How to Configure Firefox for Better Privacy: A Practical Guide

How to Configure Firefox for Better Privacy

In recent years, Firefox has undergone significant changes—some good, some not so much. These include the switch to the Quantum engine, dropping XUL/XPCOM extensions in favor of WebExtensions, and many other updates. What hasn’t changed is Firefox’s ability to become a powerful privacy-focused browser with a bit of configuration. In this article, we’ll discuss how to tweak Firefox for maximum privacy.

About the Quantum Engine

Firefox’s Quantum engine is designed to gradually update all browser components, making it faster and more memory-efficient.

Creating Portable Settings

Most advanced Firefox settings are managed on the about:config page. While it’s easy to change a few settings there, fine-tuning many options one by one can get tedious. To automate the process without third-party tools, create a user.js file and add your settings there. Place this file in your Firefox profile directory, which on Windows is usually at C:\Users\[username]\AppData\Roaming\Mozilla\Firefox\Profiles\[random].default.

The format is simple. For example, to enable WebP support:

user_pref("image.webp.enabled", true);

Just use the template user_pref("...", ...); for each setting. All the settings below can be copied into your user.js file. Note: Privacy and security often come at the cost of convenience. Some settings may break website functionality but greatly improve your privacy. Choose what matters most to you.

Disable Unnecessary Features

WebRTC and Pocket

Mozilla has integrated WebRTC and Pocket into Firefox and enabled them by default. Pocket has had vulnerabilities, and WebRTC can leak your IP address. Disable them with these settings:

// Disable Pocket
user_pref("extensions.pocket.api", "");
user_pref("extensions.pocket.enabled", false);
user_pref("extensions.pocket.site", "");
user_pref("extensions.pocket.oAuthConsumerKey", "");

// Disable WebRTC
user_pref("media.peerconnection.enabled", false);
user_pref("media.peerconnection.ice.default_address_only", true);
user_pref("media.peerconnection.ice.no_host", true);
user_pref("media.peerconnection.ice.relay_only", true);
user_pref("media.peerconnection.ice.tcp", false);
user_pref("media.peerconnection.identity.enabled", false);
user_pref("media.peerconnection.turn.disable", true);
user_pref("media.peerconnection.use_document_iceservers", false);
user_pref("media.peerconnection.video.enabled", false);
user_pref("media.peerconnection.default_iceservers", "[]");

Geolocation

Disable geolocation access:

user_pref("geo.enabled", false);
user_pref("geo.provider.ms-windows-location", false);
user_pref("geo.wifi.uri", "");

Usage Statistics and Metrics

Block various data collection features:

// Disable analytics requests
user_pref("beacon.enabled", false);
user_pref("browser.send_pings", false);
user_pref("browser.send_pings.require_same_host", false);

// Disable performance metrics
user_pref("dom.enable_performance", false);
user_pref("dom.enable_performance_observer", false);
user_pref("dom.enable_performance_navigation_timing", false);
user_pref("browser.slowStartup.notificationDisabled", false);

user_pref("network.predictor.enabled", false);
user_pref("network.predictor.enable-hover-on-ssl", false);
user_pref("network.prefetch-next", false);
user_pref("network.http.speculative-parallel-limit", 0);

// Add-on info
user_pref("extensions.getAddons.cache.enabled", false);

Disable Sensor Access

If you’re on a regular PC (not a tablet), disable sensor access:

user_pref("device.sensors.enabled", false);
user_pref("device.sensors.orientation.enabled", false);
user_pref("device.sensors.motion.enabled", false);
user_pref("device.sensors.proximity.enabled", false);
user_pref("device.sensors.ambientLight.enabled", false);

Prevent Fingerprinting

These settings help resist browser fingerprinting:

user_pref("dom.webaudio.enabled", false);
user_pref("privacy.resistFingerprinting", true);

Block Network Information

user_pref("dom.netinfo.enabled", false);
user_pref("dom.network.enabled", false);

Disable Device and Media Access

Block access to cameras, microphones, gamepads, VR devices, and media sharing:

user_pref("dom.gamepad.enabled", false);
user_pref("dom.gamepad.non_standard_events.enabled", false);
user_pref("dom.imagecapture.enabled", false);
user_pref("dom.presentation.discoverable", false);
user_pref("dom.presentation.discovery.enabled", false);
user_pref("dom.presentation.enabled", false);
user_pref("dom.presentation.tcp_server.debug", false);
user_pref("media.getusermedia.aec_enabled", false);
user_pref("media.getusermedia.audiocapture.enabled", false);
user_pref("media.getusermedia.browser.enabled", false);
user_pref("media.getusermedia.noise_enabled", false);
user_pref("media.getusermedia.screensharing.enabled", false);
user_pref("media.navigator.enabled", false);
user_pref("media.navigator.video.enabled", false);
user_pref("media.navigator.permission.disabled", true);
user_pref("media.video_stats.enabled", false);
user_pref("dom.battery.enabled", false);
user_pref("dom.vibrator.enabled", false);
user_pref("dom.vr.require-gesture", false);
user_pref("dom.vr.poseprediction.enabled", false);
user_pref("dom.vr.openvr.enabled", false);
user_pref("dom.vr.oculus.enabled", false);
user_pref("dom.vr.oculus.invisible.enabled", false);
user_pref("dom.vr.enabled", false);
user_pref("dom.vr.test.enabled", false);
user_pref("dom.vr.puppet.enabled", false);
user_pref("dom.vr.osvr.enabled", false);
user_pref("dom.vr.external.enabled", false);
user_pref("dom.vr.autoactivate.enabled", false);
user_pref("media.webspeech.synth.enabled", false);
user_pref("media.webspeech.test.enable", false);
user_pref("media.webspeech.synth.force_global_queue", false);
user_pref("media.webspeech.recognition.force_enable", false);
user_pref("media.webspeech.recognition.enable", false);

Disable Telemetry and Crash Reports

Firefox collects telemetry and crash data. You can turn this off for more anonymity:

user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.cachedClientID", "");
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.hybridContent.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.previousBuildID", "");
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.server", "");
user_pref("toolkit.telemetry.server_owner", "");
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("datareporting.healthreport.infoURL", "");
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.policy.firstRunURL", "");
user_pref("browser.tabs.crashReporting.sendReport", false);
user_pref("browser.tabs.crashReporting.email", false);
user_pref("browser.tabs.crashReporting.emailMe", false);
user_pref("breakpad.reportURL", "");
user_pref("security.ssl.errorReporting.automatic", false);
user_pref("toolkit.crashreporter.infoURL", "");
user_pref("network.allow-experiments", false);
user_pref("dom.ipc.plugins.reportCrashUR", false);
user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);

Configure Search Information

Set browser search to a “standard” state without location-based adjustments:

user_pref("browser.search.geoSpecificDefaults", false);
user_pref("browser.search.geoSpecificDefaults.url", "");
user_pref("browser.search.geoip.url", "");
user_pref("browser.search.region", "US");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.update", false);

Disable Push Notifications

Push notifications can work even after you close a page. Disable them:

user_pref("dom.push.enabled", false);
user_pref("dom.push.connection.enabled", false);
user_pref("dom.push.serverURL", "");

Prevent DNS Leaks

Prevent possible DNS leaks over IPv6, disable DNS prefetching, and enable DNS over HTTPS (DoH):

user_pref("network.dns.disablePrefetch", true);
user_pref("network.dns.disableIPv6", true);
user_pref("network.security.esni.enabled", true);
user_pref("network.trr.mode", 2);
user_pref("network.trr.uri", "https://cloudflare-dns.com/dns-query");

Disable Captive Portal Redirects

user_pref("network.captive-portal-service.enabled", false);
user_pref("network.captive-portal-service.maxInterval", 0);
user_pref("captivedetect.canonicalURL", "");

Block Data Sharing with Google

By default, Google protects you from malware and phishing, but if you want to avoid Google’s tracking, disable these features:

user_pref("browser.safebrowsing.allowOverride", false);
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.url", "");
user_pref("browser.safebrowsing.provider.google.advisoryName", "");
user_pref("browser.safebrowsing.provider.google.advisoryURL", "");
user_pref("browser.safebrowsing.provider.google.gethashURL", "");
user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "");
user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "");
user_pref("browser.safebrowsing.provider.google.reportURL", "");
user_pref("browser.safebrowsing.provider.google.updateURL", "");
user_pref("browser.safebrowsing.provider.google4.advisoryName", "");
user_pref("browser.safebrowsing.provider.google4.advisoryURL", "");
user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
user_pref("browser.safebrowsing.provider.google4.gethashURL", "");
user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "");

Disable DRM

Just because you can:

user_pref("browser.eme.ui.enabled", false);
user_pref("media.eme.enabled", false);

Conclusion

We’ve covered some basic Firefox settings to help you keep your data private. As you can see, without these tweaks, the browser collects a lot of metrics and sends them to various servers. Since you can disable most of this, why not do it?

This guide isn’t exhaustive—there are hundreds of settings you can further optimize. Also, keep in mind that setting names may change between Firefox versions, so you’ll need to update your user.js file from time to time.

10 Useful Firefox Privacy Add-ons

No matter how much you tweak Firefox, some things can only be achieved with add-ons. Here are some essential privacy and security extensions:

Privacy Possum — Blocks various tracking methods: referrers, ETag headers, third-party cookies, and fingerprinting data.
uBlock Origin — An excellent ad blocker with extensive filter lists. Note: most filter lists need to be enabled manually in the settings.
uMatrix — Developed by the creator of uBlock Origin, this is a powerful request blocker. When used with uBlock, it’s a strong tool against ads and trackers, but requires per-site configuration.
Nano Defender — Complements ad blockers by countering anti-adblock scripts.
Decentraleyes — Prevents tracking via Content Delivery Networks (CDNs).
Facebook Container — Developed by Mozilla, this add-on tries to stop Facebook from tracking you across the web.
Google Search Link Fix — Cleans up search results in Yandex and Google, preventing click tracking.
NoScript — Popular extension that blocks scripts on websites. Very useful, as scripts often compromise anonymity.
HTTPS Everywhere — Automatically switches connections to HTTPS, even if not specified in the address bar.
Privacy Badger — Another extension from the Electronic Frontier Foundation that blocks trackers.

By combining these settings and add-ons, you can significantly improve your privacy and security while browsing with Firefox.

DarkNet KING Shedding Light on the Hidden Web — Your Gateway to Trusted, Secure Information