August 7, 2017

Hardening Firefox. Replacing Chrome.

Disclaimer: I imported this post from WordPress to Jekyll on 9/2/23. Forgive the misformatting until I get a chance to clean it up.

The Case for Firefox

I have been on a quest for some time to reduce my exposure to Google products. I switched from Gmail to Protonmail and from Google Search to StartPage. Google is generally on the cutting edge of performance, features, standards, and security in many of their products. The trade-off, however, is handing over incredible amounts of personal data to a company whose business model is using my data for marketing and product development.

A product as fundamental as a desktop web browser is difficult to replace. I have tried reverting from Chrome to Firefox many times over the last few years, but the performance difference was always too noticeable. As of late, however, Firefox is making great strides in performance, and I have recently switched back to it as my daily driver.

Hardening Firefox

User.js

Firefox, by default, is designed with security and privacy as a top priority. Even as such, there are still many ways that the browser can leak personally identifiable data. User.js is a fantastic open-source project which provides a customized profile for tightening up all of the potential weak points left open in a default Firefox installation. This file disables many new HTML APIs that trackers can use to profile the user, locks down Add-ons and plugins, disables various forms of telemetry, hardens cryptography and cipher suites, and much more.

By default, this user.js file breaks some functionality of many popular sites. If that is the case, there is a relaxed branch which provides a bit more of a balance between usability and ultimate privacy. Alternatively, you can determine which settings need to be toned down for your specific needs and adjust them as needed. That is the path I am following by updating my own fork of the project.

Add-ons

To further harden Firefox, I am currently using the following Add-ons:

CanvasBlocker - To block canvas fingerprinting.
Decentraleyes - To block tracking by content delivery networks. Learn more.
Tampermonkey - To run the Anti-Adblock Killer user script.
HTTPS Everywhere - To prioritize encrypted connections.
uBlock Origin - In Hard Mode. To block advertisements, tracking scripts, and undesirable/unneeded content.