A comprehensive, security-hardened setup for Firefox that maximizes privacy protection using the latest Betterfox configuration, enhanced security policies, and automated deployment tools.
This repository provides enterprise-grade privacy protection with:
- WebRTC leak protection - Prevents IP address exposure through VPNs
- Canvas fingerprinting resistance - Blocks advanced tracking techniques
- WebGL hardening - Prevents system information leakage
- Enhanced HTTPS enforcement - Strict SSL/TLS security
- DNS-over-HTTPS - Encrypted DNS queries via Mozilla/Cloudflare
- Media device privacy - Blocks camera/microphone enumeration
- Comprehensive telemetry blocking - Zero data collection by Mozilla
This repository contains scripts and configuration files to set up Firefox with maximum privacy protection and security hardening. It includes:
- Enhanced Firefox policies for organizational security settings
- Hardened Betterfox user.js configuration with additional privacy protections
- Secure PowerShell setup script with integrity validation
- Security validation tools for ongoing maintenance
- Common overrides for fine-tuned customization
Automates the Firefox profile setup process:
- Creates a new Firefox profile with privacy-focused settings
- Installs organization-wide policies
- Applies user preferences and common overrides
- Handles backup and restoration
# Basic usage with default settings
.\Setup-FirefoxPrivacy.ps1
# Create a custom profile
.\Setup-FirefoxPrivacy.ps1 -ProfileName "CustomPrivacy"
# Force execution without prompts
.\Setup-FirefoxPrivacy.ps1 -Force
# Skip backup creation
.\Setup-FirefoxPrivacy.ps1 -NoBackupOrganization-wide policies that:
- Enable automatic updates
- Disable telemetry and studies
- Disable Pocket integration
- Install extensions:
- uBlock Origin
- Bitwarden Password Manager
- LanguageTool
- Linkding integration
Based on the Betterfox project, includes optimizations for:
- Improved content loading
- Optimized graphics performance
- Enhanced cache management
- Network connection optimizations
- Strict tracking protection
- Enhanced SSL/TLS security
- Privacy-focused browsing
- Telemetry disabled
- Crash reporting disabled
- UI customizations
- Theme adjustments
- Cookie banner handling
- URL bar optimizations
- New tab page modifications
Additional customizations including:
- Startup behavior configuration
- Font rendering improvements
- Bookmarks toolbar settings
- Translation features
- Region-specific settings
- Clone this repository:
git clone https://github.com/cviorel/firefox-privacy-setup
cd firefox-privacy-setup- Run the PowerShell script with administrator privileges:
powershell -ExecutionPolicy Bypass -File .\Setup-FirefoxPrivacy.ps1- Windows operating system
- Firefox browser installed
- PowerShell 5.1 or later
- Administrator privileges for policy installation
- WebRTC Leak Prevention: Blocks real IP address exposure even when using VPNs
- Canvas Fingerprinting Resistance: Advanced protection against browser fingerprinting
- WebGL Hardening: Prevents graphics API from exposing system information
- Media Device Privacy: Blocks enumeration of cameras, microphones, and other devices
- Battery API Disabled: Prevents battery-based device fingerprinting
- Clipboard Protection: Blocks malicious websites from accessing clipboard content
- HTTPS-First Policy: Enforces encrypted connections with mixed content blocking
- DNS-over-HTTPS: Encrypted DNS queries via trusted Mozilla/Cloudflare provider
- Strict SSL/TLS Configuration: Enhanced certificate validation and security
- Security Bypass Protection: Prevents bypassing of certificate and safe browsing warnings
- DRM Disabled: Encrypted Media Extensions blocked for privacy
- Enhanced Password Protection: Built-in password manager disabled for security
- Complete Mozilla telemetry and data collection disabled
- Crash reporting and studies blocked
- Firefox Accounts and Sync disabled
- Normandy experiments and Shield studies blocked
- Captive portal detection disabled
- Optimized content loading and caching
- Enhanced graphics performance (where security permits)
- Network connection optimizations
- Memory usage improvements
- Reduced DNS lookup times
Edit policies.json to customize organizational policies:
{
"policies": {
"DisableTelemetry": true,
"DisablePocket": true
// Add or modify policies here
}
}Add personal overrides to common-overrides.js:
// Custom preferences
user_pref("browser.startup.page", 3);
user_pref("browser.toolbars.bookmarks.visibility", "always");-
Script Execution Policy
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process
-
Profile Creation Fails
- Ensure Firefox is completely closed
- Delete existing profiles if necessary
- Run with administrator privileges
-
Policy Installation Issues
- Verify administrator privileges
- Check Firefox installation path
- Ensure policies.json is valid
Run the security validation script to verify your configuration:
# Basic security check
.\security-check.ps1
# Detailed analysis with report export
.\security-check.ps1 -Detailed -ExportReportThe setup script creates detailed logs in the same directory:
FirefoxProfileSetup.log- Setup process logsecurity-report-*.json- Security validation reports (when using security-check.ps1)
- Fork the repository
- Create a feature branch
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
- Betterfox Project
- Mozilla Firefox Documentation
- Community contributors
This configuration prioritizes maximum privacy and security over convenience. Some websites may not function correctly with these hardened settings.
- Video Calling: WebRTC disabled - Zoom, Teams, Google Meet may not work
- 3D Graphics: WebGL disabled - Games and 3D applications will not function
- Canvas Applications: Some graphics-intensive sites may have display issues
- Fingerprinting Protection: Sites may display incorrectly due to spoofed browser characteristics
- Separate Profile: Use a different Firefox profile for work/video calling
- Temporary Disable: Temporarily disable
privacy.resistFingerprintingfor specific sites - Alternative Browser: Use Chromium-based browser for WebGL-dependent applications
- Firefox Containers: Use containers for site-specific relaxed settings
- Monthly Reviews: Check for Betterfox updates and security advisories
- Security Validation: Run
security-check.ps1regularly to verify configuration - Extension Updates: Monitor and update security extensions
- Policy Reviews: Update policies based on new privacy threats
See CHANGELOG.md for detailed version history and security improvements.
You can adjust security levels by modifying specific settings:
// For less restrictive WebRTC (allow local IPs only)
user_pref("media.peerconnection.ice.default_address_only", true);
user_pref("media.peerconnection.enabled", true);
// For sites requiring WebGL (temporary)
user_pref("webgl.disabled", false);
// For reduced fingerprinting protection (if needed)
user_pref("privacy.resistFingerprinting", false);Regular security validation is recommended:
# Weekly security check
.\security-check.ps1 -Detailed
# Monthly comprehensive report
.\security-check.ps1 -ExportReport