Install Firefox under FreeBSD and set it up with privacy

🕐 13 minutes

📅 2022-01-28

Mozilla Firefox is a free, open-source web browser. It’s small, fast, and easy to use, and has many advanced features:

We can installthe Firefox browser with the following command:

$: doas pkg install firefox
Firefox screenshot

Too, we install the password manager KeepassXC, which we will need later.

$: doas pkg install keepassxc

Improve privacy

The Firefox browser is inherently privacy-conscious. But I’ll show you how to get even more security and privacy out of Firefox.


First, we enter “about: preferences” in the address line, and this brings us to the settings.


In the general settings, we will deactivate the following options:


Here, we will disable the following options:

We will remove all existing search engines and use Searx as the only standard search engine.

But what is Searx? It is a free metasearch engine that protects users’ privacy. To complete this, Searx does not share users’ IP addresses or search history with the search engines from which it collects results. Here; you can find more information about Searx.

To add Searx as a search engine, we search here, an instance that we want to use and open it.

Then, we click the Page Actions button (3 dots) in the address bar, and we select the Add Search Engine option from the menu.

Now, we can set Searx as the default search engine in the search settings.

Another great alternative are:


Under the item improved protection against activity tracking, we will select the Custom option and set the following settings.

When websites send “Do Not Track” information that their activities should not be tracked, we always set this option.

Under Cookies and website data, we will activate the following:

In the next step, we will deactivate the option to save access data and passwords.

And finally, we will deactivate the following options under Data collection by Firefox and its use:


Next, we go to the about:config page, then we can set further security-relevant options.

We type “about:config” in the Firefox address bar and press Enter. Then we press the “Accept risk and continue” button.

To change settings here, we copy the following settings (e.g., “webgl.disabled”), paste them into the search bar and set them to the specified value (e.g., “true”).

Disable telemetry

With the following changes, we will disable the Firefox telemetry:

Disable Pocket

If we don’t use Pocket, or we don’t want Firefox’s Pocket integration, make the following changes:

Disable JavaScript in PDF

While there are legitimate uses for JavaScript in PDF (such as form validation), such uses are not very common. In addition, it could be used for malicious purposes, so it’s generally a good idea to disable this feature.

pdfjs.enableScripting = false.

Harden SSL preferences

Making these changes will disable insecure SSL ciphers and force safe negotiation:

privacy.trackingprotection.fingerprinting.enabled = true

This option has been available since Firefox version 67, and it blocks fingerprinting.

privacy.trackingprotection.cryptomining.enabled = true

This option has been available since Firefox version 67 and this blocks CryptoMining.

privacy.trackingprotection.enabled = true

This is Mozilla’s new built-in tracking protection. One of the benefits is to block tracking (i.e., Google Analytics) on privileged pages that have add-ons that normally do this disabled.

Privileged pages are those web pages that browser developers consider legitimate web pages, on which extensions tasked not to work / whose functionality has been completely stopped.

In Firefox, for example:

browser.send_pings = false

The attribute is useful for websites to keep track of visitor clicks.

browser.urlbar.speculativeConnect.enabled = false

By doing this, we disable the preloading of autocomplete URLs. Firefox preloads URLs that are autocomplete when a user types in the address bar. This is a problem when suggesting URLs that we don’t want to connect to.

dom.event.clipboardevents.enabled = false

We disable that websites can receive notifications when we copy, paste or cut something from a website. This will tell you which part of the page has selected.

media.eme.enabled = false

Disables playback of DRM-controlled HTML5 content. When this option enabled, the Widevine Content Decryption Module provided by Google Inc. will be downloaded automatically.

media.gmp-widevinecdm.enabled = false

Disables the Widevine Content Decryption Module provided by Google Inc., which is used for rendering DRM-controlled HTML5 content.

media.navigator.enabled = false

Websites can track the microphone and camera status of our device.

Disable cookies

network.http.referer.XOriginPolicy = 2

We only send the referer header if the full host names match. (Note: if we notice a significant fraction, we can try 1 with a XOriginTrimmingPolicy optimization below.)

network.http.referer.XOriginTrimmingPolicy = 2

When we send the referrer across origins, we only send the schema, host, and port in the referer header of cross origins requests.

webgl.disabled = true

WebGL is a potential security risk.

browser.sessionstore.privacy_level = 2

This setting controls when to save additional information about a session: form, content, scrollbar positions, cookies, and POST data.

beacon.enabled = false

Disabled sending additional analysis to web servers.

browser.safebrowsing.downloads.remote.enabled = false

Prevents Firefox from sending information about downloaded executables to Google Safe Browsing to see if they should be blocked for security reasons.

We’re turning off the Firefox prefetch pages, which we expect to visit next:

Even though prefetching may speed things up a bit, it may connect to servers without user intervention (which can be a privacy issue) and its performance benefits are minimal. Making these changes will disable prefetching:

network.IDN_show_punycode = true

Unless we render IDNs as punycode equivalent, we are open to phishing attacks, which are very difficult to detect.

extensions.pocket.enabled = false

This deactivates the Pocket Service.

identity.fxaccounts.enabled = false

We will disable the Firefox Sync Service. I will introduce you to better alternatives. We could also use a self-hosted sync server—the code is available on GitHub. But the service is currently still using outdated Python 2.7 code, and the service has ported to Rust meanwhile. And the other problem is that the self-hosted service does not currently work with mobile Firefox.

identity.fxaccounts.toolbar.enabled = false

We’re removing the Firefox Accounts icon from the toolbar.

disable WebRTC

WebRTC can potentially expose your real IP address, changing the following disables it

We can change the following value to be sure that every WebRTC-related are really disabled.

Hint: This will break any site that uses real-time audio/video communication, which includes almost all real-time chat and conferencing apps.

Linking Firefox with KeepassXC

Since we have deactivated the Firefox Sync Service, but we still want to save our passwords securely, I would like to introduce you to the KeepassXC program.

What is KeepassXC

KeePassXC is a community branch of KeePassXC—a native cross-platform port of KeePass Password Safe with the aim of adding new features and improving it and bug fixes for a feature-rich, cross-platform and modern feature

Open-source password manager.

Main features:

How do I use KeepassXC

I will briefly show you how to set up KeepassXC and how to use it. When we start KeepassXc for the first time, we see the main screen.

KeepassXC Screen 1

Then we will create a new database. A new screen opens, and we can assign a database name here and optionally assign a description.

KeepassXC Screen 2

In the next screen, we can make encryption settings. Here we can, for example, set the encryption time and select the database format.

KeepassXC Screen 3

We can also make advanced settings. For example, we can make the following settings here:

KeepassXC Screen 4

In the next step, we can now assign a password, with which the password database encrypted. What I can recommend is to also create a key file which is then saved on an external USB stick or in an encrypted cloud service. This means that the database backed up twice.

KeepassXC Screen 5

We have now created an encrypted database so that we can use KeepassXC; with Firefox, we must first activate the browser integration in the KeepassXC settings. We then select Firefox and can then set additional settings. I leave that to you, which you want to set.

KeepassXC Screen 6

For the actual integration, we use the KeeepassXC-Browser extension.

Bitwarden Password Manager

As an alternative to KeepassXC, we can also use the Bitwarden Cloud Service.

What is Bitwarden

Bitwarden is a free, open-source password manager. The goal is to solve password management problems for individuals, teams, and business organizations. Bitwarden is one of the simplest and most secure solutions to save all your logins and passwords and conveniently synchronize them between all of our devices. If we want to avoid using the Bitwarden cloud, we can easily host our Bitwarden server.

Bitwarden Firefox Add-on

Data protection-oriented add-ons

In this section, I would like to introduce you to a few useful add-ons for Firefox.

uBlock Origin

An efficient blocker: low memory footprint and low CPU load, yet thousands more filters applied than other popular blockers.


xBrowserSync synchronizes bookmarks between devices and browsers with end-to-end encryption. Data encrypted and decrypted on the device—nobody but us can read it. No registrationrequired. We just enter a randomly generated ID or QR code on all of our devices. There are different servers available, which can also be self-hosted.


This add-on enables us to prevent websites from identifying us via Javascript APIs. We can choose whether the APIs completely blocked on certain or all pages (this will impair the functionality of some pages) or to fake wrong values for the identification-friendly readout functions.


With this add-on, we falsify our browser profile. It includes some privacy enhancement options.


This add-on removes the tracking fields from all URLs visited by our browser.

With this add-on, we control our cookies. When a tab closed, unused cookies automatically deleted.


This add-on emulates external frameworks (e.g., jQuery, Bootstrap, AngularJS) and makes them available as a local resource. It prevents unnecessary third-party requests like Google, StackPath, MaxCDN, and more. It contains prepared rules for uBlock Origin / uMatrix.

HTTPS Everywhere

HTTPS-Everywhere protects our communication by automatically changing the connection to supported sites to HTTPS encryption, even if the URL or a visited link omits the https: // prefix.

Redirect AMP to HTML

Automatically redirects all AMP (Accelerated Mobile Page) pages to their regular HTML equivalent.

When we see an AMP page, we are likely seeing a page served directly by Bing or Google that can pull up information about what we’re doing on that page. We keep the web decentralized, and we say, “No!” to search engines that want to take control of the web.

AMP pages designed for devices with a small screen and often do not translate well to larger screens. The extension can be especially useful when we receive links from people who are on their mobile devices while we are on our desktop computer.

I don’t care about cookies

EU regulations dictate that any website that uses tracking cookies must obtain user consent before installing. These warnings will appear on most websites until the visitor agrees to the website’s terms of use.

This add-on removes these cookie warnings from almost all websites!

AdBlocker for YouTube

This add-on removes all annoying ads from YouTube.

Important functions:

YouTube NonStop

Tired of seeing the “Video paused. Continue watching?” Confirmation dialog? This extension will automatically click it, so you can listen to your favorite music without interruption.

The add-on works with YouTube and YouTube Music!