
#titlebar {
visibility: collapse !important;
}
/* Hide back/forward buttons: https://www.reddit.com/r/FirefoxCSS/comments/8nogqc/can_i_hide_backforward_buttons_next_to_the/ */
#forward-button, #back-button {
display: none !important;
}
/* remove 'Tree Style Tab' header from sidebar
https://www.reddit.com/r/firefox/comments/72kt5x/tree_style_tab_its_finally_here/*/
#sidebar-header {
display: none;
}
#+END_SRC
#+BEGIN_note
~toolkit.legacyUserProfileCustomizations.stylesheets~ must be ~True~ for
=userChrome.css= changes to take effect.
#+END_note
Do rest of the Sidebery UI-changes in its options.
#+BEGIN_COMMENT
Then restart browser for changes to take effect.
Then do the rest of the tweaks for:
- URL taskbar: right click and select =Customize Toolbar...=.
- Tree Style Tabs: =About:addons - Tree Style Tabs - Options - Advanced:=
#+BEGIN_SRC css
.tab .closebox {
display: none;
}
.newtab-button-box {
display: none;
}
#+END_SRC
#+END_COMMENT
*** =about:config=
Rest of the UI-tweaks can be done in =about:config=.
When using the address bar, don't suggest open tabs, or search history:
~browser.urlbar.suggest.openpage = False~
~browser.urlbar.suggest.history = False~
To disable "Allow Firefox to make personalized extension recommendations":
~extensions.htmlaboutaddons.recommendations.enabled = false~
To disable recommended extensions:
~browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features = false~
For more info, see:
[[https://www.askvg.com/tip-disable-recommended-features-suggestions-in-mozilla-firefox/][Disable Recommended Extensions in Mozilla Firefox]].
Show max amount of entries in urlbar I can fit to screen:
~browser.urlbar.maxRichResults = 29~
Show always https in url bar:
~browser.urlbar.trimURLs = False~
Disable Firefox from showing "Frequent" sites when right clicking the task bar firefox icon :UI:
~browser.taskbar.lists.frequent.enabled = False~
Startpage of browser:
~browser.startup.homepage = about:newtab~
Remove url-bar "This time, search with":
+~browser.urlbar.oneOffSearches = False~+ Setting deprecated. Instead, go
to =about:preferences#search= and Search Suggestions: untick/remove every search engine.
** DONE Usability
The "feel" and how the browser behaves.
*** DONE =about:config=
Toggle between two tabs:
~browser.ctrlTab.sortByRecentlyUsed = True~
Prevent hyperlinks from hijacking previous tab:
~dom.targetBlankNoOpener.enabled = True~
By default, LibreWolf deletes your browsing and download history on shutdown.
Override this behavior:
~privacy.clearOnShutdown.history = false~
Do not close window when closing last tab:
~browser.tabs.closeWindowWithLastTab = False~
*** DONE =about:addons=
[[https://addons.mozilla.org/en/firefox/addon/awesome-rss/][Awesome RSS]]:
Puts the RSS-icon back at the end of the address bar.
[[https://addons.mozilla.org/en-US/firefox/addon/gesturefy/][Gesturefy]]:
Enables mouse gestures.
[[https://addons.mozilla.org/en-US/firefox/addon/url-in-title-keepass/][URL in title]]:
So that KeepassXC is usable. Not sure if this is needed if I install the
KeepassXC browser extension. Edit: it is, as extension gives me the necessary
granulanity to match auto-type, and I've already defined the entries in its
database using this.
[[https://addons.mozilla.org/en-US/firefox/addon/wayback-machine_new/][Wayback Machine]]:
Archive web pages.
** DONE Privacy and security
*** DONE =about:config=
Enable [[https://fingerprint.com/blog/can-letterboxing-prevent-browser-fingerprinting/][letterboxing]]: :privacy:
~privacy.resistFingerprinting.letterboxing = True~
Disable OCSP enforcement :privacy:
Otherwise I get =SEC_ERROR_OCSP_SERVER_ERROR=. Reasoning in LibreWolf [[https://librewolf.net/docs/faq/#im-getting-sec_error_ocsp_server_error-what-can-i-do][FAQ.]]
~security.OCSP.require = False~
*** NEXT =about:addons= (Active)
Rest of the addons are installed after signing in to Firefox accounts, but they must be
configured. Most of the addons are
[[https://restoreprivacy.com/firefox-privacy/][privacy]] and usability
related.
[[https://addons.mozilla.org/en/firefox/addon/cookie-autodelete/][Cookie AutoDelete]] :privacy:
[[https://addons.mozilla.org/en-US/firefox/addon/dont-track-me-google1/][Don't track me Google]] :privacy:
+[[https://addons.mozilla.org/en-US/firefox/addon/i-dont-care-about-cookies/][I don't care about cookies]]+ :usability:
Disabled as experimenting if
[[https://lobste.rs/s/xdgfwq/i_don_t_care_about_cookies][fanboy's
easylist cookie list]] can already block these cookie popups. And easylist
cookie list is already included in its Fanboy's Annoyance List, which in
turn is included in [[https://oisd.nl/includedlists][oisd.nl list]]. Also,
Firefox may start to
[[https://lobste.rs/s/igqvhd/firefox_may_soon_reject_cookie_prompts][reject]]
these cookie banners automatically. Until then, consider using
[[https://github.com/cavi-au/Consent-O-Matic][Consent-O-Matic]].
[[https://addons.mozilla.org/en-US/firefox/addon/link-cleaner-plus/][Link Cleaner+]] :privacy:
[[https://addons.mozilla.org/en-US/firefox/addon/neat-url/][Neat URL]] :privacy:
[[https://addons.mozilla.org/en-US/firefox/addon/never-consent/][Never-Consent]] :usability:
[[https://addons.mozilla.org/en-US/firefox/addon/save-page-we/][Save Page WE]] :usability:
[[https://addons.mozilla.org/en-US/firefox/addon/searchonymous2/][Searchonymous2]] :privacy:
[[https://addons.mozilla.org/en-US/firefox/addon/select-after-closing-current/][Select After Closing Current]] :usability:
[[https://addons.mozilla.org/fi/firefox/addon/skip-redirect/][Skip Redirect]] :privacy:
[[https://addons.mozilla.org/en-US/firefox/addon/tab-mix-plus-webextension/][Tab Mix - Links]] :usability:
[[https://addons.mozilla.org/en-US/firefox/addon/terms-of-service-didnt-read/][Terms of Service; Didn't Read]] :privacy:
[[https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/][uBlock Origin]] :privacy:
1. Enable and update all built-in filter lists except for =Regions= and
=Languages=.
2. Under =Trusted Sites= add your local IP range (e.g. =10.0.0.0/24=) and
local hostnames if you run any local web servers (e.g.
=https://my-home-server.local=).
3 Enable [[https://github.com/gorhill/uBlock/wiki/Cloud-storage][Cloud Storage]] (if you use Firefox Sync) and upload your config tabs.
Disable annoying [[https://old.reddit.com/r/uBlockOrigin/comments/ivqysi/block_the_new_before_you_continue_popup_from/g5t4pwz/][Google "Before you continue..." cookie popup]] GDPR-popup by defining under "My Filters":
#+BEGIN_SRC bash
||consent.google.com^
google.*##+js(aeld, DOMContentLoaded, CONSENT)
! 5/10/2020 https://blogi.nordnet.fi
blogi.nordnet.fi##.c-1.a-5.g-dyn > .gofollow > div > [src="about:blank"]
! 2020-12-24 https://mtgstocks.com
||mtgstocks.com/assets/images/cardconduit-1.png$image
! 2021-03-04 https://deckstats.net
||deckstats.net/img/bl_square.png$image
#+END_SRC
*Note*: May cause site breakage.
Also take ublock origin medium level to use, as linked to in here: https://www.reddit.com/r/pihole/comments/kwd0hc/why_is_pihole_blocking_less_queries_using_firefox/
[[https://addons.mozilla.org/en-US/firefox/addon/undoclosetabbutton/][Undo Close Tab]] :usability:
[[https://addons.mozilla.org/en-US/firefox/addon/violentmonkey/][Violentmonkey]] :usability:
[[https://addons.mozilla.org/en/firefox/addon/tridactyl-vim/][Tridactyl]] :usability:
...or Vim Vixen (both may break site compatibility, experiment more), Or
Vimium-C, OR Surfing Keys. Check
[[https://www.reddit.com/r/vim/comments/r390sh/vimium/][this reddit
thread]] for more.
To be able to use {{{kbd(C)}}}-{{{kbd(f)}}} again to search for things, use ~:unbind ~
*** DONE =about:addons= (Disabled)
DONE CanvasBlocker (broke websites) :privacy:
DONE Google search link fix :privacy:
This was never working, now [[https://twitter.com/WPalant/status/1303706621504368640][unmaintained.]])
Replaced by [[https://addons.mozilla.org/en-US/firefox/addon/dont-track-me-google1/][Don't track me Google]].
DONE MySessions (Not needed, Firefox handles sessions now) :usability:
DONE [[https://addons.mozilla.org/en-US/firefox/addon/dont-touch-my-tabs][Don't touch my tabs! (rel=noopener)]] :usability:
Not needed,
[[https://www.reddit.com/r/privacytoolsIO/comments/m4tsju/reminder_to_delete_dont_touch_my_tabs_relnoopener/][integrated]]
as into Firefox now.
DONE Zen Fox (Good theme for eye, but makes my browser look more weird than it already is, not needed) :usability:
DONE [[https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/][HTTPS Everywhere]] :privacy:
Not needed anymore as obsoleted by browser's native [[https://github.com/EFForg/https-everywhere/issues/19905][HTTPS-only Mode]].
DONE [[https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/][Decentraleyes]] :privacy:
No longer useful as Firefox's Strict Tracking Protection has been enabled.
[[https://addons.mozilla.org/en-US/firefox/addon/save-to-the-wayback-machine/][Save To The Wayback Machine]] :usability:
Addon support will be disabled on January 1st 2023. Recommended replacement
is the official
[[https://addons.mozilla.org/en-US/firefox/addon/wayback-machine_new/?utm_source=addons.mozilla.org][Wayback
Machine]] addon.
*** DONE =about:plugins=
Disable Shockwave Flash, Shockwave Director, Silverlight plugin and Java
Deployment Toolkit, and Java Platform SE 8 (Never Activate). Also Microsoft
Office 2013 (but you may experience issues with Firefox not triggering
Microsoft SharePoint.
*** DONE =about:config=
Restore previous session's tabs after restarting browser :usability:
~browser.sessionstore.resume_session_once = True~
Disable "Your browser is being managed by your organization" to keep up with latest critical updates :security:
~DisableAppUpdate = False~
Alternatively:
1. win-r: Regedit
2. =HKEY_LOCAL_MACHINE\Software\Policies\Mozilla\Firefox=
3. Change =DisableAppUpdate= (DWORD 32-bit value)
4. To Decimal value =0=
For more info, see:
[[https://www.ghacks.net/2018/07/28/mozilla-makes-it-more-difficult-to-block-firefox-updates/][ghacks.net:
Mozilla makes it more difficult to block Firefox updates]]
Disable "Use a background service to install updates" :usability:
~app.update.service.enabled = False~
Turn off Firefox address bar auto-selection on focus when doing {{{kbd(alt-tab)}}} :usability:
+~browser.urlbar.clickSelectsAll = False~+ Setting deprecated.
To fasten browsing on top alexa200 sites and to disable suggested tiles :performance:
~privacy.trackingprotection.enabled = True~
Enable GPU acceleration :performance:
See: [[https://tlhp.cf/firefox-tuning/][Firefox tuning]] for moreinformation.
~layers.acceleration.force-enabled = True~
Disable browser's inline pdf viewer, and download the document instead :usability:
~pdfjs.disabled = True~
So that at mtgsuomi.fi links don't open to new tab... :usability:
~browser.link.open_newwindow = 1~
...but make sure links from external applications open to new tabs :usability:
~browser.link.open_newwindow.override.external = 3~
Force a link to open in a non-active tab, instead of changing to that tab :usability:
~browser.tabs.loadDivertedInBackground = True~ Note: Leave this false for
now, as this breaks opening links in Jira from issue's linked tasks (opens
*two* tabs in background). This is because [[https://jira.atlassian.com/browse/JRACLOUD-78419][JRACLOUD-78419.]]
Open bookmarks to new tabs :usability:
As per the
[[https://www.reddit.com/r/firefox/comments/6xvys8/new_pref_in_nightly_browsertabsloadbookmarksintabs/][instructions
here]].
~browser.tabs.loadBookmarksInTabs = True~
Disable so that firefox does not constantly remind on saving passwords on logins :usability:
~signon.rememberSignons = False~
Disable pocket :security:
~extensions.pocket.enabled = False~
To disable DNS Over HTTPS :security:
https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-firefox/
~network.trr.mode = 5~
*Edit:* Left to default =0= now
Enable ESNI to prevent attackers from learning browsing history :security:
+~network.security.esni.enabled = True~+ Setting deprecated.
To be replaced by ECH, [[https://blog.mozilla.org/security/2021/01/07/encrypted-client-hello-the-future-of-esni-in-firefox/][Encrypted Client Hello]]:
~network.dns.echconfig.enabled = True~
~network.dns.use_https_rr_as_altsvc = True~
GPU based rendering :performance:
See:
[[https://mozillagfx.wordpress.com/2019/05/21/graphics-team-ships-webrender-mvp/][Mozilla
Gfx Team Blog]] for more info.
~gfx.webrender.all = True~
Prefetch links also under https :performance:
See:
[[https://support.mozilla.org/fi/kb/how-stop-firefox-making-automatic-connections][How
to stop Firefox from making automatic connections]]:
~network.dns.disablePrefetchFromHTTPS = False~
Disable HTML5 video fullscreen transition fade animation (to speedup ff): :perfromance:
~full-screen-api.transition-duration.leave = 0~
Enable OffscreenCanvas, potential performance boost :performance:
See: [[https://newinweb.com/2018/09/10/offscreen-canvas/][Improved Performance
with OffscreenCanvas]].
~gfx.offscreencanvas.enabled = True~
Enable =userChrome.css= changes to take effect :usability:
~toolkit.legacyUserProfileCustomizations.stylesheets = True~
Disable "You must log in to this network before you can access the Internet" :usability:
~network.captive-portal-service.enabled = False~
For Tridactyl to be able to capture key presses before pages has loaded :usability:
~browser.sessionstore.restore_tabs_lazily = False~
Disable automatic address list drop down on address bar focus :usability:
~browser.urlbar.suggest.topsites = False~
This will also disable Top Sites at =about:preferences=
Enable AVIF picture support :performance:
For more info, see [[https://libre-software.net/avif-test/][AVIF browser test
page]].
~image.avif.enabled = True~
Disable embedded JavaScript in built-in PDF viewer :security:
For more info, see [[https://news.slashdot.org/story/21/04/22/1754258/firefox-88-enables-javascript-embedded-in-pdfs-by-default][this article]].
~pdfjs.enableScripting = False~
Disable proton UI introduced in FF 89 :usability:
~browser.proton.enabled = false~
Disable media autoplay :usability:
~media.autoplay.blocking_policy = 2~
Disable Accessibility Service :performance:
As per [[https://support.mozilla.org/en-US/kb/accessibility-services][Mozilla's accessibility services]]
~accessibility.force_disabled = 1~
Disable download button animations :performance:
~browser.download.animateNotifications = False~
Disable security dialog delay :performance:
~security.dialog_enable_delay = 0~
Disable WebRTC :security:
~media.peerconnection.enabled = False~
*Note*: May break some web based
[[https://www.reddit.com/r/firefox/comments/aexell/disabling_webrtc/][audio
and video services]].
Stop webpages known which part of the page had been selected :privacy:
~dom.event.clipboardevents.enabled = False~. Also see [[https://superuser.com/questions/1595994/dont-let-websites-overwrite-clipboard-in-firefox-without-explicitly-giving-perm][this for more info.]]
Enable experimental fingerprinting protection :privacy:
~privacy.resistFingerprinting = True~. For more info see [[https://support.mozilla.org/fi/kb/firefox-protection-against-fingerprinting][this.]]
Enable Query Parameter Stripping also in private tabs :privacy:
Smooth scrolling
general.smoothScroll.currentVelocityWeighting: 0
general.smoothScroll.mouseWheel.durationMaxMS: 250
general.smoothScroll.stopDecelerationWeighting; 0.82
mousewheel.min_line_scroll_amount: 25
general.smoothScroll.msdPhysics.enabled
For normal browsing: ~privacy.query_stripping.enabled = True~
For private browsing: ~privacy.query_stripping.enabled.pbmode = True~
Disable monitoring of add-ons :usability:
~extensions.quarantinedDomains.enabled = false~. As per [[https://support.mozilla.org/en-US/kb/quarantined-domains][this article.]]
** DONE =about:preferences=
- [[https://tech.slashdot.org/story/20/06/27/0321206/firefox-79-stable-will-let-users-test-unreleased-features-using-experiments][Firefox
79 stable]] let's users to experiment unreleased features.
*** Enable experimental features
Requires in =about:config= setting ~browser.preferences.experimental = true~
Experimental features are then accessible at =about:preferences#experimental=
*** Mullvad VPN
- Under browser's =Proxy= settings, select =Manual Proxy configuration=. For
the SOCKS Host, use =10.64.0.1= port =1080=, and select =SOCKS v5= as your
protocol. With Firefox, select =Proxy DNS when using Socks v5= to use
Mullvad's DNS server. Also in Firefox, make absolutely sure you disable
=Enable DNS over HTTPS=, or you'll be scratching your head on why you don't seem to be able to connect to the internet.
*Edit*: This breaks access to my local =10.0.0.0/24= network. Disabled for now.
*** DONE =about:preferences#privacy=
- Enable Enhanced Tracking Protection in Strict mode (already on by default
in LibreWolf).
** DONE =userChrome.js=
Location: =%APPDATA%\Mozilla\Firefox\Profiles\...\chrome\=
No changes so far.
** FOLLOWUP Userstyle changes
For example
[[https://userstyles.org/styles/83431/minimal-floating-scrollbars-for-firefox-windows][Minimal
floating scrollbars]], but none implemented yet.
** DONE Userscripts
For Violentmonkey. No scripts yet.
* Maintenance
* Troubleshooting
* Observations and future direction
** DONE Arkenfox.js template for hardening of Firefox
- Template mentioned [[https://unixsheikh.com/articles/choose-your-browser-carefully.html#tweaking-firefox][here]].
- Do this after new installation.
- Consider just using Firefox with arkenfox.ja or plain LibreWolf over on
your own maintained =about:config= because of [[https://www.reddit.com/r/PrivacyGuides/comments/urzqg3/comment/i926bpw/][fingerprinting]].