Today's Privacy Cookbook is all about browser security.

Lets start with Chrome or Chromium!

If it is your main browser, do the following.....use your browser to go to https://www.mozilla.org, to download the latest Firefox and after doing that delete Chrome!

Congrats you have fixed the first issue!

Now lets go to step 2

Let's install a few add-ons.

uBlock Origin ‚Äď Get this Extension for ūü¶ä Firefox (en-US)
Finally, an efficient blocker. Easy on CPU and memory.
CanvasBlocker ‚Äď Get this Extension for ūü¶ä Firefox (en-US)
Alters some JS APIs to prevent fingerprinting.
Decentraleyes | Local CDN Emulation
A web browser extension that emulates Content Delivery Networks to protect your privacy.
Cookie AutoDelete ‚Äď Get this Extension for ūü¶ä Firefox (en-US)
Control your cookies! This WebExtension is inspired by Self Destructing Cookies. When a tab closes, any cookies not being used are automatically deleted. Whitelist the ones you trust while deleting the rest. Support for Container Tabs.
Terms of Service; Didn’t Read
Terms of Service; Didn’t Read (ToS;DR) is an active project to fix the biggest lie on the web. We help you understand the Terms and Conditions and Privacy Policies of websites.
NoScript Security Suite ‚Äď Get this Extension for ūü¶ä Firefox (en-US)
The best security you can get in a web browser! Allow potentially malicious web content to run only from sites you trust. Protect yourself against XSS other web security exploits.

Ok, so now let's introduce a couple or three really cool tweaks to our Firefox browser:

Enter "about:config" in the Firefox address bar and press enter
Press the button "I'll be careful, I promise!"

Search for "media.peerconnection.enabled"

Double click that entry and the column "Value" should now be "false"

To be sure every single WebRTC-related setting is now disabled change these settings:

   media.peerconnection.turn.disable = true
   media.peerconnection.use_document_iceservers = false
   media.peerconnection.video.enabled = false
   media.peerconnection.identity.timeout = 1

Now you can be 100% sure it is done!

Now just a few more options of a more advanced nature with regard to the about:config page

‚Äčprivacy.trackingprotection.enabled = true
This  is Mozilla's own built-in tracking protection. It employs  the Disconnect.me filter list, which you won't need if you are already  using uBlock Origin 3rd party filters, in which case you should set it  as false.privacy.firstparty.isolate = true

This  preference isolates all browser identifier sources (e.g. cookies) to  the first-party domain with the aim of stopping tracking across  different domains. (There is no need for this if you have already  installed "Cookie AutoDelete" with Firefox v58 or below.)

privacy.resistFingerprinting = true
This preference makes Firefox more resistant to browser fingerprinting.

privacy.trackingprotection.fingerprinting.enabled = true
[FF67+] Blocks Fingerprinting

privacy.trackingprotection.cryptomining.enabled = true
[FF67+] Blocks CryptoMining

browser.send_pings = false
This attribute would be useful for letting websites track visitors' clicks.

browser.sessionstore.max_tabs_undo = 0
Even  when Firefox set to not remember history, your closed tabs are  still stored temporarily at Menu -> History -> Recently Closed

Tabs.browser.urlbar.speculativeConnect.enabled = false
Disable  pre-loading of autocomplete URLs a user types into the address  bar which could inadvertently display information or links or history

dom.event.clipboardevents.enabled = false
Disable  as this allows websites to get notifications if you copy, paste or cut  anything from a website page as well as letting know which part of the  page has been selected.

media.eme.enabled = false
Disables  playback of DRM-controlled HTML5 content, which, if enabled,  automatically downloads the Widevine Content Decryption Module provided  by Google Inc. DRM-controlled content that requires the Adobe Flash or  Microsoft Silverlight NPAPI plug-ins will still play, if installed and  enabled within Firefox.

media.gmp-widevinecdm.enabled = false
Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content.

media.navigator.enabled = false
Websites can track both the microphone and camera status on your device.

network.cookie.cookieBehavior = 1

Disable cookies

       0 = Accept all cookies by default
       1 = Only accept from the originating site (block third-party cookies)
      2 = Block all cookies by default

network.http.referer.XOriginPolicy = 2

Only  send Referer header when the full hostname matches. (NB: if you notice  significant breakage, you might try it in combination with an  XOriginTrimmingPolicy see tweak below.)

0 = Send Referer in all cases
       1 = Send Referer to same eTLD sites
       2 = Send Referer only when the full hostnames match

network.http.referer.XOriginTrimmingPolicy = 2

When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests.

       0 = Send full url in Referer
       1 = Send url without query string in Referer
       2 = Only send scheme, host, and port in Referer

webgl.disabled = true
WebGL is a potential security risk!

browser.sessionstore.privacy_level = 2

This  preference controls when to store extra information about a session:  contents of forms, scrollbar positions, cookies, and POST data.

0 = Store extra session data for any site. (Default starting with Firefox 4.)
       1 = Store extra session data for unencrypted (non-HTTPS) sites only, default before Firefox 4.)
       2 = Never store extra session data.

network.IDN_show_punycode = true
Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks that can be difficult to notice.

Nearly done......next lets encrypt your DNS requests

DNS-over-HTTPS

1. Open Preferences.
2. Scroll down to the Network Settings section and click on Settings.
3. Scroll down and check Enable DNS over HTTPS.
4.  Select Custom, enter https://dns.nextdns.io/Your_UserID or  https://fdns1.dismail.de and click OK. (You can use any provider that  supports https-over-dns.
5. Enter "about:config" in the address bar (and click on 'I accept the risk!', if asked).
6. Set network.trr.bootstrapAddress to 45.90.28.0 (For NextDNS) or 80.241.218.68 for dismail.de
7. Set network.trr.mode to 3.

https://dt.gl/the-privacy-cookbook-chapter-2-protecting-your-dns/

Bonus!
If you like Twitter but love privacy more, install this little goody:

Twitter to Nitter Redirect ‚Äď Get this Extension for ūü¶ä Firefox (en-US)
Redirects <a href=‚Äúhttps://outgoing.prod.mozaws.net/v1/42e91f7fc0704a8826dfc5b0399f8c17081e04740f86dc342452754b14c92394/http%3A//mobile.twitter.com‚ÄĚ rel=‚Äúnofollow‚ÄĚ>mobile.twitter.com</a> and <a href=‚Äúhttps://outgoing.prod.mozaws.net/v1/89048a1de851fa717a0c54daa357686619b6fb0d8f43598efc43a0e6aef42dcb/http%3A//twitter.com‚Ķ
Invidio Quick Redirect ‚Äď Get this Extension for ūü¶ä Firefox (en-US)
Never hit YouTube! Immediate redirection from YouTube to Invidio.