Mozilla Firefox Spyware Mitigation Guide
This guide was tested working with Firefox version 74.
After configuring Mozilla Firefox with ghacks-user.js, according to this guide it's rating changes like so:
Spyware Rating: High → Not Spyware
The ghacks user.js is a template which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible — while minimizing any loss of functionality and breakage (but it will happen).[2]
Before beginning this guide it is important that you try and cross-reference it with other guides, to see which prespective on this topic is the best way to do it for you. At the bottom of the page are links to other guides and projects like this one. You should strongly consider this as you may find other guides more useful than this one.
For extra privacy & security, disconnect your computer from the internet while following this guide, so that Firefox is unable to phone home by accident.
Mozilla Firefox has a huge amount of spyware features, but they can all be disabled by using predefined profile settings. To do this you need to create new Firefox profile:
- Run
firefox -no-remote -ProfileManager - Create a new profile
- Exit.
Then open your Firefox user profiles directory. It should be located at:
| OS | Path |
|---|---|
| Windows 7 | %APPDATA%\Mozilla\Firefox\Profiles\XXXXXXXX.your_profile_name |
| Linux | ~/.mozilla/firefox/XXXXXXXX.your_profile_name |
| OS X | ~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile_name |
| Android | /data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name |
| Sailfish OS + Alien Dalvik | /opt/alien/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name |
| Windows (portable) | [firefox directory]\Data\profile\ |
Delete everything from the new profile and get ghacks user.js:
cd /path/to/your/profile && rm -r * && wget https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js
You may want to edit the file to your needs, if so:
$EDITOR user.js
If you want to disable OCSP as well, you should also add this to your user.js. These settings are separated because while OCSP is a privacy breach, it is also a security feature. It works by contacting other servers to verify the authenticity of the address you are connecting to.
You should think about it before making a decision. You can read more about OCSP here: https://scotthelme.co.uk/revocation-is-broken/ [web.archive.org].
user_pref("security.ssl.enable_ocsp_stapling", false);
user_pref("security.OCSP.enabled", 0);
user_pref("security.OCSP.require", false);
With this installation method, if you change any of the settings in user.js through about:config or Firefox preferences dialogs,
they will be reset to the user.js defined values after you restart Firefox.
This makes sure they're always back to secure defaults when starting the browser.
At the end you need to delete several default plugins in Firefox directory at /path/to/firefox/browser/features (ie /usr/lib/firefox/browser/features/) that can violate privacy:
- firefox@getpocket.com.xpi — Pocket
- followonsearch@mozilla.com.xpi — Follow On Search
- activity-stream@mozilla.org.xpi — Activity Stream
- screenshots@mozilla.org.xpi — Screenshots
- onboarding@mozilla.org.xpi — Onboarding
- formautofill@mozilla.org.xpi — Autofill
- webcompat@mozilla.org.xpi — Web Compatibility Reporter
It is highly recommended to also check other user.js template settings from ongoing "ghacks-user.js project"[1] for further hardening Firefox privacy, security and anti-fingerprinting.
Run firefox -no-remote -ProfileManager again and start the profile you created. Delete any others if needed. Check to make sure, after the first start, that another profile which does not use ghacks was not created by Firefox.
Other Guides
These are other guides and projects to help protect your privacy using Firefox. It's important to look at other perspectives instead of reading JUST this guide. So you should be comparing all of the guides that you can find to hear everyone's ideas about how this should be done, before you finish setting Firefox up. Librewolf is less of a guide and more of a project and series of tools and settings you can download to help you make Firefox private.
- Privacy Related "about:config" Tweaks to Firefox [web.archive.org] [archive.is]
- Firefox Privacy – The Complete How-To Guide [web.archive.org] [archive.is]
- Librewolf, Firefox with privacy enhancements
Sources
- https://commons.wikimedia.org/wiki/File:Firefox_logo,_2019.svg (Firefox Logo)
- ghacksuserjs/ghacks-user.js [web.archive.org] [archive.is]
- https://github.com/ghacksuserjs/ghacks-user.js/blob/master/README.md
If you want to edit this article, or contribute your own article(s), visit us at the git repo on Codeberg. All contributions must be licensed under the CC0 license to be accepted.
