How to strengthen Firefox privacy and security (the ultimate booklet)

Last updated by   Ali Qamar
0 Comments
How to strengthen Firefox privacy and security (the ultimate booklet)

When looking for top privacy-oriented browsers, one of the first ones that arguably come to mind is Mozilla Firefox. Like most browsers on the internet today, Firefox continues to make bold steps to deal with digital privacy and security.

For example, the browser can block third-party trackers by default and mask your location using the Firefox private Network (VPN).

On top of that, the browser comes with many settings and configurations you can use to enhance your online security. Some of these tools help you block first-party cookies, which generally remember your login data. It can also block third-party tracking cookies, which advertisers use to collect information from you.

Firefox privacy is mostly credited to the open-source nature of the software. Remember, most other browsers, including Microsoft Edge, Google Chrome, Apple Safari, and Internet Explorer, are owned by large corporate companies trying to make money.

For that simple reason, open-source software tends to be more heuristic and people-centered than the proprietary programs. Also, Microsoft, Google, and Apple are always trying to track you. That aids them in getting hold of your personal information to better sell services and ads inventory.

Mozilla Firefox is so popular among security enthusiasts due to its large number of add-ons and privacy configuration. These settings and add-ons improve your online security significantly.

As an open-source platform, Firefox gets regular auditing by experts and the community to ensure that it meets the advertised standards. If there is a problem with privacy or any code, it’s removed or edited as soon as possible. Now that all sounds too good, right?

That is not all. The greatest thing about Mozilla Firefox is it’s highly customizable, which is not the case with other known browsers.

In fact, the point of this whole guide is to customize Firefox for achieving the privacy and security you desire while staying with your normal day-to-day use browser. But before we jump onto that all, let’s cover some vital information first below.

A brief history of the Mozilla Firefox browser

Firefox has gone through a series of changes ever since it got launched by the Mozilla Foundation in 2004. Before that time, the Firefox browser only existed as a university project of Marc Andreessen in the early 90s at the University of Illinois.

The Bachelor of Computer Science degree holder worked for the National Center for Supercomputing Applications, around the same time that Sir Tim Berners-Lee introduced Mark II, an early version of the ViolaWWW browser (a discontinued browser now).

Mark joined Eric Bana to create a browser for UNIX named NCSA mosaic. Released in June 1993, Macintosh and Windows adopted it. When Mark graduated in 1994, they changed the company’s name to Netscape Communications Corporation.

Mosaic Netscape 0.29, also known as Netscape Navigator, happened to be their first project. The project came as a mosaic killer or simply Mozilla, representing a Godzilla creature as their cartoon logo.

But it was until 1998 when AOL acquired Netscape, and by June 2002, they started building Mozilla Firefox, which was named Phoenix at the time. This new web browser received a lot of traction, and in 2003, Mozilla announced plans to work on this project even more.

It was in 2004 that the first stable version of Mozilla Firefox 0.8 got released. By the time Google Chrome got introduced in September 2008, Firefox controlled more than 30% of all browser usage on the internet.

Fast forward, by 2020, Firefox has 10% of browser usage, while Chrome has captured the rest of 70%. The best thing here is, Mozilla Firefox still exists as an open-source project today.

Some vital heads-ups before securing your Firefox

Risks of not securing Firefox
(Unsplash)

As noted earlier, on top of its secure code, the browser comes with a wide array of techniques and tweaks to keep you safe online.

But below are some important considerations you need to make before we get to Firefox privacy tips, add-ons, extensive configuration settings, and tweaks that ensure you are safe online.

We will talk about all these in detail a little later below, but here too we will discuss about these quickly.

Browser fingerprinting

A browser fingerprint is information that remote service collects from you to identify your device or machine. The websites you visit quickly identify unique users and track how they behave on the internet.

So, how do I deal with browser fingerprinting in Firefox? The Firefox browser has configurations that allow plugins to be used as long as they align with your operating system. So, you choose specific settings to know how you get tracked or see the accuracy of the tools you use to stay safe online.

In fact, if you use your fingerprinting tools well, you could end up bypassing any form of tracking by websites online. It might sound ironic and insidious, but; the more measures you have to avoid web tracking, the more your browser fingerprints become unique.

The Tor Browser is one of the most popular anti-fingerprinting platforms that you can use. But, as long as you are using Firefox, you can still use a plane OS and your normal beloved browser to build a defense against fingerprinting.

Adblocking

Not too long ago, The Guardian Magazine screamed a headline that Firefox is fighting against Facebook and Google advertisement programs for the future of web privacy. The browser is not necessarily aiming at any of those tech giants at all, though.

The problem with these companies is that they have lots of tracking in place, and Firefox (for optimum user privacy) prevents them from doing this. An update to the browser in June 2019 brought robustly enhanced tracking protection, which automatically became part of the browser’s standard settings.

Advertisers, trackers, and crypto miners will not show or have power over this browser’s uses. Previously this feature was only available for the Beta and Firefox nightly versions, but now it’s available in the standard model. To make adblocking possible, the browser blocks pervasive cookies used by ad trackers that potentially expose you online.

Threat modeling

Among the best ways to keep safe online is to have a model that helps you understand your online threats. So what exactly is threat modeling? You map out your adversaries and know from whom you are trying to hide your data.

The enemy could be the big tech companies, the government, or just the ordinary stranger.

Once you understand your threat, you’re going to put in place measures that work efficiently to protect you. It would be best if you did this because it helps form a strategy to use your Mozilla Firefox browser to stay safe online. Also, it enables you to know if the tools you’re going to use are feasible from a financial point of view.

DNS over HTTPs

A domain name system DNS is more potent than the https. The DNS means that your browser turns the domain name of a website into a numerical address. For example, PrivacySavvy.com becomes 194.1.147.13. Computers only connect to IP addresses. Therefore, you can easily mask your location or prevent getting tracked online.

DNS is not encrypted by default. Typically, it can let third-parties see what you are doing online and leave then change your IP to redirect to websites.

Therefore, once you use encrypted DNS, you prevent any of these from happening. Encrypted DNS should be in the form of DNS over TLS, DNS-over-https (DoH), or dnscrypt. These encrypted forms avoid your ISP from accessing your queries. So, nobody can tamper with what you do online.

Mozilla recently embraced the native support for DNS over HTTPs. You have to head to the general page and search for network settings. Then, at the bottom, you will find settings that allow you to enable DNS over https. Once you choose your provider, you may also want to ensure that you rely on an ISP provider that has encrypted the Server Name Indication eSNI, so they don’t invade your privacy.

To disable DoH in Firefox, heaver over to Menu, then Options, next General, and there you click on the Settings button after scrolling down to Network Settings. A box will appear; scroll down until you see Enable DNS over HTTPS to enable or disable it.

Web extensions

Firefox privacy extensions are some of the tools you get when using Mozilla Firefox. Mozilla Foundation’s browser has moved from its old-fashioned add-ons to the web extensions section. Beginning with the Firefox 57 quantum, you can now use web extension add-ons.

Firefox add-ons and extensions will help you to change the experience you have with the browser. You can improve your security or even try to play around with themes and understanding how it feels to use the new platform.

What to do (for ultimate privacy and security) when you first install Firefox browser

Installing the Mozilla Firefox browser might be one of the best decisions you’ll ever make. This browser’s safety and functionality features will not only fit your online escapades, but it also provides you with so much power.

But, there are certain things you have to understand before you have your browser installed. For instance, if you are running on Windows 10, you might receive a warning that tries to scare you from making this installation. Microsoft wants you only to use their applications. You need to be smarter and make your own decisions for your security. Ready?

Head to the Mozilla website and download the best version that fits your device and operating system. Once you click the ‘download or get it now’ button, the system will detect the best version for your device and start downloading it automatically.

Open the downloaded file and run it. When the installation gets completed (in about one to two minutes), Firefox will open.

Mozilla Firefox first look after installation

You can then choose whether to sign in or synchronize with your other accounts. Other things you might need to do is probably making the Mozilla Firefox browser your default browser.

Now, you may want to use specific settings and hacks that will reinforce your browser’s security. Let’s get started with adjusting your Firefox settings for better protection and privacy:

1. Disable telemetry

It’s by default that the Mozilla Firefox browser collects some telemetry. Telemetry is a feature in browsers that collects data such as performance metrics. It’s a browser’s way of trying to get feedback from its users so they can improve their services. These include histograms and scalars, as well as data payload. This information is then sent to the server for processing. 

Of course, it’s harmless, mostly because it goes to Firefox only, and there’s no personal information that could identify you. However, the very fact that Mozilla only allows you to opt-out instead of opt-in means that you may want to tighten your privacy.

Disabling telemetry in Firefox is straightforward. First up, head over to the Privacy and Security section in your Settings menu (three horizontal dots you see on top-right). There you will find a section named Firefox Data Collection and Usage. Here you need to check or uncheck options depending on your preferences.

If you are using Firefox for Android, you need to go to your menu (three vertical dots on the top-right corner), and then go to Settings. There you should select Data Collection available in the Privacy & Security section. You might want to uncheck all three options there.

Note: You can also run the about:config command in your browser and disable telemetry through it. To go this route, make sure you set toolkit.telemetry.enabled to false there. We will talk about Firefox’s about:config settings in detail a little below in this article.

2. Change your default search engine

In the past, Firefox used to run on Bing, and then it shifted to Google. You might understand Mozilla’s decision from a financial point of view, but; you have to admit that neither Google nor Bing is a friend to your privacy.

A private search engine such as DuckDuckGo will give you a little more privacy. Here is a list of the search engines Firefox provides you to choose from.

Firefox search engines list

The good thing about multiple options here is that it provides you with an easy way to choose your favorite search engine.

You would want to change your seach engine DuckDuckGo there, and to do that:

  1. Got to the Menu.
  2. Click on Options.
  3. Now, the Default Search Engine (pro tip: you can use the search box available at the top-right that reads ‘Find in Options’ to find search engines list in Firefox).
  4. You will see DuckDuckGo in a drop-down list there; that’s what you need to select.
  5. All done.

Firefox does not have a list with too many alternative search engines available in its settings area by default. However, DuckDuckGo is there, the recommended search engine we want you to settle on for your browser. Also, you can get more choices by clicking the Find more search engines button that you could find in the One-Click Search Engines option available in the Firefox Options tab.

3. Enable tracking protection

One of the most significant problems with the internet today is that almost every website wants to track you down. These tracking options get deployed by advertisers as well as websites that want to learn your online behavior.

With tracking protection, your Firefox protects your browsing data from being collected by sites. In essence, you will not have a useful online profile having browsing information that those websites could take advantage of without you knowing.

Activating tracking protection in Firefox is fairly easy:

  1. Go to the menu (by clicking three dots on the top-right corner of your browser).
  2. Select Options.
  3. Head over to the Privacy and Security tab on the left side.
  4. Look for the Tracking Protection section there, and choose Always among the options you see there.
  5. All done.
Firefox Tracking Protection Settings

Note: You might have only the Content Blocking option in your Privacy and Security tab in your Firefox. If so, you simply change it to Strict from Standard mode there.

4. Turn on the Do Not Track Protection

Most standard browsers have a BLT or do not track option that informs websites you’re visiting that you do not like the idea of getting tracked.

Remember that it is up to those websites to decide whether they want to obey your command or not. So, tweaking your browser settings to enable the Do Not Track feature might not help you achieve your better privacy goals.

Still, it won’t hurt to make full use of this Firefox privacy feature, too. As like the above one, you can enable this feature in the Content Blocking section available in Firefox’s Privacy & Security Tab.

Do Not Track me feature in Mozilla Firefox

5. Disable the WebTRC

Sometimes you want to communicate to other online users using video calls, voice, or P2P sharing of files. In this case, you may install or allow WebTRC on your browser. The new Firefox Hello chat and video client has the functionality that lets you talk privately with Opera and Chrome browser users without installing any extensions.

The problem with this feature is that it shows your IP address even when using a VPN. That can allow websites to detect the device proxy server you’re using. If you believe that WebRTC is unnecessary for your work, you can disable it altogether.

It is straightforward to do. Follow the steps below to disable WebTRC in Firefox:

  1. Type about:config in your browser address bar and press enter
  2. Now, press/click the button that reads I’ll be careful, I promise!
  3. Look for media.peerconnection.enable
  4. You need to set the column Value as False there. Double click and it will do so.
  5. Done.

6. Remove DRM

When you want to watch videos on streaming services like Hulu, Netflix, or Amazon Prime, you need to use Digital Rights Management (DRM) to encrypt contents and protect the copyright. These streaming websites depend on DRM to make sure that they limit what you do with their videos.

When Mozilla finally included DRM in their browser back in 2015, many privacy advocates raised concerns. That is understandable. But it’s only meant that the Mozilla Foundation wanted to meet the standards of streaming Netflix seamlessly on Firefox.

There was a big debate because many users felt the open-source called project was getting hijacked by business-oriented administrators. Mozilla even went ahead to use a separate sandbox to run the DRM. In theory, nobody can access the DRM apart from Mozilla, and the DRM would not harm users.

But if you are a privacy perfectionist, you may want to delete the DRM from your browser. Of course, this comes with its limitations because you may not be able to access DRM-protected contents online then.

Since taking action here can affect your ability to stream Netflix and other videos onward, we would recommend you to take this tweak as optional and not mandatory for maximizing your Firefox privacy. And as noted above, having DRM available in your browser is not that risky either. Still, if you want to do it, follow the steps below:

  1. Click on the menu (the three dots present on the top-right corner) and pick Options.
  2. Now, type in DRM in the search box you see in the top-right corner of your Options screen. You will see Digital Rights Management (DRM) Content appearing instantly as you type.
  3. There the only option available being Play DRM-controlled content should be checked; uncheck it.
  4. Next, go to about:addons using your browser address bar. There you need to click on Plugins available on the left side.
  5. Locate two plugins dubbed as Widevine Content Decryption Module and Primetime Content Decryption Module there. Click on three-dots you see ahead of their names, select the Never Activate option for both there.
  6. Now, got to about:support by typing it in your address bar. Scroll down to find Profile Folder (on the left side on your screen) and click on the Open Folder button.
  7. There you need to locate and delete two sub-folders gmp-widevinecdm and gmp-eme-adobe.
  8. Restart your Firefox. You are now done with getting rid of DRM.

7. Turn off blocking for specific websites

You can disable blocking for specific websites (the ones you fully trust). This puts them on your whitelist while you look to enhance your Firefox privacy and security.

First step is to decide on websites you use often and those that are confirmed to be secure enough for you.

To do so, go to the website you want to whitelist and then click on the shield icon. A window will appear where you could see a toggle button that reads, “Enhanced Tracking Protection is On for this site.” Simply uncheck the toggle option available there to disable content blocking for the website.

Disable Firefox content blocking for specific websites
Firefox Privacy Extensions - Security Add-Ons For Firefox Security
(Unsplash)

When it comes to choosing the right security add-ons, you need to think about a few things. First, you must consider the level of security an add-on or extension offers. Then it would help if you found out the effects it has on your browser’s performance.

Also, it would help if you compare the features and pricing (if any) of the services you get from these add-ons. If you want to boost your Firefox security levels, we recommend you to embrace the following privacy extensions:

uBlock Origin

If you want a robust adblocker that ensures you don’t get tracked, you should look no further then uBlock Origin add-on. Although it’s relatively light, uBlock Origin is quite powerful, especially in filtering content you don’t want on your browser.

But the downside is that by using ad blockers and non-tracking scripts, you could end up hurting your experience on some web pages. But uBlock Origin comes in handy with its Whitelighting features. You can use its Element Picker or Element Zapper feature to customize how a webpage runs on your browser.

Privacy Badger

Privacy Badger
(Google Play Store)

Privacy Badger add-on from the Electronic Frontier Foundation (EFF) is primarily an anti-tracking extension that also serves as an ad blocker. These two functions may seem to overlap, but they complement each other as it’s possible to run them concurrently.

Unlike typical ad blockers, Privacy Badger does not keep blocklists. Instead, it tracks The Script of the web pages you lord and then informs your browser not to load any content that seems suspicious. That means it only allows you to access secure web pages.

The way it works is simple. You get to see The Script present on a web page and see those trying to track you. Then the privacy badger add-on gives you the power to block or allow cookies or scripts.

HTTPS Everywhere

HTTPS Everywhere is one of the essential tools you should have on your Mozilla Firefox browser for optimum security. Developed by Electronic Frontier Foundation (EFF), this add-on ensures that you connect securely to all the websites you visit.

As long as you visit even a non-https website with this extension activated, you’re going to connect securely. Many websites out there having HTTPs still boast HTTP by default in some parts, which means they are insecure.

Here we would recommend you not to rely on any extension or tool only. Stay alert from your side, too. Always make sure that the padlock icon on the left side of the URL bar is locked and green, which means that you are connecting to https enabled website.

No Script

If you are looking for a completely free and open-source Firefox privacy add-on, NoScript is the way to go. It stops Java, Flash, and JavaScript from running on any suspicious website.

NoScript allows you to have full control of the scripts on a website as you visit one. Some websites built on complicated technologies can refuse to obey this add-on on your browser. However, with a few tweaks, you will be able to make it work.

You can add a few websites to your whitelist, but that means you must first understand that there could be a few risks involved. Of course, this is not for average users because it requires some computer privacy knowledge and skills. But as you are here, we are optimistic you will easily beat the challenges.

uMatrix

uMatrix

Team uBlock Origin is behind this add-on development, where it offers a balance between uBlock and NoScript. So, you enjoy lots of control and customization options. However, this may not come in the ready-made way as you will have to do some customizations.

The good thing, you don’t have to be tech Savvy to set uMatrix up. As long as you can read the instructions, you will easily tweak through the interface.

If you are going to use uMatrix, you may not have to use Privacy Badger, NoScript, or uBlock Origin because you benefit from all the three add-ons in one plugin.

Cookie AutoDelete

If you have been using any popular self-destructing cookies plug-in, then it’s high time to embrace Cookie Auto-Delete. This one fits everyday internet user’s Firefox well, especially to delete all HTTP cookies that do not go away when you close the tab.

With this tool, you gain an extra layer of protection from cookies tracking without necessarily breaking the websites you wish to use. You’re going to protect your privacy and device from eTags and DOM from storage because this add-on cleans up all these.

BetterPrivacy

If you want your Mozilla Firefox browser to work optimally, you need to make sure that you control cookies. BetterPrivacy add-on makes sure all these unnecessary cookies get removed regularly.

Some people have claimed that the BetterPrivacy plugin has become obsolete because most websites no longer use flash. But you see, you’re not sure about the websites that still rely on the flash technology. That means you may always want to have better privacy and self-destructing cookies plug-ins together. Again, data privacy mainly works to control all flash cookies.

Random Agent Spoofer

If you conceptualize what a VPN does, you will understand how the Random Agent Spoofer works. There’s been a heated-up debate on whether this is ethical, which is something you can learn in our guide on are VPNs legal?

Whenever you surf a site, a user agent will tell that website what kind of operating system device or location you are accessing from. Some websites process this information to make sure that their services are customized for readers. Others rely on the user agent information to improve your user experience.

Unfortunately, some websites might try deploying browser fingerprinting. For this reason, you need to access sites with random agent spoofing. For example, suppose you are logging in to Google.com from your iPhone Safari browser. However, the random agent spoofer will tell Google that you are actually using Firefox installed on a Windows PC.

That makes it difficult for the websites you visit to deploy any browser fingerprinting. The information they get is distorted, and the person they will be trying to profile is not you.

Although the random agent spoofer add-on and other of its kinds are not technically aiming to prevent browser fingerprinting, they still help a great deal when it comes to ensuring your information is not displayed online.

If you want absolute protection against browser fingerprinting, you may want to try the Tor Browser. But these extensions are going to give you some good experience without distorting your privacy.

Canvas Defender

Canvas Defender

As long as you are using Mozilla Firefox, you may have a built-in canvas fingerprinting feature, especially in its latest versions. If the element is not yet available to you, it’s a great idea to have the Canvas Defender extension added to your browser.

Canvas fingerprinting is a common way in which websites collect information from you.

It’s a script that tells your browser to provide a hidden drawing in the form of an ID card that can identify you. It is through this kind of information that online services can track you down. Canvas Defender steps in to prevent your browser from creating this unique identification.

Decentraleyes

Firefox comes with built-in add-ons that prevent tracking. But sometimes, you want an extra layer of protection, which is why you might want to try the decentralized extension.

This extension hosts CMD resources locally so that you can browse the internet without relying on trackers. When websites try to request the browser to store more cache, the Decentraleyes extension blocks this request. Instead, it serves the browser with local versions of the CDN. You can think of this as an impersonation of the CMDs that have been stored locally in your browser.

Whenever a website wants to download any jQuery, the extension will refute it and connect it to a remote CDN. The add-on will serve files from its cache, and therefore, you’re not going to get tracked down.

Decentrelayes addon also speeds up your browsing experience because every cache needed to load a webpage is obtained from the local files. Files getting loaded locally means everything is served instantly, and you’re going to not a huge difference in your browser’s speed and performance when you do this.

Bloody Vikings!

If you are a nerdy privacy enthusiast, you will not want to publish your real email in email listing requirements. You may want to have a randomly created email to do your online stuff without revealing your real identity.

Bloody Vikings comes in handy whenever you want to have a temporary email address. You need to right-click on any email registration form, and the bloody Vikings will fill up that with random temporary email addresses automatically. You can then continue with your registrations or anything else you do online without revealing your personal information or real identity.

Multi accounts containers

It’s important to recall that most tech companies try and track you as much as they can. They mostly use cookies available on your browser to create an online profile about you so that they can present customized adverts.

That’s why if you enter a website while trying to review a car, then you will find such adverts on your Facebook profile. That is how powerful websites’ tracking systems are. For this reason, you may want to make sure that Facebook, Google, and other companies that try to trace you online are only going to find cache or cookies from websites you have visited.

That will only be possible if you create a container that stores cookies from a specific website so that if that website tries to track you, they will only find cookies from their own website. This limits the way websites can track you down, and therefore it helps to preserve your digital privacy.

Multi-Account Containers add-on offer alternatives to the regular deleting of cookies — the container places in your hands the power to control what websites do on your browser.

Firefox Private Network Extension

Mozilla introduced its new Virtual Private Network (VPN) as part of the project, in July 2020. The Firefox Private Network is supposed to offer you security on ISP or public networks.

If you feel that you don’t trust your ISP provider administrator, make sure you protect yourself from getting tracked by ISP. We would also recommend that you choose a VPN that is right for you and understand what it entails to have a strong VPN on your side.

Mailvelope

Mailvelope

The last thing you want is another person spying on your cell phone or eavesdropping on your emails. Like conventional letters, emails are very private. They should be treated as the mail company delivers a wrapped parcel, personal-only (which is why we usually use envelopes for conventional mails).

In the virtual space, it’s challenging to have a way to wrap up your message so that it can be delivered to the recipient securely. The good thing is, many secure email providers exist today, but also the virtual space now has technologies that can hide your email from getting read by anyone.

Try to think of what it would be like to send your Ph.D. dissertations over email, and you might realize your messages’ sensitivity. Indeed, you don’t want anyone else to alter it before you present it. At such a time, you may want to add another layer of protection to your email so that you can rest assured it’s going to reach its destination securely and unchanged.

In such cases, an add-on like Mailvelope will make sure that you are protected. This open-source extension is entirely compatible with Yahoo, Gmail, Hotmail, and even GMX. It implements PGP, and that’s why it has proved to be a useful tool to protect emails from online eavesdropping.

KeePassHttp-Connector

Keeping your password safe is the first rule of online privacy. The last thing you want is a person having access to your digital profiles. Remember, you could quickly lose a lot of money or get your reputation hurt if your personal or business profiles get compromised.

You need to make sure that you are passwords are well-managed. KeePassHttp-Connector add-on is an open-source password manager that helps keep all your online login credentials safe.

Better yet, we recommend you to take a look our list of best password managers and pick one that you like the most.

Firefox Privacy Settings extension

Privacy Settings extension for Mozilla

Mozilla Firefox offers lots of control in its privacy settings, but you must be quiet savvy to access those configurations. That is where you can try to use an addon that gets you there immediately.

The average Firefox user will have a hard time trying to understand the about:configuration settings. Those advanced settings require you to enter advanced numerical values, and therefore you may want some help. 

Privacy Settings addon helps you to access those advanced configuration settings at one click. You would realize that using this one-click control allows you to access a lot of your settings to be provided on a GUI interface.

It does not change the configuration settings but makes it easier for you to access and customize settings. You can also disable or enable any of the locations that fortify your security.

So, should you install all these add-ons?

Well, you’re probably trying to get to the top of the game for enhanced Firefox security and privacy. You don’t want anyone snooping on your web browsing activities; still, we know it might be tempting to cramp all these extensions onto your browser.

But there’s a catch. If you install all the security add-ons and even modify the settings, you’re not going to be safe. The key rule of hiding online is to keep a low profile, and it applies to the internet as well.

If you have all these settings and add-ons, you could still might end up getting exposes.

First, you need to get out of the crowd, which means keeping a low profile of yourself on the internet. Then, throwing every VPN, anti-fingerprinting manager, and cache management extension to your Firefox is only going to slow your digital exposure down.

And, if Firefox offers an inbuilt service, you don’t need an add-on that does the same thing. You need to watch out for your options.

How to enhance Firefox security with about:config tweaks

If you’re an advanced user of Firefox, you can always rely on about:config settings. There are numerous modifications you can make by simply dialing about:config.

We believe this is the best way to modify your settings for improving Firefox privacy because it provides you so much power. If you have installed new extensions or have changed any settings by the time you get to this section, do not worry. You can always see if playing with any of the advanced Firefox security setting will eliminate the need of any add-on you have on your browser.

Firefox about:config privacy tweaks warning

The first time you log onto the about config settings section, you are likely to be prompted with a message that warns you about your security and performance. Accepting the risk will take you to a field where you are supposed to type or search out the preferences you want to modify.

Admittedly, you could do some damage. That is why you must pay close attention. In the end, you will find it genuinely worth it.

Once you have entered about:config settings in Mozilla Firefox, you’re going to see a screen with a long list of modifications that you can make.

You may tap on the show all button if you would rather want to scan through the list and don’t want to search for a specific function. The screen will then show you all the available options. In this case, you will be provided with hundreds of preferences that you can start modifying. Modifying the preferences merely takes you to double click on a given function name.

enhance Firefox secure with About:Config tweaks

Double-clicking the option changes the value of the preference from True to false. For instance, if you choose an integer, you can double click and then choose true as the box’s value that opens.

Here are our recommended modifications you may want to make to have best Firefox security settings:

browser.privatebrowsing.autostart

You don’t want anyone to have study trails of the things you’ve been browsing online. This Firefox command helps you to prevent people from looking at your browsing information. Leaving footprints on your browser is what you don’t want to happen, especially when browsing scrupulous websites.

When you switch to private browsing, no third-party will be able to access cookies or any records or history of websites you have been browsing. However, unfortunately, even though nobody could look at your browsing data on your computer, the ISP will have the privilege of peeping through in your Private Browsing mode. Therefore, you may want some extra protection measures. 

At the same time, you should always consider using the private browsing mode even if you are on your own or are the sole user of your laptop because of its cookie blocking functionalities. You need to set this preference to true, and that switches the Firefox to always start in private browsing mode.

browser.startup.homepage

Mozilla Firefox will, by default, open its homepage that displays a Google search box. You have to understand that these commercial search engines, such as Yahoo and Google store lots of information about you.

And as a privacy maniac, this is precisely what you’re trying to prevent. If you want to start on a different page, then you should run this command and enter a website of your choice.

browser.startup.page

If you prefer that you are Firefox opens on a blank page, you can change it to 0 by running this command.

browser.safebrowsing.phishing.enabled*

Firefox comes with Google safe browsing extensions by default. This extension prevents phishing, and it ensures that websites you visit get scanned through a Google blacklist. Thus, if a website has been blacklisted in Google’s database, it will not be allowed to load on your browser.

Google is a for-profit business; ultimately, the search giant always tries to prepare a history of your interests and then recommend websites that seemed to be safe. We recommend that you turn the value to false to prevent Google from meddling with your online expeditions.

browser.safebrowsing.malware.enabled*

Google licenses its fishing protection to Mozilla Firefox, and you can access this feature through this command. Browsing through this method reports back to Google, and for that reason, we recommend you set the value to false.

datareporting.healthreport.uploadEnabled

You can see how your browser performs and how much space or resources it is using. The good thing about this is that it tells whether Mozilla is good enough for you. Of course, you will need to use a device that’s compatible with support the Mozilla Firefox browser.

Whenever there is a health report, it is anonymously uploaded into the Mozilla system. This helps in development, especially in improving Firefox privacy.

However, because sometimes this can set you up for exposure, you may want to change this setting to False. By doing so you will still see the report, but it will not be sent to the Mozilla Firefox team.

Some websites are so advanced that they can tell when you cut, copy, or paste anything on their platforms. Some of them will even prevent you from right-clicking through their content. Sometimes, these websites will record or even change the content of the text.

Others will even bar you from pasting that content into any form. So, you can use this advanced setting command to take control of what you do. Set the false entry for this query, and you will prevent any website from taking away your power.

dom.storage.enabled*

Commercial search engines are there to make money from the information they have about you. Google, Bing, Facebook, and other tech giants are always working hard to get hold of your browsing information and cookies so they can use it to draw a profile for you.

Once they can tell which websites you visit, your location, demographic information, and online interests, they draw a pattern that they can use to customize ads. So, they use pernicious methods to steal your browsing history, web storage, and other information from your browser.

Cookies are at the center of this, and as long as you can choose how cookies get stored on your Mozilla Firefox, you will always have a head start in escaping this “theft.” We recommend you to turn the value for this setting to false.

Please note you might have to deal with a few broken websites, so you must do it with caution.

geo.enabled*

Location awareness is a technique websites use to know your location and customize your feeds. As an online security enthusiast, the last thing you want to happen is someone knowing your exact IP location or device information. It is no brainer that the data can be used to track your precise location in real life. So, this is something you want to avoid. To keep yourself safe here, got to this configuration, and set the value to false.

Also, look for geo.wifi.uri to prevent the system from sending any information about the Wi-Fi you are using. With this setting, you can prevent Google from using its geolocation capabilities.

The Google Location Service, therefore, can be set to false to ensure that you do not get tracked. If you set the geo.enabled* setting to false, you may not have to use this. However, if you still feel it’s essential to stay watertight, you can change to the localhost or loopback address 127.0.0.1.

media.peerconnection.enabled

The Web Real-Time Communication WebRTC is an excellent tool to have, especially when incorporating videos, chats, or file sharing. Firefox Hello video client lets you talk to other users on Chrome, Opera, and Firefox securely.

However, WebRTC can end up giving away your device information and IP address even when you are using a VPN. Although advanced VPN clients automatically block the WebRTC, you can disable it yourself by changing its value to false.

We recommend that you use a good manager for your cookies, such as the CookieAutoDelete. However, if wish to allow only the cookies that come from the server, you can do that by tweaking this about:config setting. To do so, change the value to 1.

Cookie AutoDelete addon helps you manage your cookies a great deal. But, if you can handle the configuration, you may not need an add-on. To make sure your cookies are set to expire at the end of every session, set this configuration’s value to 2.

That way, when you close the browser, all sessional cookies will be deleted at that time. No websites you visit will track pages you visited or obtain your true browsing data from that time on.

network.dns.disablePrefetch

DNS prefetching improves page load time. Firefox memory users DNS-prefetch by resolving the names of your domain name similarly and proactively. This practice is good for user experience, but it could be not very good for privacy. You can set the value for this to true to make sure that your DNS prefetching has been turned off.

network.http.sendRefererHeader

When you click hyperlinks, the page you’re about to go could request information from the source page. It’s a common practice, especially with websites where individuals are making commissions for referrals. The website you are about to leave might send information to the website you are headed. And this means your information is going to be shared across these platforms.

Mozilla usually doesn’t like people who disable referrer headings. Still, if you really want to stay safe and secure online, this could come handy. Change the value to 0, which simply means you will never send any referral header.

network.http.sendSecureXSiteReferrer*

This one is quite the same as the previous option. The only difference is that it will let you be tracked throughout all the websites that you’ve been to visit. To make sure that you disable this, you need to change its value to false.

network.prefetch-next*

Firefox tries to speed up your browsing by first searching the links on a web page and scanning them. And when it finds you idle on a site, it would pre-download linked-to webpages.

That is why when you go to new pages from an already visited page, they will open quickly because they’ve already been loaded. Disabling this option slows down your browsing, but if you look at it from a privacy point of view, you realize it serves a lot. We recommend trading your speed for security; hence, we urge you to change its value to false.

privacy.donottrackheader.enabled*

These days, browsers come with a do not track feature that requests websites that they shouldn’t monitor you. Firefox, with all its privacy functionalities, also has this feature that tries to tell websites not to track you. But, you need to understand that websites can comply or deny your request at their will. Still, it is worth setting the value to true, though.

privacy.donottrackheader.value*

The settings above are meant to activate do not track feature. But this value setting states exactly what the instruction is about. For instance, when you set the request to 1, websites will receive instructions not to track you.

toolkit.telemetry.enabled

Any statistical data that add value to your browser’s responsiveness performance or any usage is part of telemetry. Firefox typically sends a report to Mozilla, especially to help developers know how to improve the platform. This telemetrics sent there can expose your privacy, which is why you should set the value for this to false.

Avoid too many add-ons

Avoid Too Many Addons
(Unsplash)

Whenever you use extensions and other modifications, it’s crucial to understand that most of them will more likely make your browser a bit slower.

Yes, you want to achieve maximum-possible Firefox security and privacy; still, you don’t want to be like a kid who’s always topping up on his ice cream.

You want to have just enough of Firefox browser addons that you need for your ideal privacy.

Remember, when you have too many items, you could break some things and slow down your browser performance.

Just look for a balance between the number of add-ons you need and tweaks you can make manually through about:config. Make sure not to install too many extensions and that you only engage in necessary settings.

Here it is worth noting, if you have a fast machine, adding even all our recommended Firefox privacy and security add-ons won’t affect your browser speed much. And, being privacy enthusiasts, we would always trade speed with security for all the precautions we would want to take for optimum protection online. But looking for a balance as much as possible is always recommended.

Wait, what is private browsing (aka incognito mode) all about?

Private Browsing (aka incognito mode)
(Unsplash)

Almost every browser out there in the market today has an option for Private Browsing. The Incognito mode, however, is usually misunderstood. Just because you are in “private” doesn’t mean you are secure.

For instance, when you open the Private Window, the pages you visit will not get saved on your history. texts, cookies, downloads, passwords, and files will also not be stored. So, other computer users will not be able to find any evidence of the sites you visited.

But the incognito mode offers just that and nothing else. In other words, it only prevents your family members from knowing what you were watching or which portals you visited.

When using Firefox 57+, you get the Tracking Protection enabled by default when you are in incognito. However, you have to keep in mind that it does not hide your internet connection, IP address, or ISP.

Websites you visit will see where you are, the device you are using, and any other telemetric data as they wish. Your ISP will still also be able to monitor your online surfing from their end.

Thus, Private Browsing only protects you online from your colleagues, family, and friends who may have physical access to your computer. But, it will not help you beyond that. If you want to hide your browsing info from your ISP and other third parties, then you better start using VPNs or the Tor browser.

Understand Mozilla privacy policy

Crowd contributions of projects such as Firefox may sometime delude people to feeling they can do everything. But, it’s always prudent to ensure you have read and understood the privacy policy of a service or tool that you wish to use.

Our research shows that only about 5% of web visitors open (let alone reading) the Privacy Policy or Terms and Conditions. Just like that, more than 95% of people miss out on the opportunity to grasp how their information is used.

And worse, you might be set on the path of making mistakes. We know sometimes it’s a too good a deal to ask harsh questions from a provider, but when you are interested in software, or your privacy depends on it, you have to guard your lifeline. Just read and understand those privacy policies thoroughly.

Yes, unlike Google Chrome, Apple Safari, Microsoft Edge, and Internet Explorer, which are all proprietary web browsers, Mozilla Firefox is open source. That means no for-profit corporation is behind pushing the project to make money, which suggests it does not have a real need to track users. And on top of that, it has been audited by independent researchers multiple times.

Still, to make it your habbit and see if you find anything disagreeable, we recommend you to read Firefox privacy policy yourself, too.

Our take on Firefox Safe Browsing feature

Firefox Safe Browsing
(Unsplash)

Thousands of Firefox users have petitioned for the removal of the Safe Browsing option feature. Some people raise privacy concerns, while others even state that it offers a ground for Google tracking.

But, newer Safe Browsing features no longer have the “Real-time lookup” method of analyzing website URLs. The procedure is obsolete since 2011.

According to Mozilla security engineer Francois Marier, Firefox protects users using the following privacy precautions:

The browser strips off Query string parameters from URLs. So, your downloads are protected.

Whenever Firefox requests hashes for 32-bit prefixes, the browser hides your identity and instead sends some “noise.”

Mozilla has a separate Cookie Container for storing Safe Browser cookies. So, it becomes difficult for anyone to abuse the service. Separating the cookie jars ensures that your Safe Browsing cookies don’t mix with your session cookies.

So, if you are planning to disable Safe Browsing, know there are no perks to that — at least not in terms of privacy protection. However, if you want to disable Firefox Safe Browsing, deploy the configurations in about:config settings.

browser.safebrowsing.malware.enabled = false

browser.safebrowsing.phishing.enabled = false

Conclusion

In terms of privacy and security, Firefox is a powerhouse — no doubt about that. But, all comes down to how you use its available privacy adjustments to make Firefox ultra-secure.

Aso, while the add-ons and configurations discussed in this guide will help you achieve more Firefox privacy, one issue remains. That is: concealing your IP address country. To accomplish that, you would need a quality VPN service. The Tor Browser, which is free to use, can also there, but it has some drawbacks such as slow speeds and security risks.

That is it from us. If you have any questions or want more tips to secure your beloved browser, feel free to ask via the comments section available below. We are all ears for you as we exist only to make you/our readers privacy savvy.

About the author

Ali Qamar
Ali Qamar

Ali Qamar is a seasoned, versatile writer. He is a geek. He is crazy (and competent) about internet security, digital finance, and technology. Ali is naturally attracted to transforming things.

Comments

No comments.

Leave a reply

Your email address will not be published.

Table of Contents