ThreeBadgersInATrenchcoat

This guide is to help you configure Ungoogled Chromium to be as hardened as possible for privacy and security.
Chromium is an open source browser project that is developed and maintained by the Chromium project, who is funded primarily by Google. Even though Chromium is open source, this doesn't mean that it's free from Google and their tracking — this is where Ungoogled Chromium comes in. Ungoogled Chromium takes Chromium and removes all Google dependencies and tracking while retaining the extremely strong security model of Chromium.
Only download Ungoogled Chromium from it's official repository or one of it's officially supplied binaries, all of which can be found here.

Making a new profile

First, we'll create a new profile for this hardening. It can be called anything and have any icon, whatever icon or name you choose for the profile has no effect on your privacy, it is solely for aesthetic purposes.

Creating the new profile

Click the default user icon, which should be located between your search bar the the control pane.
Under “Other people” click “Add”
Give this profile any name and icon
Click “Add”

Removing the old profile

Click the icon of your new profile in the top right of Ungoogled Chromium.
Click the settings gear (this should be located to the right of 'Other people')
Hover over your original profile, this will likely be called something like 'Default' or 'Person 1'.
Click the three vertical dots.
Click 'Remove this person'.
Close the menu.

Hardening normal settings

Getting to the settings menu

Ensure that you're in the new profile that you just created.

Click the three vertical dots in the top right of Ungoogled Chromium.

Click 'Settings'

You're now in the settings menu.

Autofill

Passwords

'Offer to save passwords' ~> Off
'Auto Sign-in' ~> Off

Payment methods

'Save and fill payment methods' ~> Off
'Allow sites to check if you have payment methods saved' ~> Off

Addresses and more

Save and fill addresses ~> Off

Privacy and security

Clear browsing data

There is no way to have Ungoogled Chromium either never store browsing data or delete it on exit without using Incognito Mode, this means that you will need to do this manually. Remember to repeat this process frequently.

Click 'Advanced'
Set the 'Time range' field to 'All time'
Tick all of the boxes
Click 'Clear data'

Cookies and other site data

Select 'Block third-party cookies'
'Clear cookies and site data when you quit Chromium' ~> On
'Send a “Do Not Track” request with your browsing traffic' ~> On
'Preload pages for faster browsing and searching' ~> Off

Site Settings

'Location' ~> Blocked
'Camera' ~> Blocked
'Microphone' ~> Blocked
'Notifications' ~> Blocked
'Background sync' ~> Block closed sites from sending and receiving data
'Motion sensors' ~> Block sites from using motion sensors
'Automatic downloads' ~> Do not allow any site to download multiple files automatically
'Unsandboxed plugin access' ~> Do not allow any site to use a plugin to access your computer
'Handlers' ~> Do not allow any site to handle protocols
'MIDI devices' ~> Do not allow any sites to use system exclusive messages to access MIDI devices
'USB devices' ~> Do not allow any sites to access USB devices
'Serial ports' ~> Do not allow any sites to access serial ports
'File editing' ~> Do not allow any sites to edit files or folders on your device
'HID devices' ~> Do not allow any sites to access HID devices
'Clipboard' ~> Blocked
'Payment Handlers' ~> Do not allow any site to install payment handlers
'Augmented reality' ~> Do not allow sites to create a 3D map of your surroundings or track camera position
'Virtual reality' ~> Do not allow sites to use your virtual reality devices and data
'User presence' ~> Block sites from knowing when you're present
'Flash' ~> Block sites from running Flash
'Protected content' ~> Blocked

Search engine

Click the twirl-down menu in the search engine section, it should say 'No Search'. Change this to the search engine of your choosing, preferably a privacy-respecting one such as DuckDuckGo.

On startup

Select 'Open the New Tab page'

Chrome flags

Chrome has a page that is essentially just a list of additional settings that can't be found in the normal settings page, which can be found by typing 'chrome://flags' into your address bar and pressing enter.
Search for the following settings and set them to the value listed after them.

'Handling of extension MIME type requests' ~> Always prompt for install >Necessary for installing extensions later in the guide.

'Smooth Scrolling' ~> Enabled >Removes the jolting, choppy scrolling and replaces it with a much smoother scrolling animation.

'Parallel downloading' ~> Enabled >This allows the multiple connections to be made to download a file in multiple different smaller chunks. This greatly increases download speeds of almost any file that you download.

Extensions

While adding extensions to your browser can greatly increase your privacy and protections from websites, the more you add also makes your browser fingerprint more unique. This is why you need to evaluate each extension and find the right combination for your use. Below are some of the best plugins to increase your privacy.

uBlock Origin

NoScript

HTTPS Everywhere

Decentraleyes

uMatrix

ClearURLs

Cookie AutoDelete

Terms of Service; Didn't Read

Once you've found your preferred combination of extensions, we have to install them. Installing extensions to Ungoogled Chromium isn't quite as easy as just installing them to normal Chromium or Chromium-based browsers like Brave. Since Ungoogled Chromium is stripped of all Google tracking and dependencies, the Chrome Web Store doesn't allow us to install extensions through a convenient button, because of this we have to use one of two workarounds.

Method 1

The first method is slightly easier albeit more risky, we'll use an external site called CRXExtractor to install extensions. All you have to do it go to the website, click on “Start for free”, paste in the URL of the extension from the Chrome Web Store, Click 'Download', Click 'Get .CRX', then select 'Add extension' when your browser prompts you.

Method 2

Method two uses Google's official URL to extract the .crx file from the extension on the Chrome Web Store, allowing you to install the extension. First, you have to open the extension on the Chrome Web Store and copy it's ID (the ID is the long string of letters normally found at the end of the url after the last '/'), put this somewhere where you'll be able to get it later. Next, click the three vertical dots in the top right of Ungoogled Chromium, then click 'About Chromium'. This should present you with, among other things, your version number — this number is also important so make sure to copy it and paste it somewhere you'll be able to retrieve later. Now, the link is 'https://clients2.google.com/service/update2/crx?response=redirect&acceptformat=crx2,crx3&prodversion=[VERSION]&x=id%3D[EXTENSION_ID]%26installsource%3Dondemand%26uc', you have to replace [VERSION] with your version number to the second '.' (so something like 87.0, not 87.0.4147.88), and [EXTENSION_ID] with the extension ID from earlier. With this new URL, you'll paste it into your search bar and press enter on your keyboard. You should now get a prompt to install the extension, just click 'Add extension' and it should be added to Ungoogled Chromium.

And that's it!

You've now fully configured Ungoogled Chromium for privacy and security, good job!
This article is still being revised, so it's important to check back every once in a while to make sure nothing new was added.

This guide is to help you configure Firefox to be as hardened as possible for privacy and security.

If your focus is more on high security at the cost of some privacy, or are an at risk individual, it is recommended to use Ungoogled Chromium or tweaked normal Chromium. Firefox falls behind Chromium severely in many security aspects such as site isolation, win32k, GPU isolation, weaker seccomp filter, minimal ioctl filtering, no sandbox at all past the OS app sandbox, and much more. All of the above listed things are mitigated or fixed altogether in Chromium, and are left almost entirely ignored or unresolved in Firefox.
Check madaidan's guide to read more about the gap between Firefox and Chromium, found here.

User.js Templates

Choose one of the user.js templates below, they each have a different purpose. These do some initial hardening of the browser and give a better starting place, so pick the one which better fits what you're looking for.

https://github.com/arkenfox/user.js – focused on hardening firefox for privacy, security, and anti-fingerprinting;

https://github.com/pyllyukko/user.js – geared towards vulnerability mitigation, minimizing persistence, and usability.

Importing user.js

Creating a new profile

Run firefox -no-remote -ProfileManager
Create a new profile
Click 'Next'
Input a name for your profile
Click 'Finish'
Exit

Locating your new profile

Open the profile you just created, your profiles should be located at;

Windows; %APPDATA%\Mozilla\Firefox\Profiles\XXXXXXXX.yourprofilename

Linux; ~/.mozilla/firefox/XXXXXXXX.yourprofilename

OS X; ~/Library/Application Support/Firefox/Profiles/XXXXXXXX.yourprofilename

Adding the user.js to your configuration

To import the ArkenFox user.js, run the following command:

cd /path/to/your/profile && rm -rf * && wget https://raw.githubusercontent.com/arkenfox/user.js/master/user.js

To import the Pyllyukko user.js, run the following command:

cd /path/to/your/profile && rm -rf * && wget https://raw.githubusercontent.com/pyllyukko/user.js/master/user.js

If you're asked something similar to “Are you sure you want to delete the only file in /directory/of/profile?”, just accept and continue (this can usually be done by pressing 'Y' on your keyboard).

The user.js is now imported.

Hardening normal settings

Getting to the settings menu

Open the Firefox profile that you've just created

Click the three horizontal lines in the top right of Firefox

Click 'Preferences'

You're now in the settings menu.

General

'Play DRM-controlled content' ~> Off

'Recommend extensions as you browse' ~> Off (This has very little privacy impact, but can be annoying if left on)

'Recommend features as you browse' ~> Off (This has very little privacy impact, but can be annoying if left on)

Enabling DNS over HTTPS

Go to the 'General' settings tab
Scroll to the bottom of the page
Click Network
Scroll down
Turn on 'Enable ENS over HTTPS'
Select 'Custom' from the drop down menu
Input a trusted DNS provider's DoH address such as NextDNS set up with no logs.

Home

'Homepage and new windows' ~> Blank Page

'New tabs' ~> Blank Page

'Web Search' ~> Off

'Top Sites' ~> Off

'Highlights' ~> Off
├── Visited Pages ~> Off
├── Bookmarks ~> Off
├── Most Recent Download ~> Off
└── Pages Saved to Pocket ~> Off

'Snippets' ~> Off

'Search Bar' ~> Add search bar in toolbar (This will allow you to add other search engines without installing extra addons)

'Default Search Engine' ~> DuckDuckGo (or any other privacy respecting search engine of your choice.)

'Provide search suggestions' ~> Off

Remove all entries from 'One-Click Search Engines' that aren't your search engine(s).

Privacy & Security

Enhanced Tracking Protection ~> Custom
├── Cookies ~> 'All third-party cookies (may cause websites to break)'
├── Tracking content ~> 'In all windows'
├── Cryptominers ~> On
└── Fingerprinters ~> On

'Send websites a Do Not Track signal [...]' ~> Always

'Delete cookies and site data when Firefox is closed' ~> On

'Ask to save logins and passwords for websites' ~> Off

'Autofill logins and passwords' ~> Off

'Suggest and generate strong passwords' ~> Off

'Show alerts about passwords for breached websites' ~> Off

'Use a Primary Password' ~> Off

'Use custom settings for history' ~> 'Always use private browsing mode'

Address bar
├── Browsing History ~> Off
├── Bookmarks ~> Off
├── Open tabs ~> Off
└── Top sites ~> Off

Permissions
├── Location ~> 'Block new requests asking to access your location'
├── Camera ~> 'Block new requests asking to access your camera'
├── Microphone ~> 'Block new requests asking to access your microphone'
├── Notifications ~> 'Block new requests asking to allow notifications'
└── Virtual Reality ~> 'Block new requests asking to access your virtual reality devices'

'Allow Firefox to send technical and interaction data to Mozilla' ~> Off

'Allow Firefox to make personalized extension recommendations' ~> Off

'Allow Firefox to install and run studies' ~> Off

'Allow Firefox to send backloged crash reports on your behalf' ~> Off

'Block dangerous and deceptive content' ~> Off

'Block dangerous downloads' ~> Off

'Warn you about unwanted and uncommon software' ~> Off

Sync

Ensure Firefox Sync is disabled.
If you need cross-device browser sync, then use xBrowserSync. It will sync all bookmarks across devices fully end-to-end encryption so nobody but you can read the data.

The more plugins you add, the more unique your browser fingerprint gets. This is why you need to evaluate each plugin and find the right combonation for your use. These recommendations have been split up into two catagories, 'core' and 'additions'. 'Core' lists plugins that greatly increase your everyday privacy on websites if used correctly, and 'additions' describe plugins that don't necessarily enhance privacy but can add additional useful privacy-related functionality to the browser.

Core;
uBlock Origin
HTTPS Everywhere
Decentraleyes
ClearURLs

Additions;
xBrowserSync
Terms of Service; Didn't Read

WebRTC

This will break most in-browser VOIP apps like Discord, Jitsi, Hangouts, etc. If you can deal with the lessened functionality then it's best to disable this because it can leak your real IP even if you're using a VPN to the websites you're visiting.

How to disable it

Type 'about:config' into the address bar

Press enter

Click 'I'll be careful, I promise!'

Search for the following settings and set them to the value listed after them.

media.peerconnection.enabled = false
media.peerconnection.turn.disable = true
media.peerconnection.usedocumenticeservers = false
media.peerconnection.video.enabled = false
media.peerconnection.identity.timeout = 1

WebRTC is now fully disabled.

about:config

Firefox has a sort of hidden in-depth settings menu that can be found by typing 'about:config' in your address bar and pressing enter. Here you can harden the browser for privacy and security to a level not possible by just using the normal settings menu.

Search for the following settings and set them to the value listed after them.

privacy.firstparty.isolate = true
privacy.resistFingerprinting = true
privacy.trackingprotection.fingerprinting.enabled = true
privacy.trackingprotection.cryptomining.enabled = true
privacy.trackingprotection.enabled = true
browser.sendpings = false
browser.urlbar.speculativeConnect.enabled = false
dom.event.clipboardevents.enabled = false
media.eme.enabled = false
media.gmp-widevinecdm.enabled = false
media.navigator.enabled = false
network.cookie.cookieBehavior = 1
network.http.referer.XOriginPolicy = 2
network.http.referer.XOriginTrimmingPolicy = 2
webgl.disabled = true
browser.sessionstore.privacy
level = 2
beacon.enabled = false
browser.safebrowsing.downloads.remote.enabled = false
network.dns.disablePrefetch = true
network.dns.disablePrefetchFromHTTPS = true
network.predictor.enabled = false
network.predictor.enable-prefetch = false
network.prefetch-next = false
network.IDNshowpunycode = true

There are almost 3000 more about:config tweaks that can be done to increase privacy, but that would take forever for someone to do, so these are the about:config tweaks that when all put together I believe create the strongest balance between time and protection.

Cleaning up anti-privacy files

While doing all of these steps immensely increases the privacy of the browser, there are still some anti-privacy files left behind in Firefox. In this step we will delete these.

Navigate to the Firefox features directory at /path/to/firefox/browser/features (i.e. /usr/lib/firefox/browser/features/)
Delete the following files if present:

firefox@getpocket.com.xpi
followonsearch@mozilla.com.xpi
activity-stream@mozilla.org.xpi
screenshots@mozilla.org.xpi
onboarding@mozilla.org.xpi
formautofill@mozilla.org.xpi
webcompat@mozilla.org.xpi
webcompat-reporter@mozilla.org.xpi

And that's it!

You've now fully configured Firefox for privacy and security, good job!
This article is still being revised, so it's important to check back every once in a while to make sure nothing new was added.