Firefox pref string obfuscation: empty, loopback, or "data:,"?

Many online forums say that removing strings for identifiable api’s in firefox can help to improve privacy.

Examples being prefs like app.normandy.user_id , browser.startup.homepage_override.buildID , and webgl.vendor-string-override

Is it best to have these prefs set as blank at every startup so its a new random string every new session? Or would it be better to set the strings as loopback 127.0.0.1 or maybe just a placeholder string like “data:,”

I’ve seen several guides do it differently like arkenfox has some strings as “data:,” and others set as blank.

Not all of these prefs are supposed to contain IP addresses, or data URLs etc. so generally no, you should probably not set all of them to just a single value. Arkenfox generally has the most up-to-date and accurate info on how preferences can be set for a certain effect. If you dive in that deep with customization instead of just using something like Arkenfox (which in regards to fingerprinting might be a better idea), you probably want to look at each one separately and understand what its effects is in particular. Especially because some of them might just be irrelevant, for example if you disable WebGL then nobody will be able to read out the vendor value, regardless of what it is set to.

1 Like

I actually entered this question in ChatGPT and am quite astonished with the quality of the answer. What do you think of this response?

The preference app.normandy.user_id in Firefox is used for Normandy, which is a Mozilla system for deploying and managing system add-ons, studies, and other configurations in Firefox. Setting this preference to an empty string ("") can result in a new ID being generated every time the browser starts, as Firefox may generate a new ID if the field is left empty or unset.

However, setting it to a placeholder string like "data:," might not disable the preference entirely, but rather assign it a specific value which might not necessarily serve the purpose of obfuscation or disabling. This placeholder string might still be interpreted as a valid value for the preference, potentially impacting the intended obfuscation.

For achieving better obfuscation and possibly disabling the preference altogether, it’s advisable to leave it empty or unset. This way, Firefox may generate a new ID each time it starts, reducing the possibility of tracking or consistent identification.

1 Like

IMO just goes to show how useless LLMs are. They spit out something, but ultimately you still need to ask someone if it’s actually accurate. app.normandy.user_id is a UUID used for Normandy, so for Firefox telemetry / remote control. In any reasonable privacy setup that’s one of the first things you would disable completely anyway, so it does not matter what this pref is set to, as it’s not used at all.

So the real thing you want to check is if app.normandy.enabled is set to false. That’s it.

For more info on Normandy: Normandy — Normandy 0.1.0 documentation

1 Like

Don’t change random settings, instead reference arkenfox.

2 Likes