Firefox is one of the longest living browsers still with us today (good riddance Internet Explorer) and is arguably the most customizable browser when comes to protecting your privacy. I have made lots of videos about Firefox, but lots has changed to Firefox since then and I want to take my time to take a step back to review the basics, update some of the configuration files I have, and why I still use Firefox as my daily browser.

Browser Battles

The undisputed point is Firefox is Mozilla has always been at odds with the current browser at the time (Netscape in the old days and now Chromium). Firefox has also become the heart of many important open source projects: Thunderbird, the Tor Browser, Web Assembly, and nss.

Mozilla has diverged from many other browser makers because of their nonprofit status and has been more proactively for the end user than many other web browsers.

  • It’s easier to switch your default search engine in Firefox and access multiple search engines in the address bar.
  • It’s easier to change it to the default browser on Windows 11.
  • Firefox has one of, if not the most, robust screenshooting utilities in a web browser, full stop.
  • Also has a built-in color picker and my favorite developer mode.
  • Firefox has also been faster to accept hardware acceleration on Linux and macOS than Chromium has. For example, Firefox’s initial Apple Silicon support was much better than Chromium’s, as they got the secret sauce directly from Apple. Similarly, Wayland support on Linux is much stronger than Chromium.
  • Firefox also offers Total Cookie Protection, blocking websites from viewing your other websites by further isolating the cookie jar.

Mozilla has also been much more forgiving in regards to the dreaded C-word, and you know, the C-word that blocks things on websites. That’s right, I’m talking about cont—Containers to compartmentalize multiple logins and data. Want to stay logged into work and personal accounts at the same time? Firefox Containers have you covered!

Unlike Chromium, Mozilla has been much more of ManifestV2, soon to be replaced by ManifestV3. To be fair, ManifestV3 is absolutely a security win: browser extensions will be much more limited in what they can do. This comes at the drawback of traditional content blockers not being as good as they used to be die to rule limits of 500,000, far too low for most common content blockers.

Mozilla’s response to this has been to continue support for ManifestV3, especially because of the number 1 most downloaded extension on Firefox that starts with the letter U. The bottom line is this: Chromium is largely maintained by companies that rely on surveillance capitalism and have incentive to neuter content blockers. Firefox doesn’t and is able to users this choice.

Unfortunately, most people fall victim to the tyranny of the default. The decline of Firefox has been obvious for multiple reasons.

  • Firefox has little mobile market share. By default, phone users are presented Google Chrome on Android and Safari on iPhone. Even if you do install it, it’s a crippled browser. It’s also more insecure, but that’s a topic for another day.
  • Most browsers are based on Chromium, which is for the most part largely controlled by Google. Lack of browser competition among giants is harmful for users in the long run.

That also doesn’t even account for Firefox has some cheap imitators. I would advise you stay away from most of them. A lot of them struggle to receive updates in a timely manner.

Installing Firefox

Installing Firefox is about what you’d expect: visit your software store or Mozilla’s FTP server to get it and avoid the unique identifier planted in the installer. If you are on Mac, consider using homebrew.

Special Note for Windows Users

An important thing to note is Windows users are going to need to take some extra steps:

  1. While you can download Firefox from the Microsoft Store (not winget), this version doesn’t include various hacks to automatically set Firefox as your default browser when you ask it to. This is because Microsoft hates your freedom, plain and simple. The primary benefit of using the Microsoft Store is to get UWA apps, which Mozilla isn’t anyway.
  2. Firefox installs a scheduled task to constantly check if Firefox is your default web browser. Mozilla, it’s none of your beeswax what I use as my default browser. Go into Task Scheduler and delete it.

Profile Manager

Now you have Firefox and we’re going to configure it, right? Hold your horses there sport! We’re going configure profiles. While not as easy to use or as forward facing as Chromium, Firefox supports profiles to separate different identities and configurations of Firefox. I’m going to cover some in a future video, but it’s all about ensuring we only use one browser that we know works in various different ways.

First, you have to run a Firefox command, then we can append an argument to open the profile selector by default. This varies based on operating system. In the video, I cover Linux and Windows, but the principal is the same on macOS as it is on Linux.

Windows

C:\Program Files\Mozilla Firefox\firefox.exe -p

macOS

Make sure you open Firefox normally first to bypass Gatekeeper prompts. Then you can create an alias with the following:

/Applications/Firefox.app/Contents/MacOS/firefox -p

Linux

If you are on Linux, consider using the snap package on Ubuntu or the Flatpak if you don’t use Ubuntu.

  • Snap/Flatpak: Both the snap and Flatpak are maintained by Mozilla’s developers. The snap and Flatpak are also sandboxed, so you can configure permissions using Snap Store or Flatseal.
  • Your distro’s native package: While behind on updates, native packages can offer stronger sandboxing than what Flatpak provides.

You’ll need to make a decision:

Native

Pros

  • Stronger security
  • Can include special fixes for your distro

Cons

  • Slower to deliver security updates and bug fixes
  • Might not even be available at all due to licensing conflicts

Snap/Flatpak

Pros

  • Universal package
  • Officially maintained by Mozilla, no middlemen
  • Fast updates and bugfixes

Cons

  • (Flatpak only, snap untested) Weaker sandboxing and isolation
  • (Snap only) Requires AppArmor for proper isolation
# Native/snap
firefox -p
# Flatpak
flatpak run org.mozilla.firefox -p

Uncheck the box Use the selected profile without asking at startup, now every time you launch Firefox as such, you will be presented with a menu to choose which profile you want. The first profile you create is called default-release, but you can rename it or create a different one.

Stock Firefox

Out of the box, Firefox isn’t all that great. The search engine is a bit invasive and has sponsored links. Pocket is lurking around at the top. Mozilla collects telemetry which they never cite as helpful. Rather than fix this right now, I might get some hate for this, but there’s an argument to not configure Firefox at all. Configuring Firefox in extreme ways can cause websites to be much more suspicious of you. You must be doing something wrong if you used the about:config, obviously!

Keeping a stock Firefox with no configuration is great for a browser where your anonymity isn’t as important. Services like banks and critical work or business functions are great examples of this. You could get on your high horse and say that you are doing your duty by configuring it, but I would argue it’s not worth the hassle when these services probably know you by your real name anyway, so it’s not a big deal.

Configuring Firefox the Easy Way

Firefox has a lot of configurability, especially when configuring Firefox offers a lot benefits protecting your privacy, security, and the occasional weird Mozilla feature. If you’re looking to configure Firefox, but don’t want to have to deal with the fuss of a user.js file, this is the place for you!

Why bother?

Firefox has a lot of settings and these are the only ones that most people have access to! If you haven’t already, I strongly recommend setting up custom profiles if you haven’t already. I maintain at least 4 Firefox profiles at once, each of them serving a different purpose. I typically name this profile “PrivacyFox,” because we’re going to configure Firefox to a minimal degree. Scripts like Arkenfox turn off a lot of features and while features that break websites are marked, many others indirectly cause websites to break.

And even if you’re an advanced user and use privacy-hardened Firefox with a custom user.js and fancy userChrome.css, you still need to be aware of the GUI settings because scripts like Arkenfox won’t configure these for you most of the time. They often leave the GUI settings open for users to configure it themselves.

The benefit is you can customize Firefox to resemble the behavior you want and you can choose how you want Firefox to look. Unlike most other browsers, Firefox truly lets you claim it as your own, and no, it won’t break upon updates unlike Vivaldi!

We’re going roll through all of the default Firefox settings and give a quick rundown of each one.

Home

You can toggle your homepage by changing it something else. And for the last time Josiah, I’m not making your homepage Google if you can just type in the search bar to use Google!

Popular options include:

  • DuckDuckGo
  • Startpage
  • Brave Search
  • Google
  • Bing
  • Yandex
  • Baidu

The search settings are where you can configure Firefox’s search engine. I would be remiss not to tell you that Firefox gets paid millions of dollars by Google to be the default search engine. There have even been rumored talks of a bidding war with whether or not Bing would replace Google as the default. If you have preference for a different search engine here, you can change it here.

Alternatively, if your search engine is not listed, you can visit your favorite search engine and right-click on the Address Bar, then click to add it to these options.

  • Disable “Provide search suggestions”

Firefox will also proactively search with autocomplete enabled by default. This means that anything you type into your Address Bar will be sent to your search engine provider. I recommend turning this off.

Privacy & Security

  • Select “Strict” Enhanced Tracking Protection

Firefox offers Enhanced Tracking Protection (ETP) against common threats on the web. It will not protect you from everything, but it’s designed not to negatively impact your browsing at all, even on Strict.

Navigate to “Address Bar,”

  • Disable “Suggestions from the web”
  • Disable “Suggestions from sponsors”

In America, us Firefox users are pestered with sponsored links in the autocomplete. Just turn them off.

  • Navigate to “Cookies and Site Data” and select “Delete cookies and site data when Firefox is closed”

Cookies are used to track things across the web like login sessions and cached information. However, most websites abuse this and use this as a mechanism to track you.

[Advertisers] capture the “cookies” that your computer automatically deposits into your Web browser, creating an indelible of every site you visit and every page you view, then use that information to send you personalized advertisements… “Cookies are used by virtually all commercial websites for various purposes, including advertising, keeping users signed in and customizing content… Bad as it was to be stalked by shoes…”

Martin Lindstrom, Brandwashed

But naturally this leads to a question: how do you stay logged into accounts you always use and you want the convenience of staying signed in?

  • Under “Manage exceptions,” you can add an exception by typing in the site, and selecting “Allow”
  • Visit the site you want to save your credentials for, then press Ctrl+i (⌘+i on Mac) Navigate to “Permissions” -> “Set cookies” -> “Allow”

HTTPS-Only Mode

Back in the old days, websites thought it was a good idea to use unencrypted websites, which allow your ISP to snoop on what you do. Most of these things have been eradicated from the Internet today, but for those who couldn’t figure out how to do it, you want to be presented with a full-screen warning to protect your privacy.

  • Enable “HTTPS-Only Mode in all windows”
  • You can also “Manage Exceptions”

DNS over HTTPS

DNS over HTTPS (DoH) is one of the newest web standards for secure DNS connections, which translate your URLs like “trafotin.com” into the corresponding servers on the internet and IP addresses.

DoH changes the DNS paradigm by using HTTPS packets to call the websites you want to visit. By using DoH, in junction with encrypted DNS, your internet service provider can still see sites you visit, but they aren’t allowed to tamper with any of the content, because yes, they have done this before.

I previously enabled the US default of Cloudflare’s DoH server as the default, but I’m taking a step back and letting you guys decide what you want. I think Cloudflare is a great default and the other, NextDNS, is also very handy. Other providers like Quad9 offer their own servers.

Enable Secure DNS using:

Lastly, Firefox now has the ability to force all traffic through DoH, which is really cool. In Chromium and previously in Firefox, DoH would be the default, but if websites rejected it, it would just fall back to normal DNS.

  • Select “Increased Protection” or “Max Protection” for DoH.

If you select “Max Protection,” if you can’t connect to your DoH provider or if the connection is routed back, you will get a full screen warning.

If you are interested in learning more about DNS, I recommend a talk from Jim Nitterauer about compliance and protecting your privacy with DNS.

Telemetry

  • Disable “Allow Firefox to send technical and interaction data to Mozilla”
  • Disable “Allow Firefox to install and run studies”
  • Disable “Allow Firefox to send backlogged crash reports on your behalf”

While Firefox is fairly respectful of your rights, one of the things I am the most suspicious of is their telemetry collection. The telemetry being opt-in isn’t a crime, but they don’t make it clear whether this information is useful or not, nor is it published anywhere publicly. It also doesn’t help that Mozilla places ads everywhere.

Even if you believe Mozilla is in the right, I’m a paranoid weirdo who would turn it off anyway. If you use an account, Mozilla collects more information about you and ties it to your Firefox account, so you might have more reason to turn it off given Firefox accounts demand an email.

Customizing Firefox

Firefox allows users to customize the UI to their liking. For example, if don’t like the “wide” address bar, you can remove the spaces. If you’re a front-end dev, you can add the developer tools to the toolbar. If you want to add back the extension icons to your taskbar, you can pin them near the puzzle piece icon. Be creative and make Firefox your own. You can make it look like Chrome, old school Firefox/Opera, or Safari.

  • Right-click on the top bar or window decorations and select “Customize Toolbar”

New Tab

Firefox also allows users to customize the New Tab page, including using a custom website as one. Still, with the vanilla New Tab page, there are things to be done.

  • Right-click and unpin all preinstalled shortcuts. These are all sponsored links for companies who paid to be here.
  • Gear -> # rows here
  • Gear -> Sponsored Shortcuts -> Disabled
  • Gear -> Pocket

Mullvad Browser

You could configure Firefox by going through the settings, but the easy way to get a privacy-hardened Firefox is using the Mullvad Browser. Since my very first video with Arkenfox, this has been what I consider the most radical change to Firefox forks. Ordinarily, I never recommend Firefox forks because most of them have trouble updating in a timely manner or don’t have a good enough reason to exist.

The Problem With Firefox Forks

The problem with most Firefox forks is you need to not only trust Mozilla, you need to trust the other people who are touching the fork, and trust that they will keep it up to date. With something as important and unfortunately resource heavy like a web browser, you need to ensure you get updates promptly and most smaller browser forks aren’t able to do this well.

Why the Mullvad Browser?

The exception has been the Mullvad Browser. Mullvad Browser doesn’t use the normal Firefox, but the Extended Support Release or ESR of Firefox. It’s much slower to adopt features, but the core security and engine of Mullvad Browser is the same.

In fact, Mullvad Browser was developed in conjunction with the foremost popular fork of Firefox, the Tor Browser. The Tor Browser has worked with Mozilla for years to fine tune Firefox against the invasive practice of surveillance capitalism and protecting your anonymity on the internet. Mullvad Browser inherits all of the Tor Browser’s work and it basically the Tor Browser, just no dark web functionality.

Well if you can’t connect to the dark web, what’s the point? Because Mullvad Browser is perfectly privacy-hardened by default and has all the extensions you might need in it, you don’t even need to pay for a Mullvad subscription to use it; you can use it as is. Everyone who uses Mullvad Browser is now lumped into the same pool of people and if you use a VPN (commercial, self-hosted, etc), you are now part of the same army of people using this browser.

Limitations to the Mullvad Browser

There are some caveats where you might want to avoid Mullvad Browser:

  • You can’t use some newer features of Firefox. Previously this included screenshots, but also things like AI integration and vertical tabs. This is because Mullvad is based on Firefox’s extended support release (ESR).
  • You can’t save logins. All data is deleted upon closing Mullvad Browser. You run this in Private Browsing/Incognito mode all the time.
  • You are stuck with the extensions they give you and you shouldn’t configure them beyond their default values. In order to blend in, everyone needs to have the same uBlock Origin settings and the same NoScript settings.
  • There are what some would consider bloat features like the Mullvad extension or the Mullvad Leta search engine, especially if you don’t use/like Mullvad.
  • Some websites might not work correctly, because of the Tor Browser configurations. You can’t watch DRM-protected content for example or some website elements might not work.
  • There’s also the pain point of the Mullvad Browser is pretty young and not as many people use it.

The Easy Way Out

And that’s why I’m recommending it. I’m selfishly recommending it because it is the easiest way to get privacy-hardened Firefox and you can join me in the sea of people using it. It’s the newest kid on the block, so we need to make this pool of people bigger and more normies use it.