Web Browsing: From My Paranoid Transgender Brain to Yours

Web browsers are kind of awful. They do too much; why would I want an application to be an image viewer, PDF reader, media player, and an HTML renderer? As a result of the scope of these behemoths, they are bloated beyond belief. They strain developer resources, require sandboxing because of the inane default that untrusted JavaScript is arbitrarily executed, and yet, they’re the most prolific platform for application execution in the modern day.

Unfortunately, web browsers are here to stay. They have become the place where most people do their computing, and because of this, I created this page to describe how I make my web experiencea somewhat more sane.

I personally use the LibreWolf browser, a privacy-focused fork of Firefox. Firefox claims itself to be a privacy-first browser but fails to actually deliver.

If you choose not to use LibreWolf, at least choose your browser carefully.

Modifications to about:config

These settings are advanced user settings, and I’m not responsible for misconfigured browsers, broken web pages, or thermonuclear war.

Enable or Disable Features

• browser.tabs.insertAfterCurrent = true

Forces tabs to open to the right of the current tab.

• browser.urlbar.trimURLS = false

Disables automatically trimming URL scheme from the URL bar.

• image.jxl.enabled = true

Enables JPEG XL support in LibreWolf. Does not work in Firefox.

• widget.use-xdg-desktop-portal = true

Allows use of KDE Plasma filechooser on Unix.

• dom.event.contextmenu.enabled = true

Prevents sites from blocking the context menu from being opened.

• extensions.screenshots.disabled = true

Disables redundant screenshot utility.

• browser.quitShortcut.disabled = true

Disables ^q quit shortcut.

• reader.parse-on-load.enabled = false

Disables reader mode.

Disable Digital Rights Management

What is DRM and why disable it?

• media.gmp.widevinecdm.enabled = false
• media.gmp.widevinecdm.visible = false

Privacy

• geo.enabled = false

Disables location tracking.

• beacon.enabled = false

• dom.enable_resource_timing = false

• dom.event.clipboardevents.enabled = false

Prevents sites from knowing if you have copied or cut text and when you did it.

• dom.battery.enabled = false

• network.prefetch-next = false

• browser.cache.check_doc_frequency = 0

DNS Over HTTPS

What is DOH?

• network.trr.uri = ""

Select a DNS-over-HTTPS server to use—I use the dnswarden adblocking](https://dnswarden.com#doh) one, but if your polity censors your internet access, you should use the uncensored one. There is a list of alternatives available on GitHub.

• network.trr.mode = 2

This sets HTTPS over DNS to be on unless the DNS server cannot be reached.

Header Sanitization

• network.http.referer.hideOnionSource = true

Extensions

When it comes to extensions, to avoid fingerprinting, fewer is better, so try to limit your extensions to the minimum you need to browse the web. The performance impact is also lessened when you have fewer extensions installed. The following section is a list of extensions you can give the boot:

• For many cases, containerization extensions like Facebook Container or Google Container are redundant with Total Cookie Protection and Enhanced Cookie Clearing.

• The I don't care about cookies extension has been acquired by Avast and is itself superfluous with the recommended uBlock Origin filter lists below.

• Privacy Badger has multiple issues, including its lack of actual fingerprinting protection, its connection to Fastly CDN, and its redundancy with uBlock Origin.

If there is an extension you feel is missing from this list, feel free to send me an e-mail.

Standard Privacy Extensions

uBlock Origin – Ad blocking, cosmetic filtering, malicious script protection, and tracker blocking; all in one package.

Here is a list of useful blocklists:

• ClearURLs functionality (read more) [TXT]

• To replace I don't care about coookies’ functionality, enable the EasyList Cookie list and manually add the officially-provided blocklist. TXT

• Other annoyances

You can find more blocklists on FilterLists.

Tools

• Bypass Paywalls – Bypasses paywalls for some sites.

• FireMonkey - Lightweight user script and style manager utilizing native Firefox APIs to support userscripts from sources like GreasyFork(https://userstyles.org/).

• Flagfox - Displays information about a website’s physical location and IP address in the address bar.

• FoxyProxy - Advanced proxy manager which replaces Firefox’s lacking settings.

  • Standard
  • Basic

• LibRedirect - Redirects services like Twitter and YouTube to their privacy-respecting front-ends or alternatives. GNU LibreJS – Extension that blocks all but freely licensed JavaScript.

※ LibreJS will prevent a large amount of many websites’ JavaScript from loading.

• New Tab Suspender – Tab management extension that puts tabs to sleep after a set amount of time using the native Firefox discard API.

• Web Archives

• Allows you to easily open web pages at various archive sources such as the Wayback Machine

Further Reading

• Add a pref to disable Do Not Track in Firefox

• arkenfox/user.js Wiki

• Farbling-based wrappers to hinder browser fingerprinting

• Firefox — Spyware Watchdog

• PrivacyTests.org

• Revocation is Broken

• Tor font fingerprinting defenses roadmap

Fingerprinting Tests

• AmIUnique

• BrowserLeaks

• canvas rfp

• CreepJS

• Cover Your Tracks

• Test pages for CanvasBlocker