To browse this website, you should unconditionally agree to its terms and conditions. If not, please stop and leave now.

Site Logo
Home RSS My Browser My Books My Blog Contact

How to tame Mozilla Firefox

This article is a follow up to the author's 2016 article titled ‘Firefox: Its past, present and … future?’ The Google Chrome invasion is now almost complete. Firefox is used only by a band of die-hard enthusiasts. Are you one of them? In this article, you can learn how to overcome the most frustrating and annoying non-features in the browser.

Firefox developers take no pride in their work. After Chrome showed up, cowardly Mozilla gave Google the mantle for browser development. Since then, Mozilla has routinely imitated Google rather than doing its own thing. With every new release, it introduced breaking changes that alienated vast swathes of its user base. It removed useful features such as RSS support. Worst of all, it abandoned its XUL add-ons architecture in favour of WebExtensions created by Google. Firfox developers has also imported Chrome developers' attitude of treating users as morons. You cannot change settings. With every update, more and more settings become useless. It only allows settings changes only in corporate environments. This article shows how you can take advantage of this decision and force Firefox into respecting your settings decisions.

What? Firefox is not dead yet? No, there still are users who are faithful to Mozilla's original promise to take back the web. Mozilla may have lost sight of that goal but we have not. Microsoft Internet Explorer has gone to RIP. Opera and Edge have become Chrome clones. Firefox is the only other browser that has a non-Chrome HTML-rendering engine. However, in other aspects, Mozilla is making Firefox more and more dependent on the Google universe. In this article, I document how you can avoid that while continuing to use Firefox. I know it is a losing battle but for now…

about:config changes are not effective

Around the same time that Chrome was mopping up the browser market share, Firefox started annoying its users by disabling add-ons and breaking/disappearing functionality with every newly released version. Some users would modify the browser's internal settings in the about:config page to make Firefox function like it used to. For example, you could disable automatic updates by changing the app.update.enabled setting to false. Eventually, Mozilla wisened up to these tricks and made the changes ineffective.

policies.json is the new alternative

In corporate computer networks, end-user software applications are installed and controlled by system administrators. Application settings are also controlled by the administrators. Most end-users or desktop users are given lesser privileges. They cannot to install software on their own. They may not even be able to customize the software.

To enable administrators with the ability to control Firefox installations, Mozilla has created support for a global configuration file named policies.json. This file is usually installed in a privileged location such as /etc/firefox/policies/policies.json. Someone with desktop-user privileges will not be able to modify this file.

While Firefox may ignore your changes to about:config settings, but it will honour directives in the policies.json file. If you are the administrator of your computer, you can lock down Firefox and make it behave in the way that you want it to. You need to create a customized version of this policies.json file in the /etc/firefox/policies directory. Firefox will then think that you are in a corporate environment and be tricked into the implementing the setting changes.

Screenshot of Firefox settings

The policies.json file is written like the value of a Javascript variable (with a JSON structure).

{   "policies": {
          "blah": "blah",
          "blah blah": 1,
          "blah blah blah": false
     }
}

The settings that you can use in the policies.json file are described at
https://github.com/mozilla/policy-templates/

The customized policies.json file that I use is available at:
https://gist.github.com/vsubhash/

{   "policies": {
        "DisableAppUpdate": true,
        "DisableBuiltinPDFViewer": true,
        "DisableFirefoxStudies": true,
        "FirefoxHome": {
            "Search": false,
            "TopSites": false,
            "Highlights": false,
            "Pocket": false,
            "Snippets": false,
            "Locked": true
        },
        "DisableFirefoxAccounts": true,
        "DisableFirefoxStudies": true,
        "DisablePocket": true,
        "DisableTelemetry": true,
        "DisplayMenuBar": "always",
        "DontCheckDefaultBrowser": true,
        "Homepage": {
            "URL": "",
            "Locked": true,
            "StartPage": "none"
        },
        "ManualAppUpdateOnly": true,
        "NoDefaultBookmarks": true,
        "OverrideFirstRunPage": "",
        "OverridePostUpdatePage":"",
        "PDFjs": { "Enabled": false },
        "Permissions": {
            "Camera": { "BlockNewRequests": true, "Locked": true },
            "Microphone": { "BlockNewRequests": true, "Locked": true },
            "Location": { "BlockNewRequests": true, "Locked": true },
            "Notifications": { "BlockNewRequests": true, "Locked": true },
            "VirtualReality": { "BlockNewRequests": true, "Locked": true },
            "Autoplay": { "Default": "block-audio-video", "Locked": true }
        },
        "Preferences": {
                "browser.sessionstore.resume_from_crash": {
                "Value": false,
                "Status": "locked"
            },
            "browser.tabs.closeWindowWithLastTab": {
                "Value": false,
                "Status": "locked"
            },
            "dom.event.clipboardevents.enabled": {
                "Value": false,
                "Status": "locked"
            },
            "dom.event.contextmenu.enabled": {
                "Value": false,
                "Status": "locked"
            },
            "browser.search.suggest.enabled": {
                "Value": false,
                "Status": "locked"
            },
            "media.mediasource.enabled": {
                "Value": false,
                "Status": "locked"
            }
        },
        "NewTabPage": false,
        "SearchBar": "separate",
        "SearchSuggestEnabled": false,
        "UserMessaging": { 
            "WhatsNew": false, 
            "ExtensionRecommendations": false, 
            "FeatureRecommendations": false, 
            "UrlbarInterventions": false,
            "SkipOnboarding": false,
            "MoreFromMozilla": false
        }
    }
}

policies.json in detail

ESR-only policies.json options

Some policies.json options are only supported in Firefox ESR (Extended Support Release) versions. These versions are much less frequently updated than ordinary Firefox versions. The ability to automatically add new search engines and remove built-in search engines is available only in ESR. (Mozilla has stopped support for OpenSearch search engine add-ons.)I use these additional options in my policies.json file.

"SearchEngines": {
  "PreventInstalls": false,
  "Add": [
    { "Name": "Bing",
      "URLTemplate": "https://www.bing.com/search?q={searchTerms}",
      "Method": "GET",
      "IconURL": "https://www.bing.com/favicon.ico",
      "Alias": "bi",
      "Description": "Bing search engine"
    },
    { "Name": "DuckDuckGo HTML",
      "URLTemplate": "https://html.duckduckgo.com/html/",
      "Method": "POST",
      "IconURL": "https://duckduckgo.com/favicon.ico",
      "Alias": "dh",
      "Description": "DuckDuckGo HTML search engine",
      "PostData":"q={searchTerms}"
    },
    { "Name": "DuckDuckGo Plain",
      "URLTemplate": "https://duckduckgo.com/?q={searchTerms}",
      "Method": "GET",
      "IconURL": "https://duckduckgo.com/favicon.ico",
      "Alias": "dd",
      "Description": "DuckDuckGo ordinary search engine"
    },
    { "Name": "Flipkart",
      "URLTemplate": "https://www.flipkart.com/search?q={searchTerms}",
      "Method": "GET",
      "IconURL": "https://static-assets-web.flixcart.com/www/promos/new/20150528-140547-favicon-retina.ico",
      "Alias": "fk",
      "Description": "Flipkart product search"
    },
    { "Name": "Amazon",
      "URLTemplate": "https://www.amazon.com/s?k={searchTerms}",
      "Method": "GET",
      "IconURL": "https://www.amazon.com/favicon.ico",
      "Alias": "am",
      "Description": "Amazon product search"
    },
    { "Name": "Amazon India",
      "URLTemplate": "https://www.amazon.in/s?k={searchTerms}",
      "Method": "GET",
      "IconURL": "https://www.amazon.com/favicon.ico",
      "Alias": "ai",
      "Description": "Amazon India product search"
    },
    { "Name": "Internet Archive",
      "URLTemplate": "https://web.archive.org/web/*/{searchTerms}",
      "Method": "GET",
      "IconURL": "https://archive.org/favicon.ico",
      "Alias": "ia",
      "Description": "Web archive search"
    },
    { "Name": "Ogle",
      "URLTemplate": "https://www.google.com/search?q={searchTerms}",
      "Method": "GET",
      "IconURL": "https://www.google.com/favicon.ico",
      "Alias": "o",
      "Description": "Ogle search"
    },
    { "Name": "Ogle Images",
      "URLTemplate": "https://www.google.com/search?tbm=isch&q={searchTerms}",
      "Method": "GET",
      "IconURL": "https://www.google.com/favicon.ico",
      "Alias": "oi",
      "Description": "Ogle image search"
    },
    { "Name": "Ogle NUSa",
      "URLTemplate": "https://www.google.com/search?hl=en-US&gl=US&tbm=nws&tbs=sbd:1&q={searchTerms}",
      "Method": "GET",
      "IconURL": "https://ssl.gstatic.com/gnews/logo/google_news_192.png",
      "Alias": "on",
      "Description": "Ogle news search"
    },
    { "Name": "IMDB",
      "URLTemplate": "https://www.imdb.com/find?q={searchTerms}",
      "Method": "GET",
      "IconURL": "https://www.imdb.com/favicon.ico",
      "Alias": "im",
      "Description": "Internet Movie Database search"
    },
    { "Name": "Youtube",
      "URLTemplate": "https://www.youtube.com/results?search_query={searchTerms}",
      "Method": "GET",
      "IconURL": "https://www.youtube.com/favicon.ico",
      "Alias": "yt",
      "Description": "Youtube search"
    }
  ]
},

Go to this URL and download a Firefox version marked as ESR for your OS.

https://ftp.mozilla.org/pub/firefox/releases/

Pale Moon

One of the great features of the old Opera and Firefox was their support for user styles (see my article The Utility of User Scripts (JS) and User Styles (CSS) from 2016). Some of us who can write CSS styles would customize web pages (from any website) with user styles. These styles were placed in the userContent.css file in the chrome directory of the current Firefox profile. Mozilla has removed this functionality. Now, the user styles functionality can only be used using an add-on. I used to use the add-on Stylus but now I have switched to a different browser.

I have switched to a Gecko-based fork of the Firefox browser called Pale Moon. It does not support the latest CSS styles but it gets security updates. The project says that it is built for new processors. On my decade-old laptop, it struggles to load script-heavy sites like Youtube. On other sites, it seems fine. Pale Moon supports userContent.css, RSS, XUL/XPCOM add-ons and themes, customizable toolbars and all the fun good stuff that Mozilla removed from its browser. Pale Moon also has support for NPAPI plugins (Adobe Flash, Java,…) but this is available only when you manually install the plugins so no worries. Best of all, Pale Moon has no telemetry and other 'studying' stuff. It even supports my OpenSearch XML-based custom search engine add-ons that I created to remove tracking parameters from search URLs.

Screenshot of search engine add-ons

I still use Firefox for banking and other secure activities. Rest of my browsing is in Pale Moon. With Pale Moon, I am able to use the old DownThemAll download manager and the Bamboo RSS reader. If you do not visit questionable websites and do not mindlessly click on every prompt, you should be fine too.

Mojeek and Ecosia

Pale Moon introduced me to two new search engines. Both say they will not track you, something DuckDuckGo promised and then reneged. (DuckDuckGo recently revealed that they do not block Bing trackers and have been censoring the news a.k.a. Russia Today.) Ecosia is based on the Bing search engine. It says 100% of its profits will go for climate action with 80% going to tree-planting. (Somebody should tell them that more trees means more CO2 at night.) Mojeek seems to have their own independent search engine.

HOSTS file

Having a 'blocking' hosts file is the most effective way to reduce the environmental footprint of your browsing activity. Javascript and fonts from Google and social media sites are the #1 reason for the slowness of the Web. Their Javascript blocks the rendering of web pages and cumulatively contribute to your electricity and internet consumption bills. And, if you believe in Global Warming, then that too. (You are killing those poor polar bears with your social media posts!) When you use a blocking hosts files, the included domains are pointed back to your computer. Your computer just says 'not found' and the browser abandons those requests.

I use a hosts file from this project:

https://github.com/StevenBlack/hosts

It provides several combination of domains serving ads, social media, ʇ-n-ɯ-s, and malware. After replacing your /etc/hosts file with a blocking hosts file, web pages will load faster. You will not see any ads. You may see some blank boxes in webpages where the ads were supposed to load but otherwise there will be no problem. Some websites will detect this and prompt you to disable your ad-blocker. Just refresh the page when this happens.

Disable Javascript

You can disable ads, popups, and notifications in one fell swoop by disabling Javascript. I use a Firefox add-on called 'Javascript Toggle On and Off' for this. It is great for reading news sites. You would not believe how many prominent Indian and international news sites have implemented their paywall using CSS or Javascript. It is ridiculous. When you disable Javascript, you will not be able to log in to secure sites but on other sites it really smoothens the browsing experience. There are lots of ‘framework-heavy’ sites that rely on Javascript for everything and cannot display even a comma without Javascript. These sites are not search-engine-friendly or accessibility-friendly. Avoid them.

DNS

Do not set the DNS servers in your modem configuration to 8.8.8.8 or 8.8.4.4 (both from Google) or 1.1.1.1 (from Cloudflare ~ Amazon). Instead, use the DNS provided by your ISP or from other free DNS services such as Comodo (8.26.56.26 and 8.20.247.20) or OpenDNS (208.67.222.123 and 208.67.220.123). Spread your Internet footprint across several providers and make it thin out. Do note that these alternative DNS servers provide family-safe filtered results.

Wired connections

Wired LAN connections provide the best speed and security. Having a wireless router is an invitation to hackers, criminals and terrorists. Even the Bluetooth chip in a phone is a vulnerability beacon. If you go to a crowded place and do a scan of Bluetooth devices, you will be surprised how many phones have their Bluetooth connections turned on. Most phone owners do not even know what Bluetooth is. They just go on with their lives none the wiser. With so much e-commerce being done on mobile phones, Bluetooth and Wi-Fi connections pose a serious security threat. Even non-tech-savvy citizens are being forced to use mobile phones for availing various government services. They are the most vulnerable. Wired internet and mobile internet should be the first choice. When one of these is available, Wi-Fi and Bluetooth connections should be disabled.

Tor browser

IMHO, Tor is a honeypot project like crypto mining. In the last few years, several mainstream investors had piled into the crypto hole and lost hundreds of billions of dollars. Similarly, Tor has received a lot of hype and fans claim that it will definitely make you anonymous. It is open source, they say. Even TrueCrypt was open source. After the developers suddenly quit in 2014, suspicion arose whether the software was another honeypot. OpenBSD is also open source. In 2010, there was a controversy about FBI contractors placing a backdoor in it.

In 2013, the owner of a small Utah-based ISP revealed that when the NSA wants to monitor someone they place a black box in the telecom equipment and all Internet traffic to and from the customer is routed through it. The US government does not even bother with a court warrant. They just write a ‘national security letter’ and ISPs are constrained from disputing it or revealing its existence in a court. But, when the customer uses Tor, they do not bother with all that hassle. They have other means to monitor Tor users! (When the feds come knocking: The tale of a Utah ISP, a secret court order, and a little black box; ZD Net; 2013)

Tor may make you anonymous to websites but it will not make you invisible to governments and infosec professionals. Like VPN, there is a Tor service provider to whom traffic is routed. It is a mater of time before a government or a court contacts the service provider and seamlessly replaces the Tor service with an imitation. After that, it is self-incrimination time.

Chrome alternatives

Sure, there are Chrome alternatives like Opera, Edge, Brave and Vivaldi. When Microsoft Edge made the switch to Chromium engine, they revealed that they had replaced several Google-related dependencies from the open-source code. It was quite a long list. (Microsoft reveals all the Google things it removed in its Chromium Edge browser; The Verge; 2019) Microsoft had their own proprietary replacements. How much did the other Chrome alternatives remove?

Summary