This list aims to block core Firefox features which actively leak data to third-party services (as opposed to attempts of sites to track you or otherwise passively collect information). As it isn't always easy to draw a strict line, the most critical passive data faucets like WebRTC are also mentioned.
We are not breaking the browsing experience, so you won't find things like spoofing referrers and canvas properties here.
To change the settings open about:config
.
Leaks the browsing history to Google. Note that disabling Safe Browsing exposes you to a risk of not being stopped from visiting malicious or phishing sites.
browser.safebrowsing.enabled = false
browser.safebrowsing.downloads.enabled = false
browser.safebrowsing.malware.enabled = false
Stability and performance reports.
datareporting.healthreport.service.enabled = false
datareporting.healthreport.uploadEnabled = false
toolkit.telemetry.unified = false
toolkit.telemetry.enabled = false
A binary plugin (closed-source) is shipped with Firefox since v38. It enables playback of encrypted media and lets you use e.g. Netflix without Microsoft Silverlight. To completely remove the plugin you would have to install an EME-free build of Firefox.
media.eme.enabled = false
media.gmp-eme-adobe.enabled = false
Firefox connects to third-party (Telefonica) servers without asking for permission.
loop.enabled = false
A third-party service for managing a reading list of articles.
browser.pocket.enabled = false
Everything you type in the search box is sent to the search engine. Suggestions based on local history will still work.
browser.search.suggest.enabled = false
Leaks the real IP when using VPN/TOR. Description and demo.
media.peerconnection.enabled = false
Instead of completely disabling WebRTC you could also make it connect over the default route only using:
media.peerconnection.ice.default_address_only = true
geo.enabled = false
plugin.state.flash = 0
0.1 - initial commit
0.2 - removed mention of Reader mode
(it doesn't leak data*) and added browser.safebrowsing.remoteLookups
(it is confirmed to stop leaking data to Google while keeping Safe Browsing on*).
0.3 - browser.safebrowsing.remoteLookups
turned out to do nothing after all. Actually, it was removed. Requests to the Google Safe Search API are not made often, so at first I thought they were gone.
0.4 - removed mention of Tracking Protection
, because while blocking trackers, it "uses the same API as Google Safe Browsing". I would recommend using uBlock for this purpose instead.
0.5 - added toolkit.telemetry.unified
, Adobe Flash
and media.peerconnection.ice.default_address_only
.
* tested using Fiddler
Pull requests are welcome.