This repository is simply selecting better default parameters for built-in anti-fingerprinting features and re-enabling old UI and UX features that advanced users like. It also disconnects from services such as "safebrowsing", which are unecessary if you are using just Firefox and uBlock Origin, which already provide great online safety.

Whilst not going into details about all 300+ settings, which you can read in the commented user.js, here is just the anti-fingerprinting module explained:

user_pref("privacy.fingerprintingProtection", true);
user_pref("privacy.fingerprintingProtection.pbmode", true);
user_pref("privacy.fingerprintingProtection.overrides", "-AllTargets,+CSSDeviceSize,+JSDateTimeUTC,+FontVisibilityBaseSystem,+MediaDevices,+SpeechSynthesis,+WebGLRenderInfo,+JSLocale,+NavigatorHWConcurrency");

You can either disable all with -AllTargets and only enable select features with +Example1,+Example2,+... or you can enable all with +AllTargets and only disable select features with -Example1,-Example2,-... . The current selection is CSSDeviceSize to obfuscate unique screen resolutions, JSDateTimeUTC to spoof the timezone, FontVisibilityBaseSystem to hide non-stock OS fonts, MediaDevices to show a mic and camera as peripherals regardless if they are there or not (pretend to be a laptop), SpeechSynthesis which can reveal non-english users by foreign TTS voices, WebGLRenderInfo to hide your graphics vendor, JSLocale to pretend being en-US, NavigatorHWConcurrency to hide your most likely excessive unique thread count of your enthousiast CPU.

A comprehensive list of all current options is in the collapsed code-box below which you can expand with the triangle:

AllTargets
AudioContext
AudioSampleRate
CSSColorInfo
CSSDeviceSize
CSSInvertedColors
CSSPointerCapabilities
CSSPrefersColorScheme
CSSPrefersContrast
CSSPrefersReducedMotion
CSSPrefersReducedTransparency
CSSResolution
CSSVideoDynamicRange
CanvasExtractionBeforeUserInputIsBlocked
CanvasExtractionFromThirdPartiesIsBlocked
CanvasImageExtractionPrompt
CanvasRandomization
DOMStyleOsxFontSmoothing
DeviceSensors
FontVisibilityBaseSystem
FontVisibilityLangPack
FontVisibilityRestrictGenerics
FrameRate
Gamepad
HttpUserAgent
IsAlwaysEnabledForPrecompute
JSDateTimeUTC
JSLocale
JSMathFdlibm
KeyboardEvents
MediaCapabilities
MediaDevices
MediaError
MouseEventScreenPoint
NavigatorAppVersion
NavigatorBuildID
NavigatorConnection
NavigatorHWConcurrency
NavigatorOscpu
NavigatorPlatform
NavigatorUserAgent
PointerEvents
ReduceTimerPrecision
RoundWindowSize
ScreenAvailRect
ScreenOrientation
ScreenPixelDepth
ScreenRect
SiteSpecificZoom
SpeechSynthesis
StreamTrackLabel
StreamVideoFacingMode
TouchEvents
UseStandinsForNativeColors
VideoElementMozFrameDelay
VideoElementMozFrames
VideoElementPlaybackQuality
WebGLRenderCapability
WebGLRenderInfo
WidgetEvents
WindowDevicePixelRatio
WindowInnerScreenXY
WindowOuterSize
WindowScreenXY

For convenience granular targets can be set without having to change a setting for every website. This allows enabling or disabling specific rules for 1st and third-party domains.

[
   {
      "firstPartyDomain":"domain1.example.com",
      "overrides":"+Example1"
   },
   {
      "thirdPartyDomain":"domain2.example.com",
      "overrides":"-Example2"
   }
]

Minified:

[{"firstPartyDomain":"domain1.example.com","overrides":"+Example1"},{"thirdPartyDomain":"domain2.example.com","overrides":"-Example2"}]

You need valid JSON (RFC 8259) formatting, if set via about:config you don't have to escape characters and Firefox will automatically escape them in the prefs.js for you.

user_pref("privacy.fingerprintingProtection.granularOverrides", "[{\"firstPartyDomain\":\"abrahamjuliot.github.io\",\"overrides\":\"+JSDateTimeUTC\"}]");

Many cloud-based cyber security providers (you know which one) try to lock you out if you disable too many APIs in your browser (bot-like behaviour). Automatically denying access to an API is safer than disabling it, whilst still not sending any sensitive data about your client.

Allow me to illustrate why this behaviour looks way more "human" to a tracking script:

If a website checks Firefox it will reply with "geolocation supported", however the readout is automatically blocked and the browser only returns "denied by user". This is the same outcome as in a real user interaction, when the access pop-up is rejected.

on Windows

%appdata%\Mozilla\Firefox\profiles\

on Linux

~/.mozilla/firefox/<profile directory>

1. Close Firefox and move the user.js in your profile directory where the pref.js resides.
2. On the next start Firefox parses the settings of the user.js and writes them into your prefs.js

Follow these instructions to the letter to achieve it:

1. Leave "Proton" enabled in about:config, this way "Temporary Containers" can have the coloured underlines.
2. You must use the compact (dark) theme in customize toolbar menu.
3. Install this colour palette theme: Classic Dark ESR 78 or Classic Dark ESR 78 Blue Tab
4. To work, the provided userChrome.css requires: Aris-t2/CustomCSSforFx (tested July 2024, FF129, v4.5.4)

Future CustomCSSforFx versions may work as well, but may be subject to renamed configuration options.
An optional light theme was added to be used with ArcticFox Light Theme.

The last uncompromised adblocker.

This extension automatically changes HTTP web addresses to the secure HTTPS, whenever possible.

Userscript manager with the best interface and editor. Use Violentmonkey if you want a FLOSS alternative. The beta has better cookie creation features.

Fix for when Mozilla decided to hijack the new tab page to push their activity stream and pocket reader.

Generate login tokens based on HMAC (keyed-hash message authentication code). Has integrated QR reader to add accounts.

Fix for when Mozilla decided to break workflow by doubling the amount of clicks to reload all tabs.

Replaces thumbnails and modifies titles of videos on Youtube.

This add-on allows you to quickly generate a QR code offline with the URL of the open tab or any (selected) other text.

Adds keyboard shortcuts for closing all not active tabs, all to the left of the active one, all to the right.

A powerful reverse image search tool, with support for various search engines.

Prevent tracking by isolating tabs (and trackers inside them) from each other. Superior at clearing supercookies.

Powerful matrix based content blocker. For advanced users due to initial effort after installation.

Fix for when Mozilla decided it was a good idea to kill the sidebar for downloads.

For experts only: Expect site breakage and maintaining whitelists. Randomizes Javascript APIs to prevent fingerprinting.

Fix for when Mozilla decided it was a good idea to make the user not see the content of individual cookies.

Add, edit, copy, remove, export and import local and session storage data.

View archived and cached versions of web pages on 10+ search engines, such as the Wayback Machine, Archive․is, Google, Bing and Yandex.

Redesign websites with Stylus and personalized CSS stylesheets.

Easily skip YouTube video sponsors.

This extension removes image/webp from the list of formats Firefox tells sites that it accepts.

Displays negotiated SSL/TLS protocol version and additional security information in the address bar.

Convert any image (WebP, AVIF, etc.) to PNG or JPEG (with choice of quality) for downloading.

Pretend that all browser windows are active by spoofing the visibility state event.

Firefox add-on to disable the Page Visibility API. This prevents e.g. video conferencing systems from tracking whether you are currently in another window.

Send videos from Firefox to the mpv player using a toolbar button, context menu or keyboard shortcut (Ctrl+Shift+Space).

British Dictionary with 140,000+ words for basic literacy and washed online discourse.

If you ever want to clean your profile, all of your important data can be reduced down to these files:

Directories:

• chrome - stores Cascading Style Sheets that can alter the look of the UI and/or websites
• extensions - stores XPI archives (ZIP compressed) that contains your addons
• extension-store-menus - NEW hipster binary swamp to store your extension's menus!
• extension-store-permissions - NEW hipster binary swamp to store your extension's permissions!
• gmp-gmpopenh264 - (optional) proprietary AVC codec for video calls and WebRTC
• gmp-widevine - (optional) proprietary Digital Restrictions Management binaries for streaming services
• storage - important sqlite structure that contains all settings and data of your addons

Files:

• cert9.db - client certificates and CA certificates
• key4.db - contains data required to decrypt your stored passwords
• prefs.js - browser settings
• extensions.json - extension metadata
• extension-settings.json - controls activation state of addons
• handlers.json - preferences how to open or save specific file formats
• logins.json - stores all your saved passwords
• xulstore.json - controls placements of UI elements like buttons of addons
• addonStartup.json.lz4 - compressed path info for extensions
• search.json.mozlz4 - search providers compressed with Mozilla's near proprietary implementation of LZ4
• favicons.sqlite - bookmark icons
• places.sqlite - bookmark database
• storage-sync-v2.sqlite - terrible addon devs store data here

• userChrome.css - changes the style of the browser's UI
• userContent.css - changes styles of websites, like userthemes

Licensed under the WTFPL license.