This project aim to fix security and privacy issues related to firefox without loosing speed performances. It uses local-settings.js, mozilla.cfg and policies.json.
Librefox uses gHacks settings, additional privacy, performances settings and a cleaned bundle of firefox (updater, crashreporter and integrated addons that don't respect privacy are removed) to provide :
- Performances
- Security
- Privacy
Official builds with librefox
-
Privafox-1.8-Firefox-Linux-63.0.3.tar.bz2 - 51.8 MB - SHA1 : 321152189184ca9e2b3500a0aa5c5c47aff5999f
-
Privafox-1.8-Firefox-Windows-63.0.3.zip - 60.3 MB - SHA1 : 4dba7913435d5517f4e10f7b55aa395e5088b143
-
Privafox-1.8-Firefox-Mac-63.0.3.dmg - 60.5 MB - SHA1 : e693b9141098456a419ed7fb71f4b8c42001cde9
Beta/alpha releases (soon)
-
Librefox-2.0B-Firefox-Linux-63.0.3.tar.bz2 - 51.8 MB - SHA1 : 321152189184ca9e2b3500a0aa5c5c47aff5999f
-
Librefox-2.0B-Firefox-Windows-63.0.3.zip - 60.3 MB - SHA1 : 4dba7913435d5517f4e10f7b55aa395e5088b143
-
Librefox-2.0B-Firefox-Mac-63.0.3.dmg - 60.5 MB - SHA1 : e693b9141098456a419ed7fb71f4b8c42001cde9
- NoHTTP
- Cookie Master
- User Agent Platform Spoofer
- Browser Plugs Privacy Firewall
- uBock Origin + IDCAC List + Nano-Defender List
uBlock : Additional filter are available here https://filterlists.com/ (don't surcharge it to avoid performances loss)
Browser Plugs Privacy Firewall : Keep settings light to make privacy.resistFingerprinting efficient because too much customization lead to uniqueness thus easy fingerprinting.
- Privacy / Fingerprint / Fake values for getClientRects
- Privacy / Fingerprint / Randomize Canvas Fingerprint
- Privacy / Fingerprint / 100% Randomize ALL Fingerprint Hash
- Firewall / Experimental / Block SVG getBBox and getComputedTextLength
- Privacy / Font / Randomize
- Privacy / Font / Enable protection for font and glyph fingerprinting
- Updated gHacks settings
- Enforcing Settings (Can not be changed within firefox)
- Defaulting Settings (Changing default value for some settings)
- Limit internet access for extensions (details bellow)
- "IJWY To Shut Up" settings (details bellow)
- Calculate settings impact on performances ...
This is a test experimental feature !!!
A new section Extensions Firewall is added to block network for extensions, only requested domain with specific permission are allowed, they could then be blocked with a host file or similar if the user want to block addons complitely. (if an addon does not ask for a specific domain he will be offline.)
This is an experimental feature. This is a set of settings that aim to remove all the servers links embedded in firefox and other calling home functions in the purpose of blocking un-needed connections. Objective, zero unauthorized connection (ping/telemetry/mozilla/google...).
Available in the releases page
- Copy
mozilla.cfgto/firefox-install-dir/ - Copy
local-settings.jsto/firefox-install-dir/defaults/pref/ - Copy
policies.jsonto/firefox-install-dir/distribution/ - If destination directories does not exist create them
- Setup the rest of the settings as you wish in
about:preferences - Delete the following files
firefox/browser/features/[email protected]
firefox/browser/features/[email protected]
firefox/browser/features/[email protected]
firefox/browser/features/[email protected]
firefox/browser/features/[email protected]
firefox/update-settings.ini
firefox/updater.ini
firefox/updater
firefox/crashreporter.ini
firefox/crashreporter
Just edit mozilla.cfg save and restart firefox
Firefox 60 and privacy.resistFingerprinting are relatively new give it sometimes to be more widely used and thus less finger-printable; If you are using an other site to analyse your browser make sure to read and understand what the test is about.
Performance tests can be done here LVP Octane, it needs to be launched alone with other applications closed and with no other activity but the benchmark, also it's recommended to lunch it many times and then make an average.
Autor : Intika - intikadev (at) gmail.com
Donation : Paypal : intikadev (at) gmail.com
Based on : User.js, PrivaConf and Ghacks-user.js big thanks to all of them
// ==============================
// Index mozilla.cfg .......... :
// ==============================
//
// --------------------------------------------------------------------
// Section : User settings // Bench Diff : +0 / 5000
// ----------------------------------------
// Section : Controversial // Bench Diff : +0 / 5000
// Section : Firefox Fingerprint // Bench Diff : +0 / 5000
// Section : Locale/Time // Bench Diff : +0 / 5000
// Section : Ghacks-user Select // Bench Diff : +100 / 5000
// Section : IJWY To Shut Up // Bench Diff : ??? / 5000
// Section : Microsoft Windows // Bench Diff : ??? / 5000
// Section : Disabled // Bench Diff : ??? / 5000
// ----------------------------------------
// Section : Security 1/3 // Bench Diff : +0 / 5000
// Section : Security 2/3 // Bench Diff : +0 / 5000
// Section : Security 3/3 (Cipher) // Bench Diff : +0 / 5000
// ----------------------------------------
// Section : Performances 1/5 // Bench Diff : +650 / 5000
// Section : Performances 2/5 // Bench Diff : -800 / 5000
// Section : Performances 3/5 // Bench Diff : -1720 / 5000
// Section : Performances 4/5 // Bench Diff : -200 / 5000
// Section : Performances 5/5 // Bench Diff : -50 / 5000
// ----------------------------------------
// Section : General Settings 1/3 // Bench Diff : +100 / 5000
// Section : General Settings 2/3 // Bench Diff : +0 / 5000
// Section : General Settings 3/3 // Bench Diff : -40 / 5000
// --------------------------------------------------------------------
// ==============================
// Index local-settings.js .... :
// ==============================
//
// --------------------------------------------------------------------
// Section : General Settings // Bench Diff : ++ / 5000
// ----------------------------------------
// Section : Defaulting Settings // Bench Diff : ??? / 5000
// --------------------------------------------------------------------
Local-settings.js : Defaulting firefox settings
Mozilla.cfg : Locking firefox settings for security, privacy & prevent settings changes
Policies.json : The policies.json is cross-platform compatible, making it preferred method for enterprise environments that have workstations running various operating systems (the settings availables with policies.json are limited right now because this is a new feature of firefox)
Bench diff : Impact on the performances of firefox can be a gain or a loss of performance +100/5000 stand for 2% gained performance and -1500/5000 stand for -30% performance loss
lockPref : Locked preference can not be changed on firefox, nor by extensions, can only be changed here
Section : Description of the settings section separated by ">>>..."
Defaulting VS Enforcing : Default settings value are changed in local-settings.js and enforced settings are changed in mozilla.cfg, defaulted setting can be changed by the user in the browser while enforced settings are locked and can not be changed within the browser.
Same as gHacks recommendations, we do not recommend connecting over Tor on Librefox. Use the Tor Browser if your threat model calls for it, or for accessing hidden services.
Librefox is applied to a built version of firefox, you can build it or use the version provided by mozilla
Linux :
- Extract firefox-63.0.3.tar.bz2
git clone https://github.com/intika/Librefox-Firefox.git- Copy
mozilla.cfgtofirefox/ - Copy
local-settings.jstofirefox/defaults/pref/ - Create a folder
firefox/distribution/ - Copy
policies.jsontofirefox/distribution/ - Delete the following files and then compress the package (tar.bz2)
firefox/browser/features/[email protected]
firefox/browser/features/[email protected]
firefox/browser/features/[email protected]
firefox/browser/features/[email protected]
firefox/browser/features/[email protected]
firefox/update-settings.ini
firefox/updater.ini
firefox/updater
firefox/crashreporter.ini
firefox/crashreporter
Windows :
- Extract Firefox Setup 63.0.3.exe (Can be done by launching it, files are extracted to
%tmp%) git clone https://github.com/intika/Librefox-Firefox.git- Copy
mozilla.cfgtocore/ - Copy
local-settings.jstocore/defaults/pref/ - Create a folder
core/distribution/ - Copy
policies.jsontocore/distribution/ - Delete the following files and then compress the package (zip)
core/browser/features/[email protected]
core/browser/features/[email protected]
core/browser/features/[email protected]
core/browser/features/[email protected]
core/browser/features/[email protected]
core/update-settings.ini
core/updater.ini
core/updater.exe
core/crashreporter.ini
core/crashreporter.exe
Mac :
- Require a mac
- Decompressing Firefox 63.0.3.dmg with tools like (hdiutils/dropdmg/disk-utilities/ultraiso/transmac)
git clone https://github.com/intika/Librefox-Firefox.git- Rename the decomrpessed Firefox-63.0.3.dmg to Librefox-Firefox-63.0.3.dmg
- Mount Librefox-Firefox-63.0.3.dmg
- Replace
Firefox/Firefox.app/.background/background.pngwith the one from this git - Remove the directory
Firefox/Firefox.app/Contents/_CodeSignature - Remove the directory
Firefox/Firefox.app/Contents/MacOS/plugin-container.app/Contents/_CodeSignature(this one does not seem to be required) - Run
codesign --remove-signature Firefox.app(This basically remove the signature fromFirefox/Firefox.app/Contents/MacOS/firefox) - Remove the directory
Firefox/Firefox.app/Contents/MacOS/crashreporter.app/ - Remove the directory
Firefox/Firefox.app/Contents/MacOS/updater.app/ - Remove
Firefox/Firefox.app/Contents/Library/LaunchServices/org.mozilla.updater - Remove
Firefox/Firefox.app/Contents/Ressources/browser/features/[email protected] - Remove
Firefox/Firefox.app/Contents/Ressources/browser/features/[email protected] - Remove
Firefox/Firefox.app/Contents/Ressources/browser/features/[email protected] - Remove
Firefox/Firefox.app/Contents/Ressources/browser/features/[email protected] - Remove
Firefox/Firefox.app/Contents/Ressources/browser/features/[email protected] - Remove
Firefox/Firefox.app/Contents/Ressources/update-settings.ini - Remove
Firefox/Firefox.app/Contents/Ressources/updater.ini - Copy
mozilla.cfgtoFirefox/Firefox.app/Contents/Ressources/ - Copy
local-settings.jstoFirefox/Firefox.app/Contents/Ressources/defaults/pref/ - Create a folder
Firefox/Firefox.app/Contents/Ressources/distribution/ - Copy
policies.jsontoFirefox/Firefox.app/Contents/Ressources/distribution/ - Unmount the dmg file
- Compress it with tools like (hdiutils/dropdmg/disk-utilities/ultraiso/transmac)