Firefox Tweaks and Fixes and Styles and Things

Customize the appearance of the Firefox web browser and its derivatives without using add-ons.

See the recent changes at the end of this document.

Introduction

Following is a collection of tweaks and fixes for the Mozilla Firefox web browser and its derivatives. Keep an eye out for changes as i tend to update this stuff fairly often.

For the non-techies, here are brief descriptions of some of the Firefox configuration files which are in play in this article:

  • prefs.js: This is the primary Firefox configuration file that controls much of how the browser works. This file exists in the root of your Firefox profile directory. The contents of this file can be viewed and edited by entering about:config in the address bar, however you should typically not edit this file unless it's only to test something. All of your custom preferences should be placed in a user.js file (or a user-overrides.js file if you're using the 'ghacks' user.js).
  • user.js: This file does not exist until you create it in the root of your Firefox profile directory. Any preferences that you wish to change in prefs.js or about:config that are not available in the Firefox options interface, and which you want to preserve across Firefox updates or resets, should be entered in this file.
  • userChrome.css: This file does not exist until the you create it in the chrome folder of your Firefox profile. This file is used to modify the appearance of virtually any element of the Firefox user interface (UI).
  • userContent.css: This file does not exist until the you create it in the chrome folder of your Firefox profile. This file can be used to modify the appearance and behavior of web pages, however i would recommend using the Stylus add-on instead because it makes working with CSS much easier.

If you need help with Cascading Style Sheets (CSS), selectors and what parameters they can take, see the CSS Introduction and CSS Reference documents at w3schools.com.

Changing how Firefox looks

CustomCSSforFx

Since Mozilla removed support for the older XUL/XPCOM add-ons in favor of WebExtensions, the much loved Classic Theme Restorer add-on won't work with Firefox version 57 or newer. The developer of CTR is still very active in maintaining the CSS code that was used in the add-on however and you can find it in the CustomCSSforFx GitHub repository. Using the new code, we can continue to tweak the crap out of Firefox, though it will require a bit more elbow grease. I've removed several of the CSS tweaks i used to have here in favor of using the CustomCSSforFx code because it covers so much territory and saves a lot of time without adding too much overhead. You can also hide Firefox context menu items with CustomCSSforFx or you could roll your own styles and dump it in userChrome.css.

Instructions for implementing the CustomCSSforFx code is on the page i linked to, though i might recommend implementing it a little differently, especially if you already have code in your userChrome.css or userContent.css that you want to keep. The method i use keeps my custom code separate from the CustomCSSforFx code which makes updating the CustomCSSforFx code easier. It also allows to quickly troubleshoot problems that might arise because you can just comment out a single @import line to easily eliminate large chunks of code. Here's what my userChrome.css contains:

/* @namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"); /**/

/* Aris-t2/CustomCSSforFx (https://github.com/Aris-t2/CustomCSSforFx) */
@import "./custom/aris-t2/userChrome.css"; /**/

/* all of my other custom code is below */

Notice that the @namespace line is commented out. You need to do the same, else some of the tweaks in the CustomCSSforFx code might not work. To understand why you don't need the @namespace line, even though you may have read that you do, and why it can cause styles to break, read Adding Style Recipes to userChrome.css.

As you saw above, the userChrome.css in my /chrome folder is a rather bare-bones affair in which i use @import to link to the CustomCSSforFx files and all my other CSS files that reside in sub-folders of /chrome. Here's what the directory hierarchy looks like if you're confused:

/chrome
    userChrome.css
    userContent.css
/chrome/custom/aris-t2
    /config
    /css
    /image
    userChrome.css
    userContent.css
/chrome/custom/some-other-stuff
    whatever.css

And here's what my userContent.css file looks like, which just points to the userContent.css file contained with the CustomCSSforFx package:

/* Aris-t2/CustomCSSforFx (https://github.com/Aris-t2/CustomCSSforFx) */

@import "./custom/aris-t2/userContent.css"; /**/

/* all of my other custom code is below here */

Once you've got the files in place, it's just a matter of editing the /aris-t2/userChrome.css and /aris-t2/userContent.css files to suit your needs. The instructions for doing so are contained in the files. It will take a while to go through it all, but i suggest doing so because some tweaks are OS specific.

Dark Fox

Firefox ships with a few default themes and one of them is the 'Dark' theme. To activate it, right-click on an empty part of the tab bar or the navigation tool bar, or click the 'Customize' menu item in the Hamburger menu. At the bottom of the 'Customize Firefox' tab you'll see a 'Themes' button. Click it and select the 'Dark' option. If you also use a 'dark web' add-on to darken the entire web, such as Dark Background and Light Text, you may experience the dreaded 'White Flash Syndrome' which is a brief white flash when you load a website. This can be very annoying when using a dark web theme but it can be minimized by adding this to your userChrome.css:

/* eliminate white flash when loading web pages */
#browser vbox#appcontent tabbrowser,
#content,
#tabbrowser-tabpanels,
browser[type=content-primary],
browser[type=content] > html {
    background: #000 !important;
}

Another way to darken more of the Firefox UI, including some about: and extension pages, is with Shadowfox, however i find it to be overkill. If you use Shadowfox the 'white flash' code above is not needed.

Auto-open/hide the sidebar

WARNING: Because the sidebar is essentially always open, but hidden, if an item in the sidebar has focus and you press, for instance, the delete key even when the sidebar is hidden, the sidebar item that has focus will be deleted! I stopped using this style myself for this reason, and also because it will no longer be possible to drag stuff (like a bookmark) into the sidebar, however i decided to keep the code here in the event others aren't bothered by these issues.

This CSS tweak allows to open the sidebar by simply moving your mouse cursor to the extreme left of the browser window and close it by moving your mouse off of the sidebar. You many not want to use this if you don't usually keep Firefox maximized. There are two issues with this style: Because the position of the sidebar is set to 'relative', it shares the same space as the page you're browsing and so it narrows the page by 1 pixel. May not sound like anything worth a complaint, but it bothers me. Problem is, i've been unable to get the sidebar to display properly if i set its position to 'fixed'. Also, in the original code that i found (stole), the author removed the sidebar header and i wanted to keep it. This creates the second issue in that, if you change the contents of the sidebar using the drop-down menu in the header, the sidebar will collapse and must be reopened.

Don't forget to set --sbarwidth to your desired value.

/*
/*
* AUTO-OPEN SIDEBAR
*
* Contributor(s): img2tab
*
*/
:root {
    --sbarwidth: 420px; /* set width you want the sidebar to be when it's open */
}
#sidebar-header {
    border-bottom: none !important;
}
.sidebar-header, #sidebar-header {
    font-weight: normal !important;
    color: white !important; /* comment out for a light theme /**/
}
#sidebar-box {
    overflow-x: hidden;
    min-width: 0px;
    max-width: 0px;
    position: relative;
    padding-left: 5px !important;
    padding-right: 0 !important;
    background-color: #2e2e2e !important; /* comment out for a light theme /**/
    border-right: 1px solid; /* width of the border which opens the sidebar /**/
    cursor: pointer;
    transition: all 0.1s ease 0.15s; /* first number is transition time and second is open/close delay time */
}
#sidebar-box:hover,
#sidebar-box #sidebar {
    min-width: var(--sbarwidth);
    max-width: var(--sbarwidth);
    padding-right: 10px;
}
#sidebar-box ~ #sidebar-splitter {
    display: none;
}
.sidebar-placesTree {
    color: white !important; /* comment out for a light theme /**/
}

/* bookmark panel item spacing - optional */
.sidebar-placesTree treechildren::-moz-tree-row {
    margin: -2px;
}

Adjust vertical space between the bookmark items

This will change the vertical space between your bookmarks in the sidebar. You can use CustomCSSforFx for this, or copy the following code to your userChrome.css. Change the -2 to whatever suits you.

/* bookmark panel item spacing */
.sidebar-placesTree treechildren::-moz-tree-row {
    margin: -2px;
}

Styling the link target/network status tooltip

The link/status tooltip is the text that appears in the lower left or right of the browser viewport when you hover over a hyperlink or when there is certain network activity. Some people (me!) find the link tooltip really annoying because it can cover part of a webpage and get in your way. This style will have the following effects:

  • move the hyperlink tooltip to the top of the browser, overlaying the tab bar (adjustable)
  • make the hyperlink tooltip the full width of the browser (almost)
  • make the hyperlink tooltip background transparent black and the text white
  • center the hyperlink tooltip text
  • leave the network status tooltip on the bottom of the viewport, but make the background transparent white and the text black
/* move the hyperlink tool-tip to the top of the browser */
#statuspanel[type="overLink"] {
  position: fixed;
  top: 26px; /* adjust as necessary */
  left: 0;
  width: 100%;
  z-index: 3;
  text-align: center;
}

/* style the hyperlink tool-tip */
#statuspanel[type="overLink"] #statuspanel-label {
  background-color: #0000008c !important;
  color: white !important;
  height: 27px !important; /* adjust as necessary */
}

/* style the status tool-tip */
#statuspanel[type="status"] #statuspanel-label {
  background-color: #ffffff9c !important;
  color: black !important;
}

/* make sure the the status tooltip is hidden when it's inactive */
#statuspanel[inactive] #statuspanel-label {
  display: none !important
}

Changing how Firefox works

In addition to the smooth scrolling tweak below, see the articles, Firefox Configuration Guide for Privacy Freaks and Performance Buffs and The Firefox Privacy Guide For Dummies!, as well as my user-overrides.js.

Smooth scrolling

Smooth scrolling is apparently enabled by default in Firefox, but i don't care for the way it works. If you want to try my settings, copy the smooth scroll code from my user-overrides.js file on my GitLab repository (scroll down until you find the line === 12BYTES.ORG SMOOTH SCROLLING ===).

Making the user interface (UI) bigger on small displays

The Firefox UI consists of several parts including toolbars, the tab bar and the viewport where web pages are displayed. If you're working on a high resolution, small format display, such as a laptop with a 1080p screen, everything may look too small. From the Firefox preferences you can easily enlarge the font sizes used by web pages. By the way, when you change font sizes in the "Fonts & Colors" section of the Firefox preferences, make sure to set the same sizes for "Other Writing Systems" in addition to your language (which is Latin if you read English). If the toolbar buttons, address bar text and other parts of the Firefox UI are also too small, adjusting font sizes will do nothing to enlarge them, so here's what you can do:

  1. Enter about:config in the address bar
  2. In the search box, enter layout.css.devPixelsPerPx
  3. Set the value of this preference to whatever decimal number (0.9, 1.1, 1.2, etc.) you want until the toolbars and icons are a comfortable size (the change will take effect immediately). Don't use too large of a number. What is too large? I don't know, but once you get close to 2 you might notice very strange issues with the UI. I use a value of 1.3 for a 17 in., 1080p display.

This will also enlarge all web pages and so you may want to adjust your desired font sizes in Firefox's options, both for your preferred language and 'Other Writing Systems'.

If you use the developer tools you can enlarge all of that using the devtools.toolbox.zoomValue preference.

When you're done, you should put those preferences in a user.js file.

Changing how websites look or work

The styles below can be used in a userChrome.css file, but i would recommend using the Stylus add-on mentioned earlier. If you dump them in userChrome.css you'll need to make some changes so that they affect only the websites you want them to affect.

Making the interwebs dark

Many of us who have been staring at computer monitors too damn long cannot tolerate bright displays. White web pages with dark text feels like looking at the sun, which is one reason why i use a dark theme for this website. A lot of people seem to have this problem and there are many solutions. In the case of Firefox, there are quite a few add-ons that can darken the web and they use various methods to do so. The simplest ones invert the colors which is a dumb method for a couple reasons, one of them being that this can make dark pages look bright. To see my preferred extension for darkening the web, see Firefox Extensions – My Picks. In addition, also see the 'Dark Fox' section above if you want to reduce the 'white flash' when a you load a new tab.

Allow text selection/copying

In a silly effort to prevent copying text, some website admins will try to prevent you from selecting it, or at least make it appear that you can't select it by changing the selection color to the same color as the background. This tweak will often solve the problem.

Name: [global] allow text selection
Applies to: Everything

/* override CSS preventing text selection */
* {
    -moz-user-select: text !important;
    user-select: text !important
}

Copying/pasting text without formatting

Sometimes you may want to copy text from a website and paste it without the HTML markup. While i'm not aware of any way to accomplish this without an extension, you may be able to do the next best thing by using Ctrl+Shift+V to paste instead of Ctrl+V. This works for me on Windows and Linux, however i've had some feedback that indicates it does not work in all cases. If you have a problem, look for a global or application specific Ctrl+Shift+V hotkey setting and consider deleting or changing it.

Copying text from hyperlinks

Copying the text of a hyperlink can be a hassle, that is until you press the Alt key. Just press and hold your Alt key while dragging the cursor to highlight the text you want to copy. You can even copy text from the middle of a hyperlink this way. There are extensions that can do this too, but the less you install, the better.

Display website content hidden by JavaScript

I'm noticing more and more websites using JavaScript and a DIV layer to hide page content until the page is fully loaded (Engadget employs this stupidity). While this CSS tweak will not work in every case, it will work in some, including many more than those listed as examples. Note also that it may occasionally break how a website is displayed, though i haven't had any trouble with that as far as i know.

Name: [global] anti-JS - display html
Applies to: Everything

/*
* display html when disabled by JS
*/

/* ex: https://www.engadget.com/ */
html {
    display: unset;
}

/* ex: https://www.idownloadblog.com/ */
body {
    opacity: 1;
}

/* ex: https://accesswds.com/ */
body #load {
    display: none;
}

/* ex: https://www.trafiklite.com/ */
.preloader {
    display: none;
}

/* ex: http://www.knoxseniors.org/ */
#preloader {
    display: none;
}

/* ex: https://truthstreammedia.com/ */
#loader-wrapper {
    display: none;
}

/*ex: https://aladinsmiraclelamp.wordpress.com/ */
.site {
    opacity: 1;
}

Display images hidden by JavaScript

Many websites will not display images unless you enable JavaScript. While this tweak is certainly not a universal fix (many websites use a lazy-load script that requires JavaScript), it will work in some cases.

Name: [global] anti-js - display images
Applies to: Everything

img {
    opacity: 1 !important;
    filter: none !important;
}

Display YouTube videos hidden by JavaScript

Many websites will not display embedded YouTube videos unless you enable JavaScript. This will make the video display without having to enable JS in some instances, however JS must still be enabled for youtube.com.

Name: [global] anti-JS - display YouTube player
Applies to: Everything

/* ex: https://www.healthnutnews.com/airbnb-wants-to-pay-you-to-move-to-italy-for-3-months-really/ */
div.player-unavailable {
    display: none !important;
}

Normalizing fonts

I like fonts styles and sizes to look somewhat uniform across websites, plus there are privacy issues for some websites that use 3rd party fonts, such as the "free" fonts that Google provides (hint: when something is "free", you are likely the product). There are various ways to achieve this, but here's the method i suggest:

  1. In Firefox preferences, find the 'Fonts & Colors' options and click the 'Advanced' button.
  2. If you read English, select 'Latin' in the combination control, else select your preferred language.
  3. Set the 'Proportional', 'Monospace' and 'Minimum' font styles and sizes and remember your choices. I set the 'Proportional' option to 'Sans Serif' and all the other options to one of the sans fonts (not serif or sans-serif fonts)
  4. In the combination control, select 'Other Writing Systems' and set the preferences to the same values as in the last step.
  5. Disable the option, 'Allow pages to choose their own fonts'.
  6. Install the Toggle Fonts add-on by Manuel Reimer.

Fonts should now look much more uniform across all websites and if you don't like the way a particular website looks, just click the Toggle Fonts toolbar button which will allow the website to specify its own fonts. Another option is to use something like the ReFont add-on, but that's a bulkier solution that introduces other issues and so i don't really recommend it, especially if you use uBlock.

Lastly, if you use uBlock, read the part about fonts in the Firefox Configuration Guide for Privacy Freaks and Performance Buffs.

HTTP Header trix

Using an extension to modify HTTP headers, like the Header Editor add-on for Firefox, opens a whole new door to hacking the web. Following are some examples that use the Header Editor extension, however you can likely adapt them for use with similar extensions. You can give whatever name you want to your filters and i like to sometimes prefix them with a tag that indicates the scope of the filter.

ETag Removal

This will empty the ETag HTTP header in order to help prevent browser tracking. I like to use the [global] tag for header filters that work for all websites. This code comes from the 'ghacks' fellas.

  • Name: [global] ETag Removal
  • Rule type: Modify the response header
  • Match type: All
  • Execute type: Custom function
  • In the Code box, paste the following:
for (const a in val) {
    if (val[a].name.toLowerCase() === 'etag') { val[a].value = ''; }
}

X-Forwarded-For

The X-Forwarded-For header can be used by the web server to obtain your IP address through a proxy and is therefore a major privacy risk. Here's how to fix that:

  • Name: [global] X-Forward-For Removal
  • Rule type: Modify the response header
  • Match type: All
  • Execute type: Normal
  • Header name: x-forward-for

YouTube redirects

YouTube links can be redirected in different ways. This first set of examples utilizes the Invidious service at snopyta.org which acts as a front-end, or proxy, for YouTube. The advantage in using such a service is that nothing from youtube.com need be loaded by the browser, which means no cookies or JavaScript, and therefore privacy is enhanced.

Note that some videos that play on YouTube won't play when using Invidious and though i'm not certain why this is, i suspect it has to do with copyrights or geographical regions or some such nonsense. You can sometimes work around this by clicking on the video settings icon and changing the "Preferred video quality" to "dash".

This first example will redirect YouTube links (including youtu.be shortened links) to invidious.snopyta.org:

  • Name: [global] YouTube video links to snopyta.org
  • Rule type: Redirect request
  • Match type: Regular expression
  • Match rule: https?:\/\/(?:www\.)?(?:youtube\.com\/watch\?v=|youtu\.be\/)([a-zA-Z0-9-_]*)
  • Execute type: Normal
  • Redirect: https://invidious.snopyta.org/watch?v=$1

This next example will redirect YouTube User and Channel ID links to the equivalent page on invidious.snopyta.org:

  • Name: [global] YouTube user/channel to snopyta.org
  • Rule type: Redirect request
  • Match type: Regular expression
  • Match rule: https:\/\/(?:www\.)?youtube\.com\/(?:user|channel)\/([a-zA-Z0-9-_])
  • Execute type: Normal
  • Redirect: https://invidious.snopyta.org/channel/$1

If you don't want to use the service provided by Snopyta, you can still reduce your privacy exposure to YouTube using the following redirects.

This first example will load 3rd party embedded YouTube videos using the youtube-nocookie.com domain which apparently prevents YouTube from storing some extra data in the browser.

  • Name: [global] YouTube embedded to youtube-nocookie.com
  • Rule type: Redirect request
  • Match type: Regular expression
  • Match rule: https?:\/\/(?:www.)?youtube.com\/embed\/(.+)
  • Execute type: Normal
  • Redirect: https://www.youtube-nocookie.com/embed/$1

This next example will redirect shortened YouTube video links (youtu.be) to youtube.com, thus avoiding the unnecessary redirect.

  • Name: [global] bypass youtu.be redirects
  • Rule type: Redirect request
  • Match type: Regular expression
  • Match rule: https?:\/\/youtu.be\/([a-zA-Z0-9]*)
  • Execute type: Normal
  • Redirect: https://www.youtube.com/watch?v=$1

LiveLeak safe mode

This will disable safe mode for LiveLeak videos without having to log-on.

  • Name: [liveleak.com] disable safe mode
  • Rule type: Redirect request
  • Match type: Regular expression
  • Match rule: https?:\/\/www\.liveleak\.com\/view\?i=(.+?)(?!&safe_mode=off)*$
  • Execute type: Normal
  • Redirect: https://www.liveleak.com/view\?i=$1&safe_mode=off

Fixing stuff that's busted

Firefox doesn't remember its window size after restart

If you maximize the Firefox window and then close it, it may not reopen in a maximized state as one might expect. This annoyance can be caused when the preference privacy.resistFingerprinting is set to true (as it should be). This preference does a number of things to make it harder for websites to fingerprint your browser and one of them is to set a generic viewport size. If this bothers you, try the Maximize All Windows (Minimalist Version) add-on by 'ericchase', but know that your browser will be much easier to fingerprint and track if JavaScript is enabled since the browser viewport size is far more unique than something like its User-Agent string for example.

Dark text on a dark background

If you run Linux with a dark GTK theme, it can happen that text labels and other controls can have a very dark background color while the text itself is also dark, making these areas unreadable. Mozilla has known about this for 18 years! The solution that partially worked for me (thanks to Moritz Kammerer and Evan Klitzke) was simply to add a new string preference to my user.js file and give it a value matching the name of a light colored GTK theme installed on my system, then restart Firefox:

user_pref("widget.content.gtk-theme-override", "Adwaita:light");

You can replace Adwaita:light with the name of any other light colored GTK theme, such as Breeze. I also found that omitting :light works as well and the string value is not case sensitive, so just plain adwaita will work.

If you still have problems with dark text on a dark background in other areas or controls, try these styles in a userContent.css file:

/* prevent  black text on black background for text input controls on some about: pages */
@-moz-document url-prefix(chrome://mozapps/content/extensions/extensions.xul), url-prefix(about:addons) {
    input, textarea {
        color: black !important;
        background: white !important;
    }
}

/* prevent black text on black background for context menu in some about: pages */
@-moz-document url-prefix(chrome://mozapps/content/extensions/extensions.xul), url-prefix(about:addons),
url-prefix(chrome://mozapps/content/extensions/extensions.xul), url-prefix(about:config),
url-prefix(chrome://mozapps/content/extensions/extensions.xul), url-prefix(about:downloads) {
    menupopup, panel {
        color: white !important;
    }
}

/* prevent black text on black background for buttons in some about: pages */
@-moz-document url-prefix(chrome://mozapps/content/extensions/extensions.xul), url-prefix(about:webrtc) {
    button {
        color: white !important;
    }
}

Disappearing tool-bar and/or Start Panel icons

This seems to happen when duplicating my Firefox profile without first exiting Firefox, so you can possibly avoid this problem altogether by exiting the browser before creating a copy of your profile. If you still have issues however, load about:config in the address bar and in the search box enter extensions.databaseSchema, then right-click this preference and click 'Reset'. Restart Firefox and your icons may reappear. Why this works i have no idea because, in my case, the value of extensions.databaseSchema returns to the same value as it was previously.

Troubleshooting problems with add-ons

If you notice a problem that you think may be related to an add-on, there are some simple steps you can take to troubleshoot the issue before contacting the developer. In my experience problems with add-ons are usually a result of a conflict with 1) a setting in prefs.js, 2) a setting in user.js, 3) another add-on, or 4) something in userchrome.css or usercontent.css. Whatever the case, the following information should help you to troubleshoot the issue.

If you suspect an add-on is giving you trouble…

  1. Backup your Firefox profile! Load about:profiles if you don't know where it's located, then exit Firefox and find your profile folder in your file manager and press Ctrl+C and Ctrl+V to make a copy. When you are prompted for a new name, just add -bak to the existing name.
  2. If you have any custom configuration files, such as a user.js, userChrome.css or userContent.css, rename them (add .bak to the existing name), then start Firefox and verify whether the problem still exists.
    1. If the problem no longer exists, go to the Troubleshooting preferences section below.
    2. If the problem still exists, continue with the next step.
  3. Start Firefox and load about:support by entering that in the address bar, then click 'Restart with Add-ons Disabled'.
  4. Open the about:addons page and, one by one, enable each add-on until the problem reappears, at which point you will know which add-on is causing the problem.
  5. Go to addons.mozilla.org and install a fresh copy of the problematic add-on and verify that the problem is still exists.
    1. If the problem no longer exists, your finished.
    2. If the problem still exists, submit a bug report to the add-on developer (see below).

How to submit a bug report like a pro

If you have a problem with an add-on, or with Firefox itself, you need to be able provide the developer with enough pertinent information so they are able to reproduce it, else they may simply ignore you. Comments like "it don't work" are useless to a developer and you shouldn't be surprised if they ridicule you for submitting such non-descriptive tripe. When describing the problem, be as brief as possible while still including every necessary detail. Here's a template which you can use for bug reports:

Operating system [name]
Firefox [version]
Add-on (if relevant) [name] [version] [link]
Affected webpage (if relevant) [URL]

Brief but accurate description of the problem...

What, if anything, you tried to solve the problem...

Precise steps to reproduce the problem...

With that information in hand, you need to find where the developer wants you to submit bug reports. If it's a buggy add-on, load up about:addons and see if there's a support link in the information for it by clicking the 'More' button. If there isn't, go to the add-on page at addons.mozilla.org and see if the developer provides a link to a support website (preferred!) or at least an email address. If they provide neither, then you're left with no other choice than to post your issue in the add-on comments, but do this only when no other option is available and don't down-vote the add-on. Lastly, make sure the title of your submission is descriptive of the problem. Titles like "bro its so borked LOL" are meaningless to a developer who is now more likely to disregard your issue since you just exposed yourself as a 12 year old slab-fondler.

Troubleshooting Firefox preferences

Problems resulting from settings in your prefs.js file can manifest in different ways, from breaking desired Firefox or extension functionality to causing web pages to not work properly or failing to load at all. Following is one method of troubleshooting preference issues for those who are not comfortable using the Firefox console, or where the console did not provide useful information. Though tedious, this method almost always works. You should have a decent code editor with syntax highlighting for editing the Firefox prefs.js file, such as Kate (Linux), or PSPad or Notepad++ (Windows).

  1. Start Firefox and enter about:profiles in the address bar, then load that page.
  2. Create a new profile for testing, naming it something like '__testing__' so it cannot be easily confused with your default profile.
  3. In the 'Root Directory' row, click the 'Open Directory' button for both your original and your testing profiles to open the folders in your file browser.
  4. Start Firefox using your testing profile. it may ask which profile to load since you now have more than one, but if it doesn't then load about:profiles again and select the option to open your testing profile in a new window. Nowverify that the problem still exists, then exit Firefox.
  5. If the problem no longer exists, continue with the next step. If it does, troubleshooting the problem is beyond the scope of this troubleshooter, suffice to say that it may due to an add-on or custom CSS in your Firefox /chrome folder if you have one, etc..
  6. With Firefox closed, copy (Ctrl+C) the prefs.js file in your original profile folder and paste it (Ctrl+V) in your testing profile folder, overwriting the existing one.
  7. Repeat step 4. If the problem reappears you have verified it is due to a preference in the prefs.js file. If it does not, then it is beyond the scope of this troubleshooter.
  8. With Firefox closed, open the prefs.js file from your testing profile in your code editor and select roughly half of the contents of the file, making sure your selection starts at the beginning of a line and ends at the end of a line in order to avoid further problems. Next, cut (Ctrl+X) the selection (don't just delete it!) and save the file. If your editor complains it is important that you ignore the warning and force the save. If it automatically reloads the file, you will need to disable that behavior in its settings.
  9. Keep repeating steps 4 and 8 until the issue disappears, at which point you know the preference causing the problem is stored in your clipboard (the last section you cut from prefs.js).
  10. Select all of the contents in prefs.js (Ctrl+A) and delete (not cut!) the selection, then paste (Ctrl+V) to paste the contents of your clipboard and save the file, again being sure to force the save if your code editor complains.
  11. Again, continue repeating steps 4 and 8 until you have narrowed down the problem to a single preference at which point you know what preference is causing the problem.
  12. Once the problem is isolated to a single preference, you can then copy it to your user.js file (or user-overrides.js file if you have one) in your default profile and change it's value there after which you can verify the problem was solved by running Firefox with your default profile.

Once you have solved the problem in your default profile, you can delete your testing profile from about:profiles or from the profile loading prompt when Firefox starts.

More Firefox stuff

Other articles i've written about Firefox and its derivatives can be found on the Everything Firefox page.

For more CSS tweaks, see:

General Firefox stuff:

Recent revisions for this article

  • minor edits and corrections

The Pirate Bay and its cryptocurrency mining script – why this might be the best thing since DOOM

People are now creating scripts to mine cryptocurrencies using your computing power while you visit any websites which employ these scripts. I first learned about this when The Pirate Bay used such a script in certain sections of their website.

This is an extremely interesting development and it will be just as interesting to see how wide-spread it becomes. Just days after TPB was found running such a script, there was already a cryptocurrency miner WordPress plug-in on wordpress.org with 300+ active installs as of Sep. 27, 2017.

At first i categorized this as outright malware and, in fact, i would say this was accurate in the case of The Pirate Bay when they introduced it secretively and didn't make it an opt-in option for its users. It also appears that ad-blockers, including uBlock Origin, as well as anti-virus software vendors, are targeting these mining scripts. After giving it some thought however, this seems like it might be an excellent way for independent journalists and others to generate some "cash" to support their work whilst dumping, or at least cutting back on their intrusive ads.

The company apparently responsible for all the hub-bub is Coinhive and, frankly, i very much like what they have to say about their cryptocurrency miner. There are millions of people — me being one of them — running ad-blockers to remove all the in-your-face garbage that people and corporations use to monetize their websites and the service offered by Coinhive could be a revolution in this regard in that everyone, from the Google's of the world to individuals like yourself, could monetize websites and services with cryptocurrency miners that are virtually transparent to their visitors. I say "virtually" because i think it is absolutely critical that such mining scripts only run if the visitor chooses to run them. Apparently Coinhive feels the same way. Here's some comments from the Coinhive blog:

Our goal was to offer a viable alternative to intrusive and annoying ads that litter so many websites today. These ads are not only a distraction to end users, but also provide notoriously unpredictable and non-transparent revenue numbers. We set out to change that.

[…]

We're a bit saddened to see that some of our customers integrate Coinhive into their pages without disclosing to their users what's going on, let alone asking for their permission. We believe there's so much more potential for our solution, but we have to be respectful to our end users.

[…]

It's probably too late to do anything about the adblockers that already prevent our current JavaScript from loading. Instead, we will focus on a new implementation that requires an explicit opt-in from the end user to run. We will verify this opt-in on our servers and will implement it in a way that it can not be circumvented. We will pledge to keep the opt-in in tact at all times, without exceptions.

I like their ethics and motivation for creating this service. Their privacy policy is also very good, at least for the time being.

Right now i'm blocking these scripts, but hopefully this will change in the future.

YAMR (Yet Another Mozilla Rant) – Battling "fake news"

This is it folks. This is a 'rotten cherry on the top of the stinking cake' moment with a big fat pit right in the middle of it.

I recently learned that the multi-million dollar Mozilla corporation has decided that i (and you) are idiots; that we are incapable of analyzing news stories in order to determine whether they are creditable; that we should be reading the Wall Street Journal and the New York Times and the like to get our "news". And so Mozilla has decided that it is they, the developers of a freaking web browser, that should step in to help steer us back on the right track by saving us from … FAKE NEWS!

Yes, on 8 August, 2017, the Mozilla foundation launched their incarnation of the Great Firewall of China by deciding to combat "fake news" via The Mozilla Information Trust Initiative, aka MITI. And what news does the Mozilla Information Trust Initiative consider "fake news"? Well, apparently any news that doesn't originate from a mainstream source:

Imagine this: Two news articles are shared simultaneously online.

The first is a deeply reported and thoroughly fact checked story from a credible news-gathering organization. Perhaps Le Monde, the Wall Street Journal, or Süddeutsche Zeitung.

THE WALL STREET JOURNAL!?!? "… a deeply reported and thoroughly fact checked story …". Are You Kidding Me Right Now!

Let's just have a quick look at the track record of the Wall Street Journal which, by the way, is essentially as biased and corrupt as any other mainstream government/corporate mouthpiece:

20 Reasons Not to Trust the Journal Editorial Page | FAIR (1-Sep-1995)

When Anita Hill took a polygraph test to try to substantiate her charges of sexual harassment against Clarence Thomas, the Wall Street Journal attacked her in an editorial (10/15/91) titled "Credibility Gulch: "Lie detector tests are so unreliable they are rarely allowed as evidence in court.

But just eight months later (6/9/92), when the Journal argued against an Iran/Contra perjury indictment of former secretary of Defense (and editorial page contributor) Caspar Weinberger, this was its main evidence for Weinberger's innocence: "Mr. Weinberger has taken and passed a lie-detector test on the matter.

[…]

The Continuing Decline of McDonald's : The Corbett Report (10-Jan-2017)

The global giant's [McDonald's] influential PR machine has used sleight-of-hand and other tricks to make this restructuring look like a smash success. They used their cheerleaders at the Wall Street Journal to hype "stronger-than-expected profit and sales figures and their boosters at US News & World Report to hype some highly-selective earnings comparisons suggesting that this "turnaround is, to use the WSJ's phrase, "sustainable.

But one doesn't have to scratch too hard to reveal the rusty reality beneath this PR paint job.

Wall Street Journal circulation scam claims senior Murdoch executive | Media | The Guardian (12-Oct-2011)

One of Rupert Murdoch's most senior European executives has resigned following Guardian inquiries about a circulation scam at News Corporation's flagship newspaper, the Wall Street Journal.

The Guardian found evidence that the Journal had been channelling money through European companies in order to secretly buy thousands of copies of its own paper at a knock-down rate, misleading readers and advertisers about the Journal's true circulation.

WSJ sourced Obama skinny quotes from Yahoo Message Boards (4-Aug-2008)

A journalist at the Wall Street Journal has been caught sourcing quotes for an article on Barak Obama being too thin to be President from a Yahoo Message Board.

In the article Too Fit to be President?, Wall Street Journal political correspondent Amy Chozick endeavored in the best News Corp tabloid style to create a story around the rather bizarre notion that voters wouldn't vote for Obama because he was too thin, saying that "some Americans wondering whether he is truly like them.

In the piece, she includes the quote "I won't vote for any beanpole guy, and originally didn't attribute the source. Sadly No reports that the source was a Yahoo Message Board where Chozick actually asked for negative comments using her own name:

Plagiarizing? If the President Can Do it, Why Can't We? – Lawyers.com (28-Dec-2009)

An online columnist for the Wall Street Journal was caught plagiarizing. Freelance writer Mona Sarika, who wrote the "New Global Indian online column, used content from the Washington Post, Little India, India Today and San Francisco magazine.

Sarika copied direct quotes from other articles, without providing sources. She also changed the original speakers' names apparently making up new ones.

WSJ Fakes a Green Shift Toward Nuclear Power | FAIR (24-Jun-2016)

The Wall Street Journal has a long history of editorial page support for nuclear power (4/17/01; 8/5/09; 11/9/09; 4/6/11; 5/24/13, to cite but a few) and against wind power (5/22/06, 3/1/10, 8/24/10, 11/8/12, 5/18/14 and others). In publishing this piece as edited, perhaps it is telling a story it wishes were true. As Harder's article itself acknowledges, nuclear power is in decline due to a combination of economics, displacement by renewables and opposition. The green groups' supposed change of heart "comes at a critical time, as several financially struggling reactors are set to shut down even as other reactors already have, due to the low price of natural gas and state policies "that favor renewables over nuclear power. As if to prove that point, the story provided a list of a dozen reactors that have been or will soon be shut down.

At Wall Street Journal, Government-Enforced Monopolies = 'Free Market' | FAIR (22-Jul-2015)

Ingram bizarrely touts the "flowing pipeline of new wonder drugs spurred by a free market, which he warns will be stopped by "government price controls. This juxtaposition is bizarre, because patent monopolies are 180 degrees at odds with the free market. These monopolies are a government policy to provide incentives for innovation. Ingram obviously likes this policy, but that doesn't make it the "free market.

Yes, Wall Street Journal, It's Possible to Be Not Generous Enough | FAIR (10-Mar-2015)

The Wall Street Journal is soon to run a piece on improper denials of disability claims.

That's inevitable, since any fair-minded newspaper that ran a column on improper approvals would surely want to balance it out.

At Wall Street Journal, Reporting Assault Through Israel's Eyes | FAIR (13-Jul-2013)

In a news report on the Israeli military's investigation of its own deadly raid on the Gaza aid flotilla, the Wall Street Journal (7/13/10) passes off as fact, with no qualifier, the Israeli government's claim that members of IHH, a Turkish humanitarian organization, "attacked the Israeli soldiers as they boarded the ship.

On Islamist Terrorism, WSJ Entitled to Its Own Opinions—But Not Its Own Facts | FAIR (16-Mar-2011)

This is a complete misrepresentation of the Rand report. The report is exclusively about Muslim radicalization and jihadism, not about domestic terrorism in general, as the WSJ would lead you to believe—if anything, it's surprising that there are any non-Muslim jihadist plotters. (The exceptions were two men who agreed for their own secular purposes to collaborate with undercover FBI informants purporting to work for Al-Qaeda.)

The vast majority of "homegrown terrorist attackers—those of all ideologies who successfully carry out an attack—are not Muslim, the report finds: Of the "83 terrorist attacks in the United States between 9/11 and the end of 2009, only three…were clearly connected with the jihadist cause.

I could go on and on for months and months digging out the literal fake news pumped out by the Wall Street Journal or any other mainstream publication, but you can do that yourself if you're so inclined. The point is, it is the mainstream media that is garbage; that is FAKE NEWS. Why? Simple: greed. Whenever there is greed involved — greed for money or greed for power or greed for control — there will always be corruption. Now granted, there is certainly boatloads of disinformation and misinformation all over the world wide web, but mixed in there are also some highly ethical people and small organizations that actually report the facts and back them with references. And who the hell is a multi-million dollar corporation (Mozilla) to dictate to you or i who is creditable and who is not? I have been watching probably an average of 50-100 news sites almost daily for many years and as a result of studying these sites and fact checking their content, i can confidently suggest some real news sites to follow if you're interested:

How about NPR, Mozilla? Are they a creditable resource? I'll bet they are in your eyes.

It is sites like those listed above that are actively being targeted by war-mongering, self-serving, psychopathic globalists who profit from endless war and stunting the development of the human species. The truth is irrelevant; all that matters is that you and i swallow whatever story it is that supports whatever agenda is being promoted at the moment by whatever government or corporation promoting it and now, to my surprise, even Mozilla has joined the ranks of those that want to control what information is available on the web, an architecture that was built with the free flow of information at its heart.

There must be some sort of funding that is being dished out to those willing to get on the "fake news" bandwagon. There is quite obviously a huge push to combat so-called "fake news" and return the masses to digesting the puke that spews out of the rancid bellies of corporate giants like the Wall Street Journal, the New York Times and all the rest of the mainstream presstitutes. Facebook, Google, Youtube – they are all doing the same thing. Are they getting paid to censor? Is Mozilla getting paid to take part in this? I don't know, but i just may dig in and find out one of these days.

From The Mozilla Information Trust Initiative article:

This is why we're launching MITI. We're investing in people, programs, and projects that disrupt misinformation online.

Why Mozilla? The spread of misinformation violates nearly every tenet of the Mozilla Manifesto, our guiding doctrine.

Disrupt? So you want to use your corporate leverage to "disrupt" the flow of information? Sounds a lot like censorship, doesn't it? Is that the principle on which the internet was built? From the Mozilla Manifesto:

The Internet is a global public resource that must remain open and accessible.

Well tell us Mozilla, how is it that the internet can remain open and equally accessible when corporate gate-keepers intend to steer the rest of us in a direction that benefits the powerful few and leads to total information control for the rest of us?

I think i'll take their survey once again. In the mean time, go screw yourself Mozilla – i'll do my own homework and decide what's fake news and what isn't.

New tut: Firefox Search Engine Cautions and Recommendations

A new tutorial has been published titled Firefox Search Engine Cautions and Recommendations which covers the risks to your privacy when using any of the major search engines in general, but specifically when using the default search engine plugins that are packaged with the Firefox web browser, though this problem is certainly not limited to Firefox. I also cover how to circumvent the risks to your privacy when using the default Firefox search engine plugins, as well as make suggestions for alternative search engines.

I have to say that i'm becoming more and more disillusioned with the multi-million dollar Mozilla corporation and its flagship product, Firefox. Firefox was never a great web browser in my opinion, but it is/was appealing to many because of how completely customizable it is. In it's earlier days it was just a little slow and buggy, but more recently Mozilla is making highly unethical choices with regard to the privacy-hating corporations they willingly partner with and how these partnerships have manifested and have been monetized in Firefox is a result of utter stupidity and greed in my opinion. I stuck with Firefox all these years because it has always been one of the most hackable browsers out there, but these days i stick with it primarily because i'm not (yet) able to reproduce the functionality i have added to it via add-ons with any other browser, and Chrome is out of the question, much less Google's spyware version of it.

It's sad and frustrating that a company who produced a decent, super-highly customizable browser for a niche market has lost its way and turned its back on the very market it once served by deciding to become a Google Chrome clone in order to appeal to the masses.

Screw you Mozilla.

But let's end on a lighter note, shall we? Here, have a look.

Firefox Search Engine Cautions, Recommendations

This tutorial will cover how to sanitize and add search engine plugins for Mozilla Firefox in order to protect your privacy.

See the revision history at the end of this document for a list of changes.

Introduction

This tutorial covers various aspects of search engines for Firefox (or a derivative thereof) including sanitizing the default search engine plugins and how to add new search engines. For a list of alternative search engines, see Alternative Search Engines That Respect Your Privacy.

When 'free' software isn't

I suggest reading The Mozilla Monster as a primer.

Have you ever wondered how Mozilla get paid by the mega-monopolies like Google? Simple: When you use the default search engine plugins that are packaged with the browser, parameters similar to these are added to your search query:

client=firefox
name="appid" value="ff"
name="hspart" value="mozilla"

These parameters inform the search engine that you're using a Firefox/Mozilla product and that's all it takes for Mozilla to rake in the dough. If you do not wish to participate in these affiliate schemes and/or value your privacy, read on.

Types of search engines

The two basic types of search engines are meta search engines and search indexes and it is important to understand the difference. Google, Yahoo and Bing for example, use software robots called "crawlers" to discover and index web content. In other words these companies actively seek out updated and fresh content to store in their databases so it's ready for you to find. On the other hand, meta search engines do not typically index the web and instead rely primarily upon third parties like the aforementioned to provide their search results and therefore when you use these so-called "alternative" search engines, such as DuckDuckGo, Startpage, Searx, etc., you are still subject to the filter bubbles and censorship that is employed by the corporate giants. That said, the ethical meta search engines still make a great deal of sense from a privacy perspective since one can avoid being tracked by the big companies directly. Understand though that they are not true alternatives as they are often described, but rather proxies that insulate you from the privacy thrashing search engine giants. These alternative search engines are also subject to local laws, such as secret surveillance requests issued by a government.

Indexing the web and storing the massive amount of data that results is an incredibly expensive proposition which requires a massive amount of infrastructure and this is why the much smaller meta search companies like DuckDuckGo, Startpage and others rely heavily upon corporations like Google. There is a better solution than meta search engines, one which both respects your privacy and is censorship resistant. Ever hear of a peer-to-peer distributed search engine? Imagine a free, open-source, decentralized search engine where the web index is distributed among millions of personal computers like yours, each storing a piece of the whole. This is what the developers behind YaCy have done with their search engine and i think it's a great way to move forward.

Adding search engines to Firefox

Possibly the easiest way to mitigate risks to your anonymity posed by the default Firefox search engines is to simply disable all of them and use alternatives. One of my favorites is the open source and highly customizable Searx meta search engine which you can host on your own server if you like, or you can use any one of a number of Searx instances hosted by others. Like DuckDuckGo, Startpage and others, Searx is not an index and so it does not crawl the web like Google, however the big difference between Searx and most of the other meta search engines is that it is capable of pulling results from many other indexes including Google, Yahoo, Bing, Wikipedia, DuckDuckGo, Startpage, Qwant and many more, as well as decentralized peer-to-peer indexes such as YaCy. The Searx interface also offers a lot of configuration options for fine-tuning your search results, including the ability to select exactly what combinations of search engines you want to use for a particular type of search, of which there are currently 10.

One easy way to add Searx to Firefox is to locate a hosted instance which you like and which is preferably close to you geographically, then from the Firefox search bar menu, simply click the "Add" menu item. While searx.me is the original instance of Searx as provided by the developers, it is best not to use it because it can become overloaded. The Searx developers cannot afford to have too many people using their instance without your help and so they will disable it at times in order to promote other Searx instances. That said, a potential pitfall of using a third party instance is that the server may be logging traffic, such as IP addresses, location, etc., so you'll have to decide whether you can trust them.

Most other search engines can be added to Firefox in the same way as described above, but there are additional methods also. The Mycroft Project hosts tens of thousands of preconfigured search engine plugins for a variety of web browsers, the top 100 of which are listed here. They also have a form for writing your own search plugins. Although it is not possible to review the code from the main listing of search plugins, you can use their submission form to do so by mousing over the plugin name to reveal its numeric ID, then filling in that ID in their submission form page. Because Mozilla changed they way search engine plugins are added to Firefox, you'll need the Add Search Engine from Mycroft Project add-on to install the search plugins from Mycroft.

Another easy way to add a custom search engine to Firefox is with the Add custom search engine add-on by Tom Schuster. This add-on allows more control over the above methods, including the ability to define the website icon path or base64 code (a binary-to-text encoding scheme that encodes the site icon in text form). A great on-line resource for converting an icon to base64 code is the Base64 Encoder utility which can accept the icon URL or an uploaded file.

The Search Engines Helper add-on by 'Soufiane Sakhi' is another easy way to add search plugins to Firefox, as well as import and export your search plugins. Like the Add custom search engine add-on, this one also allows using a URL or base64 code for the icon.

My preferred method of adding and editing search engine plugins is with the mozlz4-edit Firefox add-on by 'serj_kzv'. This slick extension allows you to edit the search.json.mozlz4 search plugin file directly from within Firefox, though a browser restart is necessary before the changes are realized. It is in this file that Firefox stores the code for all of the search engine plugins. The add-on works for both the newer compressed version of the file with the *.mozlz4 extension, as well as the older, uncompressed version (search.json). Regardless of how you add search plugins, the mozlz4-edit add-on is a handy tool to have for editing the search.json.mozlz4 file because you can use it to decompress, edit, sanitize, recompress and then save it, overwriting the old one (make sure to make a backup first). See the Sanitizing the default search engine plugins section below before you do this though.

Sanitizing the default search engine plugins

If you would rather avoid the hassle of manually sanitizing the default Firefox search engine plugins, see the Pre-sanitized search plugins section below.

Sanitizing manually

If you choose to use the default search engine plugins provided by Mozilla, you may want to sanitize them in order to circumvent some risks to your privacy, however you should be aware that doing so will not prevent tracking or other privacy risks when using the default search engine plugins. If you insist on using the default search engines, you should use something like the ClearURLs add-on which at least strips the tracking parameters from the search engine result links. You should also disable JavaScript for the search engine web page if possible.

If you have already added custom search engines to Firefox, then the first thing to do before you start hacking is to create a copy of search.json.mozlz4 and work with the copy, reason being that if you mess up, Firefox will will delete all of your search plugins and restore only the default ones. If you don't want to see or use the default ones, disable them in the search preferences of Firefox rather than removing them from the plugin file.

To edit the search.json.mozlz4 file you first need to decompress it. There's at least a few utilities available that will handle this, but i would suggest using the mozlz4-edit Firefox add-on by 'serj_kzv' since it is very easy to use and it provides a basic code editor with syntax highlighting. Simply click the 'mozlz4-edit' toolbar button to load the add-on. Next, click the 'Open file' button and navigate to your Firefox profile folder and select the search.json.mozlz4 file. In the following example we will sanitize the Google search plugin which should give you an idea of what to look for when you decide to sanitize the other default search plugins. As of Firefox version 62, here's what the default code for the Google search plugin looks like, though without the lengthy base64 icon string which i removed for brevity:

{
    "_name": "Google",
    "_shortName": "google-2018",
    "_loadPath": "jar:[app]/omni.ja!/google-2018.xml",
    "description": "Google Search",
    "__searchForm": null,
    "_iconURL": "[base64 icon code removed]",
    "_metaData": {
        "order": 5
    },
    "_urls": [
        {
            "template": "https://www.google.com/complete/search?client=firefox&q={searchTerms}",
            "rels": [],
            "resultDomain": "www.google.com",
            "type": "application/x-suggestions+json",
            "params": []
        },
        {
            "template": "https://www.google.com/search",
            "rels": [
                "searchform"
            ],
            "resultDomain": "www.google.com",
            "params": [
                {
                    "name": "q",
                    "value": "{searchTerms}"
                },
                {
                    "name": "ie",
                    "value": "utf-8"
                },
                {
                    "name": "oe",
                    "value": "utf-8"
                },
                {
                    "name": "client",
                    "value": "firefox-b-1-ab",
                    "purpose": "keyword"
                },
                {
                    "name": "client",
                    "value": "firefox-b-1",
                    "purpose": "searchbar"
                }
            ]
        }
    ],
    "queryCharset": "UTF-8"
},

In the above code you will notice the string firefox is used several times. This is how Google knows you're using Firefox and thus how Mozilla gets paid when you use the Google search plugin, though it may not be the only way Google knows you're using Firefox. To sanitize the code,we simply want to remove any mention of firefox, but we first need to duplicate that block of code, else Firefox will restore the default plugins as previously mentioned. To duplicate the code, highlight the entire Google block of code beginning with the opening bracket ( { ) and ending with the closing bracket and comma ( }, ). Note that you must eliminate the comma if you paste the copy as the last one in the "engines": section. You will also need to add a comma after the closing bracket for the plugin code block above your copy if that code was the last one in the "engines": section. If this is confusing, just know that each block of code for every search plugin must end with a closing bracket followed by a comma ( }, ), except for the last one where there can be no comma.

After removing the parameters which identify Firefox as our browser, here's what our sanitized copy of the Google plugin looks like:

{
    "_name": "[s] Google",
    "_shortName": "google-2018",
    "_loadPath": "jar:[app]/omni.ja!/google-2018.xml",
    "description": "Google Search",
    "__searchForm": null,
    "_iconURL": "[base64 icon code removed]",
    "_metaData": {
        "order": 5
    },
    "_urls": [
        {
            "template": "https://www.google.com/complete/search?q={searchTerms}",
            "rels": [],
            "resultDomain": "www.google.com",
            "type": "application/x-suggestions+json",
            "params": []
        },
        {
            "template": "https://www.google.com/search",
            "rels": [
                "searchform"
            ],
            "resultDomain": "www.google.com",
            "params": [
                {
                    "name": "q",
                    "value": "{searchTerms}"
                },
                {
                    "name": "ie",
                    "value": "utf-8"
                },
                {
                    "name": "oe",
                    "value": "utf-8"
                }
            ]
        }
    ],
    "queryCharset": "UTF-8"
}

You can simply copy the above code and paste it as the last search plugin as described earlier, just be careful to add a comma to the last closing bracket of the search plugin above it as described earlier.

Here are the changes we made:

This…

    "_name": "Google",

became this…

    "_name": "[s] Google",

There's two reasons for the above change, 1) you can't have two search plugins with the same name and 2) prefixing Google with the [s] let's us know that this is the sanitized version of the Google search plugin.

Next, this…

"template": "https://www.google.com/complete/search?client=firefox&q={searchTerms}",

became this…

"template": "https://www.google.com/complete/search?q={searchTerms}",

and this…

                },
                {
                    "name": "client",
                    "value": "firefox-b-1-ab",
                    "purpose": "keyword"
                },
                {
                    "name": "client",
                    "value": "firefox-b-1",
                    "purpose": "searchbar"
                },

was removed entirely to become this…

                }

Notice that we needed to remove the comma after the last closing }of the parameter code block since it is now the last block of code in the "params": section.

Finally, the last closing bracket for the Google plugin code block which looked like this…

},

had the comma removed since we pasted the new Google plugin code block at the end of the "engine": section.

Sanitizing the remaining search plugins is accomplished in a similar way as above; you want to look for and remove any instances of 'firefox', or 'mozilla', or sometimes just 'moz' or 'ff'. Once you've sanitized the default search plugins, just use the 'mozlz4-edit' add-on to save your changes as a 'mozlz4' file, overwriting your existing search.json.mozlz4 file. If you restart Firefox and all your customizations are missing, then there was likely a syntax error in your edits.

Download pre-sanitized search plugins

If you do not want to sanitize the default search engine plugins yourself you can download my pre-sanitized copy which contains a search.json.mozlz4 file that should work for Firefox version 57 and up ("up" meaning until the next time the M@M's (Morons@Mozilla) decide to break everything again). The download contains the default engines which come with Firefox version 62, plus the sanitized versions of them, plus all of the engines i personally use. All in all there's over 40 search engine plugins which you can edit or disable as you see fit. Many are already disabled since i only use them occasionally, so be sure to adjust as necessary in your Firefox Search preferences.

Download: ff-search-plugs.zip

Install: Backup your existing search.json.mozlz4 file, then extract the archive and copy search.json.mozlz4 file to your Firefox profile directory and restart Firefox.

Sanitizing the prefs.js search engine preferences

Another item you should check is whether prefs.js in your Firefox profile directory contains any browser.search.param preferences. To sanitize these, load about:config in the browser address bar and enter browser.search.param in the search field. If none are found, great, but at the time i originally wrote this article there were two preferences found; browser.search.param.yahoo-fr and browser.search.param.yahoo-fr-ja. The default values may be different in your case, but in mine they were data:text/plain,browser.search.param.yahoo-fr=linuxmint and an empty string, respectively. What you should do is create a custom user.js file to store your modified preferences if you don't already have one, then copy the following code to it:

user_pref("browser.search.param.yahoo-fr", ""); // sanitize Yahoo
user_pref("browser.search.param.yahoo-fr-ja", ""); // sanitize Yahoo

Removing Firefox system add-ons

Mozilla packages some system add-ons with Firefox, installs them without your permission and doesn't provide the user with any convenient means to remove or disable them. These system add-ons have been used for very controversial purposes in the past. To remove them, see the 'System add-ons' section of the Firefox Configuration Guide for Privacy Freaks and Performance Buffs.

We've only scratched the surface…

Sanitizing the default Firefox search engine plugins is a good start, but there is much more to do if you're interested in circumventing the risks to your privacy. For further information see the Tech section of this website.

Resources

Special mention goes to 'Thorin-Oakenpants' (aka 'Pants') as well as the 'ghacks' crew and their GitHub repository where they host an excellent privacy-centric user.js for Firefox and its derivatives, as well as an extensive Wiki full of valuable information.

Revision history

Click to expand...

15-Sep-2017

  • first publish

16-Sep-2017

  • added this change log
  • corrected an error in the pre-sanitized Wikipedia search plugin and re-uploaded sanitized_search_plugs.zip
  • added information as suggested by 'Pants' in his comment below, particularly details and resources regarding the followonsearch@mozilla.com.xpi system add-on in a new section titled "Removing the 'Follow On Search' system add-on"
  • added Hulbee and MetaGer to the search engine list
  • added a "Decentralized" column to the search engine table
  • added resource: 5 Best Search Engines That Respect Your Privacy – BestVPN.com
  • misc. cleanup and edits

17-Sep-2017

  • corrected typo in metager URL
  • added "Requires JS / Cookies" column in search engine table
  • changed links for search engines in table to point to company/about page and added links to point to search page
  • added link to the 'lite' version of DDG
  • added a link to the uBO filters to block Startpage/Ixquick tracking images
  • misc. minor edits

18-Sep-2017

  • added "Client Required" column to search engine table
  • corrected some info regarding the search engines in the table
  • minor misc. edits

24-Sep-2017

  • added a link to the Duck Duck Go: Illusion of Privacy article
  • added findx to the search engine list
  • minor edits

27-Sep-2017

  • added Qwant to the search engine table

29-Sep-2017

  • misc. edits and added info, nothing really important

3-Oct-2017

  • very minor edits

23-Oct-2017

  • moved the list of alternative search engines to it own page
  • minor edits

5-Dec-2017

  • minor change to the section 'Sanitizing the default search engine plugins' thanks to commenter 'nohamelin' – more changes coming shortly thanks to this persons comments

23-Dec-2017

  • updated search plugin import/export instructions as per the very helpful comment left by 'nohamelin', the developer of the XML Search Engines Exporter/Importer add-on in which he made available Scratchpad scripts that work with FF v57+
  • corrected an error in the pre-sanitized search engine archive, added Startpage and re-uploaded a new archive
  • misc. minor edits

28-Jan-2018

  • polishing

2-Oct-2018

  • major changes, additions and deletions

3-Oct-2018

  • fixed corrupted download files
  • added info about Add custom search engine add-on
  • added better instructions for installing the search plugin file, search.json.mozlz4
  • minor edits

21-Oct-2018

  • rewrote the section on manually sanitizing search plugins
  • various minor edits

15-Nov-2018

  • updated the search.json.mozlz4 file
  • spelling corrections

27-Nov-2018

  • updated the search.json.mozlz4 file
  • minor edits

11-Dec-2018

  • referred to my Firefox configuration guide for info on removing system add-ons

21-May-2019

  • moved info about Mozilla to it's own page
  • minor edits, corrections