/firefox-debloat

Stop Firefox leaking data about you

MIT LicenseMIT

This list aims to block core Firefox features which actively leak data to third-party services (as opposed to attempts of sites to track you or otherwise passively collect information). As it isn't always easy to draw a strict line, the most critical passive data faucets like WebRTC are also mentioned.

To disable specific functionality open about:config and change the value to false.

Google Safe Browsing

Leaks the browsing history to Google. Note that disabling Safe Browsing exposes you to a risk of not being stopped from visiting malicious or phishing sites.

browser.safebrowsing.enabled
browser.safebrowsing.downloads.enabled
browser.safebrowsing.malware.enabled

Firefox stats collecting

Stability and performance reports.

datareporting.healthreport.service.enabled
datareporting.healthreport.uploadEnabled

Usage statistics.

toolkit.telemetry.enabled

Encrypted Media Extensions (DRM)

A binary plugin (closed-source) is shipped with Firefox since v38. It enables playback of encrypted media and lets you use e.g. Netflix without Microsoft Silverlight. To completely remove the plugin you would have to install an EME-free build of Firefox.

media.eme.enabled
media.gmp-eme-adobe.enabled

Firefox Hello

Firefox connects to third-party (Telefonica) servers without asking for permission.

loop.enabled

Pocket integration

A third-party service for managing a reading list of articles.

browser.pocket.enabled

Search suggestions

Everything you type in the search box is sent to the search engine. Suggestions based on local history will still work.

browser.search.suggest.enabled

WebRTC

Leaks the real IP when using VPN/TOR. Description and demo

media.peerconnection.enabled

Geolocation

geo.enabled

Important changes

0.1 - initial commit

0.2 - removed mention of Reader mode (it doesn't leak data*) and added browser.safebrowsing.remoteLookups (it is confrmed to stop leaking data to Google while keeping Safe Browsing on*).

0.3 - browser.safebrowsing.remoteLookups turned out to do nothing after all. Actually, it was removed. Requests to the Google Safe Search API are not made often, so at first I thought they were gone.

0.4 - removed mention of Tracking Protection, because while blocking trackers, it "uses the same API as Google Safe Browsing". I would recommend using uBlock for this purpose instead.

* tested using Fiddler

Pull requests are welcome.

Discussion of HN