Firefox privacy & security config tweaks
Aim – improve privacy when using Firefox browser.
Tested – Firefox Quantum v62.0.2
Type about:config in the URL bar and modify the following parameters:
app.normandy.api_url = “”
app.normandy.enabled = false
app.shield.optoutstudies.enabled = false
breakpad.reportURL = “”
browser.aboutHomeSnippets.updateUrl = “”
browser.cache.offline.enable = false
browser.chrome.errorReporter.submitUrl = “”
browser.download.manager.addToRecentDocs = false
browser.onboarding.enabled = false
browser.ping-centre.telemetry = false
browser.safebrowsing.blockedURIs.enabled = false
browser.safebrowsing.downloads.enabled = false
browser.safebrowsing.downloads.remote.enabled = false
browser.safebrowsing.downloads.remote.url = “”
browser.safebrowsing.malware.enabled = false
browser.safebrowsing.phishing.enabled = false
browser.safebrowsing.provider.google.gethashURL = “”
browser.safebrowsing.provider.google.reportMalwareMistakeURL = “”
browser.safebrowsing.provider.google.reportPhishMistakeURL = “”
browser.safebrowsing.provider.google.reportURL = “”
browser.safebrowsing.provider.google.updateURL = “”
browser.safebrowsing.provider.google4.dataSharingURL = “”
browser.safebrowsing.provider.google4.gethashURL = “”
browser.safebrowsing.provider.google4.reportMalwareMistakeURL = “”
browser.safebrowsing.provider.google4.reportURL = “”
browser.safebrowsing.provider.google4.updateURL = “”
browser.safebrowsing.provider.mozilla.gethashURL = “”
browser.safebrowsing.provider.mozilla.updateURL = “”
browser.safebrowsing.reportPhishURL = “”
browser.send_pings = false
browser.tabs.crashReporting.sendReport = false
browser.urlbar.speculativeConnect.enabled = false
browser.urlbar.trimURLs = false
canvas.capturestream.enabled = false
datareporting.healthreport.uploadEnabled = false
dom.battery.enabled = false
dom.event.clipboardevents.enabled = false
dom.ipc.plugins.flash.subprocess.crashreporter.enabled = false
dom.ipc.plugins.reportCrashURL = false
dom.popup_allowed_events = click dblclick
dom.popup_maximum = 3
dom.vr.enabled = false
extensions.pocket.enabled = false
extensions.webservice.discoverURL = “”
geo.enabled = false
gfx.font_rendering.cleartype_params.force_gdi_classic_for_families = “”
gfx.font_rendering.cleartype_params.force_gdi_classic_max_size = 6
gfx.font_rendering.cleartype_params.rendering_mode = 5
gfx.font_rendering.directwrite.use_gdi_table_loading = false
layout.css.visited_links_enabled = false
media.getusermedia.screensharing.enabled = false
media.navigator.enabled = false
media.peerconnection.enabled = false
media.peerconnection.ice.default_address_only = true
media.peerconnection.ice.no_host = true
media.peerconnection.ice.tcp = false
media.peerconnection.identity.timeout = 1
media.peerconnection.turn.disable = true
media.peerconnection.use_document_iceservers = false
media.peerconnection.video.enabled = false
network.IDN_show_punycode = true
network.allow-experiments = false
network.http.spdy.enabled = false
network.http.spdy.enabled.deps = false
network.http.spdy.enabled.http2 = false
network.manage-offline-status = false
preftoolkit.telemetry.archive.enabled = false
privacy.trackingprotection.enabled = true
reader.parse-on-load.enabled = false
security.csp.experimentalEnabled = true
shield.savant.enabled = false
toolkit.telemetry.archive.enabled = false
toolkit.telemetry.bhrPing.enabled = false
toolkit.telemetry.cachedClientID = “”
toolkit.telemetry.enabled = false
toolkit.telemetry.firstShutdownPing.enabled = false
toolkit.telemetry.healthping.enabled = false
toolkit.telemetry.hybridContent.enabled = false
toolkit.telemetry.newProfilePing.enabled = false
toolkit.telemetry.server = “”
toolkit.telemetry.shutdownPingSender.enabled = false
toolkit.telemetry.unified = false
toolkit.telemetry.updatePing.enabled = false
webgl.disable-extensions = true
webgl.disable-fail-if-major-performance-caveat = true
webgl.disabled = true
webgl.min_capability_mode = true
Furthermore – test WebRTC, test fingerprinting
Sources – privacytools.io, ghacks-user.js, reddit.com
Go & Tweak 