mirrors/chameleon
0
0
Fork 0
mirror of https://github.com/sereneblue/chameleon.git synced 2026-04-21 07:20:01 +00:00
Code Wiki Activity
Page: Recommended Setup
Pages
About Debug General Usage Headers Home Options Permissions Profile Recommended Setup Report a bug Whitelist
1 Recommended Setup
sereneblue edited this page 2018-07-29 02:57:45 +00:00
Table of Contents

Chameleon offers many options and if you're configuring about:config as well, your browsing experience will get worse if you don't know what you're doing!

The following list contains some of the parameters I'd recommend for a casual and advanced configuration.

If you want to learn more about each option visit the general usage page here.

Profile

Casual

  • Use the Random Profile (Desktop) with notifications enabled and exclude profiles that are problematic. As you get more comfortable with profiles, feel free to use mobile profiles as well.

Advanced

  • If you've used Random Agent Spoofer before, there's not much that's new here besides being able to toggle notifications, manually changing your profile and the custom user-agent option.

Headers

Casual

  • Enable the Spoof If-None-Match (Etags) option.

  • Enable the Spoof Source Referer option.

    This option may break websites but it's very uncommon

  • If you can read multiple languages (or trying to learn!), change the Spoof Accept-Langauge to your preferred language.

Advanced

  • If you need to spoof your IP for a website that you know is fooled by the headers, check the boxes next toSpoof Via and Spoof X-Forwared-For.

  • Enable Disable Referer if you're comfortable with a few websites breaking.

  • Set the Referer X Origin Policy to Match base domain.

  • Set the Referer Trimming Policy to Scheme, host, port, path.

  • If you can read multiple languages (or trying to learn!), change the Spoof Accept-Langauge to your preferred language.

Options

Casual

  • Enable the script injection option.

  • Change your screen resolution.

  • Enable the tracking protection option.

  • Select the Allow 3rd party from visited option for the cookie policy.

about:config tweaks:

  • Disable the Battery API.

  • Disable Browser Pings.

  • Disable CSS visited links.

  • Disable Device sensors.

  • Disable DNS prefetch.

  • Disable Gamepad API (if you don't use a controller with Firefox).

  • Disable Geolcation (if you don't use your location on websites).

  • Disable Geolcation 2 (if you don't use your location on websites).

  • Disable Pocket if you don't use it.

  • Disable Search Suggestions if you're comfortable with not using them. (Just use DuckDuckGo with bangs instead).

  • Disable Web Beacons.

  • Enable click to play for plugins.

  • Disable health report.

  • Disable telemetry report.

Advanced

  • Enable the script injection option.

  • Change your screen resolution.

  • Disable WebSockets only if you know what they are and you're comfortable with disabling them, should be easy to figure out when you'd need them.

  • Enable the Protect window.name option.

  • Enable the tracking protection option.

  • Enable the first party isolation option.

  • Enable resist fingerprinting only if you don't want to use script injection and the features that require it.

  • Select the Block 3rd party option for the cookie policy.

about:config tweaks:

  • Enable Block active mixed content.

  • Enable Block display mixed content.

  • Disable the Battery API.

  • Disable Browser Pings.

  • Disable CSS visited links.

  • Disable Device sensors.

  • Disable DNS prefetch.

  • Disable DRM (if you know what you're doing!).

  • Disable Gamepad API (if you don't use a controller with Firefox).

  • Disable Geolcation (if you don't use your location on websites).

  • Disable Geolcation 2 (if you don't use your location on websites).

  • Disable PDF.js (if you have a PDF reader installed on your machine).

  • Disable Pocket if you don't use it.

  • Disable Search Suggestions if you're comfortable with not using them. Use DuckDuckGo with bangs instead.

  • Disable WebGL (if you don't play HTML5 games).

  • Disable Web Beacons.

  • Limit detectable fonts.

  • Enable click to play for plugins.

  • Disable safe browsing download check.

  • Disable safe browing malware check.

  • Disable health report.

  • Disable telemetry report.

Whitelist

Casual

  • Enable the whitelist option.

  • Enable the Use real profile for whitelist option.

Advanced

  • Enable the whitelist option.

  • Enable the Use real profile for whitelist option if you don't want to configure a whitelist profile.

Recommended Addons

Chameleon alone is not enough to protect your privacy. The following addons are some that I recommend using in addition to Chameleon:

uBlock Origin

Block ads and various trackers, disable WebRTC, and other content

uMatrix

Blocks JS, iframes, CSS, XHR, cookies, etc.

You can use uMatrix to prevent CSS from leaking your screen resolution. See this issue for more details.

NoScript

Blocks JS, prevent XSS and clickjacking attacks.

Canvas Blocker

Modify or block your canvas fingerprint.

HTTPS Everywhere

Force HTTPS if a website supports it.

Firefox Multi-Account Containers

Isolate cookies by container. Useful to login to multiple websites at the same time.

Temporary Containers

Builds on Multi-Account Containers; disposable containers that act similar to a private browsing tab.