Privacy/Privacy Task Force/firefox about config privacy tweeks

From MozillaWiki
Jump to: navigation, search

Firefox: Privacy Related "about:config" Tweaks

This is a collection of privacy related about:config tweaks. We'll show you how to enhance the privacy of your Firefox browser.

Preparation

  1. Enter "about:config" in the firefox address bar and press enter.
  2. Press the button "I'll be careful, I promise!"
  3. Follow the instructions below...

Getting started

  • privacy.firstparty.isolate = true

A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.


  • privacy.resistFingerprinting = true

A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.


  • browser.cache.offline.enable = false

Disables offline cache.


  • browser.send_pings = false

The attribute would be useful for letting websites track visitors’ clicks.


  • browser.sessionstore.max_tabs_undo = 0

Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -> History -> Recently Closed Tabs.


  • browser.urlbar.speculativeConnect.enabled = false

Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect to. Source


  • dom.battery.enabled = false

Website owners can track the battery status of your device. Source


  • dom.event.clipboardevents.enabled = false

Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.


  • geo.enabled = false

Disables geolocation.


  • media.navigator.enabled = false

Websites can track the microphone and camera status of your device.


  • network.cookie.cookieBehavior = 1

Disable cookies

       0 = Accept all cookies by default
       1 = Only accept from the originating site (block third party cookies)
       2 = Block all cookies by default


  • network.cookie.lifetimePolicy = 2

cookies are deleted at the end of the session

       0 = Accept cookies normally
       1 = Prompt for each cookie
       2 = Accept for current session only
       3 = Accept for N days


  • network.http.referer.trimmingPolicy = 2

Send only the scheme, host, and port in the Referer header

       0 = Send the full URL in the Referer header
       1 = Send the URL without its query string in the Referer header
       2 = Send only the scheme, host, and port in the Referer header


  • network.http.referer.XOriginPolicy = 2

Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.) Source

       0 = Send Referer in all cases
       1 = Send Referer to same eTLD sites
       2 = Send Referer only when the full hostnames match


  • network.http.referer.XOriginTrimmingPolicy = 2

When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests. Source

       0 = Send full url in Referer
       1 = Send url without query string in Referer
       2 = Only send scheme, host, and port in Referer


  • webgl.disabled = true

WebGL is a potential security risk.

Related Information

  • ffprofile.com - Helps you to create a Firefox profile with the defaults you like.
  • mozillazine.org - Security and privacy-related preferences.
  • user.js Firefox hardening stuff - This is a user.js configuration file for Mozilla Firefox that's supposed to harden Firefox's settings and make it more secure.
  • Privacy Settings - A Firefox addon to alter built-in privacy settings easily with a toolbar panel.

Content Source Credits