Firefox is NOT private. Here's how to fix it. (Firefox Hardening)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
if you're using Firefox then there's a good chance that you care more about user privacy than most users do and for good reason because with the amount of big companies tracking you across the internet these days it's very rational to care about your privacy and not want to give away all your data to companies to sell to advertisers but does Mozilla Firefox really care about privacy as much as they claim they do as you can see I'm here on the Mozilla homepage and they have a giant Banner here telling you how much they care about privacy but let's just take a look through a default Firefox installation and just see how it looks so one of the first things that you might notice is that the default search is Google so if I type in something here it will send it to Google now I understand that Google gives them a lot of money that's why they have Google as their default search engine but it's just a very strange decision for a privacy respecting web browser to have one of the least privacy respecting companies as their default search engine they also heavily promote their service pocket which is kind of this read later service where you can save articles here and then pick them up later but this is a closed Source service that collects a whole bunch of data about you you can see in their privacy policy right here they collect a whole bunch of information and they're even prompting me right here to accept cookies from advertisers so that they can track me and give me more personalized ads that is not something I would expect to see featured in a privacy browser Mozilla also collects a lot a lot of telemetry about you so this is information they're reporting back in order to improve their browser but let's take a look at all of the information that it sends Mozilla so this is all of it right here and I have to scroll down all day in order to actually get down to the bottom of this because Mozilla collects almost every interaction that you have with your UI which I understand they want to improve their web browser but this is just so much information that they're sending home I don't really want to send all this information to Mozilla I don't really want to send Mozilla anything and so I really don't like the amount of telemetry that is enabled by default Amazon just makes a lot of other questionable decisions like in their add-on store if you go to add-ons.mozilla.org they are using Google analytics under the hood so they're sending data to Google through Google analytics and there's so many privacy respecting analytics software's out there that is just a very weird decision to use Google and previously I don't think they do this anymore but they would even embed Google analytics into the extensions page in your settings so when you were scrolling through here trying to search for some new add-ons in your extensions page Google analytics was here too so what their track record is just very hard for me to trust Mozilla but not just that Firefox is not really that private by default sure they have some features but but a lot of them aren't on by default like if you want enhanced tracking protection then you would want to check this strict option right here that will give you much better protection against some trackers that can follow you around the internet and there are some settings that aren't even in this menu if you want more advanced privacy options or you may just be like me and find a lot of features of Mozilla Firefox annoying like they have ads baked into their settings page more from Mozilla they're trying to get me to download Firefox mobile and sign up for Firefox relay I don't want to they have Firefox sync which personally I never use so I wish I could disable it but there isn't an easy way from the UI they have this Firefox view page right here which I find is useless and there are a lot of things that you can't even disable from the settings menu like this save page to pocket that comes up whenever you right click on a page and if you want to change a lot of these settings you have to go into this scary menu called about config it's going to give you a warning right here but this is a bunch of hidden preferences and if you want to disable something like pocket you can go ahead and search for pocket and you can toggle this on and off and as you can see pocket has now disappeared but if we were to go through this menu and manually disable and enable all the features we want and don't want then that would be very time consuming and it's got to be an easier way maybe just like one switch I can flip to make Firefox the way I wanted to and there actually is something like that and it's called a user JS file so this is a user.js file that I'm using right now and as you can see it is flipping a whole bunch of preferences here and you can download these from other people who have already made a giant list of preferences to enhance your privacy and security using Firefox so in this video I'm going to show you three of my favorite ones it's going to be better Fox Arc and fox and narcel's easier.js and so this is going to be kind of three levels of privacy and secure 30 depending on how much you care about it so the first one better Fox is going to be what you want to pick if you don't want to have any breakage because a lot of websites can break in the name of privacy if you use a super privacy respecting browser then it is going to come at the cost of convenience so you have to weigh the benefits if you don't want all of your favorite websites to break and you have to use some workarounds then I would use better Fox Arkansas is if you want a little bit more advanced privacy but you probably will have to make some changes to this user JS and customize it to disable a lot of the stricter features that you may not want and finally this user.js tries to disable almost everything any connection to Mozilla so if you're a real stickler you want to use this but first things first let's go over how to install these user.js files and so first things first you'll want to find your profile so you can do this by going to about profiles in your address bar and profiles are kind of like users where each profile has their own settings and bookmarks and history so I would recommend you create a new profile for this but you can use your existing profile if you want there's probably just going to be one profile by default called something like default user but you can create a new profile if you want and just next through all of these just give it a name or just add something to your existing profile and you just want to click open directory right here under root directory and this is going to pop up in a file manager and take you somewhere like this just a file explorer with a whole bunch of files in here you can also navigate here manually it's probably going to be in your home folder under dot Mozilla Firefox but now we want to get the user.js file and so let's start with better Fox let's scroll down here and click user.js here and we can just copy this whole file and now let's make sure we're in the better Fox profile and if you just created this profile then you can probably delete all of this in here if this is an existing profile then you don't want to delete everything of course but let's create a new file called user.js of course paste all that in here save it and now we just need to restart Firefox and as you can see after we add the user.js a lot of things are going to be different here so there's no more pocket integration there is no more firefox sync and if we go into the settings then the tracking protection is going to be stricter so the user.js makes a whole bunch of useful changes and makes the defaults much more sensible in my opinion of course you can still go through here and change some settings you do still need to change the default search engine from Google that is one thing the user.js does not do but there are probably some things that you want to change for example maybe you really like Firefox sync and the fact that they took it out you don't like that so what you can do let's go back to the better Fox GitHub page a lot of these products will have common overrides that many people will want to change and so we can scroll down here and click on common overrides and these are some settings that you might want to override so let's go down here and find firefox sync let's say we want to re-enable this so we can copy this line right here go back to our user JS edit this and you want to go down to the bottom of this file they even have a section here called my overrides and we can paste this in here and then once we restart Firefox again we can see in the menu that firefox sync is back so if you want to toggle on and off some options you can do that and these are going to be the most common overrides like maybe you want to be a little bit more private and you want to block social media posts on web pages like embedded Reddit posts or embedded tweets maybe you want to allow websites to ask you for your location those are all settings that you can change here and so by default I think that better Fox is a very good user JS file if you just want to use your web browser as normal just without all of the Mozilla junk that Mozilla adds to it and so I highly recommend checking this project out but if you want something a little bit more advanced then you should check out Arc and Fox's user.js now this is one of the most popular ones and this is very focused on privacy and security as you can see over here Firefox privacy security and anti-tracking that is what this user.js is all about and Arc inbox is going to be much stricter than something like better Fox and it's actually going to break a lot more features and websites so let me just show you what this is going to look like I have an arc and fox profile right here let's just launch this and let's just test out Arc and fox and you might see some weird things right away like if we do a search in your address bar it's giving us an error so search is disabled from the address bar by default I guess so you don't accidentally send some data to Google but you have to manually type things in if you want to visit that website and there are these black bars around your screen and there are just a lot of other weird settings like this that will help you be more private but you probably don't want them and so if you're using Arc and fox I highly recommend reading through the wiki so if you go to the GitHub and go to the wiki this is required reading if you have any questions or issues with Arc and fox and what you'll probably want to see is the overrides right here and this will solve a lot of the most annoying issues so Argan FOX also deletes all the cookies and site data on close which will log you out of every website which may be annoying you may not want to log into your favorite websites every time and you can disable that or just add site exceptions but you can find out how to do that on this page and if you're like me you do want to enable automatic search from the URL bar so we can find the setting it is 0801 and so if you're going to our user.js file for Arc and fox we can search for 0801 and we can see as this preference right here keyword enabled false what we can do is copy this go down to the bottom of the file and just change this to true and then if we restart Arc and fox we can now search from the URL bar again but one other big privacy feature that you may want to turn off is going to be RFP or resist fingerprinting and so even if you take a lot of privacy steps like deleting your cookies a lot of these big advertisers can still track you and know that it's you by fingerprinting your browser and they do that by looking at a whole bunch of different information about your system like I'm on Linux I'm on Firefox version 110 I'm on this specific time zone I'm using the English language and they get all of these small little data points even which specific add-ons I'm using in my browser and once you take all these little data points you can really narrow it down to just me so this website says that I am unique there is nobody else that shares my exact browser fingerprint and so these tracking companies even if they don't know anything else about me just by looking at my computer they can tell that it is me personally and if you want to kind of defeat this a little bit you can use resist fingerprinting and this will spoof a lot of things like it spoofs your time zone they can track you through your preference for light mode or dark mode so it forces you to use light mode and in theory this will make you a little bit less unique so they can even track you through the size of your window right here so you can see by the side of my window it's not what most people would be using most people would probably be using a full screen window so that's what these black bars are doing on the side is kind of spoofing my window resolution so it's a little bit harder to see that it's actually me and this is not going to completely stop all of the fingerprinting as you can see I can take this to my arc and fox installation and run to see if I am unique and of course I still am but this will probably defeat some more basic tracking so you can leave this on but in my opinion the annoyances of this like Forest light mode and these black bars on the side of my screen and it kind of outweighs the benefits that it can give to me so personally I turn this off but you may want to turn this on and you can disable certain parts like just the letterboxing or the black bars on the side and keep the rest if you want now besides all that Arc and fox has a few other nice features that you might find useful like it has an updater script so we can copy this and put it in our Arc and fox directory let's say updater.sh and now we can run bashupdator.sh and it will automatically pull in the latest changes from Arc and Fox's GitHub because every time Firefox updates they'll probably add or remove a few of these preferences and this just keeps it up to date so we can continue with yes but do note that if you use this tool you'll want to keep your overrides in a separate file in user overrides.js otherwise it will overwrite all of your overrides so you'll just want to make a new file like this and then paste all the overrides in this file and then run the updater script and if you do use this updater script then you'll also want to just run press cleaner as well this is another script right here that will just disable any unused preferences after you update so just run this after you update and you should be fine so it's still not automatic updates you still do have to go through and manually run the updater script every time that Firefox releases you don't really need to do it every time but that should be something you check every once in a while even if you're using something like better fox you'll probably just want to get the latest user.js file every once in a while but one more thing about Arc and fox that I don't really like is that they don't disable a lot of the Mozilla annoyances that I have so they still have this ad in the settings menu they still have Firefox view pocket and Firefox sync so you do have to go and manually disable those in your user.js file that can be a little bit annoying but Arc and fox is really well documented so it's not that difficult and finally let's go over my personal favorite which is narcel's user.js and this is a fork of Arc and fox so it's going to be very similar to Arcade Fox but this is going to be even more strict and basically strip out any connection that could possibly be made to Mozilla or any third party and I do actually recommend narsal's user.js but it is much less documented than arkanfox's so I would only really use this if you know what you're doing already if you're not sure I would just use better fox or Arc and fox but this really disables everything in the name of privacy it even could possibly make your browser a little bit less secure because there is this service that Firefox uses called Google safe browsing and it basically downloads a list from Google of malicious websites Amazon isn't sending your data to Google all it's really doing is downloading a file from Google and then comparing where you're going to this file so it's not a huge privacy issue but some people might just want to completely disable any connections to Google no matter what they are and so this disables Google safe browsing and so you're not going to get warned if you're going to a malicious website you can kind of mitigate this with ublock origin by default if you're going to a malicious website you block origin will step in and tell you where you're going is malicious so you don't necessarily need it but that is something to think about if you do want to use this use your JS file and I do like this more than Arc and fox because it does disable a lot of the Mozilla junk by default which I always appreciate saved me a little bit of time but this is probably one of the strictest user JS files out there so I would check this out if that sounds interesting if it doesn't just give it a pass and one more thing if you use narsal's user.js they even strip out automatic updates from Mozilla so of course when you automatically update these add-ons they are pinging Mozilla servers and this strips that out so you might need to update the add-ons manually if that's too much you can just override that in your user.js and finally you might be wondering which add-ons should you be using in order to make your Firefox more private and secure and I think the only one that you really need is ublock origin and this is actually all that most people need these days so I know before there are a whole bunch of privacy extensions like https everywhere but a lot of that had actually already been implemented in the browser so some extension like https everywhere where it would automatically upgrade you to SSL every time you go to a website that has already been implemented in Firefox Firefox will already upgrade you to https automatically and all these user.js files automatically turn that preference on so I just have a few other ones here canvas blocker if you disable resist fingerprinting but you still want to have some fingerprinting protection you can add this and then just some quality of life stuff like premium so I can use my Bim keys but finally you might be wondering what do I recommend so I recommend all these actually just use better Fox if you don't want to break any websites or break any features of your browser use arcanfox if you're a little bit more serious about privacy and don't mind reading through the wiki trying to figure everything out yourself and finally you can use narsal's user.js if you're a tinfoil Hatter like me finally I gotta give a shout out to librew Wolf I want to do a video on this soon but librew wolf is is a fork of Firefox that implements a lot of these changes in these user.js files just by default so if you don't even want to go through the work of doing this you can just install librew wolf and that is another good option but it isn't really that different from just hardening Firefox with a custom user.js so it's not really necessary it's just another option if you want and I'll probably have a video on this in the future but once you do this once you install a custom user.js you can now rest easy and just browse the internet in peace you can finally make Firefox good again without all of the craft that Mozilla adds to it and hopefully you can enjoy the web a little bit more privately
Info
Channel: Eric Murphy
Views: 201,472
Rating: undefined out of 5
Keywords: firefox, hardening, firefox hardening, hardening firefox, ghacks, arkenfox, betterfox, narsil, spyware, spyware watchdog, private, privacy, user privacy, data privacy, online privacy, secure, security, google safe browsing, pocket, telemetry, disable, userjs, user.js, user.js file, about:config, firefox config, de-mozilla, demozilla, google, google analytics, analytics, crash reporting, linux, unix, web browsers, windows, macos, defaults, settings, preferences, options, config, configuration, tutorial, guide
Id: Fr8UFJzpNls
Channel Id: undefined
Length: 18min 45sec (1125 seconds)
Published: Tue Mar 07 2023
Related Videos
The ULTIMATE Browser Tier List (Based Tier to Spyware Tier)
Eric Murphy
2M
Hawk Tuah! 😗 Fails Of The Week
FailArmy
95K
Making Firefox Great Again
Mental Outlaw
372K
Why I can’t use the perfect browser
Asher Dipprey
6.8K
Why Are Open Source Alternatives So Bad?
Eric Murphy
477K
How to browse your favorite websites WITHOUT the creepy tracking
Eric Murphy
43K
How Mozilla Ruined Firefox
Eric Murphy
315K
YouTube Has Gone Too Far This Time
Mental Outlaw
925K
The MOST private browser
Naomi Brockwell TV
840K
Best Browser Privacy? Edge vs Chrome vs Firefox vs Brave in Wireshark
The PC Security Channel
399K
How ThinkPads Became The Internet's Favorite Laptop
Eric Murphy
829K
How DuckDuckGo Was Caught Spying On You...
SomeOrdinaryGamers
1.2M
Simple, Non-Commercial, Open Source Notes
By Default
766K
I DON'T like my web browsing options in 2024...
InfinitelyGalactic
70K
I'm leaving Firefox, and this is the browser I picked...
The Linux Experiment
1.2M
this new SSH exploit is absolutely wild
Low Level Learning
302K
Web Browser Tier List (For Privacy)
Ken Harris
34K
How Google's Chromium Took Over the Browser World
Eric Murphy
247K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.