This list aims to block core Firefox features which actively leak data to third-party services (as opposed to attempts of sites to track you or otherwise passively collect information). As it isn't always easy to draw a strict line, the most critical passive data faucets like WebRTC are also mentioned.
We are not breaking the browsing experience, so you won't find things like spoofing referrers and canvas properties here.
To change the settings open
Leaks the browsing history to Google. Note that disabling Safe Browsing exposes you to a risk of not being stopped from visiting malicious or phishing sites.
browser.safebrowsing.enabled = false browser.safebrowsing.downloads.enabled = false browser.safebrowsing.malware.enabled = false
Firefox stats collecting
datareporting.healthreport.service.enabled = false datareporting.healthreport.uploadEnabled = false
toolkit.telemetry.unified = false toolkit.telemetry.enabled = false
A binary plugin (closed-source) is shipped with Firefox since v38. It enables playback of encrypted media and lets you use e.g. Netflix without Microsoft Silverlight. To completely remove the plugin you would have to install an EME-free build of Firefox.
media.eme.enabled = false media.gmp-eme-adobe.enabled = false
Firefox connects to third-party (Telefonica) servers without asking for permission.
loop.enabled = false
A third-party service for managing a reading list of articles.
browser.pocket.enabled = false
Everything you type in the search box is sent to the search engine. Suggestions based on local history will still work.
browser.search.suggest.enabled = false
Leaks the real IP when using VPN/TOR. Description and demo.
media.peerconnection.enabled = false
Instead of completely disabling WebRTC you could also make it connect over the default route only using:
media.peerconnection.ice.default_address_only = true
geo.enabled = false
plugin.state.flash = 0
0.1 - initial commit
0.2 - removed mention of
Reader mode (it doesn't leak data*) and added
browser.safebrowsing.remoteLookups (it is confirmed to stop leaking data to Google while keeping Safe Browsing on*).
browser.safebrowsing.remoteLookups turned out to do nothing after all. Actually, it was removed. Requests to the Google Safe Search API are not made often, so at first I thought they were gone.
0.5 - added
Adobe Flash and
* tested using Fiddler
Pull requests are welcome.