14 KiB
Firefox containers
Name | Link | Source | Comment |
---|---|---|---|
Facebook Container | Firefox Add-ons | TBD | nice when clicking Facebook links even while not being a Facebook user |
Google Container | Firefox Add-ons | TBD | |
Firefox Multi Account Containers | Firefox Add-ons | TBD |
Firefox language packs
Passwords
Name | Firefox | Chromium | Source |
---|---|---|---|
Bitwarden | Firefox Add-ons | Chrome Web Store | TBD |
Privacy
- [HTTPS Everywhere], [source code]
- [Privacy Badger], [source code]
- [Decentraleyes], source
- True Sight, source
Firefox: True Sight- This is a CDN detector and it being a privacy extension can be debated but I just feel like putting it here. I will still say that not all CDNs are bad (IPFS). I mostly don’t have it enabled
- Firefox:
µMatrix
- Chrome
- It can easily replace Cookie Autodelete (block cookies for global scope), Privacy Badger (by default), NoScript and possibly others.
- Quick usage: click top half of red boxes to allow blocked content or allow everything from that domain by cliking top half of the domain box. Click the lock to remember this. For global changes, press the asterisk to have it affect everywhere by default and see the first link below.
- Reading I recommend:
- How to block 1st party scripts everywhere by default and I suggest adapting it to block cookies too so Cookie Autodelete becomes unnecessary.
- Ruleset recipes
- A lot of other instructions in the wiki
Tor
- Firefox:
Privacy Pass
- Chrome
- May reduce captchas with CloudFlare.
Productivity
Misc
- Firefox: IPvFoo
- Firefox: RSS feed preview
- Firefox:
IPFS Companion
- Firefox:
beta channel of IPFS Companion
- doesn’t sync automatically with Firefox Sync.
- Chrome
- At the time of writing, 2019-07-13, I consider IPFS as incompatible with Tor Browser as Tor browser would use the local IPFS daemon, which is not using Tor and thus the IPFS network could see your real IP especially if not many nodes are requesting the fetched content.
- Firefox:
beta channel of IPFS Companion
- Firefox: Foxy Proxy
- Firefox: Tab Counter
- Firefox: Lightbeam
- Firefox: Duolingo Boost
- Firefox: Violentmonkey
Usability
Videos
empty
Firefox Dictionaries
Firefox about:config
layout.css.devPixelsPerPx
to1.25
or2.0
on macOS Retina to increase font size.- Warning: very likely increases fingerprintability
privacy.firstparty.isolate
totrue
for preventing domains from accessing each other’s data.- If something breaks, it’s most likely related to this.
I am yet to test if thisSurprisingly it doesn’t breaksFinnish strong electric authentication.
- If something breaks, it’s most likely related to this.
privacy.resistFingerprinting
=true
multiple effects to make your browser appear less unique, the ones I have found/understood:- warns if
intl.accept_languages
is noten-US, en
. - starts the browser with common size (I love this on big displays).
- spoofs the user-agent as the latest Firefox ESR version.
- Firefox’s protection against fingerprinting has the upstream list.
- warns if
privacy.trackingprotection.cryptomining.enabled
=true
so cryptomining on some websites gets blocked and won’t waste resources.privacy.trackingprotection.fingerprinting.enabled
=true
I am not entirely sure what this does, but as I already recommendprivacy.resistFingerprinting
, why not?intl.accept_languages
toen-US, en
- see above.
extensions.pocket.enabled
tofalse
so the Pocket integration goes away- On Linux
widget.content.gtk-theme-override
(a string that has to be created by user) toAdwaita:light
so text boxes in dark themes become readable, thank you Dovydas Venckus image.animation_mode
toonce
in order to have gifs play once and then stop everywhere (none
to never have them play).geo.wifi.uri
tohttps://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%
in order to send nearby WiFi networks to Mozilla instead of Google. See also MLS Software.network.security.esni.enabled
totrue
in order to enable encrypted SNI.- Requires DoH, see the next section!
Future note: network.dns.blockDotOnion;false
?
DNS over HTTPS
network.trr.bootstrapAddress
DNS server to use for resolving the DoH name, e.g.149.112.112.112
(Resolver 2 of Quad9)network.trr.mode
depends, 2 to prefer DoH, but fallback to system resolver (or 3 to enforce DoH without fallback). If there is system encrypted DNS, just take 5 to at least benefit from the system DNS cache.- DoH is required by Firefox ESNI support which encrypts SNI which would still leak which sites you visit. Another bug about ESNI + Android DoT
- I have ended up to recommending 2 as otherwise the DoH server going
down stops DNS from working on your Firefox entirely, which may be more
of a problem than unencrypted SNI as not everyone supports it.
- since then I have decided that 5 is the best option, because otherwise it goes past my Unbound setup. I hope Mozilla/Firefox will fix the two bugs linked above, so I don’t have to choose between DNS under my control vs encrypted SNI.
network.trr.early-AAAA
true
to hopefully prefer IPv6network.trr.uri
for the actual resolver address, e.g.https://dns.quad9.net/dns-query
orhttps://149.112.112.112/dns-query
(removes the need fornetwork.trr.bootstrapAddress
and allows ǹetwork.trr.mode3`?) or check privacytools.io DNS section
Some notes: * You can confirm TRR working by visiting
about:networking#dns
where you should be seeing DNS cache
of Firefox and a lot of TRR: true
. * Quad9 became my
preferred resolver through anxiety about other options being small (and
possibly more likely to go down) or commercial while Quad9 is non-profit
organization and 2019-03-20 apparently the default fallback resolver of
dnscrypt-proxy (at least in Debian). * Quad9 while having filtering of
malicious domains should be easy to figure out as the problem if
something doesn’t work on my computers as due to the previously
mentioned bug I am mainly using it on Firefox. * While
investingating how Android 9 Private DNS works, I also wrote a DNS
provider comparsion here
SSDs
This information is from Arch Wiki on Firefox tweaks
browser.cache.disk.enable
tofalse
to only cache to RAM.- (
browser.cache.memory.enable
totrue
which should be default) browser.sessionstore.interval
to600000
in order to only store open session every ten minutes (instead of 15 seconds) in case of crashes.- alternatively
browser.sessionstore.resume_from_crash
tofalse
to not store the session data for crash recovery at all. I think this may be the more healthy option with all the information flood and dozens of tabs.
- alternatively
Why?
Every object loaded (html page, jpeg image, css stylesheet, gif banner) is saved in the Firefox cache for future use without the need to download it again. It is estimated that only a fraction of these objects will be reused, usually about 30%. This because of very short object expiration time, updates or simply user behavior (loading new pages instead of returning to the ones already visited). The Firefox cache is divided into memory and disk cache and the latter results in frequent disk writes: newly loaded objects are written to memory and older objects are removed.
Firefox stores the current session status (opened urls, cookies, history and form data) to the disk on a regular basis. It is used to recover a previous session in case of crash. The default setting is to save the session every 15 seconds, resulting in frequent disk access.
and this is the reason why Firefox is at times accused of killing SSDs.
Changelog: GitHub.com commits | gitea.blesmrt.net commits