Initial Privacy Settings for Qutebrowser28 Mar 2021
With some of the recent decisions from Mozilla regarding the supression of free speech, the signing of the petition for Richard Stallman to be exiled from the Free Software Foundation, and the support of mass censorship by "big tech", I've decided to start moving away from Mozilla and look for an alternative browser. This has led me down a path of trying numerous minimal browsers and from those, the most promising one I have come across so far is Qutebrowser. Unfortunately it requires a lot of dependencies since it uses the qt framework, but I can live with that for the low memory footprint, the perceived snappiness I'm not used to with bloated web browsers, and the vim like key bindings. There doesn't seem to be much out there in terms of tutorials or privacy recommendations, so I've decided to list some of my own settings here.
This short guide is just my recommendations for an initial setup of Qutebrowser. If I've missed anything that you may feel is important, please feel free to contact me and let me know.
The settings for Qutebrowser can be modified by typing the commands below, or they can accessed all at once just by typing :set then hitting enter.
Disable Media Autoplay
:set content.autoplay false
This will disable the pesky autoplay feature that most browsers seem to enable by default for some reason. Who actually wants video ads to autoplay?
Disable Location Tracking
:set content.geolocation false
This will obviously disable the ability for the browser to reveal your location to websites. Keep in mind that your location can still be roughly determined by your IP address unless you use a VPN.
Disable Third Party Cookies
:set content.cookies.accept no-3rdparty
Why are third party cookies still enabled by default? I have no idea, but this will disable them. Third party cookies are one of the primary ways websites can track your browsing habits across multiple sites.
:set content.headers.user_agent (custom string)
Many people might disagree with this one since having the most generic user-agent possible (Chrome Browser on Windows 10) is likely the best option for blending in with the masses, however I'm super picky when it comes to the statistics I provide. I'll take the hit on privacy to not artifically boost the popularity of proprietary software and instead promote the true operating system and browser that I'm using. The default user-agent advertised that I was using "Chrome" on "linux", neither of which are true. This has been corrected on my copy.
:set colors.webpage.prefers_color_scheme_dark true
This one personal preference however it's often done incorrectly. I've seen others complain the dark mode is broken on Qutebrowser, however that's because they've used colors.webpage.darkmode.enabled instead, which seems to use a custom set of CSS for all websites which can look pretty bad. The setting above just tells the website that if they have a dark theme available that you'd prefer to use that one instead.
:set content.private_browsing true
This is the equivalent of incognito tabs in other browsers and does not save browsing history or cookies. There are drawbacks for general browsing such as not being able to save and restore tabs the next time you open qutebrowser, so this is optional depending on your use case.
:set completion.open_categories ["searchengines", "quickmarks", "bookmarks"]
By default, this list also includes browsing history and your local file system. I don't like either of them being displayed on my screen, so I've removed those two.
Disable Canvas Fingerprinting
:set content.canvas_reading false
Browser canvasing provides a very detailed fingerprint that can be used to identify you across the web.
Well, that's all I have for now. If you have any suggestions that could improve this list, please let me know.