c'est bientôt noël, je vous propose tous les réglages que j'ai pu trouvé sur le web
/!\ Avant toutes modifications, sauvegardez votre profil firefox.
Code : Tout sélectionner
----------------------------------------------------------------
Firefox (and Tor) About:Config settings
----------------------------------------------------------------
- About:Config -
Your browser/computer might be leaking DNS queries, you can save some kilobytes of transfer by disabling DNS-Prefetching and Link-Prefetching:
network.dns.disablePrefetch (true)
One very important option is to disable Canvas support > https://addons.mozilla.org/en-US/firefox/addon/canvasblocker
CanvasBlocker | About:Addons > CanvasBlocker Options > Block Mode: Block Everything
----------------------------------------------------------------
Recommended User Agent, change with Modify Header Value:
* > User-Agent > Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0
----------------------------------------------------------------
WebRTC can be used to check your local IP address, so for privacy and security reasons you might want to disable it:
media.peerconnection.enabled (false)
media.peerconnection.turn.disable (true)
media.peerconnection.use_document_iceservers (false)
media.peerconnection.video.enabled (false)
media.peerconnection.identity.timeout (1)
----------------------------------------------------------------
There is a built-in module in Firefox that improves your security, but steals your privacy and anonymity. The module reports what you download to Google servers to check if the file is infected with any kind of malware:
browser.safebrowsing.appRepURL (Blank)
browser.safebrowsing.downloads.enabled (false)
browser.safebrowsing.enabled (false)
browser.safebrowsing.gethashURL (Blank)
browser.safebrowsing.malware.enabled (false)
browser.safebrowsing.phishing.enabled (false)
browser.safebrowsing.malware.reportURL (Blank)
browser.safebrowsing.reportErrorURL (Blank)
browser.safebrowsing.reportGenericURL (Blank)
browser.safebrowsing.reportMalwareErrorURL (Blank)
browser.safebrowsing.reportMalwareURL (Blank)
browser.safebrowsing.reportPhishURL (Blank)
browser.safebrowsing.reportURL (Blank)
browser.safebrowsing.updateURL (Blank)
services.sync.prefs.sync.browser.safebrowsing.enabled (false)
services.sync.prefs.sync.browser.safebrowsing.malware.enabled (false)
As for Google’s services in Firefox > Set the value of:
geo.wifi.uri to http://127.0.0.1 (or blank)
Firefox uses Google Location Service to determine your physical location, disable geolocation:
geo.enabled (false)
browser.search.geoip.url (Blank)
browser.search.geoip.timeout (1)
Disable using OS locale, force APP locale:
intl.locale.matchOS (false)
Disable geographically specific resultats/searchengines:
browser.search.geoSpecificDefaults (false)
browser.search.geoSpecificDefaults.url (Blank)
----------------------------------------------------------------
You shouldn't save any data for caching on your drive, it can be easily recovered even after a long time.
Disable the disk cache:
browser.cache.disk.enable (false)
browser.cache.offline.enable (false)
browser.cache.disk.capacity (0)
browser.cache.offline.capacity (0)
browser.cache.disk_cache_ssl (false)
Cache in RAM:
browser.cache.memory.enable (true)
Possibly choose a cache size for RAM (recommended):
browser.cache.memory.capacity (960000) (960000Kb = 120Mo). (/!\ incompatible with browser.sessionhistory.max_total_viewers (0) #207 /!\)
----------------------------------------------------------------
- Hiding your referers -
Referer logging is used to allow websites and web servers to identify where people are visiting them from, for promotional or statistical purposes.
network.http.sendRefererHeader | Determines when to send the Referer HTTP header:
0: Never send the referring URL
1: Send only on clicked links
2 (default): Send for links and images
^ Set it to 1, or to 0 ^ (/!\ 0 is the better option but may break a few websites /!\)
----------------------------------------------------------------
network.http.referer.XOriginPolicy:
0 (default): Always send
1: Send if base domains match
2: Send if hosts match
^ Set it to 2 ^
----------------------------------------------------------------
network.http.referer.spoofSource:
false (default): real referer
true: spoof referer (use target URI as referer)
^ Set it to true ^
----------------------------------------------------------------
network.http.referer.trimmingPolicy:
0 (default): send full URI
1: scheme+host+port+path
2: scheme+host+port
^ Set it to 2 ^
----------------------------------------------------------------
################ Updated Here ################
Add-ons I use:
Smart HTTPS - Automatically changes HTTP addresses to the secure HTTPS, and if loading encounters error, reverts it back to HTTP. Download: https://addons.mozilla.org/fr/firefox/addon/smart-https-revived/
uMatrix - Point & click to forbid/allow any class of requests made by your browser. Use it to block scripts, iframes, ads, facebook, etc. Download: https://addons.mozilla.org/en-US/firefox/addon/umatrix/
Bloody Vikings! - Simplifies the use of temporary e-mail addresses in order to protect your real address from spam. Supports inter alia 10minutemail.com and anonbox.net.
Download: https://addons.mozilla.org/en-US/firefox/addon/bloody-vikings/
CanvasBlocker - Blocks the JS-API for modifying <canvas> to prevent Canvas-Fingerprinting.</canvas>. Download: https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/
Modify Header Value (HTTP Headers) - Add, modify or remove a header for any request on desired domains. Download: https://addons.mozilla.org/en-US/firefox/addon/modify-header-value/
################ Updated Here ################
----------------------------------------------------------------
DOM storage has become a much bigger threat to our privacy than the dreaded cookies were. Unfortunately this technology is certainly set to leave cookies in the dust, so changing the default value of this configuration to false is strongly recommended for security reasons:
dom.storage.enabled (false) (/!\ Please note that it may cause a few web sites not to work properly at the same time)
Link prefetching, is when a web page hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user request.
By setting network.prefetch-next to false, we are controlling the following:
network.prefetch-next (false)
The setting below has been suggested a few times, but never adopted. There is new evidence of its benefit.The default is being exploited in the wild to fool users so I would consider it a security issue: https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/
network.IDN_show_punycode (true)
----------------------------------------------------------------
Disable Seer/Necko
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Necko:
network.captive-portal-service.enabled (false)
network.predictor.enabled (false)
Disable tracking protection:
privacy.trackingprotection.pbmode.enabled (false)
Disable IPV6:
network.dns.disableIPv6 (true)
WebGL (Web-based Graphics Library) is a collection of code for JavaScript that makes it possible for a website to access your video card in order to display interactive 3D-graphics using the HTML5 Canvas element—without using any third-party plug-ins.
WebGL can be a threat to your device security and online anonymity:
webgl.disabled (true)
webgl.enable-webgl2 (false)
----------------------------------------------------------------
Since Firefox 2.0 introduces a built-in Session Restore feature, allowing the user to continue browsing from where they left off if browser restarts. This preference controls when to store extra information about a session: contents of forms, scrollbar positions, cookies, and POST data.
Browser.sessionstore.privacy_level:
0 = Store extra session data for any site
1 = Store extra session data for unencrypted
2 = Never store extra session data
^ Set it to 2 ^
----------------------------------------------------------------
Reduce the amount of RAM Firefox uses for its cache feature, do not store any pages in memory:
browser.sessionhistory.max_total_viewers (0) (/!\ incompatible with browser.cache.memory.capacity #87 /!\)
Don't cache HTTP or HTTPS files:
network.http.use-cache (false)
Disable SSL Error Reporting - PRIVACY:
security.ssl.errorReporting.enabled (false)
Disable crash reporting to Mozilla:
breakpad.reportURL (Blank)
Number of processus (min1/max7).Depends on the size of your RAM:
dom.ipc.processCount (4)
New Cache Firefox:
browser.cache.use_new_backend (1)
Disable navigator.sendBeacon. This method meets the needs of certain analytical or diagnostic codes that attempt to send data to a web server before unloading the document. Sending the data earlier could result in a missed opportunity to collect data:
beacon.enabled (false)
Disable letting websites know if you have info from them in your clipboard:
dom.event.clipboardevents.enabled (false)
Disable Storage API (FF51+) which gives sites’ code the ability to find out how much space.They can use, how much they are already using, and even control whether or not they need to be alerted before the user agent disposes of site data in order to make room for other things.
dom.storageManager.enabled (false)
Disable Web Audio API (Audio fingerprinting):
dom.webaudio.enabled (false)
Disable device sensor API - fingerprinting vector:
device.sensors.enabled (false)
Disable link-mouseover opening connection to linked server:
network.http.speculative-parallel-limit (0)
----------------------------------------------------------------
Telemetry is an automated communications process by which measurements and other data are collected at remote or inaccessible points and transmitted to receiving equipment for monitoring.
Disable Telmetry:
toolkit.telemetry.archive.enabled (false)
toolkit.telemetry.bhrPing.enabled (false)
toolkit.telemetry.firstShutdownPing.enabled (false)
toolkit.telemetry.infoURL (Blank)
toolkit.telemetry.newProfilePing.enabled (false)
toolkit.telemetry.reportingpolicy.firstRun (false)
toolkit.telemetry.server (Blank)
toolkit.telemetry.shutdownPingSender.enabled (false)
toolkit.telemetry.unified (false)
toolkit.telemetry.updatePing.enabled (false)
experiments.activeExperiment (false)
experiments.enabled (false)
experiments.manifest.uri (Blank)
experiments.supported (false)
Disable new tab tile ads & preload & marketing junk:
browser.newtabpage.enabled (false)
browser.newtabpage.introShown (true)
browser.newtabpage.enhanced (false)
browser.newtab.preload (false)
----------------------------------------------------------------
A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains:
privacy.firstparty.isolate (true)
A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting:
privacy.resistFingerprinting (true) (/!\ starts window minimized /!\)
Disable history suggestions whith SYNC – PRIVACY:
services.sync.prefs.sync.browser.urlbar.suggest.history (false)
services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped (false)
----------------------------------------------------------------
This is Mozilla’s new built in tracking protection. It uses Disconnect.me filter list, which is redundant if you are already using uBlock Origin 3rd party filters, therefore you should set it to false if you are using the add-on functionalitie:
privacy.trackingprotection.enabled (true) (/!\ :(false) if you use uMatrix or uBlockO - duplicate /!\)
The attribute would be useful for letting websites track visitors’ clicks:
browser.send_pings (false)
browser.send_pings.require_same_host (true)
Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -> History -> Recently Closed Tabs:
browser.sessionstore.max_tabs_undo (0)
Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect to:
browser.urlbar.speculativeConnect.enabled (false)
Website owners can track the battery status of your device:
dom.battery.enabled (false)
Websites can track the microphone and camera status of your device:
media.navigator.enabled (false)
Disable video statistics – JS performance fingerprinting
https://trac.torproject.org/projects/tor/ticket/15757:
media.video_stats.enabled (false)
----------------------------------------------------------------
Disable cookies:
0 = Accept all cookies by default
1 = Only accept from the originating site (block third party cookies)
2 = Block all cookies by default
network.cookie.cookieBehavior (1)
cookies are deleted at the end of the session:
0 = Accept cookies normally
1 = Prompt for each cookie
2 = Accept for current session only
3 = Accept for N days
network.cookie.lifetimePolicy (2)
----------------------------------------------------------------
POPUP windows - prevent or allow javascript UI meddling:
dom.disable_window_move_resize (true)
dom.disable_window_open_feature.close (true)
dom.disable_window_open_feature.personalbar (true)
dom.disable_window_open_feature.titlebar (true)
dom.disable_window_open_feature.toolbar (true)
Disable keyboard fingerprinting:
dom.keyboardevent.code.enabled (false)
Disable resource/navigation timing:
dom.enable_resource_timing (false)
dom.enable_user_timing (false)
Disable timing attacks - javascript performance fingerprinting:
dom.enable_performance (false)
Display all parts of the url. Why rely on just a visual clue - helps SECURITY:
browser.urlbar.trimURLs (false)
Disable css querying page history - css history leak - PRIVACY:
layout.css.visited_links_enabled (false)
Disable auto-play of media - what are the implications, we already have click to play:
media.autoplay.enabled (false)
Disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers:
datareporting.policy.dataSubmissionEnabled (false)
Disable "Reader View":
reader.parse-on-load.enabled (false)
Always ask the user where to download - enforce user interaction for security:
browser.download.useDownloadDir (false)
Disable WebIDE to prevent remote debugging and add-on downloads:
devtools.webide.enabled (false)
devtools.webide.autoinstallADBHelper (false)
devtools.webide.autoinstallFxdtAdapters (false)
devtools.debugger.remote-enabled (false)
devtools.cache.disabled (true)
Disable add-on metadata updating:
extensions.getAddons.cache.enabled (false)
Disable SPDY as it can contain identifiers.
https://www.torproject.org/projects/torbrowser/design/#identifier-linkability:
network.http.spdy.enabled (false)
network.http.spdy.enabled.deps (false)
network.http.spdy.enabled.http2 (false)
Force FF to tell you if a website asks to store data for offline use:
offline-apps.allow_by_default (false)
----------------------------------------------------------------
Thanks to SirUnnice and to all other :)
----------------------------------------------------------------
/!\ Veuillez noter qu'il vous faudra créer un deuxième profil firefox pour vos achats en ligne.
Si la langue passe en anglais, modifiez general.useragent.locale à fr-FR
Vous pouvez remplacer Umatrix par UblockOrigin ou utilisez les deux en même temps.
Pour celles-ceux qui veulent un tuto pour ces deux extensions:
https://vive-gnulinux.fr.cr/ublocko-umatrix-ns/
J'en profite pour donner un avis très positif de Quantum, contrairement à ce qu'on peut lire sur le web
PS: Je sais qu'il y a des membres du forum très callés donc s'il y a des réglages qui ne vont pas avec le dernier firefox ou éventuellement des rajouts, merci de me le faire savoir pour que je modifie cette liste
Edits:
-Rajout de browser.cache.memory.enable (True) et de browser.cache.memory.capacity (960000) comme me l'a suggéré Demot et les réglages pour la télémétrie.
-Rajout de commentaires.
-Rajout de network.IDN_show_punycode (true)
-Suppression des valeurs de pipellining devenues inutiles avec Quantum.
