Mastodawn

Isdahl Mar 2, 2025

Electric Gremlin

Reminder that Firefox has a pathway to specifying some settings, including ones not exposed to users any other way, with a config file stored on disk.

They call it enterprise policies but anyone can use it by just putting a file in the location indicated on that site.

You can disable entire features, opt out of Telemetry before your first launch of Firefox on a new install, declare you never want to be part of studies, turn off their ML integration and keep it off, force about:config preferences in a way that can't be "accidentally" reverted, etc.

policy-templates

Policy Templates for Firefox

policy-templates

Electric Gremlin Mar 1, 2025

This is mine at the moment. I throw out a lot of stuff; be familiar with what everything does by cross-referencing it with the site in the last post, or a preferences list, before just using this because it turns off auto-updating, half of Firefox's features, and changes the UI in ways.

You can't comment JSON 🙃

{
  "policies": {
    "AppAutoUpdate": false,
    "AutofillCreditCardEnabled": false,
    "BackgroundAppUpdate": false,
    "CaptivePortal": false,
    "DisableAccounts": true,
    "DisableFeedbackCommands": true,
    "DisableFirefoxAccounts": true,
    "DisableFirefoxScreenshots": true,
    "DisableFirefoxStudies": true,
    "DisablePocket": true,
    "DisableTelemetry": true,
    "DontCheckDefaultBrowser": true,
    "FirefoxHome": {
      "SponsoredTopSites": false,
      "Highlights": false,
      "Pocket": false,
      "SponsoredPocket": false,
      "Snippets": false
    },
    "FirefoxSuggest": {
      "WebSuggestions": false,
      "SponsoredSuggestions": false,
      "ImproveSuggest": false
    },
    "ManualAppUpdateOnly": true,
    "OfferToSaveLogins": false,
    "PasswordManagerEnabled": false,
    "PictureInPicture": {
      "Enabled": false
    },
    "Preferences": {
      "browser.ml.chat.enabled": false,
      "browser.uidensity": 1,
      "dom.private-attribution.submission.enabled": false,
      "browser.translations.enable": false,
      "app.normandy.enabled": false
    },
    "SearchSuggestEnabled": false,
    "UserMessaging": {
      "WhatsNew": false,
      "ExtensionRecommendations": false,
      "FeatureRecommendations": false,
      "UrlbarInterventions": false,
      "SkipOnboarding": true,
      "MoreFromMozilla": false
    }
  }
}

lebout2canap ⏚Mar 1, 2025

@trysdyn I use the "_comment" entry technique, it’s far from ideal but it’s better than nothing.

Oliver Jensen Mar 1, 2025

@trysdyn you can indeed comment json if the schema isn't restricted and you are willing to be silly enough 😁

```
{
"thing": "foo",
"//": "you can comment json",
"// ": "provided that you have no shame",
}
```

mjec Mar 2, 2025

@ojensen this is so cursed (affectionate)

Cassandrich Mar 2, 2025

@ojensen @trysdyn Are repeated keys legal?

Oliver Jensen Mar 2, 2025

@dalias @trysdyn implementation-wise, weird stuff can happen (eg I've seen length from one on the buffer of another, etc) so inadvisable. I didn't repeat keys though 😁

Cassandrich Mar 2, 2025

@ojensen @trysdyn Oh I missed the space.

0xC0DEC0DE07EA Mar 2, 2025

@dalias @ojensen @trysdyn giant “block” comment:
“//“: [
“Lorem ipsum …”,
“I like oranges.”
]

Oliver Jensen Mar 2, 2025

@c0dec0dec0de @dalias @trysdyn last element of your list should be "*/". We must maintain SOME standards and decorum...

jomo Mar 2, 2025

@dalias @ojensen @trysdyn yes, the various specs (there is no definite one lol) allow it. however, almost none of the implementations support it in a meaningful way. some will use the first value, others the last. a good implementation would throw an error or ignore the key, as there is obviously something wrong with the input.

it's a fun thing to abuse when you have two different implementations in a system.

Dawn Ahukanna Mar 2, 2025

@ojensen @trysdyn
Yep
‘“[objectname]Comment”:”This is a comment”,
…’

Oliver Jensen Mar 2, 2025

@dahukanna @trysdyn : ☝️ wise.

For anyone who doesn't see the value of this format: this keeps the comment adjacent to the thing you're commenting, even if the structure goes through a decode/encode cycle (provided the keys get alphabetized, which is pretty common). Few things are more frustrating than picking up a line comment and moving it arbitrarily away from the thing it refers to.

Dave Winer ☕️Mar 2, 2025

@ojensen @trysdyn

I do it with comment1, comment2, etc

{
"comment1": this is a comment about something that's nearby."
}

Taco Dave Nov 24

@davew @ojensen @trysdyn I prefer multiline comments using arrays, and using //topic as a naming scheme:

```json
{
“//dependencies”: [
“Make sure if you update Next.JS here that”,
“you update the script that handles installing it in”,
“Docker because of dependency weirdness.”
],
“dependencies”: {
}
}
```

Momo Mar 3, 2025

@ojensen
This is so cursed, I hate you! 😅
@trysdyn

Oliver Jensen Mar 3, 2025

@momo @trysdyn praise of the highest order. Thank you!

Julien W.Mar 1, 2025

@trysdyn why do you disable PiP by curiosity?

bignose Mar 2, 2025

Thank you for this configuration @trysdyn!

You have both of these settings:

```
"DisableAccounts": true,
"DisableFirefoxAccounts": true,
```

but the "preference templates" documentation doesn't know about "DisableAccounts", it only has "DisableFirefoxAccounts". What's the difference, what do each of those two do?

Electric Gremlin Mar 2, 2025

@bignose I assume one was a deprecated alias for the other and I just added over time rather than replace. Don't remember.

schrotthaufen Nov 24

@trysdyn One could even pre-install their favorite extensions like e.g. uBO. AND with the policy templates for Windows, one can paste the json as is to have the same settings in Windows as in other OSes.

Electric Gremlin Mar 2, 2025

I just looked at Firefox's error log on rendering my policy file and found that at some point vanilla FF forbade turning off the project "normandy" automated config change push "For stability reasons"

Really? :/

Momo Mar 3, 2025

@trysdyn
Thank you. I think that now, that we have to relate to hacks like this, I want to switch browser instead. And I use Firefox for over 20y now... 😭

Andrej Shadura Mar 1, 2025

@trysdyn, why would I want to disable telemetry or studies?

Amin Girasol Mar 1, 2025

@andrew_shadura @trysdyn who benefits from them? Whose information is input for them?

Andrej Shadura Mar 1, 2025

@fluidlogic, the developers of Firefox, so eventually the users including myself. To me, they carry the same value as crash and bug reports.

Tom Ritter Mar 2, 2025

@fluidlogic @andrew_shadura @trysdyn I do. I've used telemetry to deploy security features including working around and not breaking completely unsupported Firefox hacks that bring back old style add-ons (to the bewilderment of some coworkers...), to get baseline data for deploying privacy features for anti-fingerprinting, determine how much fingerprinting actually takes place on the web, and figure out the best algorithm for doing anti-fingerprinting protections while being minimally invasive to your CPU.

That's just me. There's hundreds of other developers who have used it for hundreds of others of things.

If you want to disable telemetry that's fine, and I've written code to make telemetry even more granular so you can disable an individual ping that you might not like while still submitting all the other telemetry.

And there's definitely a discussion to be had about old probes that maybe no one is looking at (we have nag alerts that ask us to renew these if we still need them but things can always be done better).

But the argument that no one benefits from the telemetry just isn't true. 🙂. And while I respect large deployments (distros, corps) disabling it en masse - it definitely gives us a blind spot to problems they may be experiencing.

Garth Kidd Mar 3, 2025

@tomrittervg @fluidlogic @andrew_shadura @trysdyn as a hypothetical, how would you adjust the telemetry so an adversary who could read your data couldn’t fingerprint your users with it?

I’d want to simulate it first, but I suspect from my work with OpenTelemetry it’d hurt less than one’d at first suspect to send a subset of signals with each ping? Send the random bitmask used for selection along with the data in case some queries should only consider samples with all metrics of interest present.

That’d augment basic sampling. You’re no doubt familiar but, for those in the back: we can draw operationally useful and statistically defensible conclusions as long as we have enough samples per interval. If N=100K is strong enough, collecting more embiggens our cloud bills without any improvement in our results. Instead, we can throw out 90%… or 99%, or more. Fun!

If you have 100M users, it might suffice to have each user send a ping only on 0.1% of the intervals. Or, to make fingerprinting harder, only 10% of the signals on 1% of the intervals? Maybe some, you simply don’t ever send in combination with others? Might be a paper or two to be had in that.

Tom Ritter Mar 3, 2025

@garthk Okay so this isn't my field of expertise, but the first two things I'd ask are "Can you just use DAP for your metric(s) to avoid this entirely?" and "What does fingerprint mean?"

Like, a website operator steals the dataset and wants to correlate a visitor to a record?

Garth Kidd Mar 6, 2025

@tomrittervg I don’t know DAP, but this isn’t the kind of metrics that help you understand your web site’s “traffic”?

Fingerprinting in web advertising is embedding a script into your ad to produce a close-to-unique identifier from every morsel of data the browser leaks about the user and their computer. Screen dimensions and available fonts can be enough. If you embed it in the URL for an image, you can track people from site to site without them carrying cookies and despite them changing browser or opening an “incognito” window. Grab a sneaky copy of whatever they’re typing, while you’re at it.

Garth Kidd Mar 6, 2025

@tomrittervg Back to DAP: if we gather metrics about the site and its performance e.g. time-to-paint, there’s no privacy concern or my threat model isn’t thorough. Feeling safe is as good as being safe, right?

If we gather metrics about the user and their actions, it becomes possible to draw conclusions about them. Those conclusions can be dangerous even if they’re incorrect. If we fail to secure our data, and to make it expensive or impossible to correlate it with other data—is the user’s IP address still in there?—then that failure makes us part of the surveillance machine, now or in the future.

Garth Kidd Mar 6, 2025

@tomrittervg The kind of metrics we were talking about are gathered close to the machine, without any of the browser’s protection against fingerprinting, and at a global scale. It could be misused on its own, or help tie fingerprints to identities thus people to their browsing history.

I have every sympathy for developers wanting that data to help support the product. Given the plausible harm if the data is misused, however, the users are right to refuse to send it unless the developers take steps to prevent its misuse, explain those steps to their satisfaction, and provide means to verify the steps are still in place.

Garth Kidd Mar 6, 2025

@tomrittervg Sending only some of the data, some of the time, could help mitigate the harms and could be locally verified.

Or, like I said, maybe my threat model needs work.

Cassandrich Mar 2, 2025

@andrew_shadura @trysdyn Because unless you're an expert you have no idea if they leak sensitive personal information. And participating normalizes them, makes opting out more conspicuously different for ppl who need to. They're also harmful to begin with because they're user surveys biased to only reflect the behaviors of non privacy conscious users, and create data that suggests privacy features are unused.

All telemetry is harmful in this way. Respectable projects don't use telemetry whatsoever.

Cassandrich Mar 2, 2025

@andrew_shadura @trysdyn Also (I wrote in depth on this a long time ago, should dig it up) the word "telemetry" here is very loaded and harmful.

"Telemetry" conventionally means remote sensing/measurement done on something the party gets the readings from owns and has deployed.

In the context of software, it implies the software running on your device really "belongs to" the party getting the telemetry, and is an agent acting remotely on their behalf.

Alexander Bochmann Mar 1, 2025

@trysdyn I was about to ask if anyone had thought about creating something similar to Firefox Profilemaker (https://ffprofile.com) for enterprise policies, but it turns out they already have an option to download an enterprise policy generated from their questionnaire instead of a prefs.js...

Firefox Profilemaker

Moss (the τεχie) <(fsm)>{{Mar 2, 2025

@trysdyn
Nice! How to do this on iOS?

Daniel Lakeland Mar 2, 2025

@Moss_the_TeXie
On iOS my understanding is Firefox is just a UI wrapper around the system browser because Apple makes it impossible to have another real browser.
@trysdyn

muž s klapkami na očích Mar 2, 2025

correct. tl;dr you cannot use a different browser on iOS.

CC: @[email protected] @[email protected]

Werawelt Mar 2, 2025

@trysdyn
How can I do this with Linux?

ಚಿರಾಗ್ 🌹✊🏾Ⓥ🌱🇵🇸 (he/him)Mar 2, 2025

@werawelt @trysdyn
> On Linux, the file goes into firefox/distribution, where firefox is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in /etc/firefox/policies.

From the link specified in OP.

Werawelt Mar 2, 2025

@chiraag
Now I see it 🤦‍♂️ Thank you very much 🙏

schrotthaufen Mar 2, 2025

@trysdyn @cstross Chromium/Chrome can be configured with policies as well. (Not that I’d recommend using these browsers…) https://chromeenterprise.google.com/policies

Adoxography Mar 2, 2025

@trysdyn Bookmarked, thanks.

RA_L ✔️Mar 2, 2025

@trysdyn
Does it work in ubuntu with the fcking snaps?

nev Mar 2, 2025

Thanks to @trysdyn's post, cobbled together my own #Firefox policy file to fix all the annoying little things I have to adjust after installation—nuking Pocket from orbit, removing the Bing and eBay search engines, etc.

nev Mar 2, 2025

{
"policies": {
"DisableFirefoxStudies": true,
"DisablePocket": true,
"DisableSetDesktopBackground": true,
"DisableTelemetry": true,
"DisplayBookmarksToolbar": "newtab",
"EnableTrackingProtection": {
"Value": true
},
"FirefoxHome": {
"Search": true,
"TopSites": false,
"SponsoredTopSites": false,
"Highlights": false,
"Pocket": false,
"SponsoredPocket": false,
"Snippets": false,
"Locked": false
},
"FirefoxSuggest": {
"WebSuggestions": false,
"SponsoredSuggestions": false,
"ImproveSuggest": false,
"Locked": false
},
"OverrideFirstRunPage": "",
"OverridePostUpdatePage": "",
"Preferences": {
"app.normandy.enabled": false,
"app.normandy.api_url": "",
"browser.aboutConfig.showWarning": false,
"browser.altClickSave": true,
"browser.ml.chat.enabled": false,
"browser.ml.enable": false,
"browser.newtabpage.activity-stream.default.sites": "",
"browser.newtabpage.activity-stream.discoverystream.enabled": false,
"browser.newtabpage.activity-stream.feeds.discoverystreamfeed": false,
"browser.newtabpage.activity-stream.feeds.system.topsites": false,
"browser.privatebrowsing.vpnpromourl": "",
"browser.tabs.inTitlebar": 0,
"browser.topsites.contile.enabled": false,
"browser.topsites.contile.sov.enabled": false,
"browser.urlbar.suggest.topsites": false,
"browser.vpn_promo.enabled": false,
"dom.private-attribution.submission.enabled": false,
"extensions.pocket.api": "",
"extensions.pocket.bffApi": "",
"extensions.pocket.oAuthConsumerKey": "",
"extensions.pocket.showHome": false,
"extensions.pocket.site": ""
},
"SearchEngines": {
"Remove": ["Bing","eBay","DuckDuckGo"],
"Add": [
{
"Name": "Google Web",
"URLTemplate": "https://google.com/search?q={searchTerms}&udm=14",
"IconURL": "https://www.google.com/favicon.ico"
}
],
"Default": "Google Web"
},
"UserMessaging": {
"ExtensionRecommendations": false,
"FeatureRecommendations": false,
"FirefoxLabs": false,
"MoreFromMozilla": false,
"SkipOnboarding": true
}
}
}

Google

Okwari Aug 11, 2025

@trysdyn I just wanted to tell you how helpful your posts are. The dreaded AI Tabs in Firefox were already disabled in my browsers based on your suggestion.

Electric Gremlin Aug 11, 2025

@okwari Oh I appreciate that~

Yeah I got frustrated I couldn't centrally manage Firefox via Puppet or something so I dug in and found that stuff. It's been super useful and I'm glad other people find it useful too.

sparseMatrix Nov 24

You're doing the people's work, good on ya!