Firefox is the only major browser where privacy hardening is practical and effective. Unlike Chrome (owned by ad company Google) or Safari (locked to Apple environment), Firefox is:

1. Open-source: Community audits the code
2. Private by default: No forced Google sync, no ads
3. Configurable: Deep about:config settings available
4. Customizable: Community-maintained hardening profiles (arkenfox)

But default Firefox isn’t private. It collects telemetry, allows fingerprinting, doesn’t block third-party cookies, and leaks your real IP during WebRTC calls.

This guide hardens Firefox for maximum privacy. It covers:

1. about:config tweaks: 40+ settings that eliminate tracking
2. Essential extensions: uBlock Origin, NoScript, Privacy Badger
3. arkenfox user.js: Community hardening profile (copy-paste configuration)
4. DNS and proxy: Encrypted DNS, VPN integration
5. Fingerprinting resistance: Browser identification prevention

Prerequisites

Before you begin, make sure you have the following ready:

• A computer running macOS, Linux, or Windows
• Terminal or command-line access
• Administrator or sudo privileges (for system-level changes)
• A stable internet connection for downloading tools

Step 1 - Privacy Baseline: What Firefox Leaks by Default

Test your default Firefox at browserleaks.com:

Default Firefox reveals:

• Canvas fingerprint: Unique identifier based on your GPU/fonts
• WebGL fingerprint: GPU model, rendering engine
• IP geolocation: Exact location (even with VPN, if WebRTC leaks)
• User-Agent: OS, browser version
• Referrer headers: Sites you came from
• Third-party cookies: Trackers follow you across web

Step 2 - Part 1: Essential about:config Settings

Open Firefox. Type about:config in address bar. Press Enter.

You’ll see a warning. Click “Accept the Risk and Continue.”

Now search for settings and change them. (Use Ctrl+F to search.)

Privacy Core Settings

Disable telemetry:

datareporting.healthreport.uploadEnabled = false
datareporting.policy.dataSubmissionEnabled = false
toolkit.telemetry.archive.enabled = false
toolkit.telemetry.enabled = false
toolkit.telemetry.reportingpolicy.firstRun = false

Disable Firefox studies (experiments):

app.shield.optoutstudies.enabled = false
app.normandy.enabled = false

Disable pocket (Mozilla’s content recommendation):

extensions.pocket.enabled = false

Disable pocket’s background features:

browser.newtab.preload = false

Disable new tab suggestions (freatures data collection):

browser.newtabpage.activity-stream.feeds.section.topstories = false
browser.newtabpage.activity-stream.feeds.snippets = false

Cookie and Tracking Settings

Block third-party cookies:

network.cookie.cookieBehavior = 4

(Values: 0=allow all, 1=third-party only, 2=none, 3=no tracking cookies, 4=third-party except visited)

Set to value 4 - Block third-party cookies except those on sites you’ve visited.

Disable cookie tracking in private mode:

network.cookie.privacyLevel = 2

Fingerprinting Resistance

Enable “Resist Fingerprinting” (built-in feature):

privacy.resistFingerprinting = true

This:

• Randomizes canvas fingerprints
• Rounds time precision (prevents timing attacks)
• Disables WebGL fingerprinting
• Standardizes user-agent across sites

Downside - Some websites break (especially financial sites). Accept this tradeoff for privacy.

Disable WebGL (GPU fingerprinting):

webgl.disabled = true

Disable WebGL2:

webgl2.disabled = true

Spoof timezone to UTC (standard):

privacy.spoof_english = 2

Network and Referrer

Disable referrer leaking (strict):

network.http.referer.XOriginPolicy = 2

(0=always send, 1=same-site only, 2=same-host only)

Trim referrer to origin only:

network.http.referer.XOriginTrimmingPolicy = 2

Disable IPv6 (reduces fingerprinting surface):

network.dns.disableIPv6 = true

WebRTC IP Leak Prevention

WebRTC (video calling API) leaks your real IP even through VPN. Block it:

media.peerconnection.enabled = false

This breaks video calling in browser, but prevents IP leak. For video calls, use Jitsi or Signal instead.

Alternatively, if you need WebRTC:

media.peerconnection.ice.no_host = true
media.peerconnection.ice.default_address_only = true

(Leak your local network IP only, not ISP IP.)

HTTPS-Only Mode

Force HTTPS everywhere:

dom.security.https_only_mode = true
dom.security.https_only_mode_ever_enabled = true

DOM Storage and Cache

Disable DOM storage (used by trackers):

dom.storage.enabled = false

Disable service workers (can enable offline tracking):

dom.serviceWorkers.enabled = false

Clear cache on exit:

privacy.sanitize.sanitizeOnShutdown = true
privacy.clearOnShutdown.cache = true
privacy.clearOnShutdown.cookies = true
privacy.clearOnShutdown.history = true

Step 3 - Part 2: Essential Extensions

Firefox extensions are the second layer of privacy hardening.

1. uBlock Origin (Essential)

What it does - Ad and tracker blocker. Blocks ads, malware sites, and tracking domains using curated filter lists.

Installation:

1. Go to addons.mozilla.org/extensions/ublock-origin
2. Click “Add to Firefox”
3. Open dashboard (click uBlock icon → Settings gear)

Configuration:

Go to Dashboard → Filter lists. Enable:

• uBlock filters (enabled by default)
• EasyList (ad blocking)
• EasyPrivacy (tracking blocking)
• Malware Domains
• Peter Lowe’s Ad/tracking server list
• MVPS HOSTS
• Add-on: Adguard Base filter

Advanced settings (click gear icon in dashboard):

Enable "I am an advanced user"

In filter editor, paste:

! Block WebRTC IP leak
no-strict3p-exception: youtube.com|youtu.be

! Block pixel trackers
||doubleclick.net^
||google-analytics.com^
||facebook.com/tr^

1. Privacy Badger (Essential)

What it does - Auto-learns which trackers follow you and blocks them.

Installation - addons.mozilla.org/privacy-badger

Configuration:

• Click extension icon
• “Open Settings”
• Enable: “Block tracking ads”, “Enable learning mode”

Privacy Badger learns from your browsing. Over 1-2 weeks, it identifies trackers and blocks them. Zero configuration needed.

1. Decentraleyes (Recommended)

What it does - Prevents Content Delivery Networks (CDNs) from tracking you by hosting common libraries locally.

Facebook Pixel is loaded on thousands of websites via Cloudflare CDN. CDN logs your IP, identifies you across sites. Decentraleyes serves Pixel locally instead.

Installation - addons.mozilla.org/decentraleyes

Configuration - Default settings are fine. No setup needed.

1. NoScript (Advanced Users)

What it does - Blocks JavaScript by default. You whitelist trusted sites.

Installation - addons.mozilla.org/noscript

Many websites require JavaScript. This is a power-user tool.

Configuration:

• Default mode: Block all scripts
• When a site breaks, click NoScript icon
• Click “Temporarily Allow [domain]” to whitelist

Gmail.com → Allow (needed for email)
Random news site → Block (works without JS, just disables ads)
YouTube.com → Allow (video requires JS)
Tracker domain → Block (never whitelist)

1. HTTPS Everywhere (Fallback)

What it does - Forces HTTPS on websites that support it.

Installation - addons.mozilla.org/https-everywhere

Modern Firefox has HTTPS-Only mode (about:config setting above). This is redundant but doesn’t hurt.

Extensions to AVOID

• Brave Search: Proprietary, closed-source
• Ghostery: Corporate tracking company
• Avast/AVG extensions: Privacy-invasive VPN providers

Step 4 - Part 3: arkenfox user.js

arkenfox is a community-maintained user.js file, a hardening profile that applies 100+ privacy and security settings at once.

What is user.js?

A user.js file in your Firefox profile applies settings automatically on startup. Instead of manually setting 50+ about:config options, you copy one file.

Installation

Step 1 - Find your Firefox profile folder

On macOS:

~/Library/Application Support/Firefox/Profiles/RANDOMSTRING.default-release/

On Linux:

~/.mozilla/firefox/RANDOMSTRING.default-release/

On Windows:

%APPDATA%\Mozilla\Firefox\Profiles\RANDOMSTRING.default-release\

Step 2 - Download arkenfox

Visit github.com/arkenfox/user.js

Click “Code” → “Download ZIP”

Unzip. Open the folder.

Step 3 - Copy user.js to Firefox profile

Copy the user.js file from the downloaded arkenfox folder into your Firefox profile folder (found in Step 1).

Step 4 - Restart Firefox

Close and reopen Firefox.

Settings from arkenfox apply automatically.

What arkenfox Changes

arkenfox enables:

• Telemetry disabled: No data collection
• Fingerprinting blocked: Canvas, WebGL, user-agent randomized
• Cookies strict: Third-party blocked, strict SameSite
• HTTPS-only: All connections encrypted
• WebRTC disabled: No IP leak
• DOM storage disabled: No persistent tracking storage
• Service workers disabled: No offline tracking

arkenfox Overrides (Overrides and Smoothing)

arkenfox is strict, it breaks some sites. You can override specific settings.

Create user-overrides.js in the same profile folder:

// Allow YouTube to work properly
user_pref("media.mediasource.enabled", true);
user_pref("media.mediasource.webm.enabled", true);

// Allow some Google services
user_pref("network.cookie.cookieBehavior", 1);

// Allow Discord to work
user_pref("dom.serviceWorkers.enabled", true);

arkenfox loads user.js first, then user-overrides.js (overriding stricter settings).

Testing arkenfox

After installation, test privacy at browserleaks.com:

Before arkenfox:

Canvas fingerprint - Unique ID
WebGL fingerprint - Unique ID
IP address - Real IP
User-Agent - Windows 10, Firefox 124
Timezone - EST

After arkenfox:

Canvas fingerprint - Randomized (different each page load)
WebGL fingerprint - Disabled
IP address - No WebRTC leak (VPN IP if using VPN)
User-Agent - Standardized (all look identical)
Timezone - UTC

Step 5 - Part 4: DNS Privacy

Default DNS - Your ISP’s DNS server logs all domains you visit.

You visit medical-clinic.com → ISP logs it → Can be subpoenaed in legal cases.

Encrypted DNS (DoH/DoT)

Use Encrypted DNS (DoH) to hide DNS queries from ISP.

In Firefox, about:config:

network.trr.mode = 2
network.trr.uri = https://dns.nextdns.io/YOUR_NEXTDNS_ID

(Replace YOUR_NEXTDNS_ID with your NextDNS account ID.)

Or use Cloudflare 1.1.1.1 (Privacy-focused DNS):

network.trr.uri = https://mozilla.cloudflare-dns.com/dns-query

NextDNS (Recommended)

Cost - Free tier (300k queries/month); $1.99/month unlimited

What it does:

• Block ads, trackers, malware before they reach your device
• Encrypt DNS queries (ISP can’t see domains)
• Privacy dashboard (see what got blocked)
• Works across all devices (phone, laptop, router)

Setup:

1. Create account at nextdns.io
2. Go to “Configuration”
3. Enable: “Privacy”, “Security”, “Parental Controls”
4. Copy your NextDNS ID
5. In Firefox about:config, set:

network.trr.uri = https://dns.nextdns.io/YOUR_ID
network.trr.mode = 2

1. Test at nextdns.io/dash → see blocked queries

Step 6 - Part 5: VPN Integration (Optional)

Firefox doesn’t have built-in VPN. For IP privacy, use a VPN + Firefox together.

Recommended VPNs:

• Mullvad: $5/month, no logging, open-source
• ProtonVPN: $4.99/month, no logging, Swiss-based
• IVPN: $6/month, no logging, transparent logging policy

Setup:

1. Install VPN application
2. Enable “Always On VPN”
3. Firefox traffic routes through VPN automatically
4. Test IP at ipleak.net → Should show VPN IP, not real IP

Step 7 - Part 6: Hardened Profile Checklist

Use this checklist to verify your Firefox is hardened:

about:config Settings:

• privacy.resistFingerprinting = true
• network.cookie.cookieBehavior = 4
• media.peerconnection.enabled = false (or WebRTC leak prevention)
• dom.security.https_only_mode = true
• datareporting.healthreport.uploadEnabled = false
• network.http.referer.XOriginPolicy = 2

Extensions:

• uBlock Origin installed and configured
• Privacy Badger installed
• Decentraleyes installed
• NoScript installed (optional but recommended)

arkenfox:

• user.js installed in profile folder
• user-overrides.js created for broken sites
• Firefox restarted

DNS:

• Encrypted DNS enabled (NextDNS or Cloudflare)
• Test at nextdns.io/dash

VPN (optional):

• VPN installed and set to “Always On”
• IP test shows VPN IP, not real IP

Verify Privacy:

• Visit browserleaks.com
• Canvas fingerprint: Randomized
• WebGL: Disabled or randomized
• WebRTC leak: None

Step 8 - Real-World Performance Impact

After hardening, expect:

• Speed - 5-10% slower (minor). Ad/tracker blocking saves time loading ads.
• Breakage: 10-15% of websites have issues
• Some banking sites require JavaScript
• Solution: Whitelist in NoScript
• Memory usage: 10-15% higher (more extensions)

Step 9 - Perform Maintenance

Monthly:

• Check github.com/arkenfox/user.js for updates
• Download latest user.js, replace in profile folder

Weekly:

• Review nextdns.io/dash for blocked domains
• Adjust if legitimate sites blocked

Step 10 - Limitations

Firefox hardening prevents tracking, but doesn’t prevent:

• Content identification: Some sites can identify you by browsing behavior (e.g., “User read articles on machine learning” → Probably engineer)
• IP-level tracking: Your VPN provider still sees your IP (trust your VPN provider)
• Account-based tracking: If logged into Gmail/Facebook, Google/Facebook track you regardless
• JavaScript exploits: JavaScript can still extract information

Step 11 - Recommendations

1. Start small: Set about:config privacy options first (easiest)
2. Add extensions: Install uBlock + Privacy Badger (no breaking changes)
3. Deploy arkenfox: Copy-paste user.js (most aggressive, will break some sites)
4. Use DNS encryption: NextDNS Free tier (no cost, high value)
5. VPN optional: Add VPN if ISP privacy is concern

For average user - Steps 1 + 2 + 4 = 80% privacy gain with minimal breakage.

For privacy-focused user - All steps = maximum privacy, accept breakage, whitelist sites as needed.

Troubleshooting

Configuration changes not taking effect

Restart the relevant service or application after making changes. Some settings require a full system reboot. Verify the configuration file path is correct and the syntax is valid.

Permission denied errors

Run the command with sudo for system-level operations, or check that your user account has the necessary permissions. On macOS, you may need to grant terminal access in System Settings > Privacy & Security.

Connection or network-related failures

Check your internet connection and firewall settings. If using a VPN, try disconnecting temporarily to isolate the issue. Verify that the target server or service is accessible from your network.

Related Articles

• Firefox Privacy Settings Guide 2026
• How to Harden Firefox for Privacy (2026)
• Configure Firefox for Maximum Privacy Without Breaking
• Firefox Privacy Add-ons Essential List 2026: Complete Guide
• Firefox Arkenfox User Js Full Guide
• AI Coding Assistant Session Data Lifecycle Built by theluckystrike. More at zovo.one

Frequently Asked Questions

How long does it take to complete this setup?

For a straightforward setup, expect 30 minutes to 2 hours depending on your familiarity with the tools involved. Complex configurations with custom requirements may take longer. Having your credentials and environment ready before starting saves significant time.

What are the most common mistakes to avoid?

The most frequent issues are skipping prerequisite steps, using outdated package versions, and not reading error messages carefully. Follow the steps in order, verify each one works before moving on, and check the official documentation if something behaves unexpectedly.

Do I need prior experience to follow this guide?

Basic familiarity with the relevant tools and command line is helpful but not strictly required. Each step is explained with context. If you get stuck, the official documentation for each tool covers fundamentals that may fill in knowledge gaps.

Is this approach secure enough for production?

The patterns shown here follow standard practices, but production deployments need additional hardening. Add rate limiting, input validation, proper secret management, and monitoring before going live. Consider a security review if your application handles sensitive user data.

Where can I get help if I run into issues?

Start with the official documentation for each tool mentioned. Stack Overflow and GitHub Issues are good next steps for specific error messages. Community forums and Discord servers for the relevant tools often have active members who can help with setup problems.