12 KiB
If you need browser extensions, try the Privacy Guides page.
Chromium flags
These can generally be found from about:flags
on
Chromium based browsers, for Vivaldi explicit
vivaldi://flags
is required and it also has
chrome://settings
for the usual Chromium settings.
#enable-quic
- enabled#enable-force-dark
- enabled with increased text constract#force-color-profile
- sRGB#trust-tokens
- enabled
Vendor-prefixed
These likely also exist, but just without the vendor-
part when searhcing.
#edge-automatic-https
- enabled#edge-autoplay-user-setting-block-option
#edge-tab-groups
- enabled#edge-tab-groups-auto-create
- enabled#edge-tab-groups-collapse-freezing
- enabled
Firefox about:config
privacy.firstparty.isolate
totrue
for preventing domains from accessing each other’s data.dom.security.https_only_mode
totrue
to force HTTPS and not need HTTPS Everywheresecurity.certerrors.mitm.auto_enable_enterprise_roots
tofalse
in order to not trust system CA store in case of enterprise MITMsecurity.OCSP.require
totrue
in order to not allow OCSP soft fail. This may be a bit paranoid, but only the paranoid survive.privacy.resistFingerprinting.letterboxing
=true
so letterboxing is used to hide real browser size. Tor Browser support- (On Linux
widget.content.gtk-theme-override
(a string that has to be created by user) toAdwaita:light
so text boxes in dark themes become readable, thank you Dovydas Venckus image.animation_mode
toonce
in order to have gifs play once and then stop everywhere (none
to never have them play).geo.provider.network.url
tohttps://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%
in order to send nearby WiFi networks to Mozilla instead of Google. See also MLS Software.network.IDN_show_punycode
totrue
in order to see punycode instead of UTF-8 in case of spoofing attempt. However makes reading non-ASCII domains painful. E.g. Cyrillic alphabetreader.parse-on-load.force-enabled
totrue
in order to allow reader use to be used on ~all websites and devices (regardless of low RAM?)
Future note: network.dns.blockDotOnion;false
?
Advertising
Firefox seems to contain a lot of advertising or sponsoring nowadays, whether to other Mozilla products or whoever pays them. See also Bug 1773860: Provide global long-term “disable all promos” flag.
browser.newtabpage.activity-stream.showSponsored
&browser.newtabpage.activity-stream.showSponsored
tofalse
to stop sponsored links.browser.vpn_promo.enabled
tofalse
to hopefully stop Mozilla VPN advertisementsbrowser.promo.focus.enabled
tofalse
to stop Firefox Focus advertisements?browser.preferences.moreFromMozilla
tofalse
to not hear from other Mozilla products?
DNS over HTTPS
network.trr.mode
depends,3
to enforce DoH (required for ECH) or5
to explicitly disable.2
to prefer DoH, but fallback to system also exists.- DoH is required by Firefox ESNI/ECH support which encrypts SNI/ClientHello which would still leak which sites you visit. Another bug about ESNI/ECH + Android DoT
- Are you using a VPN? Do they provide a DoH server? If yes, maybe the answer is 3 for ESNI/ECH?
network.trr.early-AAAA
true
to hopefully prefer IPv6network.trr.uri
for the actual resolver address, e.g.https://doh.mullvad.net/dns-query
- and if they provide as SOCKS proxy as a killswitch,
network.proxy.socks_remote_dns
must befalse
- and if they provide as SOCKS proxy as a killswitch,
network.trr.disable-ECS
tofalse
if preferring speed over privacy or using NextDNS private ECS.
Some notes: * There is also
network.trr.exclude-etc-hosts
for those using
/etc/hosts
for blocking. * You can confirm TRR working by
visiting about:networking#dns
where you should be seeing
DNS cache of Firefox and a lot of TRR: true
. * ECH requires
network.dns.echconfig.enabled
and
network.dns.use_https_rr_as_altsvc
to be true
,
but they seem to default to true at least in Firefox Nightly so maybe no
action is needed. * While
investingating how Android 9 Private DNS works, I also wrote a DNS
provider comparsion here on 2019-07-11
SSDs
This information is from Arch Wiki on Firefox tweaks
browser.cache.disk.enable
tofalse
to only cache to RAM.- (
browser.cache.memory.enable
totrue
which should be default) browser.sessionstore.interval
to600000
in order to only store open session every ten minutes (instead of 15 seconds) in case of crashes.- alternatively
browser.sessionstore.resume_from_crash
tofalse
to not store the session data for crash recovery at all. I think this may be the more healthy option with all the information flood and dozens of tabs.
- alternatively
Why?
Every object loaded (html page, jpeg image, css stylesheet, gif banner) is saved in the Firefox cache for future use without the need to download it again. It is estimated that only a fraction of these objects will be reused, usually about 30%. This because of very short object expiration time, updates or simply user behavior (loading new pages instead of returning to the ones already visited). The Firefox cache is divided into memory and disk cache and the latter results in frequent disk writes: newly loaded objects are written to memory and older objects are removed.
Firefox stores the current session status (opened urls, cookies, history and form data) to the disk on a regular basis. It is used to recover a previous session in case of crash. The default setting is to save the session every 15 seconds, resulting in frequent disk access.
and this is the reason why Firefox is at times accused of killing SSDs.
Changelog: GitHub.com commits | gitea.blesmrt.net commits