Firefox Hardening: Quick Arkenfox guide

Firefox is pretty good, but out of the box it takes some configuring for more privacy and security. You could just use LibreWolf which has better defaults, or you could use Arkenfox, which does a lot of the configuring for you and is currently updated regularly.

So this is an Arkenfox tutorial; the wiki is too long.

If you're looking for something more pedestrian that doesn't require tinkering you might want to consider LibreWolf. This guide is a recent resource if you want to know more about hardening and how to do the basics manually. This guide is a little dated but has some useful ideas like disabling password and location prompts.

Backup ffs

You don't have to lose any data if you do this correctly, but back up your Firefox profile directory just in case. You can also create a new profile just to fuck around with this. Find profile directory in about:support > Application Basics > Profile Folder.

Waht

Arkenfox utilizes the user.js file. You can plop any firefox setting into user.js and ff will apply it. Maintaining that yourself iz hard, though. Ff and privacy landscape changes constantly; who has time to read ff changelogs every update? Well, the contributors to the arkenfox project have time, apparently.

How

  1. Clone the project and cp prefsCleaner.sh, updater.sh and user.js into your profile folder. (or the .bat variants on Windows)
  2. Run the cleanup script if you are not using a new profile.
  3. Open ff.
  4. Profit

Customize

Now, arkenfox is "privacy by default" in many ways and may disable some features you actually want. Here's what the common issues are and code snippets to change them. Take a look at those links; Arkenfox also does things like disable browser history and DRM, so you may get a nasty surprise by all your data being wiped if you don't understand the consequences.

Any behavior that you want to change, like in the aforementioned snippets, put in user-overrides.js.

Here's an example to disable Mozilla's pocket extension:

// user-overrides.js
user_pref("extensions.pocket.enabled", false);

Apply changes

Every time

  • firefox/arkenfox updates
  • you change your user-overrides.js

Run updater.sh. It gets the latest user.js and applies your patches from user-overrides.js. Then, run prefsCleaner.sh.

ALWAYS RUN prefsCleaner.sh

runPrefsCleaner.jpg

Image credit arkenfox changelog 97

Extensions

Install uBlock Origin. Don't bother with other extensions.

Ok, maybe bother a little

  • Skip Redirect
  • Dark Reader

"Ff borked" or "My override isn't working"

It's probably your fault. When ff opens press Ctrl+Shift+J and find the semicolon you missed.

"A webpage used to work now borked"

There's a few possible reasons for this. Take a look at To RFP or Not and consider changing 1601 and installing Smart Referer instead. More details in the wiki.

Moar hardening

Privacy focused fork of Arkenfox, sacrifices security: desktop_user.js See here for more ideas about automatic firefox connection settings you can alter.