This is your reminder to configure Firefox properly if you are not using any of it's forks:General garbage - set all to False;>network.prefetch-next>toolkit.telemetry.enabled>toolkit.telemetry.unified>media.peerconnection.enabled>datareporting.healthreport.uploadEnabled>toolkit.telemetry.reportingpolicy.firstRunMisc - set all to True;>network.dns.disablePrefetch>doh-rollout.disable-heuristicsAI garbage, configure these even if you used the AI Kill Switch - set all to False / Blocked;>browser.ml.enable>browser.ml.chat.page>browser.ml.chat.menu>browser.ml.chat.sidebar>browser.ml.chat.enabled>browser.ml.chat.shortcuts>browser.ai.control.default>browser.ml.chat.page.menuBadge>browser.ml.linkPreview.enabled>browser.ai.control.translations>browser.ai.control.pdfjsAltText>browser.ml.chat.page.footerBadge>browser.ml.chat.shortcuts.custom>browser.ml.linkPreview.longPress>browser.ai.control.sidebarChatbot>browser.ai.control.smartTabGroups>browser.ai.control.linkPreviewKeyPointsWorthless UI clutter - set all to false;>browser.taskbarTabs.enabled>identity.fxaccounts.enabledAfter doing all of that go into 'Settings > Privacy' and set 'Tracking Protection to Strict', then scroll to the bottom and pick 'Enable HTTPS-Only Mode in all windows', then scroll a bit more and pick 'Max Protection' under 'Enable DNS over HTTPS'.Then restart your Firefox and you're good to go.And one more reminder, if you use uBO you do not need extra garbage like PrivacyBadger, Decentraleyes, PortAuthority, ClearURLs, etc. uBO can do all their jobs, just click on the 'uBO icon > Dashboard' and enable additional filterlists that you see fit.As for ClearURLs just add this into your uBO filterlists; https://raw.githubusercontent.com/DandelionSprout/adfilt/refs/heads/master/LegitimateURLShortener.txtOh and also you can now change Firefox shortcuts at about:keyboard, Firefox also has Split View if it's disabled for you go into 'about:config > browser.tabs.splitView.enabled'
If you're one of those that unironically likes the Nova Redesign you can already try it in 1.5.1+ by enabling these in about:config:>browser.nova.enabled>about.glean.redesign.enabled>browser.settings-redesign.enabled>browser.smartwindow.nova.enabled>browser.urlbar.quicksuggest.ampTopPickUseNovaIconSize
I don’t change shit on Firefox except for disabling AI bs. I only use ubo and bitwarden as addons. I really hope my telemetry will help make Firefox better.
>>108902433You can still leave the "good" telemetry on in the settings page along with sponsored shortcuts to "help" Firefox.
>>108902392If your user.js is not gradually approaching 300 LOC you are weak.
>>108902392Thank you anon! If you ever have the time and patience, maybe explain what some of the least obvious preferences do.
>>108902392>network.prefetch-nextWhy do I want prefetch off?
>>108902392Why would I need or want to do any of that?
>>108903671Not OP, but maybe it makes adblockers work better. uBO has a "disable prefetching" option for this exact reason.
>>108903671Prefetch features a race condition that allows e.g. tracking beacon pings to be sent before an ad blocker like uBO has had a chance to kick in and block the traffic. Many ad-vendors abuse prefetches this way. It's a well-known bypass.
>>108902392Just use Arkenfox.
>>108902392
>>108903925Arkenfox has a high chance to nuke your setup
>>108902392>disables prefetchpills now
i'm not going to bother doing any of thits, it works fine
>>108905071The year is 2026 and if you're not a 3rd worlder you have internet past 50mb/s, prefetch is worthless goyslop at that point.
i compiled it with the "-telemetry" flag in Gentoo which i hope does the trick>pick 'Max Protection' under 'Enable DNS over HTTPS'.do NOT do this btw holy shit. Instead of using your OS's configured DNS, it will use cloudflare or some other garbage. Why in their right mind would anyone want that unless you literally lick corpo boot?
>>108902392>browser.ai.control.translationsWhy would I disable local translations? That would mean I'd have to use a cloud translation service and send my data to their servers.
librewolf does all that for me :)
>>108905619just learn the languages broif you don't understand the language you're not meant to read it
>>108902392I literally only use Firefox for youtube (ad block) and buying stuff online. I use Mulvad Browser for actually using the internet.
>>108902392just fucking use librewolf instead of fiddling shit. gay
>>108902419thank you anon, i like the new design.
firefox feels very gay now, i hate that there are literally zero good browsers
>>108908832>now
firefox reinforces my gay sexuality now, i love that there's a great browser for me
>>108902392>another "look at me I use about:config because I'm a 1337 h4xx0r even though all of this can be toggled via GUI" thread
>>108905289>do NOT do this btw holy shit. Instead of using your OS's configured DNS, it will use cloudflare or some other garbage. Why in their right mind would anyone want that unless you literally lick corpo boot?DNS over HTTPS is the only way to use Encrypted SNI and the privacy downsides of not having that are worse than the upsides.You can use a custom provider like Mullvad if you don't like Cloudflare:https://mullvad.net/en/help/dns-over-https-and-dns-over-tlsOr better yet, you can use a self-hosted DoH resolver:https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Local-DoH
People don't run their own pihole with a DoH forwarder?Speaking of DNS filter forwarders, has anyone tried technitium?
>>108902392A Tinker Tranny Appears!
>>108909086You cannot toggle 70% of them via the default settings page. Stop larping you're already retarded enough.
>>108902392> they even tinker tranny their browsers
People larping that you don't have to configure other web browsers is hilarious.Dudes eat literal crypto and telemetry shit daily even on their "obscure" tranny forks.
>>108909433From that list the only things you can't disable via GUI are Firefox Account which isn't even a bad feature (neither is the AI translate)
>>1089051273rd world has FTTH gigabit for pennies, 5g unlimited data and mass ipv6 adoption. Nothing to do with latency. Prefetching speeds up browsing. Cope and seethe and whatelse.
>>108909128I just have my own DNS server. I don't really give a fuck if DNS queries are sent unencrypted over my own personal network, if someone can see those I have much bigger problems
>>108910608Someone can see those, especially your ISP. Granted you might not care about that.
>>108910671How precisely can my ISP see internal network traffic? Be specific.My DNS server uses DoH when making external requests
>>108902392If you have to do all this to a browser, its not a good browser.
>>108910678If it's HTTP then they can just sniff it on the wireIf it's HTTPS then they can sniff the SNIThe first can't be fixed, the second can be fixed with Encrypted SNI / Encrypted Client Hello, but only if you use DoH (because of the way Firefox implemented it. It could work without DoH but they chose not to support that)
>>108910725again, how precisely does my ISP have visibility into computer A asking computer B for a DNS record on my own network?
>>108910738DNS is unencrypted so when you forward it upstream they can just sniff that.What I'm talking about isn't DNS though, it's the connections to the servers you're connecting to. Without DoH they can see the SNI field. With DoH then Firefox will use Encrypted Client Hello and they can't tell what server you're connecting to.
>>108910711See >>108909558There is no good web browser out of the box unless you're uneducated.
>>108910762Again, computer A -> unencrypted DNS -> Server B -> DoH -> InternetHow is the ISP sniffing packets on an internal network?Do you have the faintest idea what you're talking about?
>>108910812Do you know how DNS works?If you're asking for my-router.home.arpa then that's never going over the Internet and stays internal but if you're asking for boards.4chan.org then as soon as it hits your internal name server it's going to request the 4chan nameservers from the .org nameserver and then query that completely unencrypted.Even if you use DoT or DoH since your browser isn't using DoH it's going to send the SNI field unencrypted when connecting to Cloudflare and your ISP can see that.
>>108910812>Do you have the faintest idea what you're talking about?Do you? He already answered your question. The ISP doesn't need to wireshark your LAN traffic all they need is to check the initial TLS handshake SNI.
>>108910836Your ISP can also see the IP of the site you're connecting to. There's zero way to hide that outside of a VPN. "oh no they can see the SNI" - most sites are 1:1 in terms of IP to SNI, so that's not the protection you think it is(use a unifi router with DoH, most of your traffic can still be classified since they ship an IP database)
>>108902392>media.peerconnection.enabledThis one breaks a lot of stuff, especially if you want to use d*scuck in the browser.
>>108910848>Your ISP can also see the IP of the site you're connecting to.Which tells them absolutely nothing if you're connecting to a CDN like Cloudflare.The unencrypted SNI field on the other hand tells them the exist server you're connecting to.
>>108910855*exact server (not exist)
This is too much work. Install icecat instead.https://guix.gnu.org/manual/1.5.0/en/html_node/Installation.htmlhttps://packages.guix.gnu.org/packages/icecat/
>>108908832>firefox feels very gay now, i hate that there are literally zero good browsershttps://xtradeb.net/apps/chromium/
>>108910785Ungoogled Chromium works fine for me.
>>108902392I just use betterfox and get on with my day
That's nice. Thanks OP.
betterfox has nice guidesdon't replace the pref file just change the settings that you want
>claims firefox is the best browser>can't use it without changing a bunch of crap that turns it into "not firefox"great fucking product you have there
I'm going to switch to Brave Origin when it hits stable
>>108911844Welcome to modern technology.Windows works*Linux works*Firefox works*Chromium works*Photoshop works*Affinity works*A lot of shit works**Assuming you either fully gut the system ala chromium and firefox forks or attempt as much using runtime flags
>>108903925Does not disable AI slop
>another fucking update forcing me to restart the browserJesus fucking Christ.I'm getting really tired of this bullshit.
