├── LICENSE └── readme.md /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 amq 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | This list aims to block core Firefox features which *actively* leak data to third-party services (as opposed to attempts of sites to track you or otherwise passively collect information). As it isn't always easy to draw a strict line, the most critical passive data faucets like WebRTC are also mentioned. 2 | 3 | We are not breaking the browsing experience, so you won't find things like spoofing referrers and canvas properties here. 4 | 5 | To change the settings open ```about:config```. 6 | 7 | #### [Google Safe Browsing](https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work) 8 | 9 | Leaks the browsing history to Google. Note that disabling Safe Browsing exposes you to a risk of not being stopped from visiting malicious or phishing sites. 10 | ``` 11 | browser.safebrowsing.enabled = false 12 | browser.safebrowsing.downloads.enabled = false 13 | browser.safebrowsing.malware.enabled = false 14 | ``` 15 | 16 | #### Firefox stats collecting 17 | 18 | [Stability and performance reports.](https://www.mozilla.org/en-US/privacy/firefox/#health-report) 19 | ``` 20 | datareporting.healthreport.service.enabled = false 21 | datareporting.healthreport.uploadEnabled = false 22 | ``` 23 | 24 | [Usage statistics.](https://www.mozilla.org/en-US/privacy/firefox/#telemetry) 25 | ``` 26 | toolkit.telemetry.unified = false 27 | toolkit.telemetry.enabled = false 28 | ``` 29 | 30 | #### [Encrypted Media Extensions (DRM)](https://wiki.mozilla.org/Media/EME) 31 | 32 | A binary plugin (closed-source) is shipped with Firefox since v38. It enables playback of encrypted media and lets you use e.g. Netflix without Microsoft Silverlight. To completely remove the plugin you would have to install an [EME-free](http://download.cdn.mozilla.net/pub/firefox/releases/latest/win32-EME-free/) build of Firefox. 33 | ``` 34 | media.eme.enabled = false 35 | media.gmp-eme-adobe.enabled = false 36 | ``` 37 | 38 | #### [Firefox Hello](https://support.mozilla.org/en-US/kb/firefox-hello-video-and-voice-conversations-online) 39 | 40 | Firefox connects to third-party (Telefonica) servers without asking for permission. 41 | ``` 42 | loop.enabled = false 43 | ``` 44 | 45 | #### [Pocket integration](https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox) 46 | 47 | A third-party service for managing a reading list of articles. 48 | ``` 49 | browser.pocket.enabled = false 50 | ``` 51 | 52 | #### Search suggestions 53 | 54 | Everything you type in the search box is sent to the search engine. Suggestions based on local history will still work. 55 | ``` 56 | browser.search.suggest.enabled = false 57 | ``` 58 | 59 | #### [WebRTC](https://wiki.mozilla.org/Media/WebRTC) 60 | 61 | Leaks the real IP when using VPN/TOR. [Description and demo](https://github.com/diafygi/webrtc-ips). 62 | ``` 63 | media.peerconnection.enabled = false 64 | ``` 65 | 66 | Instead of completely disabling WebRTC you could also make it connect over [the default route only](https://wiki.mozilla.org/Media/WebRTC/Privacy) using: 67 | ``` 68 | media.peerconnection.ice.default_address_only = true 69 | ``` 70 | 71 | #### [Geolocation](https://www.mozilla.org/en-US/firefox/geolocation/) 72 | ``` 73 | geo.enabled = false 74 | ``` 75 | 76 | #### Adobe Flash 77 | ``` 78 | plugin.state.flash = 0 79 | ``` 80 | 81 | --- 82 | 83 | #### Important changes 84 | 0.1 - initial commit 85 | 86 | 0.2 - removed mention of ```Reader mode``` (it doesn't leak data\*) and added ```browser.safebrowsing.remoteLookups``` (it is confirmed to stop leaking data to Google while keeping Safe Browsing on\*). 87 | 88 | 0.3 - ```browser.safebrowsing.remoteLookups``` turned out to do nothing after all. Actually, it was [removed](https://bugzilla.mozilla.org/show_bug.cgi?id=388652). Requests to the Google Safe Search API are not made often, so at first I thought they were gone. 89 | 90 | 0.4 - removed mention of ```Tracking Protection```, because while blocking trackers, it ["uses the same API as Google Safe Browsing"](https://github.com/amq/firefox-debloat/pull/2#issuecomment-115728580). I would recommend using [uBlock](https://github.com/chrisaljoudi/uBlock) for this purpose instead. 91 | 92 | 0.5 - added ```toolkit.telemetry.unified```, ```Adobe Flash``` and ```media.peerconnection.ice.default_address_only```. 93 | 94 | \* tested using Fiddler 95 | 96 | 97 | --- 98 | 99 | Pull requests are welcome. 100 | 101 | --- 102 | 103 | [Discussion of HN](https://news.ycombinator.com/item?id=9779440) 104 | --------------------------------------------------------------------------------