Create custom Firefox installations with Firefox Profilemaker
Firefox Profilemaker is a new online tool that helps you create custom Firefox installations. To be precise, it can be used to customize Firefox profiles, e.g. to block Telemetry, enable Enterprise policies or configure browser features.
All it takes is to visit the Firefox Profilemaker website and hit the Start button once the page has loaded to start the process.
The first page, Annoyances, lists a good dozen settings, from disabling Pocket and Sponsored Top Sites to URL trimming, configuring video autoplay and the content of the new tab page.
Hit the save next button each time to go through each of the configuration pages. The next page lists browser features, including Telemetry and crash reports, shield studies, DRM, Firefox Suggest or Google Safebrowsing.
The Privacy page lists lots of options. It gives you options to configure cookie blocking behavior, disable link prefetching, or features such as WebRTC or speculative website loading.
The fourth page, Website Tracking, configures some of Firefox's anti-tracking features. You may use it to disable browser pings, enable Firefox's built-in Fingerprinting protection, or other APIs and features that may be abused by websites.
Security lists options to disable automatic updates and the searching for updates, or to disable Mozilla's extensions blocklist.
The Add-ons page lists several add-ons that users may install to the profile. Selected are CanvasBlocker, HTTPS Everywhere, Privacy Badger, and uBlock Origin. Several other, including Firefox Multi- Account Containers or ClearURLs may also be checked.
Enterprise policies finally lists some policies to configure Firefox further. It can be used to disable Firefox accounts or the PDF viewer, among other things.
Firefox Profilemaker creates several files based on the selection.
- profile.zip needs to be extracted to a fresh Firefox profile folder.
- enterprise_policy.zip needs to be unzipped to the Firefox installation folder.
- prefs.js needs to be placed in the Firefox profile folder.
- addons.zip contains the extensions.
Detailed instructions are provided on the Firefox Profilemaker website.
Closing Words
Firefox Profilemaker is an easy to use web service to create custom Firefox profiles. All options include explanations, and the most difficult part of the process is to copy the created files to the right directories on the system.
The service lists fewer options than Firefox user.js projects such as Arkenfox.
Firefox users need to be aware that some settings may disable certain features in Firefox or on the Internet, and that some of these are checked automatically. You can't use form autofill, the offline cache, WebGL, WebRTC, or DNS over HTTPS, unless you uncheck them, as these are all selected by default.
Inexperienced users will have a hard time undoing some of the changes after copying the files to the Firefox installation and profile folders.
Still, Firefox Profilemaker is a handy online tool to customize Firefox profiles quickly.
Now You: have you customized your Firefox profile? How did you do it?
Speaks volumes that a browser that claims to uphold user privacy and choice would even need something like the Annoyances section described.
“But you can always turn these things off in about:config vro!” Until you can’t. Then the astroturfing becomes ‘why would you even not want this feature?’
And Chrom[e|ium] and its derivatives are no better than this wannabe.
Pity some of the larger configs cannot be implemented the same way like arkenfox etc.
ALL firefox about:config settings should appear in this format.
excellent for beginners anyway.
Everything they do by default and suggest to do is a good idea to do even for basic users.
Except possibly disabling the DRM malware, blocking all third-party cookies, spoofing all referrers, disabling DOM storage, indexedDB, WebGL, WebRTC, clipboardevents, enabling resistfingerprinting, enabling firstparty isolation, disabling media device queries, maybe disabling webaudio, installing canvasblocker, all that may break a few sites that basic users may not know how to debug.
Privacy Badger is not needed with ublock origin installed.
uMatrix is for advanced users (and is it still developed ?).
LocalCDN should be used in place of decentraleyes.
Disabling searching for updates isn’t a good idea either.
Not sure about containers.
The extension blocklist is abused by Mozilla to remotely disable non malicious add-ons that do not comply with their policies (like that translation add-on for example) without the user being able to oppose it, something to think about.
Disabling the PDF viewer is not that important (but maybe disabling scripting in it could be).
Disabling Firefox accounts prevents the use of syncing, but not a big fan of online syncing.
Showing the menu bar by default is not important.
DNS over HTTPS as implemented in Firefox may possibly be useful for specific censorship bypassing needs (although they made sure to comply with local censorship laws with their default local partners) but at the cost of less privacy.
I agree with @Anonymous’ entire comment, but I would like to add a note about some of it.
> uMatrix is for advanced users (and is it still developed ?).
The extension “uMatrix” has withdrawn the declaration of discontinuation of development by gorhill (Raymond Hill), and the continuation of development has been announced.
uMatrix: Point and click matrix to filter net requests according to source, destination and type | GitHub – gorhill/uMatrix
https://github.com/gorhill/uMatrix#readme
Home · gorhill/uMatrix Wiki | GitHub
https://github.com/gorhill/uMatrix/wiki
FAQ · gorhill/uMatrix Wiki | GitHub
https://github.com/gorhill/uMatrix/wiki/FAQ
> Disabling Firefox accounts prevents the use of syncing, but not a big fan of online syncing.
I agree with you, I don’t use the “sync” feature (due to concerns about possible leaks), not just in Firefox.
“Firefox Sync” is useful if you need to restore data from a special situation, but I don’t need the Firefox Sync feature because I “always perform regular backups of bookmarks, extension settings, etc. to any local location”, so I disabled it.
In addition, I arbitrarily generate and centrally manage account management such as login information with “KeePass Password Safe”, and share part of it with “Bitwarden”.
For information, the FAQ for “Firefox Accounts” is listed below.
Firefox Accounts on support.mozilla.org | Mozilla Support
https://support.mozilla.org/en-US/kb/firefox-accounts-mozilla-support-faq
This article lists frequently asked questions about Firefox Accounts on Mozilla Support. This article lists frequently asked questions about Firefox Accounts on Mozilla Support.
Access Mozilla Services with a Firefox Account | Mozilla Support
https://support.mozilla.org/en-US/kb/access-mozilla-services-firefox-account?redirectslug=access-mozilla-services-firefox-accounts&redirectlocale=en-US
Firefox Accounts let you access Mozilla services on any device with the Firefox browser by simply signing in. All you need to create a Firefox Account is an email address and a password.
How do I set up Sync on my computer? | Firefox Help
https://support.mozilla.org/en-US/kb/how-do-i-set-sync-my-computer
A Firefox Account lets you sync your data and preferences (such as your bookmarks, history, passwords, open tabs and installed add-ons) across all your devices. It’s free to use.
Important: Sync is not a data backup service. Users should continue to perform regular backups of their Firefox profiles to prevent loss of data.
Disable Firefox Sync | Firefox Help
https://support.mozilla.org/en-US/kb/disable-firefox-sync
Thank you Martin, that is an excellent, truly remarkable, user centric website. I used to use a policies.reg file to import enterprise policies on new boxes, which worked for years. That broke along with allot of other useful features a few months ago, with yet another F.Advanced.Users FF release. Hoping the json policies at least brings back the enterprise policies, restoring some lost user control over an increasingly frustrating & time consuming browser.
About “Firefox Profilemaker”:
Development (Join the project and help to code the profile generator) and user support (Issues trucker)
Firefox Profilemaker | GitHub – allo
https://github.com/allo-/firefox-profilemaker
Issues: Firefox Profilemaker | GitHub – allo
https://github.com/allo-/firefox-profilemaker/issues?q=is%3Aissue+is%3Aall+
Too bad it cannot work on Android or iOS.
This is an impressive one stop tutorial on the core workings of about:config and other nuts and bolts under the hood of Firefox. The embedded links produce a near encyclopedic knowledge base on the subject. For those needing a starting point, I’d be comfortable pointing them to this site. Hats off to allo- and the GitHub contributors for a “Tool to create Firefox profiles with good defaults.”
Of course, I’m not some noob or wannabe geek. I join my fellow effete snob posers and declare this has no value. I can do it all and far, far more blindfolded. With the keyboard upside down.
Honestly I prefer making policies. It’s just easier and one change can be applied to bunch of other installations immediately.
Policies? How?
https://github.com/mozilla/policy-templates/blob/master/README.md
> https://github.com/mozilla/policy-templates/blob/master/README.md
The Policies introduced by @Anonymous are all the policies in Firefox, and the list (“Policy Templates” on GitHub) are in active development and so might contain changes that do not work with current versions of Firefox.
Since new policies are developed for each release of Firefox, there are release-specific policies. The policies can be found in “Release-specific policy templates” on GitHub.
https://github.com/mozilla/policy-templates/releases
To see what policies you have active on a computer,
type in about:policies in the address bar.
This will show a list of policies, including the policy name and value.
> Policies,
I learned about “Firefox Policies on GitHub” through @Serpher and @Anonymous’ posts, and it’s very informative.
In fact, I had set up an Enterprise Policy for Firefox using the extension “Enterprise Policy Generator”, which turned out to be identical to these Policies.
The method described in GitHub is certainly the best, but the extension method is “easier” and can be applied individually, so if you find the GitHub method annoying, consider using the extension.
Enterprise Policy Generator | soeren-hentzschel.at
https://www.soeren-hentzschel.at/firefox-webextensions/enterprise-policy-generator/
That looks really cool.
Perhaps it might put Waterfox out of business.
I’ve created a profile out of curiosity, to compare with my own user.js
Many of the preferences Firefox Profilemaker suggested are long deprecated.
I use Arkenfox user.js, most of it anyway.
This looks like a decent start for newbies to about:config but has some questionable defaults such as disabling Google safe browsing. Fine if you have another malware/phishing filter, whether newbies understand that, IDK.
It’s easy to make a browser unuseable by going bonkers over security and privacy beyond a reasonable threat model.
arkenfox it doesn’t disable safe browsing, only real time binary checks
> Google safe browsing
https://en.wikipedia.org/wiki/Google_Safe_Browsing
Quote:
Privacy
Google maintains the Safe Browsing Lookup API, which has a privacy drawback: “The URLs to be looked up are not hashed so the server knows which URLs the API users have looked up”. The Safe Browsing Update API, on the other hand, compares 32-bit hash prefixes of the URL to preserve privacy. The Chrome, Firefox and Safari browsers use the latter.
Safe Browsing also stores a mandatory preferences cookie on the computer.
Google Safe Browsing “conducts client-side checks. If a website looks suspicious, it sends a subset of likely phishing and social engineering terms found on the page to Google to obtain additional information available from Google’s servers on whether the website should be considered malicious”. Logs, “including an IP address and one or more cookies” are kept for two weeks. They are “tied to the other Safe Browsing requests made from the same device.”
@owl, iron heart, ulboom and anon
Thanks for tips. That is a very interesting discussion.
@m3city
That guy is not Iron Heart.
Right, but newbies to all this could catch something if they’re click fiends. As long as they know what they’re doing.
safe browsing v4, the last two years or more, doesn’t use cookies
@owl
Geez, I always suspected that Arkenfox.js was compiled by some female * [Editor: removed] to spoil the user experience..
This wiki article is based on a 2012 article and on clippings from Chrome’s privacy policy, not the Safe Browsing API. The necessary moments are neatly and tendentiously cut out by some teen or tinfoil hatter.
And even for Chrome in its privacy policy there is further written:
“After at most 30 days, Safe Browsing deletes the raw logs, storing only calculated data in an anonymized form that does not include your IP addresses or cookies. Additionally, Safe Browsing requests won’t be associated with your Google Account”
Since then, no one has shown exactly what the threat to the privacy of this function is. Only fictions and assumptions of “privacy enthusiasts” (semi-educated ignorant paranoid or toe-cheese-eating purists like Stallman).
There is a slightly fresher article from 2016 regarding the implementation for Firefox for those who are interested:
“One of the most persistent misunderstandings about Safe Browsing is the idea that the browser needs to send all visited URLs to Google”
https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/
In addition, Firefox adds a few privacy protections:
* Query string parameters are stripped from URLs we check as part of the download protection feature.
* Cookies set by the Safe Browsing servers to protect the service from abuse are stored in a separate cookie jar so that they are not mixed with regular browsing/session cookies.
* When requesting complete hashes for a 32-bit prefix, Firefox throws in a number of extra “noise” entries to obfuscate the original URL further.
Like many other privacy-“hardening” tips, this one has no practical meaning apart purely religious fanaticism or the self-gratification of idle ignorant tinkerers who blindly follow the instructions like “How to Speed ??Up Your Windows XP” of various web wackos.
@Golden Peacock 367,
Your comment is informative, however you seem to have misunderstood or Intentional perversion of my comment.
I didn’t say “Google Safe Browsing is dangerous”.
Moreover, it doesn’t mention anything about “Arkenfox user.js”.
As you probably know, most home users use “products on the market and features implemented in apps” without any doubt.
With that in mind,
I mention that “they always need to be chosen and judged by the user.
By the way, all items in “Firefox Profilemaker” are selective (enable/disable, etc.).
Firefox Profilemaker is not suitable for “users without knowledge and experience”.
If you are going to use those tools, you naturally need to be “self-awareness” of them, and knowledge and experience are required.
If you don’t know what you’re doing…,
It is “self-evident” that it should not use such tools.
Since I’m on the subject, here’s the reference to the official position on “Google Safe Browsing” that @Golden Peacock 367 mentioned.
Safe Browsing Lookup API (v4) | Google Developers
https://developers.google.com/safe-browsing/v4/lookup-api
Safe Browsing Update API (v4) | Google Developers
https://developers.google.com/safe-browsing/v4/update-api
Safe Browsing Lists | Google Developers
https://developers.google.com/safe-browsing/v4/lists
Security/Safe Browsing/V4 Implementation | MozillaWiki
https://wiki.mozilla.org/Security/Safe_Browsing/V4_Implementation
@owl
Correct me if I’m wrong, does it mean that disabling safe browsing in FF does not really affect privacy? And actually one loses due to potentially harmfull page/download may be used, when a warning could come up?
@m3city,
> does it mean that disabling safe browsing in FF does not really affect privacy?
Google Safe Browsing has nothing to do with privacy measures, but is a feature that “warns” and “blocks” known risky or suspicious sites.
I do not use Google’s services whenever possible and choose alternatives to them.
Consistent with this, I do not use “Google Search”, “VirusTotal” and “Google Safe Browsing”. I have disabled them in all the browsers (Firefox ESR, Firefox Developer Edition, Firefox Nightly, LibreWolf, Tor Browser, Waterfox G4, Pale Moon, Brave) I use.
Google Safe Browsing is certainly useful, but there is a trade-off with the collection of personal information that only Google can provide.
After all, it depends on the user’s skills and Information literacy, so if you think Google Safe Browsing is necessary, you can “enable” it.
Incidentally, the recently popular “LibreWolf” is also disabled that.
The developers have stated that it is sufficient to use the extension “uBlock Origin” and add an enabled filter to it.
Support · Wiki · LibreWolf / Settings · GitLab
https://gitlab.com/librewolf-community/settings/-/wikis/support#enhanced-tracking-protection
Learn more about “uBlock Origin”:
Home · gorhill/uBlock Wiki · GitHub
https://github.com/gorhill/uBlock/wiki
Quick guide: popup user interface · gorhill/uBlock Wiki · GitHub
https://github.com/gorhill/uBlock/wiki/Quick-guide:-popup-user-interface
Blocking mode · gorhill/uBlock Wiki · GitHub
https://github.com/gorhill/uBlock/wiki/Blocking-mode
Dashboard: Filter lists · gorhill/uBlock Wiki · GitHub
https://github.com/gorhill/uBlock/wiki/Dashboard:-Filter-lists
Other information about Browsing Privacy:
BrowserLeaks – Web Browser Fingerprinting – Browsing Privacy
https://browserleaks.com/
Yet Another Firefox Hardening Guide | Chris Xiao
https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/
The Firefox Privacy Guide for Dummies! – 12Bytes.org
https://12bytes.org/articles/tech/firefox/the-firefox-privacy-guide-for-dummies/
You don’t understand what IP logs and cookies are tied to the device means to privacy?
“Logs, “including an IP address and one or more cookies” are kept for two weeks. They are tied to the other Safe Browsing requests made from the same device.”
Turn it off, unless you don’t care about privacy.
A big boss told me one day that you recognize a self-made boss by the fact he continues to perform by himself company tasks that “born bosses” delegate to others. Looks like I’d be a self–made one if the fact of preferring to do by myself what services can perform for me is relevant. So, yes, I do customize my Firefox profile as I customize most of the time anything I use frequently (no implicit sexism, please, lol), but by myself (forget Woody Allen as well, lol : deep thinking, you’ll have to know Woody to figure that out!).
From there on, ‘Firefox Profilemaker’ will be of no use for little old me, but that doesn’t diminish it’s potential, of course.
Reposted below as I admit to garbling and misspelling!
Profiles – Where Firefox stores your bookmarks, passwords, and other user data | Firefox Help
https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data
All the changes you make in Firefox, such as your home page, what toolbars you use, extensions you have installed, saved passwords and your bookmarks, are stored in a special folder called a profile. Your profile folder is stored in a separate place from the Firefox program so that, if something ever goes wrong with Firefox, your information will still be there.
Since Firefox profiles are customizable, and you can create and manage as many new profiles as you want, I use them like a “container function” by creating profiles with different configurations.
The tool to switch its Profiles has been using the extension “Profile Switcher for Firefox” or Profile Manager (shortcut key).
I use “Firefox Profilemaker” as a tool to arbitrarily create profiles, followed by additional “Enterprise Policy” settings.
Profile Switcher for Firefox: Create, manage and switch between browser profiles seamlessly. | GitHub – null-dev
https://github.com/null-dev/firefox-profile-switcher
Profile Manager | Firefox Help
https://support.mozilla.org/en-US/kb/profile-manager-create-remove-switch-firefox-profiles?redirectslug=profile-manager-create-and-remove-firefox-profiles&redirectlocale=en-US
Firefox has been introduced the “Enterprise Policy Engine” since version 60 (and Firefox ESR 60).
The Enterprise Policy Engine allows administrators to control Firefox via a configuration file. The advantage of this configuration file over a Group Policy Object (GPO) is that this method works cross-platform, not only on Windows, but also on Apple (macOS) and Linux.
Enterprise policies also allow you to “block automatic updates” as an example.
The following extensions are useful in setting up Enterprise Policy.
Enterprise Policy Generator | soeren-hentzschel.at
https://www.soeren-hentzschel.at/firefox-webextensions/enterprise-policy-generator/
For “config”, I am being customized it by referring to the following information.
> Yet Another Firefox Hardening Guide | Chris Xiao
https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/
– This guide to improving security and privacy in Firefox without sacrificing convenience.
> Firefox Privacy Guide For Dummies | 12Bytes.org
https://12bytes.org/articles/tech/firefox/the-firefox-privacy-guide-for-dummies/
– Guide on ways (already discussed and others) to improve your privacy and safety on Firefox.
Firefox user.js Templates
> arkenfox user.js (formerly ghacks-user.js) | GitHub
https://github.com/arkenfox/user.js
– An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting.
Off-topic, but…
If you are not happy with the “Proton” UI applied since Firefox 91,
I recommend “Lepton”, a third-party open-source project program.
Lepton (old name: Proton Fix) | GitHub – black7375
https://github.com/black7375/Firefox-UI-Fix
Firefox-UI-Fix: I respect proton UI and aim to improve it.
The project has been very active in development and user support, and has already had 20 Releases from v1.0 (Jun 09, 2021) to the current latest v4.2.4 (yesterday).
This program can be easily applied with Script Installation.
Updates can be applied in the same way.
Installation Guide
https://github.com/black7375/Firefox-UI-Fix#installation-guide
Script Installation
Windows users: Run WindowsPowerShell as administrator
Powershell -c “Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iwr https://raw.githubusercontent.com/black7375/Firefox-UI-Fix/master/install.ps1 -useb | iex”
This program does not have an automatic update function, so it is recommended that Notifications settings:
https://github.com/login?return_to=%2Fblack7375%2FFirefox-UI-Fix
Wow!! Nice! Now let’s wait and see what the Firefox haters have to say.
Socks so soon?
Sophistry Team first shift arrives.
@JimmyQ,
> Now let’s wait and see what the Firefox haters have to say.
Shouldn’t make comments that invite trolls!
It will confuse the topic and thread.
If you want to have a smear war, go to Twitter or something.
This is a community that shares a common goal, even if the means are different.
Don’t deny diversity just because you have different tastes.
They will say “Wow!! Nice!” and go on not understanding why the market share of the browser is actually falling (and that their behavior only accelerates it).