Check browser anonymity/secuity with TorZillaPrint and Browser Leaks.
LibreWolf
Add Arkenfox’s user.js with
Luke Smith’s overrides
(both append it to Arkenfox & save it as user-overrides.js). Make a
new browser profile: about:profiles → Create a New Profile. Then put
both .js files in the new profile (root directory). Put updater.sh
and prefsCleaner.sh in there too, and run both every once in a while
to update Arkenfox. Alternatively, there’s
an AUR package.
Fennec F-Droid
Enable ETP: Settings → Enhanced Tracking Protection → Enhanced Tracking Protection → ☑ Strict, → ☐ Allow Fennec to automatically apply exceptions…, → ☑ Tell websites not to share & sell data.
Also disable automatic font sizing (because it messes up RFP if your font/display size isn’t “normal”): Settings → Accessibility → Automatic font scaling ☐ (leave at 100%).
Add Arkenfox’s user.js
(requires root). Move the user.js file to
/data/data/org.mozilla.fennec_fdroid/files/mozilla/XXXXXXXX.default/
and change its owner and group to Fennec’s user ID. To enable
installing extensions as normal, add an override at the end of the
user.js:
user_pref("privacy.resistFingerprinting.block_mozAddonManager", "false")
Also add Luke Smith’s overrides
Tor Browser
Leave all site settings permissions at ask to allow. It’s fingerprintable otherwise.
On Android, disable automatic font sizing (because it messes up RFP if your font/display size isn’t “normal”). Settings → Accessibility → Automatic font scaling ☐ (leave at 100%).
Extensions
If you’re using To Browser, you should still use these, just pay attention to the fringerprintability.
Use for ad/script blocking. In filter lists, enable AdGuard URL Tracking Protection and import Actually Legitimate URL Shortener Tool (both of these are pre-enabled on desktop). In general, domain blocking can be fingerprintable, so disable as needed.
Set to medium mode, and disable remote fonts and JavaScript by default.
On mobile, fix WebRTC leak: → ☑ Prevent WebRTC from leaking local IP addresses.
Local emulation of Content Delivery Networks. Can be fingerprintable, so disable as needed.
Removes annoying cookie banners. Can be fingerprintable, so disable as needed.
Use to redirect to (better/onion/eep) frontends. See some hosts here. This isn’t really fingerprintable. There’s also Redirector, but it’s no longer maintained.
DoH
Enable DoH if not using Tor/I2P. Settings → Privacy & Security → DNS over HTTPS → ☑ Max Protection → Choose provider: Mullvad (No Filtering).
For Fennec, the relevant about:config values:
network.trr.uri "DoH address" // Set these to the DoH address, e.g.:
network.trr.custom_uri "DoH address" // https://dns.mullvad.net/dns-query
network.trr.mode 3 // 0 = disabled, 3 = DoH only
Tor/I2P
Official Firefox config for I2P.
The relevant about:config values are:
network.proxy.socks localhost
network.proxy.socks_port 4444 // 4447 for I2Pd, 9050 for Tor
network.proxy.type 1 // 1 = enable, 5 = use system proxy
Remember to set this!
network.dns.disabled true
Otherwise, if the proxy isn’t running or connected, .onion and .i2p links will be sent to your VPN or ISP.