Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
Find a file
Thorin-Oakenpants 3207478033
make 2803 inactive: thirdparty.sessionOnly
reasons why
- third party cookies are NOT are not real ... they are partitioned to the first party (with dFPI)
- at the very least nonsecure is redundant
   - no one in this day and age is going to want the config of keeping all secure but not insecure, it doesn't make any sense: especially since 85% (from memory) of traffic from telemetry is secure, and 70+% of the top 1M sites are secure ( https://scotthelme.co.uk/top-1-million-analysis-november-2021/ shows almost 72% of the sites in the Top 1 Million now actively **_redirecting_** traffic to use HTTPS) - in other words, the reasons for keeping secure cookies (like banks, logins) but ditching the rest in the old days are over as being secure is not a distinction, but the norm
- we previously blocked all third party cookies, so this was never really used
- we then moved to lifetime pref = 2 (which makes everything session only), so again, this isn't really adding anything
- we sanitize on close (always have)
- we will be moving off lifetime pref (because deprecation), but we still sanitize on close
- when we move off lifetime pref, I think these prefs could cause issues with dFPI / sanitizing (wouldn't surprise me: they are old and outdated as a concept), and I think we're better off making them inactive

We could also remove them. If that's not enough to convince you, then I have no more words
2022-05-10 15:03:36 +00:00
.github/ISSUE_TEMPLATE Update troubleshooting-help.md 2022-02-27 10:44:04 +00:00
scratchpad-scripts long standing defaults 2022-05-09 19:25:18 +00:00
wikipiki Add files via upload 2022-02-25 23:15:01 +13:00
.gitattributes Update .gitattributes 2019-06-26 13:32:12 +00:00
.travis.yml Added Travis CI configuration 2017-03-01 00:11:05 +02:00
_config.yml migration: cleanup code references 2020-09-15 06:07:32 +00:00
LICENSE.txt Update LICENSE.txt 2020-09-15 04:19:03 +00:00
prefsCleaner.bat v2.4 - add strlen check for prefs.js 2021-01-17 15:27:50 +00:00
prefsCleaner.sh Made prefsCleaner.sh executable (#1416) 2022-04-08 07:03:43 +00:00
README.md Update README.md 2022-01-30 08:53:08 +00:00
updater.bat Update wiki link for updater options (#1364) 2022-02-06 12:23:20 +00:00
updater.sh Update updater.sh 2022-03-19 07:47:46 +00:00
user.js make 2803 inactive: thirdparty.sessionOnly 2022-05-10 15:03:36 +00:00

🟪 user.js

A user.js is a configuration file that can control Firefox settings - for a more technical breakdown and explanation, you can read more in the wiki

🟩 the arkenfox user.js

License: MIT

The arkenfox user.js is a template which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen).

Everyone, experts included, should at least read the wiki, as it contains important information regarding a few user.js settings.

Note that we do not recommend connecting over Tor on Firefox. Use the Tor Browser if your threat model calls for it, or for accessing hidden services.

Also be aware that the arkenfox user.js is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser.

🟧 sitemap

🟥 acknowledgments

Literally thousands of sources, references and suggestions. Many thanks, and much appreciated.