This repo was last updated when the ghacks-user-js repo was at commit: 08a5410b88b9ae5a71614ed7dffb4bd2d805e6a5

Please remember to backup your prefs.js file before adding the user.js file to your profile! If these configs break websites that you frequent it will be harder to undo if you don't backup the prefs.js file.

This Repo contains a list of about:config settings that I have changed for both preferential reasons, and also privacy and security reasons.

A lot of the settings from these files have come from ghacks list of settings (reference at the bottom). At this point my settings are up to date with ghacks list version 0.11 updated February 2017 (which at the time of writing, is the most up to date version). I have skipped over settings I feel are not necessary for me, or would eliminate the use of websites that I use on a daily basis.

See the user.js file for my about:config settings.

The files are identical. The only difference is that the windows version has Windows friendly carriage returns. For operating systems other than windows, you can use the non windows js file.

Please visit User.js File for details on how to apply the user.js file to your install of Firefox.

In short, you can either go to the url about:config and search for the configs manually and set them, or you can move the user.js file to the profile folder which differs across operating systems.

In thunderbird, you can get to the about:config by going to Edit -> Preferences, then select the Advanced panel, and then select the General tab. Now click Config Editor.

This add-on blocks all scripts on every page that you visit by default, along with some cross site scripting etc.

See below in the thanks section to find CHEF-KOCHs NoScript settings, which are a good place to start. It comes with some common sites that are okay to whitelist, and also some blacklisted sites that are known trackers.

Content Blockers

See below in the thanks section to find CHEF-KOCHs uBlock settings, which are a good place to start.

An extension that attempts to force HTTPS on every webpage you visit.

My settings are as follows:

• Click the HTTPS Everywhere icon in your toolbar
• Make sure that block all unencrypted requests is checked (I have noticed that with this setting Firefox slows down a lot eventually to the point where it will not even load pages anymore. Choose this option if you so choose)
• Go to the SSL Observatory Preferences
• It is a good idea to enable this if you are comfortable doing so. EFF is trustworthy, and enabling this feature will help you to be more secure.

This randomly (or selectively) changes your User Agent Profile. Essentially, it tells websites that you are using a different browser and system than you actually are in order to increase anonymity, and reduce fingerprinting.

My settings are:

• Random (Desktop)
• Every Request
• Under Options, I select "Disable Canvas Support"
• Most of the other settings are covered by the user.js file. NOTE: When you install this addon, it will make changes to all of settings we did in user.js, hence, disabling some of our settings. Restart Firefox, and the user.js file will then take precedence.
• Now go to the add-ons page and select preferences for this. Uncheck the "show notifications" box

Add-on by EFF. This is designed to stop trackers. It doesn't use a pre-made list of domains to block, it just learns over time what it should block and develops its own list.

My Settings:

• Click the icon in the toolbar and click the gear icon
• Select the general settings tab and check all 4 boxes

Deletes cookies after you have left the website that uses the cookies.

Only setting is unchecking the box notifications in the preferences part of the list of add-ons

Canvas's are a good source of trackable material for trackers. This helps mitigate this.

You can either block the canvas outright, or spoof it with this add-on. Choose either or in the preferences.

Blocking will just not provide the API with any information, which one might argue makes you trackable simply because a non-result is still a result. Spoofing will give the API information, but it will be false and different everytime the API asks for information. Your call.

The Fake Readout (spoofing) is the default setting.

This add-on just gives your HTTPS connection a grade from 0 to 10 and gives information about your connection.

Blocks certain content, ads, and analytics.

NoCoin Blocks in browser bitcoin miners from running

Before applying the Firefox user.js file, make sure to remove pocket from the toolbar first. After that is done you can apply the browser.pocket.enabled configuration.

Francois Marier for the Firefox talk at LinuxFest NorthWest 2017

Haasn for their about:config gist in which I found many of my current settings.

ghacks list of Firefox security and privacy settings. This list is now updated on github: ghacks-user.js

Also thanks to CHEF-KOCH / NoScript-Whitelist For their uBlock, and NoScript settings, which are a huge help. I will not be posting my configurations here as the license requires a list of changes. Regardless, most of the settings are from that repo.