Coronavirus information & resources Inciting Violence: The U.S.

Capital 'Insurrection'

12Bytes.org Blog Articles  Projects Photos Subscribe Contribute

alternative information, tech talk, fragments

The Firefox Privacy Guide for Dummies!

First published: December 22, 2018

Last modified: October 23, 2020

See the revision history at the end ... if you make it that far :)

Before embarking on this journey into the bowels of Firefox, you may want to first read, Tor verses a VPN – Which is right for you?. If you choose to use the Tor
Browser, you need not bother with this guide.

Contents [ show]

Introduction
The following video will provide an overview of one aspect of what it is we're up against and why i wrote the Firefox configuration guides. I encourage everyone to view
it, especially if you're one of the many people who aren't worried about surveillance because you 'have nothing to hide'.

Video: Prof Shoshana Zuboff on surveillance capitalism

You're aware that unethical companies such as Facebook, Instagram, Google, YouTube, advertisers, your ISP and even governments are spying on your activities and
buying and selling the data they harvest, even if you may not be aware of how they're doing it. You're concerned about this invasion of your privacy, but what can you do
abut it?

Welcome to the 'for dummies' edition of the Firefox Configuration Guide for Privacy Freaks and Performance Buffs!!!

The goal here is to provide a simple guide, to the extent that's possible, which will yield a privacy enhanced configuration of the Firefox web browser whilst breaking
as few websites as possible. That said, be prepared to put a little bit more effort into your surfing activities, at least until the dust settles. The pay-off will be a much
faster, cleaner, less annoying web that is less able to track and profile you. Note that i said "less", not "not".

WARNING: This guide is not intended for use with the Tor browser which is an already hardened version of Firefox. Configuring the Tor browser as outlined here may
result in doom.

Catching the Fox

You want the standard release version of Mozilla Firefox; no Pale Moon, no Waterfox, etc., so if you don't have it, get it. If you run a Linux-based operating system, look
in your package manager. Since it's privacy we're interested in, we're way too smart to be screwing around with Google Chrome or Microsoft Edge, though if you have
an inferior alternative browser installed you could retain it as a backup.

Profiling the Fox

Start Firefox and enter about:profiles in the address bar -- you can call it the "location" bar or the "awesome" bar, i call it the address bar -- then press your
'Enter' key to load that address. This is where Firefox keeps a list of all your profiles. Profiles are where most of your settings, bookmarks and other junk gets stored.

You can have as many profiles as you want, but by default there will be just one named 'default'. We need another one, so click the 'Create a
New Profile' button and name the new one 'privacy'. You can change the name later, but leave it be for now. Once you're done, exit Firefox.

Firefox will now annoy you (and let it keep annoying you for the duration of these next few months we'll be spending together) by asking
which profile you want to load every damned time you start it and you should (almost) always choose your 'privacy' profile.

click me

Pro Tip

Training the Fox

Restart Firefox and this time you should see the Choose User Profile window. Load your privacy profile but don't visit any web pages just
yet, other than this one if you want. Firefox may load some default pages when is starts and that's something we'll fix later.

click me

Profile Tip

If you're running Windows you will need to un-hide file extensions, and i suggest you keep them un-hidden.

With Firefox up and running, load about:preferences in the address bar or click the Hamburg icon on the toolbar, then 'Preferences'. Click the 'Search' menu
item on the left and under where it says 'Search Bar', click 'Add search bar in toolbar'.

Next, go to the arkenfox/user.js GitHub repository. We need their prefsCleaner.bat (Windows) or prefsCleaner.sh (Linux) file and the updater.bat (Windows) or
updater.sh (Linux) file. Now before you mess up, hear me out: One by one, click on the file names, then click the 'Raw' button, then press Ctrl+S to save the files to
your desktop. Failing to heed my advice can cause the file to get messed up which will surely result in Russia nuking us ... assuming you live in the U.S.. If you want to
avoid those steps, here's the direct links to the files: updater.sh (Linux), updater.bat (Windows), prefsCleaner.sh (Linux), prefsCleaner.bat (Windows). Now if you're
one of those wiz kids, you may have deduced that we're going to need that user.js file too but we'll grab that another way.

Next, go to the 12bytes.org/Firefox-user.js-supplement page at Codeberg.org, click the user-overrides.js file, then click the 'Raw' button and press Ctrl+S to save the
file (here's the direct link to the raw file).

Next you'll need a decent code editor (no, not Notepad!) with syntax highlighting. If you're running Wintendo (that's one of my several derogatory names for Windows),
PSPad is nice, simple and free. If you're running Linux you've surely got something installed already, so poke around.

What you need to do now is open that user-overrides.js file in your code editor and follow the directions Very Carefully. Every single little tiny thing you could ever
possibly want to know about all the settings in that file is in there (except whatever i forgot to put in there).

Now that you've sifted through that convoluted mess (go you!), open Firefox's about:profiles page again. Note that user profiles and web cache are stored in
separate folders, thus why you may see more than one directory path for each profile. In the row labeled 'Root Directory' under your 'privacy' profile, click the 'Open
Directory' button and then kill Firefox.

In your file manager you may notice that the folder containing your 'privacy' profile actually has a longer name with a bunch of gobbledygook in front of 'profile'. Ignore
that like you ignore your goofy neighbor with the tinfoil wallpaper. If you see a prefs.js file in there, you're probably in the right place. Next, grab those files from your
desktop you pirated earlier and stick 'em in your 'privacy' profile folder where the prefs.js file is.

Now we need to run that updater script. How to do that depends on whether...

...you're running Linux

...or Windows

The updater script will spit out some introductory stuff and then prompt you to continue. If by chance everything in the universe is aligned just so, and you've followed
the directions you didn't read, the script will download a fresh copy of the 'arkenfox' user.js file to your profile directory and append the contents of your user-
overrides.js to it just like it says on the tin.

Pestering the Fox

The 'arkenfox' user.js is updated fairly frequently and so you'll need to check for updates regularly. There's two ways you can check for updates if you're running Linux
and one if you're running Windows, however there's only (easy) way to actually update the user.js and that's by using the 'arkenfox' updater script.

If you're using a Linux-based OS you can use my user.js-notify.sh script to be automatically notified via a desktop notification when:

the 'arkenfox' user.js is updated

 my user-overrides.js is updated
this guide is updated

The idea here is to add the script to your startup programs so it runs each time you log-on to your desktop. Instructions for implementing the
script are contained within the script. Open the file with a code/text editor to read the instructions and edit a few options.

To check for a new user.js if you're running Windows, or to actually update the file, kill Firefox and run the 'arkenfox' updater script. If you're running Windows, or if
you're running Linux and don't wish to use my user.js-version-checker.sh script, you should run the updater script every week or so in order to check for a new version.
You always want the user.js version that corresponds to the major version of Firefox, so if the updater script says Available online: * version 80-alpha
and you're running Firefox version 79.0.1, you'll want to cancel the update because 80 doesn't equal 79, unless you're "woke" in which case it all bets are off.

Each time you run the updater script, be sure to follow it up by running the prefsCleaner script using the same method as described earlier for your operating system.
The prefsCleaner script will reset any depreciated, removed, or inactive preferences and it's important that you do this.

updater script Pro Tip

Fattening the Fox

Now we're going to go to the Firefox Add-ons website, AMO (Addons.Mozilla.Org). Start Firefox and select your 'privacy' profile, then come back here.

Why does he say 'WE' and 'WE'RE' when 'I' am the one doing all the f'n work?!

One at a time, middle click each of the links below to open their pages in a new tab, then Read What It Says for each add-on, then install it. Don't install something
you think is equivalent because it probably isn't.

Clear URLs by Kevin R.

Cookie AutoDelete by CAD Team
CSS Exfil Protection by Mike Gualtieri
HTTPZ by claustromaniac
uBlock Origin by Raymond Hill

Once you have all those installed, find the 'Customize' option in one of the Firefox menus or by right-clicking on an empty space on a toolbar somewhere. With the
exception of uBlock Origin, you can drag the toolbar icons for the other add-ons, for those that have them, to the Overflow Menu since you will rarely be interacting with
them.

A note regarding add-ons...

We need to configure some of the add-ons we installed, but first a word to the wise: Unless you know what you're doing, i strongly suggest you configure these add-
ons as outlined here, else Russia.

To configure your add-ons, load about:addons in the address bar or find the 'Add-ons' menu item in one of the Firefox menus.

Clear URLs: In the preferences, enable the following options where an [X] indicates the option is enabled:

[_] Allow domain blocking (if you're not using any of the major ad filtering lists in uBlock, then enable this).
[X] Skip URLs on local hosts
[X] Prevent tracking injection over history API
[X] Block hyperlink auditing
[X] Filters ETag headers from requests
The rest of the options are just that; optional :)

Footnotes:

[1] Enabling this will enhance privacy, however this option will break some websites.
Cookie AutoDelete: On the 'Settings' page, click the 'CAD Settings' tab and enable the following in the 'Automatic Cleaning Options' section:

[X] Enable Automatic Cleaning

[X] Enable Cleanup for Discarded/Unloaded Tabs
[X] Enable Cleanup on Domain Change
[X] Enable Greylist Cleanup on Browser Restart
[_] (optional) Clean Cookies from Open Tabs on Startup
[X] Clean All Expired Cookies
In the 'Other Browsing Data Cleanup Options' section, enable all options.

The rest of the settings are optional.

While Cookie AutoDelete (CAD) may seem a bit complex at first, it's really very easy to use. Given the combination of the 'arkenfox' user.js, my user-overrides.js and
the suggested CAD settings, you'll pretty much be able to ignore CAD and get on with your life. The exception will be when you need (more so than 'want') to save
some sort of data for some website, like if you want to log-on automatically even after you restart Firefox, or you want to save your settings for a search engine
website. In these cases you will click the CAD toolbar icon and either greylist or whitelist the domain or the domain and all its subdomains. Read the CAD
documentation and FAQs to learn how to do this.

uBlock Origin: This is a huge biggie! I know, supposed to be the 'for dummies' guide and all, but you really gotta learn how to use uBlock Origin (uBO). The
good news is that it's got a 'dummy' mode and it's enabled by default!

To set up uBO, read my uBlock Origin Suggested Settings guide.

Of particular importance, DO NOT select the 'I am an advanced user' option! Don't look at it. Don't think about it. Don't think about looking at it ... at least not
until you read all that 'required reading' stuff and understand fully what uBO is, does, how to configure it, and how easy it is to break the entire interwebs if you screw
up.

Now it's really important that you read this and this and this, but only up to the 'Medium mode' part for the last one. Once you complete that you'll be a Semi-
Certified uBlock Origin Web Filtering Engineer Apprentice.

Break time...
Training the Foxineer
With that all done and Firefox running, close all tabs and click the Hamburger button again to open the Preferences window, then click the Privacy & Security menu
item, or load about:preferences#privacy in the address bar. Scroll down to the Cookies and Site Data section and click the Manage Data button. In the
Manage Cookies and Site Data window that opens, click Remove All. This will remove (almost) all of the stored data that Firefox has accumulated so far. We're just
doing this to nuke anything that was stored before we installed our privacy add-ons, plus so that you know how to nuke Firefox storage.

If you've used Firefox before there's going to be some changes, one of them being that you'll be searching from the search bar (or a web page that isn't Google
hopefully) instead of the address bar. The reason for this is a little creepy, suffice to say it's a privacy/security thing. Live search suggestions will be disabled because
it's also a creepy thing, though the search bar will still suggest stuff from your history, bookmarks and previous searches.

Now for the really important stuff...

Remember the part at the beginning when you started reading this last week? You know, where i said we'd be "breaking as few websites as possible"? Kek! Since
we disabled JavaScript globally in uBO, every other website you visit is going to be busted, and for good reason too.

There's a few things you need to know about JavaScript: 1), it's awesome-ish, 2) it's a privacy nIGhTMarE, 3) almost every website on Planet Earth uses it (even this
one).

JavaScript (JS) can be used to do all kinds of cool (and creepy) things like make web pages interactive, make dull things look un-dull, animate stuff, etc.. It's used a lot
for making navigation menus work and displaying images, as well as for annoying the bejeezes out of you with ads and pop-ups. Of primary importance however is
the fact that JS is also leveraged heavily for tracking and profiling you, your web browser, your computer, family history, bathroom habits and the masturbation
techniques of your family pet, and thus it's a privacy (and, to some extent, security) nightmare (if you want to beat yourself up even more, read Stop pushing
JavaScript! by a guy who knows what he's talking about). Now do you see why we disabled JS globally for the entire web in uBO? Thing is, it's very easy to enable
again For Those Specific Websites Where You Really Need It to be enabled. "Need", i said. Not "like" or "want", but "need".

Start Firefox and load up your privacy profile, then middle-click this link to open it in a new tab and click some of the colors on the color swatch and…… well that was
boring, but WAIT! THERE'S MORE! Now click the uBlock Origin button on your toolbar and in the lower right corner there’s an icon that looks like a </> , except it
has a red ‘X’ through it. That icon is secret code for [CENSORED]. Click it to remove the ‘X’ and you will have enabled JavaScript for that particular domain after which
you’ll see a new button appear out of thin air that has circlely arrows on it. Clicking that button (or pressing F5) will refresh the page at www.w3schools.com and this
time your browser will allow JS to run for the entire w3schools.com domain. That color swatch page will now look very different and this time when you click the colors,
awesome things will appear that will surely dazzle you for hours on end (like that damned triangle puzzle-peg thingy in every Cracker Barrel).

The point of that intensely interesting exercise was to demonstrate the power of JavaScript by showing you how different it can make a website look and work, as well
as how necessary it is in some, but not all cases. For example, if you're reading this nail-biting novel with your Firefox privacy profile loaded and JS disabled, it
wouldn't make much of a difference because the place looks and works pretty much the same whether JS is enabled or not, thus you should never enable it where it
isn't needed. Kapish?

Now you're going to take the JavaScript Oath with me. DON'T LAUGH, this is important shit! OK, repeat after me:

EYE SHALL NOT ENABLE JAVASCRIPT FOR ANY WEBSITE UNLESS A) THE WEB DEVELOPER IS AN ETHICAL BLOOD RELATIVE WHOM I TRUST WITH
MY LIFE AND B) IT MUST BE ENABLED IN ORDER TO PROVIDE REQUIRED FUNCTIONALITY THAT WOULD OTHERWISE NOT BE AVAILABLE (AND
LOOKING AT BOOBS DON'T COUNT!).

Importing stuff from an old profile

If you're not a first-time Firefox user and you have important bookmarks or other stuff you want to import to your new privacy profile, make a backup copy of your profile
and then go ahead and read this.

What to do when the Fox bites

It's inevitable that you're going to have trouble with some websites. Keep calm. Breeeeath! You've already gotten a taste of how a website can be rendered useless
with JavaScript disabled and although i let you enable it for the site given in the example earlier, i only did so because it's a trustworthy place. The next website you
visit may not be. You're here aren't you?

To make a broken website function again, you'll need to use uBlock Origin to enable the functionality you need for those websites you trust. If you cannot get a website
to cooperate by making site specific changes in uBlock, you can always spin-up a fresh, empty profile, but understand that you will be at the mercy of a completely
default Firefox configuration with all of our extra privacy protections removed. For websites you don't trust, why are you visiting them? Porn? Warez? If you value your
privacy and digital integrity, forget that stuff. Seriously.

Another 'gotchya' that will likely creep up at some point is a website not saving settings that you wanted to save, such as your log-on credentials or search engine
settings. To save this data you will need to edit the permissions for the domain and there's two easy ways to access them; you can right click within the page to open a
context menu, then click the "View Page Info" menu item, or you can click the padlock icon in the address bar, then the right-facing arrow, then "More information". In
the window that opens, click the "Permissions" icon and scroll down until you see the "Set Cookies" item. Finally, deselect the "Use Default" preference and select the
"Allow" preference to keep your settings for the website after Firefox is closed and restarted.

I would NOT suggest allowing cookies for any privacy-hating social media or mainstream search websites such as Google, Yahoo, Bing, Facebook, Instagram,
Twitter, etc.. If you want to learn more about alternative search engines, read Alternative Search Engines That Respect Your Privacy.

The Fox hole

Even with everything we've done, you're still vulnerable to being tracked and profiled, however you're in a better position now then when you started out, except for one
little problem: Your Internet Service Provider!

At the very least your ISP can see what websites you visit, when you're surfing the web and when you're not. They may even inject ads, malware or other garbage in
your data stream. The solution: Hijack your neighbors unprotected WiFi and... Kidding! Listen, you and i have gotten to know each other throughout this long and
difficult ordeal. We're kinda like buddies now. Kinda. And i can already tell you're ethics are of a higher caliber than mine that!

One solution to the problem is a Virtual Private Network (VPN). Ever wanted to be in 30 places at once?

A VPN works by encrypting the traffic between you and another computer run by the VPN service provider which we'll call an 'exit node'. That exit node could be
anywhere in the world. From the exit node your traffic flows as normal to whatever website you want to visit and the website then sends the kitty video you clicked on
back to the exit node thinking IT is YOU, but alas, IT AIN'T! YOU FOOLS! The kitty video then secretly makes its way back to you through this secret tunnel which was
secretly established between you and the exit node. So far as the website is concerned, it doesn't know where the hell you really are and so far as your ISP is
concerned, all it sees is gobbledygook that looks like Braille to a quadriplegic tuna. Ever annoyed by that galactically stupid "Sorry, this video is not available in your
country" crap? Pfff.

There are truck loads of different VPN service providers and it seems the vast majority do not take customer privacy seriously, however i think both NordVPN and
AirVPN are good companies that offer a good service at a good price. I've used both and i like both. Both have servers (think 'exit nodes') all around the globe and
neither restrict any protocols (think 'BitTorrent'). Both offer client applications that you can install to make using their service stupid simple. If you'd prefer to pick a VPN
provider yourself however, i recommend you visit That One Privacy Site and browse the fantastic spreadsheets the dude puts together. Another good resource is
TorrentFreak's annual VPN reviews. Here's the one for 2018. I would strongly advise against any VPN add-on on the Mozilla add-ons site for a few reasons, one of
them being that they very likely suck from a privacy perspective and another being that it's only your browser that will benefit and not the rest of your OS and software.
Lastly, NEVER trust any "free" VPN provider. Ever.

The downside?

Though VPN services are cheap, it's still an additional expense

VPN exit node IP addresses can get blacklisted which could cause problems sending mail and accessing certain websites and services, however in my
experience this hasn't been a huge issue and, even if is is, it's usually just a couple of mouse clicks to switch exit nodes
Latency (the time between the mother-in-law walking in front of your car and your realization that you need to slam on the breaks) and bandwidth (how many
tweets per second you can send notifying your friends of the "accident") will be affected, but in my experience the difference isn't huge

In short, i think the pluses of using a VPN outweigh the minuses. That said, you can never trust any VPN service 100%, but any reputable one will help to protect your
privacy and should certainly prevent your ISP from spying on you. If it's the NSA you're worried about, well, that's another story, but i'm not at all convinced there's any
way to thwart that threat.

WHAT THE FOX!

So now you're all smitten thinking you're invincible and ready to hack the NASA to see if aliens really built Taco Bell's on the back of the moon (they did, pretty sure).
You're not, but you've taken one, small step for man, and..... Truth is, there's far more vectors for attack than you and i and the so-called "experts" may ever know about,
so don't get all uppity. Perfect privacy on the web, as in real life, is a pipe dream and it wasn't the goal here anyway. We've covered a some important bases that will
help prevent nasty corporations and your ISP from spying on you, but not all of them. Remember that when you're creating fake profiles on Facebook to stalk your ex.

After you've taken plenty of time to get comfortable with your new Firefox configuration, i suggest reading everything in the uBlock Origin wiki and learning how to use
it in its advanced mode. And after that, it's the Firefox Configuration Guide for Privacy Freaks and Performance Buffs.

Be safe. Be ethical. And if you need help (after you've tried to help yourself), leave a comment or check the FAQ: Firefox Hardening page.

IMPORTANT: If you incorporate suggestions made in this guide, please subscribe to the Firefox category on the subscription page. This article is updated fairly often
and that's the best way to stay informed.

Further resources
Everything Firefox
FAQ: Firefox Hardening
Alternative Search Engines That Respect Your Privacy

Revisions

Click to expand...

Comments
Note that both reader and my comments, while they may have been accurate at the time, might be inaccurate today. This is a highly dynamic
environment so please verify the accuracy of comment content should you wish to utilize it. Failing that, ask me and i'll give it a crack.

Email me when this content is updated.

Email SUBSCRIBE

80 thoughts on “The Firefox Privacy Guide for Dummies!”

Older comments

Mankind
January 19, 2021 at 12:36 pm

Wait, I’m just dumb, discard my last comment. I didn’t notice the Profile Tip spoiler under that section, lol.

Reply to 'Mankind'

12Bytes 
January 19, 2021 at 12:39 pm

no problem!
 Reply to '12Bytes'

Mankind
January 19, 2021 at 12:32 pm

I now have multiple profiles for various purposes but every time I start Firefox it always loads my default one, that fancy profile manager of yours is nowhere to be seen.
This happens both on Windows and on Debian actually, how do I make enable it?

Reply to 'Mankind'

12Bytes 
January 19, 2021 at 12:38 pm

> that fancy profile manager of yours is nowhere to be seen

not sure what you mean – i never created a profile manager

to have Firefox ask which profile you want to use when it starts, add -P to the command – see here for more – if you need more help, let me know

Reply to '12Bytes'

Older comments

Leave a Reply

Your email address will not be published. Required fields are marked *

COMMENT

NAME *

EMAIL *

NOTIFY ME WHEN NEW COMMENTS ARE ADDED

POST COMMENT

Search … >

TOPICS

12Bytes Website (15)

Activism (35)
Business (93)
Conspiracy (199)
Crime (189)
Environment (31)
Everything Else (5)
Government (356)
Health (218)
Vaccines (117)
History (90)
DONATE Human (20)
Investigations (64)
Bitcoin: 169GsE9MxH8xn6dpwbwvwxqEER5dwAneKM Israel (97)
BitcoinCash: 1GzPichLQSLbXkCCuroDmNe9CBgbTB7EMv Jewry (98)
Dash: Xn1SPmABaSLdZWp5LgXPmm9aCT3QzoTKDr News (184)
EOS/Ethereum: 0xE3a428AAB13aaF6edb966038B9bf6173970777Ee Photos (5)
LiteCoin: LYMUNg7rqWm9q2e1pGZeXycRT7pUvh6smd Politics (98)
Product Reviews (3)
Projects (4)
SUBSCRIBE
MP3 Factory (4)
Ramblings (14)
Subscribe to be notified when content is added or updated
RC Hobby (1)
Resources (9)
RECENT COMMENTS Science (117)
Sticky (6)
12Bytes on update: user-overrides.js for arkenfox user.js Tech (105)
Pants on update: user-overrides.js for arkenfox user.js Firefox (38)
12Bytes on uBlock Origin Suggested Settings Linux (11)
tiger_man on uBlock Origin Suggested Settings Search Engines (8)
12Bytes on uBlock Origin Suggested Settings Thunderbird (4)
 Terrorism (56)
Unexplained (3)
Urban Exploration (1)
ABOUT | CONTACT | CONTRIBUTE | PRIVACY War (16)