Every default browser on every major operating system is a surveillance tool. Safari reports to Apple. Chrome reports to Google. Edge reports to Microsoft. The browser is the most intimate window into your digital life, and every one of them is designed to watch you through it.

If you have been reading the rest of this blog, you already know the pattern. The tool works for you on the surface. Underneath, it works for someone else. Your browser is no different.

Firefox is the one exception worth considering. It is not built by an advertising company. It is not built on Chromium. It is maintained by a nonprofit. The source code is open. The rendering engine is independent. That matters more than most people realize, because every Chromium-based browser, no matter how many Google services it strips out, still runs on an engine that Google controls. Firefox does not.

But Firefox out of the box is not clean either. Mozilla enables telemetry by default. Studies and experiments run in the background. Normandy, Mozilla’s remote experiment system, can push configuration changes to your browser without asking. Pocket integration phones home. Crash reports get sent. Speculative connections get made before you click anything. The defaults are not hostile the way Chrome’s are, but they are not private either.

That is where arkenfox comes in.

What Arkenfox Is

Arkenfox is a user.js file. That is it. No extension. No application. No installer. It is a single configuration file that overrides Firefox’s default preferences with privacy-hardened settings. Drop it into your Firefox profile directory and restart the browser. Every telemetry endpoint, every speculative connection, every tracking-friendly default gets locked down.

The project is open source, heavily documented, and maintained by people who read Mozilla’s source code to understand exactly what each preference does. Every setting in the file has a comment explaining why it exists and what it changes. You can read every line before you use it. You should.

Arkenfox does not modify Firefox’s code. It works entirely through Firefox’s own preference system. The same system you access through about:config. Arkenfox just sets hundreds of those preferences at once, consistently, and keeps them updated as Firefox changes.

Setting It Up on macOS

This is the exact process. No hand-waving. No "configure to your preferences." Exact commands, exact file locations.

Step 1: Create a dedicated profile

Do not apply arkenfox to your default profile. Create a new one. If something breaks, your default profile is untouched.

Close Firefox completely, then open a terminal:

/Applications/Firefox.app/Contents/MacOS/firefox -ProfileManager

The Profile Manager window opens. Click Create Profile. Name it something like hardened. Note the profile directory it creates. On macOS, it will be something like:

~/Library/Application Support/Firefox/Profiles/xxxxxxxx.hardened

The xxxxxxxx is a random string Firefox generates. You need that full path for the next steps.

Step 2: Download arkenfox

Navigate to your new profile directory and clone the arkenfox repository directly into it:

cd ~/Library/Application\ Support/Firefox/Profiles/xxxxxxxx.hardened

# Download the user.js and updater script
curl -LO https://raw.githubusercontent.com/arkenfox/user.js/master/user.js
curl -LO https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh
chmod +x updater.sh

That is the entire installation. Two files. user.js contains the hardened preferences. updater.sh keeps it current.

Step 3: Create your overrides

Arkenfox is intentionally strict. Some settings will break sites you use. The correct way to handle this is not to edit user.js directly, because your changes will be overwritten the next time you update. Instead, create a file called user-overrides.js in the same profile directory:

touch user-overrides.js

This file is where your personal exceptions go. Arkenfox’s updater script appends the contents of user-overrides.js to the end of user.js every time it runs, so your preferences always win. A common starting point:

// user-overrides.js

// Enable WebGL if you need it (disabled by default in arkenfox)
user_pref("webgl.disabled", false);

// Keep search suggestions if you want them
user_pref("browser.search.suggest.enabled", true);

// Set your preferred search engine region
user_pref("browser.search.region", "US");

Step 4: Launch the hardened profile

/Applications/Firefox.app/Contents/MacOS/firefox -P hardened

Firefox starts with the hardened profile. The user.js preferences are applied on launch. You are now running a Firefox instance with hundreds of privacy-hardened settings active.

What RFP Does

Resist Fingerprinting, or RFP, is one of the most important settings arkenfox enables. It is a single Firefox preference that activates a coordinated set of anti-fingerprinting defenses.

privacy.resistFingerprinting = true

Browser fingerprinting is how websites identify you without cookies. Your screen resolution, timezone, installed fonts, language settings, WebGL renderer, canvas output, audio context, and dozens of other signals combine to create a unique fingerprint. Even with cookies cleared and a VPN active, fingerprinting can identify your browser across sessions and sites.

RFP fights this by spoofing or normalizing those signals. It reports a generic screen size. It rounds timestamps. It returns uniform values for canvas and WebGL queries. It spoofs your timezone to UTC. It limits font enumeration. It normalizes your language settings. The goal is to make your browser look identical to every other browser with RFP enabled, so fingerprinting produces the same result for everyone instead of a unique identifier for you.

The trade-off is real. RFP will break things. Timezone-dependent sites will show wrong times. Some video players behave oddly. Canvas-based applications may render incorrectly. Dark mode detection breaks because RFP forces a light theme to prevent theme-based fingerprinting. These are not bugs. They are the cost of making your browser untrackable.

If a site breaks badly enough to matter, you can create an exception for it. But understand what you are giving up before you disable RFP for convenience. Every exception makes your fingerprint more unique.

Telemetry Settings to Verify

After launching your hardened profile, open about:config in the address bar and verify these settings. Arkenfox should have set all of them, but checking is how you confirm it worked.

// All of these should be false
toolkit.telemetry.enabled = false
toolkit.telemetry.unified = false
toolkit.telemetry.archive.enabled = false
datareporting.healthreport.uploadEnabled = false
datareporting.policy.dataSubmissionEnabled = false
app.shield.optoutstudies.enabled = false
browser.discovery.enabled = false
browser.newtabpage.activity-stream.feeds.telemetry = false
browser.newtabpage.activity-stream.telemetry = false
browser.ping-centre.telemetry = false
toolkit.telemetry.bhrPing.enabled = false
toolkit.telemetry.firstShutdownPing.enabled = false
toolkit.telemetry.newProfilePing.enabled = false
toolkit.telemetry.shutdownPingSender.enabled = false
toolkit.telemetry.updatePing.enabled = false

// Normandy (remote experiment system) should be disabled
app.normandy.enabled = false
app.normandy.api_url = ""

// Crash reports should not auto-submit
browser.tabs.crashReporting.sendReport = false
browser.crashReports.unsubmittedCheck.autoSubmit2 = false

If any of these are not set correctly, your user.js may not have loaded. Check that the file is in the correct profile directory and restart Firefox.

TZP: Test Your Fingerprint

TZP stands for the TorZillaPrint fingerprint test. It is a browser fingerprinting test page designed specifically for Firefox users running privacy-hardened configurations. It checks dozens of fingerprinting vectors and tells you which ones your browser is leaking.

Run it in your hardened profile:

  1. Navigate to the TZP test page (search for "TorZillaPrint" or find it linked in the arkenfox wiki)
  2. Let it run all tests. It takes a few seconds.
  3. Review the results

What to look for:

  • Green results mean the value is spoofed or normalized. Your browser is returning a generic value that matches other hardened browsers. This is what you want.
  • Red or orange results mean a fingerprinting vector is exposed. Your browser is returning a value that could be used to identify you. Each one tells you which preference controls it.
  • Timezone should show UTC if RFP is active, regardless of your actual timezone.
  • Screen resolution should show a rounded, generic value, not your actual monitor resolution.
  • Canvas and WebGL should show uniform results that match other RFP users.
  • Fonts should show a limited, generic list, not the full set of fonts installed on your system.

Run TZP after every Firefox update and after any changes to your user-overrides.js. Your fingerprint can change when Firefox adds new features or when you relax a setting. Testing is how you know where you stand.

uBlock Origin

Install one extension: uBlock Origin. Not uBlock. Not AdBlock Plus. Not any of the dozens of ad blockers with "privacy" in the name. uBlock Origin. There is only one worth trusting.

uBlock Origin is open source, maintained by Raymond Hill, and does one thing well: it blocks network requests that match filter lists. Ads, trackers, malware domains, annoyances. It does not inject its own tracking. It does not have a business model that depends on "acceptable ads." It does not sell your browsing data. It blocks requests. That is it.

Install it from Firefox Add-ons. After installing:

  • Open uBlock Origin’s dashboard (click the icon, then the gear icon)
  • Go to Filter lists
  • Enable the lists that match your needs. The defaults are solid. Adding the "Annoyances" lists removes cookie notices and newsletter popups.
  • Click Apply changes

Do not install other extensions for privacy. Every extension increases your fingerprint surface. Every extension has access to your browsing data. Every extension is code running in your browser that you have to trust. Arkenfox handles the browser configuration. uBlock Origin handles the network filtering. Between the two of them, you are covered. Adding more extensions does not make you more private. It makes you more identifiable.

Ongoing Maintenance

Arkenfox is not set-and-forget. Firefox updates change preferences, add new telemetry endpoints, and introduce new features that need to be configured. The arkenfox team tracks these changes and updates user.js accordingly. Your job is to pull those updates.

Every time Firefox updates, run the updater:

cd ~/Library/Application\ Support/Firefox/Profiles/xxxxxxxx.hardened
./updater.sh

The script downloads the latest user.js from the arkenfox repository and appends your user-overrides.js to the end. Your personal preferences are preserved. New hardening settings from the arkenfox team are added. Any preferences that Firefox deprecated are cleaned up.

Make this a habit. Firefox updates roughly every four weeks. After each update:

  1. Run ./updater.sh
  2. Restart Firefox
  3. Spot-check about:config for any settings that look wrong
  4. Run TZP to verify your fingerprint is still clean

If you skip this, Firefox updates will gradually override arkenfox settings with Mozilla’s defaults. New telemetry preferences will appear enabled. New features will ship with tracking-friendly defaults. The browser drifts back toward its default state unless you actively maintain the hardened configuration.

The Principle

Your browser is the tool you use more than any other. It sees every site you visit, every search you run, every form you fill out, every password you type. If that tool is reporting your activity to a corporation, nothing else you do for privacy matters. Your VPN is irrelevant. Your password manager is irrelevant. Your encrypted email is irrelevant. The browser is the front door, and if it is open, the house is exposed.

Firefox is the only major browser with an independent engine not controlled by an advertising company. Arkenfox locks it down. RFP makes your fingerprint generic. uBlock Origin blocks the network requests that track you across the web. Together, they turn Firefox from a browser that phones home by default into one that is silent unless you tell it to speak.

Your browser sees everything. Make sure it is only showing you.