diff --git a/dotfiles/gallery-dl.nix b/dotfiles/gallery-dl.nix
index ec28ffc..1abad26 100644
--- a/dotfiles/gallery-dl.nix
+++ b/dotfiles/gallery-dl.nix
@@ -3,10 +3,9 @@
     skip = "abort:5";
     cookies = [
       "firefox"
-      "/home/jawz/.librewolf/jjwvqged.default"
+      "/home/jawz/.librewolf/jawz"
       "gnomekeyring"
     ];
-    user-agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0";
     retries = 10;
     sleep-request = 0;
     directlink = {
diff --git a/dotfiles/stignore b/dotfiles/stignore
new file mode 100644
index 0000000..1b54b31
--- /dev/null
+++ b/dotfiles/stignore
@@ -0,0 +1,7 @@
+(?d)jawz/chrome/userChrome.css
+(?d)jawz/chrome/userContent.css
+(?d)jawz/lock
+(?d)jawz/user.js
+(?d)native-messaging-hosts/org.gnome.browser_connector.json
+(?d)native-messaging-hosts/org.gnome.chrome_gnome_shell.json
+(?d)profiles.ini
diff --git a/gnome.nix b/gnome.nix
index 5df2975..4d03503 100644
--- a/gnome.nix
+++ b/gnome.nix
@@ -32,10 +32,7 @@
       gnome-music
       ;
   };
-  qt = {
-    enable = true;
-    style = "adwaita";
-  };
+  qt.enable = true;
   users.users.jawz.packages = builtins.attrValues {
     inherit (pkgs.gnomeExtensions)
       appindicator # applets for open applications
diff --git a/jawz.nix b/jawz.nix
index 565eadb..650a4bf 100644
--- a/jawz.nix
+++ b/jawz.nix
@@ -22,6 +22,8 @@ in
       "syncthing_keys/${hostName}" = keyConfig ".config/syncthing/key.pem";
       "syncthing_certs/${hostName}" = keyConfig ".config/syncthing/cert.pem";
     };
+
+  home-manager.users.jawz.home.file.".librewolf/.stignore".source = ./dotfiles/stignore;
   services.syncthing = {
     enable = true;
     user = "jawz";
@@ -39,12 +41,12 @@ in
       };
       folders = {
         cache = {
-          path = "/home/jawz/Downloads/cache/";
+          path = "~/Downloads/cache/";
           ignorePerms = false;
           devices = [ "galaxy" ];
         };
         gdl = {
-          path = "/home/jawz/.config/jawz/";
+          path = "~/.config/jawz/";
           ignorePerms = false;
           devices = [
             "server"
@@ -53,7 +55,7 @@ in
           ];
         };
         librewolf = {
-          path = "/home/jawz/.librewolf/";
+          path = "~/.librewolf/";
           ignorePerms = false;
           copyOwnershipFromParent = true;
           type = if config.networking.hostName == "workstation" then "sendonly" else "receiveonly";
diff --git a/modules/apps/internet.nix b/modules/apps/internet.nix
index 1c30828..403d613 100644
--- a/modules/apps/internet.nix
+++ b/modules/apps/internet.nix
@@ -8,18 +8,86 @@
 {
   options.my.apps.internet.enable = lib.mkEnableOption "enable";
   config = lib.mkIf config.my.apps.internet.enable {
-    programs = {
-      geary.enable = true;
-      firefox = {
-        enable = true;
-        package = pkgs.librewolf; # fuck u firefox
-        languagePacks = [
-          "en-CA"
-          "es-MX"
-          "it"
-        ];
+    home-manager.users.jawz.programs.librewolf = {
+      enable = true;
+      languagePacks = [
+        "en-CA"
+        "es-MX"
+        "it"
+      ];
+      policies.DisabledFirefoxAccounts = false;
+      profiles.jawz = {
+        id = 0;
+        name = "jawz";
+        path = "jawz";
+        settings = {
+          # Enable custom userChrome.css (for GNOME theme)
+          "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+          # Enables Firefox GNOME Theme SVG icons
+          "svg.context-properties.content.enabled" = true;
+          # GNOME theme refinements
+          "gnomeTheme.hideSingleTab" = true;
+          "gnomeTheme.bookmarksToolbarUnderTabs" = true;
+          "gnomeTheme.allTabsButtonOnOverflow" = true;
+          # Normal UI density
+          "browser.uidensity" = 0;
+          "browser.toolbars.bookmarks.visibility" = "never";
+          "general.autoScroll" = true;
+          # Tabs
+          "browser.sessionstore.resume_from_crash" = true;
+          "browser.sessionstore.max_tabs_undo" = 50;
+          "browser.startup.page" = 3;
+          # DRM
+          "media.eme.enabled" = true;
+          # Prevents private windows from using dark theme
+          "browser.theme.dark-private-windows" = false;
+          # Enables rounded corners on the main window
+          "widget.gtk.rounded-bottom-corners.enabled" = true;
+          # General privacy & fingerprinting
+          "privacy.sanitize.sanitizeOnShutdown" = false;
+          "privacy.clearOnShutdown_v2.browsingHistoryAndDownloads" = false;
+          "privacy.resistFingerprinting" = false; # You explicitly disabled this
+          "privacy.fingerprintingProtection" = true;
+          "privacy.query_stripping.enabled" = true;
+          "privacy.query_stripping.enabled.pbmode" = true;
+          "privacy.trackingprotection.enabled" = true;
+          "privacy.trackingprotection.socialtracking.enabled" = true;
+          "privacy.trackingprotection.emailtracking.enabled" = true;
+          "privacy.bounceTrackingProtection.mode" = 1;
+          "privacy.clearSiteData.cookiesAndStorage" = false;
+          "privacy.clearSiteData.historyFormDataAndDownloads" = true;
+          # Do Not Track
+          "privacy.donottrackheader.enabled" = true;
+          # GPC (Global Privacy Control)
+          "privacy.globalprivacycontrol.was_ever_enabled" = true;
+          # DNS-over-HTTPS (LibreDNS with adblock)
+          "network.trr.mode" = 2;
+          "network.trr.uri" = "https://doh.libredns.gr/noads";
+          # Prevent predictive browsing
+          "network.prefetch-next" = false;
+          "network.predictor.enabled" = false;
+          "network.http.speculative-parallel-limit" = 0;
+          # Referrer sanitization
+          "network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation" = true;
+          # Partitioning and isolation
+          "network.cookie.cookieBehavior.optInPartitioning" = true;
+          # HTTPS-only
+          "dom.security.https_only_mode_ever_enabled" = true;
+          # Disable captive portal checks
+          "network.captive-portal-service.enabled" = false;
+          "network.connectivity-service.enabled" = false;
+          # Permissions tightening
+          "permissions.delegation.enabled" = false;
+          # Disable safe browsing remote lookups (relies on Google)
+          "browser.safebrowsing.downloads.remote.enabled" = false;
+          "browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false;
+          "browser.safebrowsing.downloads.remote.block_uncommon" = false;
+          # Enable anti-cookie tracking + purge trackers
+          "privacy.annotate_channels.strict_list.enabled" = true;
+        };
       };
     };
+    programs.geary.enable = true;
     users.users.jawz.packages = builtins.attrValues {
       inherit (inputs.jawz-scripts.packages.x86_64-linux)
         vdhcoapp # video download helper assistant
diff --git a/stylix.nix b/stylix.nix
index 0b097de..1ce9c42 100644
--- a/stylix.nix
+++ b/stylix.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 {
   stylix = {
     enable = true;
@@ -22,6 +22,7 @@
         name = "DejaVu Serif";
       };
     };
+    targets.qt.platform = lib.mkForce "qtct";
   };
   home-manager.users.jawz.stylix = {
     iconTheme = {
@@ -30,5 +31,9 @@
       light = "Papirus-Light";
       dark = "Papirus-Dark";
     };
+    targets.librewolf = {
+      firefoxGnomeTheme.enable = true;
+      profileNames = [ "jawz" ];
+    };
   };
 }