Do NOT use any profile of firefox without using ghack’s privacy-enabling user.js profile file. Despite mozilla org lamentations on the state of privacy while boasting their respect of your privacy it is soooper evident they don’t.
https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview
For this you’ll need to know how to use Firefox Profile Manager. You can (and should) partition browsing better than containers with multiple profiles. Edit your firefox link with these additional switches (linux, windows, macos)
–no-remote -P
The first switch is a double dash. It allows multiple instances to run each with a profile. The second switch is a BIG P. You don’t want a small p. It opens the interactive profile picker.
To open the profile directory without knowing where it is open the Firefox Help menu, Troubleshooting information, click 2nd Open Folder. Alternately browse to about:support
Two options: clear or dirty. It’s likely most people will want dirty.
Option 1, clean
- create a new profile
- backup your primary profile fileset: right click, create new 7z archive. Backup.
- launch new profile, exit
- delete all the new profile files
- downgrade to firefox v74
- create a copy of these 4 files:
- cert9.db
- key4.db
- pkcs11.txt
- logins.json
- copy them into empty new profile directory
- copy ghack’s user.js into profile directory
- launch profile
- enable Master password
- delete first copy of 4 files
- backup new 4 files for easier reuse new profiles
- upgrade firefox
- launch new profile
- import bookmarks from prior profile
- add back essential adblock extensions, and minimize extension bloat
Option 2, dirty
Edit your firefox link with these additional switches (linux, windows, macos)
–no-remote -P –allow-downgrade
- backup your primary profile fileset: right click, and create new 7z archive
- store 7z file outside/above a mozilla directory
- backup
- downgrade to firefox v74
- launch profile
- enable master password, set password
- exit profile
- upgrade firefox
- copy ghack’s user.js into profile directory
- launch new profile
Profile manager necessity
Not for dirty option strictly. Embrace your new power
Firefox STILL uses absolute file paths for a number of features. Copying those files between directories (profiles) is no end of fun to correct.
older versions of firefox
for newer MacOS you want this one
for 64bit windows you want this one
for x64 linuxes self sufficiency is assumed
these are locality en-US. Change directory yourself to suit
DoH firefox
Now configure DNS over HTTPS in firefox for poweruser adblocking, reducing page loading time, increasing prviacy. Use both DNS filtering and browser level extension (uBlock Origin, Privacy Possum, Temporary Containers, Multi-Account Containers, Decentral Eyes)
- Settings
- General
- (at bottom)
- Network settings
- [check] Enable DNS over HTTPs
- [check] custom
- paste server address
- lookup your custom server address on browser sub-tab of https://my.nextdns.io/setup
- do NOT enter ^ that url into this firefox field. your address will look lilke https://dns.nextdns.io/0ad5example0ad5/browswernickname (also don’t enter this fake address example)
- change your browsernickname to whatever to make whitelisting tinkering easier for multiple devices
- Compete their steps 6 & 7 on my.nextdns.io/setup
DoH quick configure
Currently the default of NextDNS is not-ablocking. After creating your free account – which is free in the Traditional Sense of the word free – then
- open their tab security: [check] block parked domains, [check] block newly registered
- open their tab privacy: click add block list: choose ‘nextdns recommended’, choose ‘dbl.oisd.nl’. If windows also choose ‘WindowsSpyBlocker’, and enable ‘Native Tracking Protection’. If MacOS add ‘Native Tracking Protection’.
- [check] enable disguised tracking protection. it’s a step closer to ASN level adblocking.
- open their settings page: [UNcheck] block page
- [check] enable logs until you are happy with your blacklist, whitelist, and spoof rules, or if you want to keep pretty graphs
future of adblocking
must return to hybridized DNS, privoxy, deeper internets functions like ASN blocking. The great firefox nightly security features need not bloat the interweb browser. They need to live in an external proxy. All hail privoxy.
webmail adblock
If you are whoring your privacy for “free” webmail also install Webmail Ad Blocker (maintained by a magical thinking radical progressive with an ironic affection for being paid for his work). It is a great mix of userscript and css. I have not raked through its source recently so your privacy value mileage might vary.
remove sham extensions
If you are using Ad”block” Plus by deceitful, untrustworthy Wladimir Palant immediately uninstall that sellout’s garbage then install uBlock Origin. Ad”Block” Plus by default enables a global whitelist to unblock ads. This is the opposite purpose of adblocking. His description of the functionality is deceitful. He is untrustworthy for having it default always to ON. He collects money from advertisers for placement on his whitelist. That’s super scummy.
ram whore
I leave session manager enabled. When firefox resource use rises to unacceptable levels I end-task, relaunch profile, and restore some/all session. This is inane, but essential. 38% cpu and 2.4gigs ram? No. Force end. Relaunch. Yay.
DNS over HTTPS and adblocking extensions are unrelated to the crux of this article but helpful to privacy which is hand in glove with security.
