I can recommend librewolf, firefox with all the mozilla crap stripped out and good default privacy settings. Can tweak the options easily too if there's anything too annoying.
> Binaries are unsigned, third party update service, Google safe browsing disabled unless you build from source, running unusual browser setups can actually make you more distinctive online, unencrypted DNS by default, speed of security patches is slower than base Firefox, etc.
Unsigned binaries is good, update service is good, google safe browsing disabled is mega good, unencrypted dns is comparatively good from what i understand compared to mozilla's imperfect solution. Speed of security patches is not great, but having non-mozilla vetting on security patches is a tradeoff that is worthwhile.
Librewolf is great, but an easy way to lock down regular Firefox is to generate a profile on something like ffprofile.com and replace the default config.
